universal7870: sepolicy changes

sepolicy/rild.te

@@ -1,59 +1,66 @@
-# Allow rild to change perms
-allow rild self:capability chown;
+# rild.te
 
-# Allow additiional efs access
-r_dir_file(rild, imei_efs_file);
-r_dir_file(rild, app_efs_file);
+allow rild block_device:dir search;
+allow rild mnt_vendor_file:dir { getattr search };
 
-# /efs/nv_data.bin
-allow rild bin_nv_data_efs_file:file create_file_perms;
-allowxperm rild bin_nv_data_efs_file:file ioctl { 0x6601 0x6602 };
+# audio hal
+allow rild hal_audio_default:dir search;
+allow rild hal_audio_default:file r_file_perms;
 
-# audioserver
-r_dir_file(rild, audioserver);
+# gps
+allow rild gpsd:dir search;
+allow rild gpsd:file r_file_perms;
 
-# /dev/mbin0
-allow rild block_device:dir r_dir_perms;
-allow rild emmcblk_device:blk_file r_file_perms;
+# /data
+allow rild system_data_file:dir getattr;
 
-# /dev/umts_boot0, /dev/umts_ipc0
-allow rild mif_device:chr_file rw_file_perms;
+# /data/vendor/log
+allow rild log_vendor_data_file:dir rw_dir_perms;
+allow rild log_vendor_data_file:file create_file_perms;
 
-# /sys/devices/virtual/misc/multipdp/waketime
-allow rild sysfs_multipdp:file rw_file_perms;
+# /dev/block/platform/.+/by-name/radio
+allow rild radio_block_device:blk_file r_file_perms;
 
-allow rild sysfs_input:file rw_file_perms;
+# /dev/drb
+# allow rild drb_device:chr_file rw_file_perms;
+
+# /dev/umts_*
+# /dev/umts_ipc*
+# allow rild vendor_radio_device:chr_file rw_file_perms;
+
+# /data/vendor/secradio
+allow rild radio_vendor_data_file:dir rw_dir_perms;
+allow rild radio_vendor_data_file:file create_file_perms;
+
+# /efs/FactoryApp/
+# /mnt/vendor/efs/root
+allow rild app_efs_file:dir r_dir_perms;
+allow rild app_efs_file:file { rw_file_perms setattr };
+
+# /efs/imei
+allow rild imei_efs_file:dir r_dir_perms;
+allow rild imei_efs_file:file r_file_perms;
+
+# /mnt/vendor/efs/
+allow rild prov_efs_file:dir r_dir_perms;
+allow rild prov_efs_file:file r_file_perms;
+
+# /mnt/vendor/efs/nv_data.bin
+allow rild bin_nv_data_efs_file:file { rw_file_perms setattr unlink };
+
+# /proc/net/xt_qtaguid/iface_stat_fmt
+allow rild proc_qtaguid_stat:file r_file_perms;
 
 # /proc/sys/net/ipv6/conf/*/accept_ra_defrtr
 allow rild proc_net:file rw_file_perms;
 
-r_dir_file(rild, gpsd);
+# mdc.
+# persist.sys.omc_support
+# ro.csc.
+get_prop(rild, exported_config_prop);
 
-allow rild proc_qtaguid_stat:file r_file_perms;
+# ro.boot.cpboot, ril.NwNmId[0-9]
+get_prop(rild, exported_radio_prop)
 
-# rild reads /proc/pid/cmdline of mediaserver
-r_dir_file(rild, mediaserver);
-
-# /data/misc/radio/*
-allow rild radio_data_file:dir rw_dir_perms;
-allow rild radio_data_file:file create_file_perms;
-# /data/data/com.android.providers.telephony/databases/telephony.db
-allow rild radio_data_file:lnk_file r_file_perms;
-
-# sdcard/SDET_PLMN/input/MNCMCC.txt
-allow rild storage_file:dir r_dir_perms;
-allow rild storage_file:lnk_file r_file_perms;
-allow rild mnt_user_file:dir r_dir_perms;
-allow rild mnt_user_file:lnk_file r_file_perms;
-
-# Modem firmware download
-allow rild radio_block_device:blk_file r_file_perms;
-
-# persist.ril.modem.board
-set_prop(modemloader, radio_prop)
-
-# /dev/knox_kap
-allow rild knox_device:chr_file r_file_perms;
-
-# /data/media/0
-allow rild media_rw_data_file:dir r_dir_perms;
+# vendor.cbd.
+# set_prop(rild, vendor_cbd_prop)