From 4c1bb0c66e150edcdf40375ecebb0190fadce242 Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Thu, 9 Nov 2017 09:57:31 -0800
Subject: [PATCH] Grant HALs access to diag_device

avc: denied { read write } for comm="imsrcsd" name="diag"
dev="tmpfs" ino=9694 scontext=u:r:hal_rcsservice:s0
tcontext=u:object_r:diag_device:s0 tclass=chr_file
avc: denied { read write } for comm="ims_rtp_daemon"
name="diag" dev="tmpfs" ino=9694 scontext=u:r:hal_imsrtp:s0
tcontext=u:object_r:diag_device:s0 tclass=chr_file

Bug: 68705274
Test: build
Change-Id: I39f21c1e01001ea83d38461b450e42db1d21991d
---
 sepolicy/vendor/hal_imsrtp.te     | 5 +++++
 sepolicy/vendor/hal_rcsservice.te | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/sepolicy/vendor/hal_imsrtp.te b/sepolicy/vendor/hal_imsrtp.te
index a3950190..e55ec4de 100644
--- a/sepolicy/vendor/hal_imsrtp.te
+++ b/sepolicy/vendor/hal_imsrtp.te
@@ -30,3 +30,8 @@ r_dir_file(hal_imsrtp, sysfs_soc)
 allow hal_imsrtp ion_device:chr_file r_file_perms;
 get_prop(hal_imsrtp, ims_prop)
 binder_call(hal_imsrtp, radio)
+
+userdebug_or_eng(`
+  allow hal_imsrtp diag_device:chr_file rw_file_perms;
+')
+dontaudit hal_imsrtp diag_device:chr_file rw_file_perms;
diff --git a/sepolicy/vendor/hal_rcsservice.te b/sepolicy/vendor/hal_rcsservice.te
index 7de16c8d..cd16cfa9 100644
--- a/sepolicy/vendor/hal_rcsservice.te
+++ b/sepolicy/vendor/hal_rcsservice.te
@@ -27,3 +27,8 @@ binder_call(hal_rcsservice, dataservice_app)
 
 # imsrcsd needs read/write access to devpts
 allow hal_rcsservice devpts:chr_file rw_file_perms;
+
+userdebug_or_eng(`
+  allow hal_rcsservice diag_device:chr_file rw_file_perms;
+')
+dontaudit hal_rcsservice diag_device:chr_file rw_file_perms;