From b3fde2dd7032bc838fc7ecc25499506b8f4413ee Mon Sep 17 00:00:00 2001
From: Jason Lu <jasonbangbang@gmail.com>
Date: Sat, 20 Feb 2016 15:42:11 -0600
Subject: t0lte: RIL SELinux Fixes

Relabel qmiproxy, at_distributor, smdexe, and diag_uart_log so init
won't get denied with system_file:file { execute_no_trans }. Clean
up rules so we don't have to set things to permissive. RIL is
working when SELinux is enforcing with this.

Change-Id: I174010d1546207037e1907d711e7f7c21871ee9e
---
 selinux/qmiproxy.te | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

(limited to 'selinux/qmiproxy.te')

diff --git a/selinux/qmiproxy.te b/selinux/qmiproxy.te
index 5845fcd..eb332c8 100644
--- a/selinux/qmiproxy.te
+++ b/selinux/qmiproxy.te
@@ -2,4 +2,16 @@ type qmiproxy, domain;
 type qmiproxy_exec, exec_type, file_type;
 
 net_domain(qmiproxy)
-init_daemon_domain(qmiproxy)
\ No newline at end of file
+init_daemon_domain(qmiproxy)
+
+allow qmiproxy log_device:chr_file { open write };
+allow qmiproxy log_device:dir { search };
+
+allow qmiproxy qmuxd_socket:dir { search write add_name };
+allow qmiproxy qmuxd_socket:sock_file { create };
+allow qmiproxy property_socket:sock_file { open write };
+allow qmiproxy init:unix_stream_socket connectto;
+
+allow qmiproxy radio_prop:property_service { set };
+
+allow qmiproxy system_file:file { execmod };
-- 
cgit v1.2.3