Change /dev/ion from read-only to read-write

Even though /dev/ion can allocate memory when opened in read-only mode, some processes seem to unnecessarily open it in read-write mode. This doesn't seem to be harmful, and was originally allowed in domain_deprecated. Re-allow it. Bug: 25965160 Change-Id: Icaf948be89a8f2805e9b6a22633fa05b69988e4f

Change /dev/ion from read-only to read-write
71fd337f · Nick Kralevich · 9a3d490e · 71fd337f · 71fd337f
Commit 71fd337f authored 9 years ago by Nick Kralevich
--- a/adbd.te
+++ b/adbd.te
@@ -62,7 +62,7 @@ binder_use(adbd)
 binder_call(adbd, surfaceflinger)
 # b/13188914
 allow adbd gpu_device:chr_file rw_file_perms;
-allow adbd ion_device:chr_file r_file_perms;
+allow adbd ion_device:chr_file rw_file_perms;
 r_dir_file(adbd, system_file)

 # Read /data/misc/adb/adb_keys.

--- a/shell.te
+++ b/shell.te
@@ -125,4 +125,4 @@ allow shell self:process ptrace;
 neverallow shell file_type:file link;

 # Allow access to ion memory allocation device.
-allow shell ion_device:chr_file { open read };
+allow shell ion_device:chr_file rw_file_perms;