SEPolicy changes for BT SAP hal.
Test: Verified that WIP telephony and BT SAP CLs work fine with this change
https://android-review.googlesource.com/#/q/topic:%22Basic+radio+service+and+client%22+(status:open+OR+status:merged)
https://android-review.googlesource.com/#/q/topic:%22SAP+HAL%22+(status:open+OR+status:merged)
Bug: 32020264
Change-Id: If15820d43e324d80e35808a292ee811f98d499cc
diff --git a/public/attributes b/public/attributes
index aafafa6..c14365c 100644
--- a/public/attributes
+++ b/public/attributes
@@ -125,6 +125,7 @@
attribute hal_memtrack;
attribute hal_nfc;
attribute hal_power;
+attribute hal_telephony;
attribute hal_thermal;
attribute hal_vibrator;
attribute hal_vr;
diff --git a/public/bluetooth.te b/public/bluetooth.te
index 75a11f4..9f21676 100644
--- a/public/bluetooth.te
+++ b/public/bluetooth.te
@@ -58,6 +58,10 @@
# /data/data/com.android.shell/files/bugreports/bugreport-*.
allow bluetooth shell_data_file:file read;
+# Perform HwBinder IPC.
+hwbinder_use(bluetooth)
+binder_call(bluetooth, hal_telephony)
+
###
### Neverallow rules
###
diff --git a/public/hal_telephony.te b/public/hal_telephony.te
new file mode 100644
index 0000000..6f3a38f
--- /dev/null
+++ b/public/hal_telephony.te
@@ -0,0 +1,5 @@
+# Perform HwBinder IPC.
+hwbinder_use(hal_telephony)
+binder_call(hal_telephony, radio)
+binder_call(hal_telephony, bluetooth)
+
diff --git a/public/radio.te b/public/radio.te
index d46fc89..f510a96 100644
--- a/public/radio.te
+++ b/public/radio.te
@@ -37,6 +37,7 @@
allow radio app_api_service:service_manager find;
allow radio system_api_service:service_manager find;
-# Allow access to hwservicemanager for binderized hal
-binder_call(radio, hwservicemanager)
-binder_call(radio, rild)
+# Perform HwBinder IPC.
+hwbinder_use(radio)
+binder_call(radio, hal_telephony)
+
diff --git a/public/rild.te b/public/rild.te
index 6871182..3981676 100644
--- a/public/rild.te
+++ b/public/rild.te
@@ -1,5 +1,5 @@
# rild - radio interface layer daemon
-type rild, domain, domain_deprecated;
+type rild, domain, domain_deprecated, hal_telephony;
type rild_exec, exec_type, file_type;
net_domain(rild)
@@ -51,6 +51,3 @@
# granting the ioctl permission for rild should be device specific
allow rild self:socket create_socket_perms_no_ioctl;
-# Allow access to hwservicemanager for binderized hal
-binder_call(rild, hwservicemanager)
-binder_call(rild, radio)