From d6bf24251e9bfd28b4c6b24484a2f1fe48455321 Mon Sep 17 00:00:00 2001
From: Max Bires <jbires@google.com>
Date: Wed, 31 May 2017 16:12:02 -0700
Subject: [PATCH] Fixing some radio/ueventd/tee denials

denied  { write } for  pid=559 comm="ueventd" name="uevent" dev="sysfs"
ino=53168 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_usb_c:s0
tclass=file

denied { open } for pid=7321 comm="elephonymonitor"
path="/dev/__properties__/u:object_r:tel_mon_prop:s0" dev="tmpfs"
ino=18893 scontext=u:r:radio:s0 tcontext=u:object_r:tel_mon_prop:s0
tclass=file

denied  { set } for property=rcs.publish.status pid=4829 uid=1001
gid=1001 scontext=u:r:radio:s0 tcontext=u:object_r:default_prop:s0
tclass=property_service

denied  { set } for property=persist.radio.enable_tel_mon pid=10182
uid=1001 gid=1001 scontext=u:r:radio:s0
tcontext=u:object_r:tel_mon_prop:s0 tclass=property_service

Bug: 34784662
Test: These denials no longer appear during phone operation
Change-Id: I0f38e4f7e937c79d60eb2d4c607bcb62694f973b
---
 sepolicy/vendor/property_contexts | 1 +
 sepolicy/vendor/ueventd.te        | 1 +
 2 files changed, 2 insertions(+)

diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts
index a5eb880a..fcc78c42 100644
--- a/sepolicy/vendor/property_contexts
+++ b/sepolicy/vendor/property_contexts
@@ -8,6 +8,7 @@ net.r_rmnet_data0          u:object_r:net_rmnet_prop:s0
 persist.net.doxlat         u:object_r:net_radio_prop:s0
 sys.post_boot.             u:object_r:post_boot_prop:s0
 radio.                     u:object_r:radio_prop:s0
+rcs.publish.status         u:object_r:radio_prop:s0
 debug.htc.hrdump           u:object_r:ramdump_prop:s0
 debug.htc.ramdump          u:object_r:ramdump_prop:s0
 persist.sys.crash_rcu      u:object_r:ramdump_prop:s0
diff --git a/sepolicy/vendor/ueventd.te b/sepolicy/vendor/ueventd.te
index f2f82b16..29b13eba 100644
--- a/sepolicy/vendor/ueventd.te
+++ b/sepolicy/vendor/ueventd.te
@@ -10,6 +10,7 @@ allow ueventd sysfs_soc:file w_file_perms;
 allow ueventd sysfs_net:file w_file_perms;
 allow ueventd sysfs_msm_subsys:file w_file_perms;
 allow ueventd sysfs_bluetooth_writable:file w_file_perms;
+allow ueventd sysfs_usb_c:file w_file_perms;
 allow ueventd firmware_file:dir search;
 allow ueventd firmware_file:file r_file_perms;
 allow ueventd tmpfs:blk_file getattr;