Merge "Merge remote-tracking branch 'remotes/github/cm-12.1' into HEAD" into stable/cm-12.1-YOG7Dstable/cm-12.1-YOG7D

3 files changed, 10 insertions, 1 deletions

diff --git a/common/cnd.te b/common/cnd.te
index 91bc97d5..e7da07b1 100644
--- a/common/cnd.te
+++ b/common/cnd.te
@@ -70,7 +70,10 @@ allow cnd mediaserver:file { open read };
 allow cnd self:socket create_socket_perms;
 
 # allow cnd to access ipa_dev
-allow cnd ipa_dev:chr_file r_file_perms;
+allow cnd ipa_dev:chr_file rw_file_perms;
 
 # allow access to nims
 allow cnd socket_device:dir remove_name;
+
+# allow access ipa tether stats file
+r_dir_file(cnd, ipacm_data_file)
diff --git a/common/ipacm.te b/common/ipacm.te
index 1c061fd1..1ea4b65d 100644
--- a/common/ipacm.te
+++ b/common/ipacm.te
@@ -6,6 +6,9 @@ type ipacm-diag_exec, exec_type, file_type;
 init_daemon_domain(ipacm)
 init_daemon_domain(ipacm-diag)
 
+# associate netdomain to use for accessing internet sockets
+net_domain(ipacm)
+
 userdebug_or_eng(`
   # Allow using the logging file between ipacm and ipacm-diag
   allow ipacm ipacm-diag:unix_dgram_socket sendto;
diff --git a/common/netd.te b/common/netd.te
index 54c83891..b5fdecc5 100644
--- a/common/netd.te
+++ b/common/netd.te
@@ -11,3 +11,6 @@ dontaudit netd self:capability sys_module;
 #needed for ipt_TCPMSS and ip6t_TCPMSS
 allow netd kernel:system module_request;
 unix_socket_connect(netd, cnd, cnd)
+
+# allow to read /data/misc/ipa/tether_stats file
+r_dir_file(netd, ipacm_data_file)