Merge "Handle some diag-related denials." into pi-dev

am: 9bca65d293

Change-Id: Ia8ff1c5ede576b837d80d5ff6562ccec8b926059

sepolicy/vendor/hal_gnss_qti.te

@@ -32,8 +32,10 @@ allow hal_gnss_qti self:netlink_route_socket { bind create nlmsg_read read write
 
 userdebug_or_eng(`
   allow hal_gnss_qti diag_device:chr_file rw_file_perms;
+  r_dir_file(hal_gnss_qti, sysfs_diag)
 ')
 dontaudit hal_gnss_qti diag_device:chr_file rw_file_perms;
+dontaudit hal_gnss_qti sysfs_diag:dir search;
 
 # Most HALs are not allowed to use network sockets. Qcom library
 # libqdi is used across multiple processes which are clients of

sepolicy/vendor/qti.te

@@ -17,5 +17,7 @@ r_dir_file(qti, sysfs_msm_subsys)
 
 userdebug_or_eng(`
   allow qti diag_device:chr_file rw_file_perms;
+  r_dir_file(qti, sysfs_diag)
 ')
 dontaudit qti diag_device:chr_file rw_file_perms;
+dontaudit qti sysfs_diag:dir search;

sepolicy/vendor/radio.te

@@ -25,6 +25,11 @@ allow radio avtimer_device:chr_file r_file_perms;
 
 binder_call(radio, hal_imsrtp)
 
+userdebug_or_eng(`
+  allow radio diag_device:chr_file rw_file_perms;
+')
+dontaudit radio diag_device:chr_file rw_file_perms;
+
 # read /proc/cmdline
 allow radio proc_cmdline:file r_file_perms;