From b3fde2dd7032bc838fc7ecc25499506b8f4413ee Mon Sep 17 00:00:00 2001
From: Jason Lu <jasonbangbang@gmail.com>
Date: Sat, 20 Feb 2016 15:42:11 -0600
Subject: t0lte: RIL SELinux Fixes

Relabel qmiproxy, at_distributor, smdexe, and diag_uart_log so init
won't get denied with system_file:file { execute_no_trans }. Clean
up rules so we don't have to set things to permissive. RIL is
working when SELinux is enforcing with this.

Change-Id: I174010d1546207037e1907d711e7f7c21871ee9e
---
 selinux/SMD-daemon.te | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'selinux/SMD-daemon.te')

diff --git a/selinux/SMD-daemon.te b/selinux/SMD-daemon.te
index a29dbde..031daf0 100644
--- a/selinux/SMD-daemon.te
+++ b/selinux/SMD-daemon.te
@@ -1,5 +1,9 @@
 type SMD-daemon, domain;
-permissive SMD-daemon;
 type SMD-daemon_exec, exec_type, file_type;
+init_daemon_domain(SMD-daemon)
 
 allow SMD-daemon system_file:file { execute_no_trans };
+allow SMD-daemon self:capability { setuid };
+
+allow SMD-daemon log_device:chr_file { write open };
+allow SMD-daemon log_device:dir { search };
-- 
cgit v1.2.3