From f6f87105d45795f284855ad69167ee704b08f4a9 Mon Sep 17 00:00:00 2001
From: William Roberts <bill.c.roberts@gmail.com>
Date: Thu, 7 Jun 2012 11:52:51 -0400
Subject: [PATCH] Remove all denials caused by rild on tuna devices. Tested on
 a maguro variant.

---
 nfc.te     | 1 +
 rild.te    | 8 ++++++++
 ueventd.te | 4 +++-
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/nfc.te b/nfc.te
index 72c2d69b7..9a354bb58 100644
--- a/nfc.te
+++ b/nfc.te
@@ -10,3 +10,4 @@ allow nfc nfc_data_file:dir create_dir_perms;
 allow nfc nfc_data_file:notdevfile_class_set create_file_perms;
 
 allow nfc sysfs_nfc_power_writable:file rw_file_perms;
+allow nfc sysfs:file write;
diff --git a/rild.te b/rild.te
index e65fc362e..85c85a56a 100644
--- a/rild.te
+++ b/rild.te
@@ -12,12 +12,20 @@ allow rild self:capability { setuid net_admin net_raw };
 allow rild alarm_device:chr_file rw_file_perms;
 allow rild cgroup:dir create_dir_perms;
 allow rild radio_device:chr_file rw_file_perms;
+allow rild radio_device:blk_file r_file_perms;
 allow rild qemu_device:chr_file rw_file_perms;
 allow rild mtd_device:dir search;
 allow rild efs_file:dir create_dir_perms;
 allow rild efs_file:file create_file_perms;
 allow rild shell_exec:file rx_file_perms;
 allow rild bluetooth_efs_file:file r_file_perms;
+allow rild radio_data_file:dir r_dir_perms;
+allow rild radio_data_file:file rw_file_perms;
+allow rild radio_device:lnk_file r_file_perms;
+allow rild sdcard:dir r_dir_perms;
+allow rild system_data_file:dir create_dir_perms;
+allow rild system_data_file:file create_file_perms;
+allow rild system_file:file x_file_perms;
 dontaudit rild self:capability sys_admin;
 # XXX Label sysfs files with a specific type?
 allow rild sysfs:file rw_file_perms;
diff --git a/ueventd.te b/ueventd.te
index 5e513322c..81a660f89 100644
--- a/ueventd.te
+++ b/ueventd.te
@@ -5,7 +5,7 @@ tmpfs_domain(ueventd)
 allow ueventd rootfs:file r_file_perms;
 allow ueventd rootfs:file entrypoint;
 allow ueventd init:process sigchld;
-allow ueventd self:capability { chown mknod net_admin setgid fsetid };
+allow ueventd self:capability { chown mknod net_admin setgid fsetid sys_rawio dac_override };
 allow ueventd device:file create_file_perms;
 allow ueventd device:chr_file rw_file_perms;
 allow ueventd sysfs:file rw_file_perms;
@@ -16,3 +16,5 @@ allow ueventd dev_type:lnk_file { create unlink };
 allow ueventd dev_type:chr_file { create setattr unlink };
 allow ueventd dev_type:blk_file { create setattr unlink };
 allow ueventd self:netlink_kobject_uevent_socket *;
+allow ueventd efs_file:dir search;
+allow ueventd efs_file:file r_file_perms;
-- 
GitLab