non_plat: Label xcap binary and grant required permissions

Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com> Change-Id: I127160acbcffcee0c055f7a78d62acc37741d2cf
2021-01-02 14:43:21 +05:30 · 2021-01-02 14:43:21 +05:30 · e4a9991131
commit e4a9991131
parent a7d6f83b00
4 changed files with 29 additions and 0 deletions
--- a/non_plat/file_contexts
+++ b/non_plat/file_contexts
@ -722,3 +722,4 @@
 /(system\/vendor|vendor)/bin/volte_ua           u:object_r:volte_ua_exec:s0
 /(system\/vendor|vendor)/bin/volte_imcb         u:object_r:volte_imcb_exec:s0
 /(system\/vendor|vendor)/bin/wfca                u:object_r:wfca_exec:s0
+/(system\/vendor|vendor)/bin/xcap                u:object_r:xcap_exec:s0
--- a/non_plat/property.te
+++ b/non_plat/property.te
@ -342,3 +342,4 @@ type ctl_volte_ua_prop, property_type;
 type ctl_volte_imcb_prop, property_type;
 type mtk_wod_prop, property_type, mtk_core_property_type;
 type persist_wod_prop, property_type, mtk_core_property_type;
+type vendor_ims_xcap_prop, property_type, extended_core_property_type;
--- a/non_plat/property_contexts
+++ b/non_plat/property_contexts
@ -382,3 +382,7 @@ ctl.vendor.volte_ua            u:object_r:ctl_volte_ua_prop:s0
 ctl.vendor.volte_imcb          u:object_r:ctl_volte_imcb_prop:s0
 vendor.wo.   u:object_r:mtk_wod_prop:s0
 persist.vendor.wo.   u:object_r:persist_wod_prop:s0
+persist.vendor.gba u:object_r:vendor_ims_xcap_prop:s0
+persist.vendor.radio.ss.mode u:object_r:vendor_ims_xcap_prop:s0
+persist.vendor.radio.ss.xrdm u:object_r:vendor_ims_xcap_prop:s0
+persist.vendor.radio.xcap.cfn u:object_r:vendor_ims_xcap_prop:s0
--- a/non_plat/xcap.te
+++ b/non_plat/xcap.te
@ -0,0 +1,23 @@
+type xcap, domain, netdomain, mtkimsmddomain;
+type xcap_exec, exec_type, file_type, vendor_file_type;
+
+init_daemon_domain(xcap)
+
+allow xcap socket_device:sock_file { write create unlink };
+allow xcap socket_device:dir { write add_name remove_name };
+
+allow xcap self:capability { setgid setuid net_admin net_raw };
+allow xcap self:rawip_socket { read write create getattr bind setopt };
+allow xcap self:netlink_route_socket read;
+allow xcap self:udp_socket rw_socket_perms;
+
+allow xcap { port node}:tcp_socket { name_connect node_bind name_bind };
+allow xcap fwmarkd_socket:sock_file write;
+allow xcap property_socket:sock_file write;
+allow xcap ccci_device:chr_file { ioctl read write open };
+allow xcap rootfs:lnk_file getattr;
+
+#set_prop(xcap, persist_xcap_rawurl_prop)
+#set_prop(xcap, vendor_ims_xcap_prop)
+set_prop(xcap, ctl_muxreport-daemon_prop)
+set_prop(xcap, ril_mux_report_case_prop)