From 2032d4e1d048ecafa3118ce6899b59ab0731258c Mon Sep 17 00:00:00 2001
From: "Kyunam.jo" <kyunam.jo@lge.com>
Date: Wed, 26 Apr 2017 03:32:44 +0900
Subject: [PATCH] Fixed boot issue selinux policy.

denied { search } for pid=663 comm="rmt_storage" name="block" dev="tmpfs" ino=20145 scontext=u:r:rmt_storage:s0 tcontext=u:object_r:block_device:s0 tclass=dir permissive=0 duplicate messages suppressed
denied { read write } for pid=661 comm="sensors.qcom" name="diag" dev="tmpfs" ino=22650 scontext=u:r:sensors:s0 tcontext=u:object_r:diag_device:s0 tclass=chr_file permissive=0
denied { net_bind_service } for pid=1167 comm="sensors.qcom" capability=10 scontext=u:r:sensors:s0 tcontext=u:r:sensors:s0 tclass=capability permissive=0
denied { read write } for pid=1165 comm="sensors.qcom" name="diag" dev="tmpfs" ino=21593 scontext=u:r:sensors:s0 tcontext=u:object_r:diag_device:s0 tclass=chr_file permissive=0
denied { read write } for pid=1165 comm="sensors.qcom" name="diag" dev="tmpfs" ino=21593 scontext=u:r:sensors:s0 tcontext=u:object_r:diag_device:s0 tclass=chr_file permissive=0
denied { search } for pid=1165 comm="sensors.qcom" name="/" dev="sda4" ino=2 scontext=u:r:sensors:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=0

Change-Id: I081c5ebb798245693fcf7ad6ec3df63b6f3bf67a
---
 sepolicy/rmt_storage.te |  1 +
 sepolicy/sensors.te     | 10 +++++++---
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/sepolicy/rmt_storage.te b/sepolicy/rmt_storage.te
index b6dcb77b..e2dda92a 100644
--- a/sepolicy/rmt_storage.te
+++ b/sepolicy/rmt_storage.te
@@ -9,6 +9,7 @@ allow rmt_storage self:capability { net_bind_service setgid setpcap setuid };
 
 allow rmt_storage modem_block_device:blk_file rw_file_perms;
 allow rmt_storage uio_device:chr_file rw_file_perms;
+allow rmt_storage block_device:dir search;
 
 allow rmt_storage sysfs_uio:dir r_dir_perms;
 allow rmt_storage sysfs_uio:lnk_file r_file_perms;
diff --git a/sepolicy/sensors.te b/sepolicy/sensors.te
index f6c90045..7b9db420 100644
--- a/sepolicy/sensors.te
+++ b/sepolicy/sensors.te
@@ -4,7 +4,11 @@ type sensors_exec, exec_type, vendor_file_type, file_type;
 
 init_daemon_domain(sensors)
 
-allow sensors self:capability { setgid setuid };
+allow sensors self:capability {
+    setuid
+    setgid
+    net_bind_service
+};
 
 allow sensors self:socket create_socket_perms;
 allowxperm sensors self:socket ioctl msm_sock_ipc_ioctls;
@@ -12,10 +16,10 @@ allowxperm sensors self:socket ioctl msm_sock_ipc_ioctls;
 allow sensors persist_sensors_file:dir r_dir_perms;
 allow sensors persist_sensors_file:file rw_file_perms;
 allow sensors persist_sensors_file:dir r_dir_perms;
-allow sensors persist_file:dir getattr;
+allow sensors persist_file:dir { getattr search };
 
 allow sensors system_file:dir r_dir_perms;
-allow sensors sensors_device:chr_file r_file_perms;
+allow sensors sensors_device:chr_file rw_file_perms;
 
 r_dir_file(sensors, sysfs_msm_subsys)