From 858ee59a8df8fe7172f186507490cac02549338b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cosme=20Dom=C3=ADnguez=20D=C3=ADaz?= <cosme.ddiaz@gmail.com>
Date: Sun, 11 Mar 2018 00:12:34 +0100
Subject: msm8996-common: Fix hal_bluetooth_default SELinux denials:

  * avc: denied { write } for pid=484 comm=bluetooth@1.0-s name=bluedroid dev=sda10 ino=3465222 scontext=u:r:hal_bluetooth_default:s0 tcontext=u:object_r:bluetooth_data_file:s0 tclass=dir permissive=0

Fix ims SELinux denials:

  * avc:  denied  { set } for property=ctl.imsrcsd pid=715 uid=1000 gid=1000 scontext=u:r:ims:s0 tcontext=u:object_r:ctl_default_prop:s0 tclass=property_service permissive=0

Fix vold SELinux denials:

  * avc: denied { open } for path="/data/system_de/0/spblob/01e7bcfa0f8c0631.secdis" dev="sda10" ino=3031052 scontext=u:r:vold:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0

Fix system_app SELinux denials:

  * avc: denied { call } for pid=6251 comm=4173796E635461736B20233130 scontext=u:r:system_app:s0 tcontext=u:r:wificond:s0 tclass=binder permissive=0
  * avc: denied { find } for service=installd pid=6251 uid=1000 scontext=u:r:system_app:s0 tcontext=u:object_r:installd_service:s0 tclass=service_manager permissive=0
---
 sepolicy/hal_bluetooth_default.te | 2 +-
 sepolicy/ims.te                   | 1 +
 sepolicy/system_app.te            | 1 +
 sepolicy/vold.te                  | 1 +
 4 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/sepolicy/hal_bluetooth_default.te b/sepolicy/hal_bluetooth_default.te
index d7266e1..fbe2fb9 100644
--- a/sepolicy/hal_bluetooth_default.te
+++ b/sepolicy/hal_bluetooth_default.te
@@ -1,3 +1,3 @@
-allow hal_bluetooth_default bluetooth_data_file:dir search;
+allow hal_bluetooth_default bluetooth_data_file:dir { search write };
 allow hal_bluetooth_default bluetooth_data_file:file { append getattr open read write };
 allow hal_bluetooth_default wcnss_filter:unix_stream_socket { connectto };
diff --git a/sepolicy/ims.te b/sepolicy/ims.te
index d9d0cb0..00ed504 100644
--- a/sepolicy/ims.te
+++ b/sepolicy/ims.te
@@ -1 +1,2 @@
 allow ims ims:capability net_raw;
+allow ims ctl_default_prop:property_service set;
diff --git a/sepolicy/system_app.te b/sepolicy/system_app.te
index 44c918c..7de707d 100644
--- a/sepolicy/system_app.te
+++ b/sepolicy/system_app.te
@@ -1,2 +1,3 @@
 allow system_app sysfs_fpc_proximity:file rw_file_perms;
 allow system_app time_daemon:unix_stream_socket connectto;
+allow system_app wificond:binder call;
diff --git a/sepolicy/vold.te b/sepolicy/vold.te
index d2533cb..ef3c943 100644
--- a/sepolicy/vold.te
+++ b/sepolicy/vold.te
@@ -1 +1,2 @@
 allow vold persist_file:dir { ioctl open read };
+allow vold system_data_file:file { open };
-- 
cgit v1.2.3