From f1e187447e26d6932cad13d1c347c93324b8cd95 Mon Sep 17 00:00:00 2001
From: Abhimanyu Garg <agarg@codeaurora.org>
Date: Wed, 9 Mar 2016 15:41:04 -0800
Subject: sepolicy: update iop socket path

iop socket path has been changed from /data/misc/iop/iop to
/dev/socket/iop.

Remove socket dir create policies from iop.te and replace with
rw socket file permissions.

Change-Id: I8fcef873b26234d517c319debcd09bf817fd75e2
---
 common/file_contexts    | 1 +
 common/iop.te           | 3 +--
 common/system_server.te | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/common/file_contexts b/common/file_contexts
index e18e6094..f761191c 100644
--- a/common/file_contexts
+++ b/common/file_contexts
@@ -98,6 +98,7 @@
 /dev/socket/perfd(/.*)?                         u:object_r:mpctl_socket:s0
 /dev/socket/perfd                               u:object_r:mpctl_socket:s0
 /dev/socket/gamed                               u:object_r:gamed_socket:s0
+/dev/socket/iop                                 u:object_r:iop_socket:s0
 /dev/socket/qlogd                               u:object_r:qlogd_socket:s0
 /dev/socket/ipacm_log_file                      u:object_r:ipacm_socket:s0
 /dev/socket/dpmd                                u:object_r:dpmd_socket:s0
diff --git a/common/iop.te b/common/iop.te
index c35fc478..5e739025 100644
--- a/common/iop.te
+++ b/common/iop.te
@@ -35,8 +35,7 @@ r_dir_file( dumpstate, appdomain );
 r_dir_file( dumpstate, apk_data_file );
 
 #Create a socket for receiving info from IOP
-type_transition dumpstate iop_data_file:sock_file iop_socket "iop";
-allow dumpstate iop_socket:sock_file { create_file_perms unlink };
+allow dumpstate iop_socket:sock_file rw_file_perms;
 
 #default_values file
 allow dumpstate iop_data_file:dir rw_dir_perms;
diff --git a/common/system_server.te b/common/system_server.te
index 569e1aba..87bfc53c 100644
--- a/common/system_server.te
+++ b/common/system_server.te
@@ -38,7 +38,7 @@ allow system_server { bluetooth_prop usf_prop }:property_service set;
 # required for ANT App to connectto wcnss_filter sockets
 allow system_server bluetooth:unix_stream_socket connectto;
 # access to iop
-allow system_server iop_data_file:dir r_dir_perms;
+allow system_server iop_socket:dir r_dir_perms;
 unix_socket_send(system_server, iop, dumpstate)
 unix_socket_connect(system_server, iop, dumpstate)
 
-- 
cgit v1.2.3