From 7651d6d716cb6fd3ddb49e09b8cdd6bfbd82a62d Mon Sep 17 00:00:00 2001
From: Simon Shields <keepcalm444@gmail.com>
Date: Sat, 12 Dec 2015 15:24:33 +1100
Subject: i9300: more selinux fixes

Change-Id: Ifa1f39c78c8b4fb96ab3024a4f7cdb3cc9d732bd
---
 rootdir/init.target.rc | 6 ++++++
 selinux/gpsd.te        | 4 ++++
 selinux/init.te        | 2 ++
 selinux/macloader.te   | 1 +
 selinux/netd.te        | 2 ++
 5 files changed, 15 insertions(+)

diff --git a/rootdir/init.target.rc b/rootdir/init.target.rc
index c267195..4b9b015 100644
--- a/rootdir/init.target.rc
+++ b/rootdir/init.target.rc
@@ -34,6 +34,10 @@ on post-fs-data
     restorecon /sys/class/sec/gps/GPS_PWR_EN/value
     restorecon /sys/class/sec/gps/GPS_PWR_EN/direction
 
+    write /data/.cid.info 0
+    restorecon /data/.cid.info
+    restorecon /data/ISP_CV
+
 on fs
     # zram
     swapon_all /fstab.smdk4x12
@@ -54,3 +58,5 @@ service gps-daemon /system/bin/sh /system/bin/gps_daemon.sh
     user gps
     group system inet sdcard_rw gps
     seclabel u:r:glgps:s0
+
+
diff --git a/selinux/gpsd.te b/selinux/gpsd.te
index a65f3da..589d15f 100644
--- a/selinux/gpsd.te
+++ b/selinux/gpsd.te
@@ -13,9 +13,13 @@ allow glgps gps_data_file:file { create rw_file_perms };
 allow glgps gps_data_file:fifo_file { unlink create setattr getattr rw_file_perms };
 
 allow glgps node:udp_socket { node_bind name_bind };
+allow glgps port:tcp_socket name_connect;
+allow glgps self:tcp_socket { getopt write read };
 
 allow glgps sysfs:file { setattr write };
 allow glgps gps_device:chr_file { ioctl open read write };
 allow glgps glgps:udp_socket { create bind };
+allow glgps glgps:tcp_socket { create connect };
+allow glgps fwmarkd_socket:sock_file write;
 allow glgps dnsproxyd_socket:sock_file write;
 allow glgps netd:unix_stream_socket connectto;
diff --git a/selinux/init.te b/selinux/init.te
index d9d20c2..795e077 100644
--- a/selinux/init.te
+++ b/selinux/init.te
@@ -7,6 +7,8 @@ allow init sysfs_display:lnk_file { read setattr };
 allow init tmpfs:lnk_file create;
 allow init sysfs_sensor:lnk_file { setattr read };
 
+allow init rild:process noatsecure;
+
 domain_trans(init, rootfs, glgps)
 domain_trans(init, rootfs, cpboot-daemon)
 domain_trans(init, rootfs, tinyplay)
diff --git a/selinux/macloader.te b/selinux/macloader.te
index 580f0d1..464f201 100644
--- a/selinux/macloader.te
+++ b/selinux/macloader.te
@@ -6,3 +6,4 @@ allow macloader efs_file:dir search;
 allow macloader efs_device_file:dir search;
 allow macloader wifi_data_file:file { read getattr open write setattr };
 allow macloader self:capability { dac_override chown fowner fsetid };
+allow macloader system_data_file:dir w_dir_perms;
diff --git a/selinux/netd.te b/selinux/netd.te
index 2fdb809..eff1d89 100644
--- a/selinux/netd.te
+++ b/selinux/netd.te
@@ -1 +1,3 @@
 allow netd init:tcp_socket { read write getopt };
+allow netd glgps:fd use;
+allow netd glgps:tcp_socket { read write getopt setopt };
-- 
cgit v1.1