From 6a6555ae303513bdaffd47bd8611654a35e9dffc Mon Sep 17 00:00:00 2001
From: Trulan Martin <trulanm@gmail.com>
Date: Sun, 10 Jul 2016 08:00:03 -0400
Subject: sepolicy:  add ioctl rules for rild

This fixes SELinux denials caused by restrictions to
unix_stream_socket. Some of the rild ioctl commands may be
device-specific, for toro or toroplus only. These could be
moved into their respective device trees in the future.

Change-Id: I82fdf498f068cc5462bd03e0da298819485d5f4c
---
 sepolicy/rild.te | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/sepolicy/rild.te b/sepolicy/rild.te
index b6013f0..0530e95 100644
--- a/sepolicy/rild.te
+++ b/sepolicy/rild.te
@@ -13,3 +13,13 @@ allow rild system_file:file { execute execmod };
 # Have no idea why rild needs access to logcat,
 # potentially to catch errors from some other components?
 allow rild logcat_exec:file { getattr read open execute execute_no_trans };
+
+## Allow ioctl commands used by rild
+# These are needed for toro's ril. toroplus may not need 0x89a2, but needs the
+# other three. maguro may or may not need these.
+# Device-specific calls could be moved into their respective device trees
+# in the future.
+allow rild self:unix_stream_socket 0x89a0;
+allow rild self:unix_stream_socket 0x89a2;
+allow rild self:unix_stream_socket 0x89a3;
+allow rild self:unix_stream_socket 0x89f0;
-- 
cgit v1.1