From e332742721ba26759c44709a4ad7f9a829544903 Mon Sep 17 00:00:00 2001
From: Christopher Wiley <wiley@google.com>
Date: Tue, 17 May 2016 08:59:37 -0700
Subject: [PATCH] Fix rild policy to accomodate minijail

Fix denials related to lack of setgid and setpcap priviledges.
These were introduced when minijail was used to do sandboxing.

Bug: 28178548
Change-Id: I85fd4abbe55258de61d20d827baf59bbca0679e7
Test: rild no longer crash loops
---
 rild.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rild.te b/rild.te
index ca63d3306..c63f2e729 100644
--- a/rild.te
+++ b/rild.te
@@ -6,7 +6,7 @@ init_daemon_domain(rild)
 net_domain(rild)
 allow rild self:netlink_route_socket nlmsg_write;
 allow rild kernel:system module_request;
-allow rild self:capability { setuid net_admin net_raw };
+allow rild self:capability { setpcap setgid setuid net_admin net_raw };
 allow rild alarm_device:chr_file rw_file_perms;
 allow rild cgroup:dir create_dir_perms;
 allow rild radio_device:chr_file rw_file_perms;
-- 
GitLab