Skip to content

Commit

Permalink
Grant radio domain access to vendor_file
Browse files Browse the repository at this point in the history 
"radio" domain hosts com.android.phone process which loads and runs
services from vendor APKs, such as ims, which need read & execute
access to /vendor/lib64.

Test: Modify hal_client_domain macro to not associate client of X HAL
      with hal_x attribute. Reboot device, no denials to do with radio
Bug: 37160141
Change-Id: Id9413275769f8b67adf2566872bee735ba035ae5
  • Loading branch information
Alex Klyubin committed Apr 10, 2017
1 parent 408f586 commit 6fa5dff
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions sepolicy/radio.te
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,3 +24,7 @@ userdebug_or_eng(`
allow radio avtimer_device:chr_file rw_file_perms;

allowxperm radio self:udp_socket ioctl priv_sock_ioctls;

# Needed for use .so files in /vendor/lib64 needed by ims which runs as com.android.phone (radio)
# r_dir_file(radio, vendor_file)
allow radio vendor_file:file rx_file_perms;

0 comments on commit 6fa5dff

Please sign in to comment.