MiPad4/android_device_xiaomi_sdm660-common
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sdm660-common: sepolicy: Add rules for older IMS blobs

Browse source 
Since Android 10 blobs are being used, org.codeaurora.ims still runs
as phone UID as seen by these denials:

  m.android.phone: type=1400 audit(0.0:2914): avc: denied { read } for name="u:object_r:qcom_ims_prop:s0" dev="tmpfs" ino=13660 scontext=u:r:radio:s0 tcontext=u:object_r:qcom_ims_prop:s0 tclass=file permissive=0
  m.android.phone: type=1400 audit(0.0:473): avc: denied { call } for scontext=u:r:radio:s0 tcontext=u:r:hal_imsrtp:s0 tclass=binder permissive=0

Change-Id: Ic8c1b7996b9e0e7b63ba2a153441c9e8467a8a31
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
This commit is contained in:
Bruno Martins 2020-12-24 10:34:23 +00:00 committed by OdSazib
parent 6a1986932a
commit a5de89d28b
No known key found for this signature in database
GPG key ID: B678DBD07079B021
2 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
sepolicy/vendor/hal_imsrtp.te vendored Normal file
View file

@ -0,0 +1 @@
binder_call(hal_imsrtp, radio)

2
sepolicy/vendor/radio.te vendored
View file

@ -1,3 +1,5 @@
allow radio hal_datafactory_hwservice:hwservice_manager find;
binder_call(radio, cnd)
binder_call(radio, hal_imsrtp)
allow radio { cameraserver_service mediaextractor_service mediaserver_service mediametrics_service drmserver_service audioserver_service }:service_manager find;
get_prop(radio, qcom_ims_prop)