Seandroid: Add policy to enable voice and data call

Adding policy to enable voice add data call

Change-Id: Iae2b204b041689814d49cf0f5d34701ff86ca7ea

7 files changed, 23 insertions, 4 deletions

diff --git a/Android.mk b/Android.mk
index 6072c5b2..d6a19aed 100644
--- a/Android.mk
+++ b/Android.mk
@@ -65,7 +65,8 @@ BOARD_SEPOLICY_UNION := \
        zygote.te \
        mdm_helper.te \
        peripheral_manager.te \
-       qcomsysd.te
+       qcomsysd.te \
+       servicemanager.te
 
 # Compile sensor pilicy only for SSC targets
 SSC_TARGET_LIST := apq8084
diff --git a/common/mediaserver.te b/common/mediaserver.te
index 731ea42d..ef3dcd52 100644
--- a/common/mediaserver.te
+++ b/common/mediaserver.te
@@ -12,3 +12,6 @@ binder_call(mediaserver, rild)
 
 qmux_socket(mediaserver)
 allow mediaserver camera_data_file:sock_file write;
+
+allow mediaserver sysfs_esoc:dir r_dir_perms;
+allow mediaserver sysfs_esoc:lnk_file read;
diff --git a/common/netmgrd.te b/common/netmgrd.te
index ff6cd9f8..2181235a 100644
--- a/common/netmgrd.te
+++ b/common/netmgrd.te
@@ -28,7 +28,7 @@ allow netmgrd netmgrd:netlink_socket { write read create bind };
 allow netmgrd netmgrd:socket { create ioctl };
 allow netmgrd netmgrd:netlink_route_socket { setopt getattr write nlmsg_write };
 allow netmgrd init:unix_stream_socket { connectto };
-allow netmgrd property_socket:sock_file { write };
+allow netmgrd property_socket:sock_file write;
 
 qmux_socket(netmgrd);
 
@@ -43,12 +43,13 @@ allow netmgrd net_radio_prop:property_service { set };
 
 #Allow execution of commands in shell
 allow netmgrd system_file:file { execute_no_trans };
-allow netmgrd shell_exec:file { execute read open };
 
 allow netmgrd self:socket read;
+allow netmgrd sysfs_esoc:dir r_dir_perms;
 
 #Allow communication with netd
 allow netmgrd netd_socket:sock_file write;
 
 #Allow nemtgrd to use esoc api's to determine target
-allow netmgrd sysfs_esoc:dir { search };
+allow netmgrd shell_exec:file { execute r_file_perms execute_no_trans };
+allow netmgrd sysfs_esoc:lnk_file read;
diff --git a/common/qmuxd.te b/common/qmuxd.te
index 2c78b2c5..c69a3ac3 100644
--- a/common/qmuxd.te
+++ b/common/qmuxd.te
@@ -38,3 +38,7 @@ allow qmuxd self:capability { setuid setgid setpcap dac_override };
 
 #Allow qmuxd to have the CAP_BLOCK_SUSPEND capability
 allow qmuxd qmuxd:capability2 { block_suspend };
+
+allow qmuxd sysfs_esoc:dir r_dir_perms;
+allow qmuxd sysfs_hsic_modem_wait:file w_file_perms;
+allow qmuxd sysfs_esoc:lnk_file read;
diff --git a/common/radio.te b/common/radio.te
index f8e3ace2..b7f248ca 100644
--- a/common/radio.te
+++ b/common/radio.te
@@ -4,3 +4,4 @@ allow radio ims_socket:sock_file write;
 
 #Need permission to execute com.qualcomm.qti.telephony/app_dex/xx
 allow radio radio_data_file:file execute;
+allow radio shell_data_file:dir search;
diff --git a/common/rild.te b/common/rild.te
index 24153b2c..73631c0d 100644
--- a/common/rild.te
+++ b/common/rild.te
@@ -15,3 +15,9 @@ allow rild mediaserver:binder { transfer call };
 
 #allow rild diag_device:chr_file { open read write };
 allow rild rild_socket:chr_file { open read write };
+
+allow rild sysfs_ssr:dir r_dir_perms;
+allow rild sysfs_ssr:lnk_file read;
+allow rild system_data_file:dir w_dir_perms;
+allow rild system_data_file:file create_file_perms;
+allow rild time_daemon:unix_stream_socket connectto;
diff --git a/common/servicemanager.te b/common/servicemanager.te
new file mode 100644
index 00000000..2949b4d1
--- /dev/null
+++ b/common/servicemanager.te
@@ -0,0 +1,3 @@
+allow servicemanager rild:dir search;
+allow servicemanager rild:file r_file_perms;
+allow servicemanager rild:process getattr;