commit bc8dc3aa9d03598fc69df3e0b3990cddcf807616
author Tri Vo <trong@google.com> Sun May 26 13:17:08 2019 -0700
committer Tri Vo <trong@google.com> Sun May 26 14:19:26 2019 -0700
tree 68f796377c8252d188bca113981996217ed28eb3
parent b693197a34902c7d92006b2173a69d9620ee3e9f

DO NOT MERGE Fake 29.0 sepolicy prebuilts

I took current AOSP policy as base, then removed sepolicy so that the
set of type and attributes was a subset of types and attributes in Q
sepolicy, with exception of those that have not yet been cleand up in
current AOSP:

mediaswcodec_server
netd_socket
mediaextractor_update_service
thermalserviced
thermalserviced_exec

Bug: 133196056
Test: n/a
Change-Id: I2cbe749777684146114c89e1e6fc3f07400c0ae5

prebuilts/api/29.0/public/hal_telephony.te

diff --git a/prebuilts/api/29.0/public/hal_telephony.te b/prebuilts/api/29.0/public/hal_telephony.te
new file mode 100644
index 0000000..3e4b65d
--- /dev/null
+++ b/prebuilts/api/29.0/public/hal_telephony.te
@@ -0,0 +1,42 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_telephony_client, hal_telephony_server)
+binder_call(hal_telephony_server, hal_telephony_client)
+
+hal_attribute_hwservice(hal_telephony, hal_telephony_hwservice)
+
+allowxperm hal_telephony_server self:udp_socket ioctl priv_sock_ioctls;
+
+allow hal_telephony_server self:netlink_route_socket nlmsg_write;
+allow hal_telephony_server kernel:system module_request;
+allow hal_telephony_server self:global_capability_class_set { setpcap setgid setuid net_admin net_raw };
+allow hal_telephony_server cgroup:dir create_dir_perms;
+allow hal_telephony_server cgroup:{ file lnk_file } r_file_perms;
+allow hal_telephony_server radio_device:chr_file rw_file_perms;
+allow hal_telephony_server radio_device:blk_file r_file_perms;
+allow hal_telephony_server efs_file:dir create_dir_perms;
+allow hal_telephony_server efs_file:file create_file_perms;
+allow hal_telephony_server vendor_shell_exec:file rx_file_perms;
+allow hal_telephony_server bluetooth_efs_file:file r_file_perms;
+allow hal_telephony_server bluetooth_efs_file:dir r_dir_perms;
+
+# property service
+set_prop(hal_telephony_server, radio_prop)
+set_prop(hal_telephony_server, exported_radio_prop)
+set_prop(hal_telephony_server, exported2_radio_prop)
+set_prop(hal_telephony_server, exported3_radio_prop)
+
+allow hal_telephony_server tty_device:chr_file rw_file_perms;
+
+# Allow hal_telephony_server to create and use netlink sockets.
+allow hal_telephony_server self:netlink_socket create_socket_perms_no_ioctl;
+allow hal_telephony_server self:netlink_generic_socket create_socket_perms_no_ioctl;
+allow hal_telephony_server self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
+
+# Access to wake locks
+wakelock_use(hal_telephony_server)
+
+r_dir_file(hal_telephony_server, proc_net_type)
+r_dir_file(hal_telephony_server, sysfs_type)
+
+# granting the ioctl permission for hal_telephony_server should be device specific
+allow hal_telephony_server self:socket create_socket_perms_no_ioctl;