selinux: allow rild access to sysfs_radio and let system_server open the wifi firmware

This makes RIL and wifi work with SELinux in enforcing mode
also remove rules for the proprietary cbd

Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>

6 files changed, 6 insertions, 28 deletions

diff --git a/selinux/cpboot-daemon.te b/selinux/cpboot-daemon.te
deleted file mode 100644
index 9974ff2..0000000
--- a/selinux/cpboot-daemon.te
+++ /dev/null
@@ -1,25 +0,0 @@
-type cpboot-daemon, domain;
-
-permissive cpboot-daemon;
-
-allow cpboot-daemon cgroup:dir { create add_name };
-allow cpboot-daemon device:dir { write remove_name add_name };
-allow cpboot-daemon efs_block_device:blk_file { read open };
-allow cpboot-daemon efs_device_file:dir search;
-allow cpboot-daemon efs_file:file { read write open };
-allow cpboot-daemon init:unix_stream_socket connectto;
-allow cpboot-daemon log_device:chr_file { write open };
-allow cpboot-daemon log_device:dir search;
-allow cpboot-daemon property_socket:sock_file write;
-allow cpboot-daemon radio_device:chr_file { read write ioctl open };
-allow cpboot-daemon radio_prop:property_service set;
-allow cpboot-daemon self:capability { setuid };
-allow cpboot-daemon sysfs_radio:file { read write open };
-allow cpboot-daemon usbfs:dir search;
-allow cpboot-daemon self:capability dac_override;
-allow cpboot-daemon cbd_device:chr_file create_file_perms;
-
-# FIX ME
-# allow cpboot-daemon usbfs:filesystem mount;
-# allow cpboot-daemon self:capability { mknod };
-
diff --git a/selinux/file.te b/selinux/file.te
index 12b280a..f5edd1a 100644
--- a/selinux/file.te
+++ b/selinux/file.te
@@ -8,4 +8,3 @@ type efs_device_file, file_type;
 type radio_data, file_type;
 type sysfs_radio, fs_type, sysfs_type;
 type sysfs_sensor, fs_type, sysfs_type;
-type cbd_device, dev_type;
diff --git a/selinux/file_contexts b/selinux/file_contexts
index 6e54311..83f6559 100644
--- a/selinux/file_contexts
+++ b/selinux/file_contexts
@@ -10,7 +10,6 @@
 /dev/umts_ipc0                          u:object_r:radio_device:s0
 /dev/umts_ramdump0                      u:object_r:radio_device:s0
 /dev/umts_rfs0                          u:object_r:radio_device:s0
-/dev/__cbd_msg_                         u:object_r:cbd_device:s0
 
 /efs                                    u:object_r:efs_device_file:s0
 /data/misc/radio(/.*)?                  u:object_r:radio_data:s0
diff --git a/selinux/init.te b/selinux/init.te
index 6056a94..1740499 100644
--- a/selinux/init.te
+++ b/selinux/init.te
@@ -10,4 +10,3 @@ allow init sysfs_sensor:lnk_file { setattr read };
 allow init rild:process noatsecure;
 
 domain_trans(init, rootfs, glgps)
-domain_trans(init, rootfs, cpboot-daemon)
diff --git a/selinux/rild.te b/selinux/rild.te
index 5da4924..d40aae8 100644
--- a/selinux/rild.te
+++ b/selinux/rild.te
@@ -18,3 +18,5 @@ allow rild efs_file:file { read open write setattr };
 
 allow rild efs_device_file:dir create_dir_perms;
 allow rild efs_device_file:file { setattr create create_file_perms };
+
+allow rild sysfs_radio:file { read write open };
diff --git a/selinux/system_server.te b/selinux/system_server.te
index b20927b..09a603e 100644
--- a/selinux/system_server.te
+++ b/selinux/system_server.te
@@ -22,6 +22,10 @@ allow system_server system_file:file execmod;
 # /efs/wifi/.mac.info
 allow system_server wifi_data_file:file { read open };
 
+# wifi firmware
+allow system_server firmware_exynos:dir { open read search };
+allow system_server firmware_exynos:file { open read };
+
 allow system_server glgps:binder transfer;
 type_transition system_server system_data_file:fifo_file gps_data_file ".gps.interface.pipe.to_jni";