From aa376831e88cf08a6c6e73bfcf05345412a357bb Mon Sep 17 00:00:00 2001
From: Robert Craig <rpcraig@tycho.ncsc.mil>
Date: Thu, 5 Dec 2013 17:24:03 -0500
Subject: [PATCH] Fix new rild denials.

Denials seen on hammerhead but seem
appropriate for general policy.

<5>[ 8.339347] type=1400 audit(3731546.390:17): avc: denied { ioctl } for pid=314 comm="rild" path="socket:[7996]" dev="sockfs" ino=7996 scontext=u:r:rild:s0 tcontext=u:r:rild:s0 tclass=socket
<5>[ 8.339065] type=1400 audit(3731546.390:16): avc: denied { create } for pid=314 comm="rild" scontext=u:r:rild:s0 tcontext=u:r:rild:s0 tclass=socket
<5>[ 11.232121] type=1400 audit(3731549.289:22): avc: denied { read } for pid=620 comm="rild" scontext=u:r:rild:s0 tcontext=u:r:rild:s0 tclass=socket

Change-Id: Ieaca5360afbb44d5da21c7c24bdd5e7c5758f0a2
---
 rild.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/rild.te b/rild.te
index d9752f799..5bc0b6264 100644
--- a/rild.te
+++ b/rild.te
@@ -45,3 +45,5 @@ allow rild self:netlink_kobject_uevent_socket { bind create getopt read setopt }
 
 # Access to wake locks
 allow rild sysfs_wake_lock:file rw_file_perms;
+
+allow rild self:socket create_socket_perms;
-- 
GitLab