Revert "Revert "Move rild from public to vendor.""

This reverts commit 016f0a58a9.

Reason for revert: Was temporarily reverted, merging back in with fix.

Test: Basic telephony sanity, treehugger
Bug: 74486619
Bug: 36427227
Merged-in: Ide68726a90d5485c2758673079427407aee1e4f2
Change-Id: Ide68726a90d5485c2758673079427407aee1e4f2
(cherry picked from commit 312248ff72)

private/compat/26.0/26.0.cil

@@ -11,6 +11,7 @@
 (type tracing_shell_writable)
 (type tracing_shell_writable_debug)
 (type webview_zygote_socket)
+(type rild)
 
 (typeattributeset accessibility_service_26_0 (accessibility_service))
 (typeattributeset account_service_26_0 (account_service))

private/compat/27.0/27.0.cil

@@ -1,6 +1,7 @@
 ;; types removed from current policy
 (type webview_zygote_socket)
 (type reboot_data_file)
+(type rild)
 
 (expandtypeattribute (accessibility_service_27_0) true)
 (expandtypeattribute (account_service_27_0) true)

public/domain.te

@@ -960,7 +960,6 @@ full_treble_only(`
         domain
         -coredomain
         -appdomain
-        -rild
         -vendor_executes_system_violators
         -vendor_init
     } {

public/hal_neverallows.te

@@ -5,7 +5,7 @@ neverallow {
   -hal_bluetooth_server
   -hal_wifi_server
   -hal_wifi_supplicant_server
-  -rild
+  -hal_telephony_server
 } self:global_capability_class_set { net_admin net_raw };
 
 # Unless a HAL's job is to communicate over the network, or control network
@@ -15,7 +15,7 @@ neverallow {
   -hal_tetheroffload_server
   -hal_wifi_server
   -hal_wifi_supplicant_server
-  -rild
+  -hal_telephony_server
 } domain:{ tcp_socket udp_socket rawip_socket } *;
 
 ###
@@ -42,7 +42,7 @@ neverallow {
 neverallow {
   halserverdomain
   -hal_dumpstate_server
-  -rild
+  -hal_telephony_server
 } { file_type fs_type }:file execute_no_trans;
 # Do not allow a process other than init to transition into a HAL domain.
 neverallow { domain -init } halserverdomain:process transition;

public/hal_telephony.te

@@ -5,3 +5,42 @@ binder_call(hal_telephony_server, hal_telephony_client)
 add_hwservice(hal_telephony_server, hal_telephony_hwservice)
 allow hal_telephony_client hal_telephony_hwservice:hwservice_manager find;
 
+allowxperm hal_telephony_server self:udp_socket ioctl priv_sock_ioctls;
+
+allow hal_telephony_server self:netlink_route_socket nlmsg_write;
+allow hal_telephony_server kernel:system module_request;
+allow hal_telephony_server self:global_capability_class_set { setpcap setgid setuid net_admin net_raw };
+allow hal_telephony_server alarm_device:chr_file rw_file_perms;
+allow hal_telephony_server cgroup:dir create_dir_perms;
+allow hal_telephony_server cgroup:{ file lnk_file } r_file_perms;
+allow hal_telephony_server radio_device:chr_file rw_file_perms;
+allow hal_telephony_server radio_device:blk_file r_file_perms;
+allow hal_telephony_server mtd_device:dir search;
+allow hal_telephony_server efs_file:dir create_dir_perms;
+allow hal_telephony_server efs_file:file create_file_perms;
+allow hal_telephony_server vendor_shell_exec:file rx_file_perms;
+allow hal_telephony_server bluetooth_efs_file:file r_file_perms;
+allow hal_telephony_server bluetooth_efs_file:dir r_dir_perms;
+allow hal_telephony_server sdcard_type:dir r_dir_perms;
+
+# property service
+set_prop(hal_telephony_server, radio_prop)
+set_prop(hal_telephony_server, exported_radio_prop)
+set_prop(hal_telephony_server, exported2_radio_prop)
+
+allow hal_telephony_server tty_device:chr_file rw_file_perms;
+
+# Allow hal_telephony_server to create and use netlink sockets.
+allow hal_telephony_server self:netlink_socket create_socket_perms_no_ioctl;
+allow hal_telephony_server self:netlink_generic_socket create_socket_perms_no_ioctl;
+allow hal_telephony_server self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
+
+# Access to wake locks
+wakelock_use(hal_telephony_server)
+
+r_dir_file(hal_telephony_server, proc_net)
+r_dir_file(hal_telephony_server, sysfs_type)
+r_dir_file(hal_telephony_server, system_file)
+
+# granting the ioctl permission for hal_telephony_server should be device specific
+allow hal_telephony_server self:socket create_socket_perms_no_ioctl;

