cm: Fix a few denials

 * Missed a few things when cleaning up devices.

Change-Id: Ib71afd696a564aeeaa80c34ca9744a39891f4b63

3 files changed, 12 insertions, 0 deletions

diff --git a/sepolicy/qcom/bootanim.te b/sepolicy/qcom/bootanim.te
index 9987b46..4b4ca71 100644
--- a/sepolicy/qcom/bootanim.te
+++ b/sepolicy/qcom/bootanim.te
@@ -1,3 +1,8 @@
 allow bootanim mpctl_socket:dir search;
 unix_socket_connect(bootanim, mpctl, perfd)
 unix_socket_send(bootanim, mpctl, perfd)
+
+allow bootanim mpdecision:dir search;
+allow bootanim mpdecision:file r_file_perms;
+unix_socket_connect(bootanim, mpctl, mpdecision)
+unix_socket_send(bootanim, mpctl, mpdecision)
diff --git a/sepolicy/qcom/mpdecision.te b/sepolicy/qcom/mpdecision.te
new file mode 100644
index 0000000..9399b32
--- /dev/null
+++ b/sepolicy/qcom/mpdecision.te
@@ -0,0 +1,5 @@
+allow mpdecision sysfs_devices_system_iosched:file rw_file_perms;
+unix_socket_connect(mpdecision, thermal, thermal-engine)
+
+# read /proc/pid files
+r_dir_file(mpdecision, domain)
diff --git a/sepolicy/zygote.te b/sepolicy/zygote.te
index 8bee8fe..a93d90e 100644
--- a/sepolicy/zygote.te
+++ b/sepolicy/zygote.te
@@ -1,3 +1,5 @@
 allow zygote theme_data_file:file r_file_perms;
 allow zygote theme_data_file:dir r_dir_perms;
 
+# ps command may do this
+allow untrusted_app zygote:process getsched;