Revert "Move rild from public to vendor."
This reverts commit aed57d4e4d140b66eb349fdb10026c60429bda49.
Reason for revert: This CL is expected to break pre-submit tests (b/74486619)
Merged-in: I103c3faa1604fddc27b3b4602b587f2d733827b1
Change-Id: I0eb7a744e0d43ab15fc490e7e7c870d0f44e1401
diff --git a/public/domain.te b/public/domain.te
index 46b624b..fc9c0a9 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -959,6 +959,7 @@
domain
-coredomain
-appdomain
+ -rild
-vendor_executes_system_violators
-vendor_init
} {
diff --git a/public/hal_neverallows.te b/public/hal_neverallows.te
index ce4b48c..c866bae 100644
--- a/public/hal_neverallows.te
+++ b/public/hal_neverallows.te
@@ -5,7 +5,7 @@
-hal_bluetooth_server
-hal_wifi_server
-hal_wifi_supplicant_server
- -hal_telephony_server
+ -rild
} self:global_capability_class_set { net_admin net_raw };
# Unless a HAL's job is to communicate over the network, or control network
@@ -15,7 +15,7 @@
-hal_tetheroffload_server
-hal_wifi_server
-hal_wifi_supplicant_server
- -hal_telephony_server
+ -rild
} domain:{ tcp_socket udp_socket rawip_socket } *;
###
@@ -42,7 +42,7 @@
neverallow {
halserverdomain
-hal_dumpstate_server
- -hal_telephony_server
+ -rild
} { file_type fs_type }:file execute_no_trans;
# Do not allow a process other than init to transition into a HAL domain.
neverallow { domain -init } halserverdomain:process transition;
diff --git a/public/hal_telephony.te b/public/hal_telephony.te
index 86f41cb..41cfd4b 100644
--- a/public/hal_telephony.te
+++ b/public/hal_telephony.te
@@ -5,42 +5,3 @@
add_hwservice(hal_telephony_server, hal_telephony_hwservice)
allow hal_telephony_client hal_telephony_hwservice:hwservice_manager find;
-allowxperm hal_telephony_server self:udp_socket ioctl priv_sock_ioctls;
-
-allow hal_telephony_server self:netlink_route_socket nlmsg_write;
-allow hal_telephony_server kernel:system module_request;
-allow hal_telephony_server self:global_capability_class_set { setpcap setgid setuid net_admin net_raw };
-allow hal_telephony_server alarm_device:chr_file rw_file_perms;
-allow hal_telephony_server cgroup:dir create_dir_perms;
-allow hal_telephony_server cgroup:{ file lnk_file } r_file_perms;
-allow hal_telephony_server radio_device:chr_file rw_file_perms;
-allow hal_telephony_server radio_device:blk_file r_file_perms;
-allow hal_telephony_server mtd_device:dir search;
-allow hal_telephony_server efs_file:dir create_dir_perms;
-allow hal_telephony_server efs_file:file create_file_perms;
-allow hal_telephony_server vendor_shell_exec:file rx_file_perms;
-allow hal_telephony_server bluetooth_efs_file:file r_file_perms;
-allow hal_telephony_server bluetooth_efs_file:dir r_dir_perms;
-allow hal_telephony_server sdcard_type:dir r_dir_perms;
-
-# property service
-set_prop(hal_telephony_server, radio_prop)
-set_prop(hal_telephony_server, exported_radio_prop)
-set_prop(hal_telephony_server, exported2_radio_prop)
-
-allow hal_telephony_server tty_device:chr_file rw_file_perms;
-
-# Allow hal_telephony_server to create and use netlink sockets.
-allow hal_telephony_server self:netlink_socket create_socket_perms_no_ioctl;
-allow hal_telephony_server self:netlink_generic_socket create_socket_perms_no_ioctl;
-allow hal_telephony_server self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
-
-# Access to wake locks
-wakelock_use(hal_telephony_server)
-
-r_dir_file(hal_telephony_server, proc_net)
-r_dir_file(hal_telephony_server, sysfs_type)
-r_dir_file(hal_telephony_server, system_file)
-
-# granting the ioctl permission for hal_telephony_server should be device specific
-allow hal_telephony_server self:socket create_socket_perms_no_ioctl;
diff --git a/public/property.te b/public/property.te
index cb839c9..e400332 100644
--- a/public/property.te
+++ b/public/property.te
@@ -158,7 +158,7 @@
domain
-coredomain
-appdomain
- -hal_telephony_server
+ -rild
-vendor_init
} {
exported_radio_prop
@@ -203,7 +203,7 @@
domain
-coredomain
-appdomain
- -hal_telephony_server
+ -rild
-vendor_init
} {
radio_prop
diff --git a/public/radio.te b/public/radio.te
index 4998a61..b66514c 100644
--- a/public/radio.te
+++ b/public/radio.te
@@ -5,8 +5,8 @@
bluetooth_domain(radio)
binder_service(radio)
-# Talks to hal_telephony_server via the rild socket only for devices without full treble
-not_full_treble(`unix_socket_connect(radio, rild, hal_telephony_server)')
+# Talks to rild via the rild socket only for devices without full treble
+not_full_treble(`unix_socket_connect(radio, rild, rild)')
# Data file accesses.
allow radio radio_data_file:dir create_dir_perms;
diff --git a/public/rild.te b/public/rild.te
new file mode 100644
index 0000000..8cafd23
--- /dev/null
+++ b/public/rild.te
@@ -0,0 +1,45 @@
+# rild - radio interface layer daemon
+type rild, domain;
+hal_server_domain(rild, hal_telephony)
+
+net_domain(rild)
+allowxperm rild self:udp_socket ioctl priv_sock_ioctls;
+
+allow rild self:netlink_route_socket nlmsg_write;
+allow rild kernel:system module_request;
+allow rild self:global_capability_class_set { setpcap setgid setuid net_admin net_raw };
+allow rild alarm_device:chr_file rw_file_perms;
+allow rild cgroup:dir create_dir_perms;
+allow rild cgroup:{ file lnk_file } r_file_perms;
+allow rild radio_device:chr_file rw_file_perms;
+allow rild radio_device:blk_file r_file_perms;
+allow rild mtd_device:dir search;
+allow rild efs_file:dir create_dir_perms;
+allow rild efs_file:file create_file_perms;
+allow rild shell_exec:file rx_file_perms;
+allow rild bluetooth_efs_file:file r_file_perms;
+allow rild bluetooth_efs_file:dir r_dir_perms;
+allow rild sdcard_type:dir r_dir_perms;
+
+# property service
+set_prop(rild, radio_prop)
+set_prop(rild, exported_radio_prop)
+set_prop(rild, exported2_radio_prop)
+
+allow rild tty_device:chr_file rw_file_perms;
+
+# Allow rild to create and use netlink sockets.
+allow rild self:netlink_socket create_socket_perms_no_ioctl;
+allow rild self:netlink_generic_socket create_socket_perms_no_ioctl;
+allow rild self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
+
+# Access to wake locks
+wakelock_use(rild)
+
+r_dir_file(rild, proc_net)
+r_dir_file(rild, sysfs_type)
+r_dir_file(rild, system_file)
+
+# granting the ioctl permission for rild should be device specific
+allow rild self:socket create_socket_perms_no_ioctl;
+