Merge "SEPolicy changes for BT SAP hal."

public/attributes

@@ -125,6 +125,7 @@ attribute hal_light;
 attribute hal_memtrack;
 attribute hal_nfc;
 attribute hal_power;
+attribute hal_telephony;
 attribute hal_thermal;
 attribute hal_vibrator;
 attribute hal_vr;

public/bluetooth.te

@@ -58,6 +58,10 @@ unix_socket_connect(bluetooth, sap_uim, rild)
 # /data/data/com.android.shell/files/bugreports/bugreport-*.
 allow bluetooth shell_data_file:file read;
 
+# Perform HwBinder IPC.
+hwbinder_use(bluetooth)
+binder_call(bluetooth, hal_telephony)
+
 ###
 ### Neverallow rules
 ###

public/hal_telephony.te

+# Perform HwBinder IPC.
+hwbinder_use(hal_telephony)
+binder_call(hal_telephony, radio)
+binder_call(hal_telephony, bluetooth)
+

public/radio.te

@@ -37,6 +37,7 @@ allow radio surfaceflinger_service:service_manager find;
 allow radio app_api_service:service_manager find;
 allow radio system_api_service:service_manager find;
 
-# Allow access to hwservicemanager for binderized hal
-binder_call(radio, hwservicemanager)
-binder_call(radio, rild)
+# Perform HwBinder IPC.
+hwbinder_use(radio)
+binder_call(radio, hal_telephony)
+

public/rild.te

 # rild - radio interface layer daemon
-type rild, domain, domain_deprecated;
+type rild, domain, domain_deprecated, hal_telephony;
 type rild_exec, exec_type, file_type;
 
 net_domain(rild)
@@ -51,6 +51,3 @@ r_dir_file(rild, system_file)
 # granting the ioctl permission for rild should be device specific
 allow rild self:socket create_socket_perms_no_ioctl;
 
-# Allow access to hwservicemanager for binderized hal
-binder_call(rild, hwservicemanager)
-binder_call(rild, radio)