public/property.te

@@ -158,7 +158,7 @@ compatible_property_only(`
     domain
     -coredomain
     -appdomain
-    -rild
+    -hal_telephony_server
     -vendor_init
   } {
     exported_radio_prop
@@ -203,7 +203,7 @@ compatible_property_only(`
     domain
     -coredomain
     -appdomain
-    -rild
+    -hal_telephony_server
     -vendor_init
   } {
     radio_prop

public/radio.te

@@ -5,8 +5,8 @@ net_domain(radio)
 bluetooth_domain(radio)
 binder_service(radio)
 
-# Talks to rild via the rild socket only for devices without full treble
-not_full_treble(`unix_socket_connect(radio, rild, rild)')
+# Talks to hal_telephony_server via the rild socket only for devices without full treble
+not_full_treble(`unix_socket_connect(radio, rild, hal_telephony_server)')
 
 # Data file accesses.
 allow radio radio_data_file:dir create_dir_perms;

public/rild.te

@@ -1,45 +0,0 @@
-# rild - radio interface layer daemon
-type rild, domain;
-hal_server_domain(rild, hal_telephony)
-
-net_domain(rild)
-allowxperm rild self:udp_socket ioctl priv_sock_ioctls;
-
-allow rild self:netlink_route_socket nlmsg_write;
-allow rild kernel:system module_request;
-allow rild self:global_capability_class_set { setpcap setgid setuid net_admin net_raw };
-allow rild alarm_device:chr_file rw_file_perms;
-allow rild cgroup:dir create_dir_perms;
-allow rild cgroup:{ file lnk_file } r_file_perms;
-allow rild radio_device:chr_file rw_file_perms;
-allow rild radio_device:blk_file r_file_perms;
-allow rild mtd_device:dir search;
-allow rild efs_file:dir create_dir_perms;
-allow rild efs_file:file create_file_perms;
-allow rild shell_exec:file rx_file_perms;
-allow rild bluetooth_efs_file:file r_file_perms;
-allow rild bluetooth_efs_file:dir r_dir_perms;
-allow rild sdcard_type:dir r_dir_perms;
-
-# property service
-set_prop(rild, radio_prop)
-set_prop(rild, exported_radio_prop)
-set_prop(rild, exported2_radio_prop)
-
-allow rild tty_device:chr_file rw_file_perms;
-
-# Allow rild to create and use netlink sockets.
-allow rild self:netlink_socket create_socket_perms_no_ioctl;
-allow rild self:netlink_generic_socket create_socket_perms_no_ioctl;
-allow rild self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
-
-# Access to wake locks
-wakelock_use(rild)
-
-r_dir_file(rild, proc_net)
-r_dir_file(rild, sysfs_type)
-r_dir_file(rild, system_file)
-
-# granting the ioctl permission for rild should be device specific
-allow rild self:socket create_socket_perms_no_ioctl;
-

vendor/rild.te

@@ -1,3 +1,8 @@
+# rild - radio interface layer daemon
+type rild, domain;
+hal_server_domain(rild, hal_telephony)
+net_domain(rild)
+
 # type_transition must be private policy the domain_trans rules could stay
 # public, but conceptually should go with this
 type rild_exec, exec_type, vendor_file_type, file_type;