From 7651d6d716cb6fd3ddb49e09b8cdd6bfbd82a62d Mon Sep 17 00:00:00 2001
From: Simon Shields <keepcalm444@gmail.com>
Date: Sat, 12 Dec 2015 15:24:33 +1100
Subject: i9300: more selinux fixes

Change-Id: Ifa1f39c78c8b4fb96ab3024a4f7cdb3cc9d732bd
---
 selinux/gpsd.te      | 4 ++++
 selinux/init.te      | 2 ++
 selinux/macloader.te | 1 +
 selinux/netd.te      | 2 ++
 4 files changed, 9 insertions(+)

(limited to 'selinux')

diff --git a/selinux/gpsd.te b/selinux/gpsd.te
index a65f3da..589d15f 100644
--- a/selinux/gpsd.te
+++ b/selinux/gpsd.te
@@ -13,9 +13,13 @@ allow glgps gps_data_file:file { create rw_file_perms };
 allow glgps gps_data_file:fifo_file { unlink create setattr getattr rw_file_perms };
 
 allow glgps node:udp_socket { node_bind name_bind };
+allow glgps port:tcp_socket name_connect;
+allow glgps self:tcp_socket { getopt write read };
 
 allow glgps sysfs:file { setattr write };
 allow glgps gps_device:chr_file { ioctl open read write };
 allow glgps glgps:udp_socket { create bind };
+allow glgps glgps:tcp_socket { create connect };
+allow glgps fwmarkd_socket:sock_file write;
 allow glgps dnsproxyd_socket:sock_file write;
 allow glgps netd:unix_stream_socket connectto;
diff --git a/selinux/init.te b/selinux/init.te
index d9d20c2..795e077 100644
--- a/selinux/init.te
+++ b/selinux/init.te
@@ -7,6 +7,8 @@ allow init sysfs_display:lnk_file { read setattr };
 allow init tmpfs:lnk_file create;
 allow init sysfs_sensor:lnk_file { setattr read };
 
+allow init rild:process noatsecure;
+
 domain_trans(init, rootfs, glgps)
 domain_trans(init, rootfs, cpboot-daemon)
 domain_trans(init, rootfs, tinyplay)
diff --git a/selinux/macloader.te b/selinux/macloader.te
index 580f0d1..464f201 100644
--- a/selinux/macloader.te
+++ b/selinux/macloader.te
@@ -6,3 +6,4 @@ allow macloader efs_file:dir search;
 allow macloader efs_device_file:dir search;
 allow macloader wifi_data_file:file { read getattr open write setattr };
 allow macloader self:capability { dac_override chown fowner fsetid };
+allow macloader system_data_file:dir w_dir_perms;
diff --git a/selinux/netd.te b/selinux/netd.te
index 2fdb809..eff1d89 100644
--- a/selinux/netd.te
+++ b/selinux/netd.te
@@ -1 +1,3 @@
 allow netd init:tcp_socket { read write getopt };
+allow netd glgps:fd use;
+allow netd glgps:tcp_socket { read write getopt setopt };
-- 
cgit v1.1