From 365c33bb3705e3c3f41b4ba45535ee9fdd89fc05 Mon Sep 17 00:00:00 2001
From: Max Bires <jbires@google.com>
Date: Thu, 12 Oct 2017 17:05:35 -0700
Subject: [PATCH] Adding rw access to diag_device for hal_gnss_qti

denied { read write } for pid=751 comm="Loc_hal" name="diag" dev="tmpfs"
ino=10674 scontext=u:r:hal_gnss_qti:s0
tcontext=u:object_r:diag_device:s0 tclass=chr_file

Test: on userdebug/eng builds, hal_gnss_qti can access diag_device
without generating denials

Change-Id: I571e4a4a470f3550c22a7af3145468baa4e0a155
---
 sepolicy/vendor/hal_gnss_qti.te | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/sepolicy/vendor/hal_gnss_qti.te b/sepolicy/vendor/hal_gnss_qti.te
index 74620f8d..d2638aff 100644
--- a/sepolicy/vendor/hal_gnss_qti.te
+++ b/sepolicy/vendor/hal_gnss_qti.te
@@ -30,6 +30,11 @@ allow hal_gnss_qti netmgrd_socket:dir search;
 allow hal_gnss_qti self:netlink_generic_socket { bind create read };
 allow hal_gnss_qti self:netlink_route_socket { bind create nlmsg_read read write };
 
+userdebug_or_eng(`
+  allow hal_gnss_qti diag_device:chr_file rw_file_perms;
+')
+dontaudit hal_gnss_qti diag_device:chr_file rw_file_perms;
+
 # Most HALs are not allowed to use network sockets. Qcom library
 # libqdi is used across multiple processes which are clients of
 # netmgrd including the GNSS HAL. libqdi first attempts to get the network