sepolicy: add ioctl rules for rild

This fixes SELinux denials caused by restrictions to
unix_stream_socket. Some of the rild ioctl commands may be
device-specific, for toro or toroplus only. These could be
moved into their respective device trees in the future.

Change-Id: I82fdf498f068cc5462bd03e0da298819485d5f4c

1 files changed, 10 insertions, 0 deletions

diff --git a/sepolicy/rild.te b/sepolicy/rild.te
index b6013f0..0530e95 100644
--- a/sepolicy/rild.te
+++ b/sepolicy/rild.te
@@ -13,3 +13,13 @@ allow rild system_file:file { execute execmod };
 # Have no idea why rild needs access to logcat,
 # potentially to catch errors from some other components?
 allow rild logcat_exec:file { getattr read open execute execute_no_trans };
+
+## Allow ioctl commands used by rild
+# These are needed for toro's ril. toroplus may not need 0x89a2, but needs the
+# other three. maguro may or may not need these.
+# Device-specific calls could be moved into their respective device trees
+# in the future.
+allow rild self:unix_stream_socket 0x89a0;
+allow rild self:unix_stream_socket 0x89a2;
+allow rild self:unix_stream_socket 0x89a3;
+allow rild self:unix_stream_socket 0x89f0;