shinano: Resolve mlog_qmi related denials.

* Create socket perms for the own socket. * Allow access to qseecom. Change-Id: Ifbd5f08f1d9bbbadc3ba94ad79d1e8f7f5286635 Signed-off-by: Alexander Diewald <Diewi@diewald-net.com>
author: Alexander Diewald <Diewi@diewald-net.com> 2017-11-09 14:42:36 +0100
committer: Arian <arian.kulmer@web.de> 2019-10-07 11:11:29 +0200
commit: 895c0fb6fbfef5d648ca5749ed594369a1e6b1cd (patch)
tree: 69256e47558722430445de1fb791cbfdbad2dd77
parent: e17643d703870a2450b1c6deb264292eb0192402 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/sepolicy/mlog_qmi.te b/sepolicy/mlog_qmi.te
index d0332e3..d41a788 100644
--- a/sepolicy/mlog_qmi.te
+++ b/sepolicy/mlog_qmi.te
@@ -5,7 +5,11 @@ type mlog_qmi_exec, exec_type, file_type;
 init_daemon_domain(mlog_qmi)
 
 allow mlog_qmi self:capability { net_raw net_bind_service };
-allow mlog_qmi self:socket read;
+allow mlog_qmi self:socket create_socket_perms_no_ioctl;
 
 # Access to /dev/smem_log
 allow mlog_qmi smem_log_device:chr_file rw_file_perms;
+
+# qseecom
+allow mlog_qmi tee_device:chr_file rw_file_perms;
+allowxperm mlog_qmi tee_device:chr_file ioctl qseecom_sock_ipc_ioctls;
author	Alexander Diewald <Diewi@diewald-net.com>	2017-11-09 14:42:36 +0100
committer	Arian <arian.kulmer@web.de>	2019-10-07 11:11:29 +0200
commit	895c0fb6fbfef5d648ca5749ed594369a1e6b1cd (patch)
tree	69256e47558722430445de1fb791cbfdbad2dd77
parent	e17643d703870a2450b1c6deb264292eb0192402 (diff)