1*e4a36f41SAndroid Build Coastguard Workertypeattribute radio coredomain, mlstrustedsubject; 2*e4a36f41SAndroid Build Coastguard Worker 3*e4a36f41SAndroid Build Coastguard Workerapp_domain(radio) 4*e4a36f41SAndroid Build Coastguard Worker 5*e4a36f41SAndroid Build Coastguard Workerread_runtime_log_tags(radio) 6*e4a36f41SAndroid Build Coastguard Worker 7*e4a36f41SAndroid Build Coastguard Worker# Property service 8*e4a36f41SAndroid Build Coastguard Workerset_prop(radio, radio_control_prop) 9*e4a36f41SAndroid Build Coastguard Workerset_prop(radio, radio_prop) 10*e4a36f41SAndroid Build Coastguard Workerset_prop(radio, net_radio_prop) 11*e4a36f41SAndroid Build Coastguard Workerset_prop(radio, telephony_status_prop) 12*e4a36f41SAndroid Build Coastguard Workerset_prop(radio, radio_cdma_ecm_prop) 13*e4a36f41SAndroid Build Coastguard Worker 14*e4a36f41SAndroid Build Coastguard Worker# ctl interface 15*e4a36f41SAndroid Build Coastguard Workerset_prop(radio, ctl_rildaemon_prop) 16*e4a36f41SAndroid Build Coastguard Worker 17*e4a36f41SAndroid Build Coastguard Worker# Telephony code contains time / time zone detection logic so it reads the associated properties. 18*e4a36f41SAndroid Build Coastguard Workerget_prop(radio, time_prop) 19*e4a36f41SAndroid Build Coastguard Worker 20*e4a36f41SAndroid Build Coastguard Worker# allow telephony to access platform compat to log permission denials 21*e4a36f41SAndroid Build Coastguard Workerallow radio platform_compat_service:service_manager find; 22*e4a36f41SAndroid Build Coastguard Worker 23*e4a36f41SAndroid Build Coastguard Workerallow radio uce_service:service_manager find; 24*e4a36f41SAndroid Build Coastguard Worker 25*e4a36f41SAndroid Build Coastguard Worker# Manage /data/misc/emergencynumberdb 26*e4a36f41SAndroid Build Coastguard Workerallow radio emergency_data_file:dir r_dir_perms; 27*e4a36f41SAndroid Build Coastguard Workerallow radio emergency_data_file:file r_file_perms; 28*e4a36f41SAndroid Build Coastguard Worker 29*e4a36f41SAndroid Build Coastguard Worker# allow telephony to access related cache properties 30*e4a36f41SAndroid Build Coastguard Workerset_prop(radio, binder_cache_telephony_server_prop); 31*e4a36f41SAndroid Build Coastguard Worker 32*e4a36f41SAndroid Build Coastguard Worker# allow sending pulled atoms to statsd 33*e4a36f41SAndroid Build Coastguard Workerbinder_call(radio, statsd) 34*e4a36f41SAndroid Build Coastguard Worker 35*e4a36f41SAndroid Build Coastguard Workernet_domain(radio) 36*e4a36f41SAndroid Build Coastguard Workerbluetooth_domain(radio) 37*e4a36f41SAndroid Build Coastguard Workerbinder_service(radio) 38*e4a36f41SAndroid Build Coastguard Worker 39*e4a36f41SAndroid Build Coastguard Worker# Talks to hal_telephony_server via the rild socket only for devices without full treble 40*e4a36f41SAndroid Build Coastguard Workernot_full_treble(`unix_socket_connect(radio, rild, hal_telephony_server)') 41*e4a36f41SAndroid Build Coastguard Worker 42*e4a36f41SAndroid Build Coastguard Worker# Data file accesses. 43*e4a36f41SAndroid Build Coastguard Workerallow radio radio_data_file:dir create_dir_perms; 44*e4a36f41SAndroid Build Coastguard Workerallow radio radio_data_file:notdevfile_class_set create_file_perms; 45*e4a36f41SAndroid Build Coastguard Workerallow radio radio_core_data_file:dir r_dir_perms; 46*e4a36f41SAndroid Build Coastguard Workerallow radio radio_core_data_file:file r_file_perms; 47*e4a36f41SAndroid Build Coastguard Worker 48*e4a36f41SAndroid Build Coastguard Workerallow radio net_data_file:dir search; 49*e4a36f41SAndroid Build Coastguard Workerallow radio net_data_file:file r_file_perms; 50*e4a36f41SAndroid Build Coastguard Worker 51*e4a36f41SAndroid Build Coastguard Workeradd_service(radio, radio_service) 52*e4a36f41SAndroid Build Coastguard Workerallow radio audioserver_service:service_manager find; 53*e4a36f41SAndroid Build Coastguard Workerallow radio cameraserver_service:service_manager find; 54*e4a36f41SAndroid Build Coastguard Workerallow radio drmserver_service:service_manager find; 55*e4a36f41SAndroid Build Coastguard Workerallow radio mediaserver_service:service_manager find; 56*e4a36f41SAndroid Build Coastguard Workerallow radio nfc_service:service_manager find; 57*e4a36f41SAndroid Build Coastguard Workerallow radio app_api_service:service_manager find; 58*e4a36f41SAndroid Build Coastguard Workerallow radio system_api_service:service_manager find; 59*e4a36f41SAndroid Build Coastguard Workerallow radio timedetector_service:service_manager find; 60*e4a36f41SAndroid Build Coastguard Workerallow radio timezonedetector_service:service_manager find; 61*e4a36f41SAndroid Build Coastguard Worker 62*e4a36f41SAndroid Build Coastguard Worker# Perform HwBinder IPC. 63*e4a36f41SAndroid Build Coastguard Workerhwbinder_use(radio) 64*e4a36f41SAndroid Build Coastguard Workerhal_client_domain(radio, hal_telephony) 65*e4a36f41SAndroid Build Coastguard Worker 66*e4a36f41SAndroid Build Coastguard Worker# Used by TelephonyManager 67*e4a36f41SAndroid Build Coastguard Workerallow radio proc_cmdline:file r_file_perms; 68*e4a36f41SAndroid Build Coastguard Worker 69*e4a36f41SAndroid Build Coastguard Worker### 70*e4a36f41SAndroid Build Coastguard Worker### Neverallow rules 71*e4a36f41SAndroid Build Coastguard Worker### 72*e4a36f41SAndroid Build Coastguard Worker 73*e4a36f41SAndroid Build Coastguard Workerneverallow { domain -radio -init } 74*e4a36f41SAndroid Build Coastguard Worker binder_cache_telephony_server_prop:property_service set; 75