PWN-Hunter/android_device_xiaomi_sdm845-common
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sdm845-common: sepolicy: Add rules for older IMS blobs

Browse Source 
Since Android 10 blobs are being used, org.codeaurora.ims still runs
as phone UID as seen by these denials:

  m.android.phone: type=1400 audit(0.0:2914): avc: denied { read } for name="u:object_r:qcom_ims_prop:s0" dev="tmpfs" ino=13660 scontext=u:r:radio:s0 tcontext=u:object_r:qcom_ims_prop:s0 tclass=file permissive=0
  m.android.phone: type=1400 audit(0.0:473): avc: denied { call } for scontext=u:r:radio:s0 tcontext=u:r:hal_imsrtp:s0 tclass=binder permissive=0

Change-Id: Ic8c1b7996b9e0e7b63ba2a153441c9e8467a8a31
This commit is contained in:
Bruno Martins 2020-12-24 10:34:23 +00:00
parent 9ad050b2fe
commit 09ec37c9eb
2 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
sepolicy/vendor/hal_imsrtp.te vendored Normal file
View File

@ -0,0 +1 @@
binder_call(hal_imsrtp, radio)

5
sepolicy/vendor/radio.te vendored Normal file
View File

@ -0,0 +1,5 @@
allow radio { cameraserver_service mediaextractor_service mediaserver_service mediametrics_service drmserver_service audioserver_service }:service_manager find;
binder_call(radio, hal_imsrtp)
get_prop(radio, qcom_ims_prop)