From 98840e76ed3af36567ff46075834fee83071fd28 Mon Sep 17 00:00:00 2001
From: Skylar Chang <chiaweic@codeaurora.org>
Date: Mon, 9 Mar 2015 12:58:40 -0700
Subject: Sepolicy: allow ipacm to be in net group

adding rule to allow ipacm to open socket via
cnd in net_domain

Change-Id: Ie96075f9e05c8eba425cf58d73608920cc39cb2f
---
 common/ipacm.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/common/ipacm.te b/common/ipacm.te
index 1c061fd1..1ea4b65d 100644
--- a/common/ipacm.te
+++ b/common/ipacm.te
@@ -6,6 +6,9 @@ type ipacm-diag_exec, exec_type, file_type;
 init_daemon_domain(ipacm)
 init_daemon_domain(ipacm-diag)
 
+# associate netdomain to use for accessing internet sockets
+net_domain(ipacm)
+
 userdebug_or_eng(`
   # Allow using the logging file between ipacm and ipacm-diag
   allow ipacm ipacm-diag:unix_dgram_socket sendto;
-- 
cgit v1.2.3


From 62464d7b1fb909bb9f7df5c54e6ee5d2c4360845 Mon Sep 17 00:00:00 2001
From: Ravinder Konka <rkonka@codeaurora.org>
Date: Wed, 27 May 2015 17:18:26 +0530
Subject: sepolicy: Add selinux policy for ipa file read

Adding policies to read ipa tether_stats file

Change-Id: I23c2159505ae3b458e642d5b09f4bf6c7fe49077
CRs-Fixed: 816815
---
 common/netd.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/common/netd.te b/common/netd.te
index 54c83891..b5fdecc5 100644
--- a/common/netd.te
+++ b/common/netd.te
@@ -11,3 +11,6 @@ dontaudit netd self:capability sys_module;
 #needed for ipt_TCPMSS and ip6t_TCPMSS
 allow netd kernel:system module_request;
 unix_socket_connect(netd, cnd, cnd)
+
+# allow to read /data/misc/ipa/tether_stats file
+r_dir_file(netd, ipacm_data_file)
-- 
cgit v1.2.3


From 2e72dedc16e09522d4d622c0a3d5696bd3ff197e Mon Sep 17 00:00:00 2001
From: Ravinder Konka <rkonka@codeaurora.org>
Date: Wed, 27 May 2015 17:24:39 +0530
Subject: sepolicy : Add policy for ipa dev access

Adding policy to read/write ipa dev

Change-Id: I2e38d5418589277a7e6dfde89d71bbe712f9b8cd
CRs-Fixed: 816815
---
 common/cnd.te | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/common/cnd.te b/common/cnd.te
index 21e708a3..feaab6e0 100644
--- a/common/cnd.te
+++ b/common/cnd.te
@@ -70,7 +70,10 @@ allow cnd mediaserver:file { open read };
 allow cnd self:socket create_socket_perms;
 
 # allow cnd to access ipa_dev
-allow cnd ipa_dev:chr_file r_file_perms;
+allow cnd ipa_dev:chr_file rw_file_perms;
 
 # allow access to nims
 allow cnd socket_device:dir remove_name;
+
+# allow access ipa tether stats file
+r_dir_file(cnd, ipacm_data_file)
-- 
cgit v1.2.3