From fdd6206d685f80b896d6316d5fec4d6dfb5b8f5d Mon Sep 17 00:00:00 2001
From: Alexander Diewald <Diewi@diewald-net.com>
Date: Mon, 20 Nov 2017 22:43:14 +0100
Subject: shinano: sepolicy: Fix UIM denials.

* Grand access to qseecomd.
* Grant access to bluetooth properties.

Change-Id: Iacd41d8c313e1137c66e76da2ee2c4db7b3f4883
Signed-off-by: Alexander Diewald <Diewi@diewald-net.com>
---
 sepolicy/uim.te | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/sepolicy/uim.te b/sepolicy/uim.te
index 11b7fbf..6f8b30e 100644
--- a/sepolicy/uim.te
+++ b/sepolicy/uim.te
@@ -5,7 +5,6 @@ rw_dir_file(uim, brcm_ldisc_sysfs)
 rw_dir_file(uim, bluetooth_data_file)
 rw_dir_file(uim, sysfs_bluetooth_writable)
 allow uim brcm_uim_exec:file { entrypoint getattr read execute };
-allow uim hci_attach_dev:chr_file { read write open };
 allow uim self:capability { net_admin dac_override };
 allow uim rootfs:lnk_file getattr;
 allow uim ta_data_file:dir search;
@@ -13,4 +12,11 @@ allow uim bluetooth_prop:sock_file write;
 allow uim ta_data_file:file r_file_perms;
 allow uim hci_attach_dev:chr_file ioctl; 
 
+# Access to qseecomd
+allow uim tee_device:chr_file rw_file_perms;
+
+# Access to serial port
+allow uim hci_attach_dev:chr_file rw_file_perms;
 allowxperm uim hci_attach_dev:chr_file ioctl uim_sock_ipc_ioctls;
+
+get_prop(uim, bluetooth_prop)
-- 
cgit v1.2.3