From 1ea059b2eaa0b303ab621caa98f2c023c4cdab9b Mon Sep 17 00:00:00 2001
From: iusmac <iusico.maxim@libero.it>
Date: Sat, 26 Feb 2022 13:51:11 +0100
Subject: [PATCH] sm7250-common: sepolicy: Adress IORap usap_pool denial

W FinalizerDaemon: type=1400 audit(0.0:532): avc: denied { getopt } for path="/dev/socket/usap_pool_primary" scontext=u:r:radio:s0 tcontext=u:r:zygote:s0 tclass=unix_stream_socket permissive=0

Signed-off-by: iusmac <iusico.maxim@libero.it>
---
 sepolicy/private/untrusted_app.te   | 1 +
 sepolicy/private/updater_app.te     | 1 +
 sepolicy/vendor/mediaprovider.te    | 1 +
 sepolicy/vendor/platform_app.te     | 1 +
 sepolicy/vendor/radio.te            | 1 +
 sepolicy/vendor/shell.te            | 1 +
 sepolicy/vendor/traceur_app.te      | 1 +
 sepolicy/vendor/untrusted_app_27.te | 1 +
 sepolicy/vendor/untrusted_app_29.te | 1 +
 9 files changed, 9 insertions(+)
 create mode 100644 sepolicy/private/untrusted_app.te
 create mode 100644 sepolicy/private/updater_app.te
 create mode 100644 sepolicy/vendor/mediaprovider.te
 create mode 100644 sepolicy/vendor/platform_app.te
 create mode 100644 sepolicy/vendor/shell.te
 create mode 100644 sepolicy/vendor/traceur_app.te
 create mode 100644 sepolicy/vendor/untrusted_app_27.te
 create mode 100644 sepolicy/vendor/untrusted_app_29.te

diff --git a/sepolicy/private/untrusted_app.te b/sepolicy/private/untrusted_app.te
new file mode 100644
index 0000000..478403a
--- /dev/null
+++ b/sepolicy/private/untrusted_app.te
@@ -0,0 +1 @@
+allow untrusted_app zygote:unix_stream_socket { getopt };
diff --git a/sepolicy/private/updater_app.te b/sepolicy/private/updater_app.te
new file mode 100644
index 0000000..f4ae8f7
--- /dev/null
+++ b/sepolicy/private/updater_app.te
@@ -0,0 +1 @@
+allow updater_app zygote:unix_stream_socket { getopt };
diff --git a/sepolicy/vendor/mediaprovider.te b/sepolicy/vendor/mediaprovider.te
new file mode 100644
index 0000000..ee80bb9
--- /dev/null
+++ b/sepolicy/vendor/mediaprovider.te
@@ -0,0 +1 @@
+allow mediaprovider zygote:unix_stream_socket { getopt };
diff --git a/sepolicy/vendor/platform_app.te b/sepolicy/vendor/platform_app.te
new file mode 100644
index 0000000..3e55585
--- /dev/null
+++ b/sepolicy/vendor/platform_app.te
@@ -0,0 +1 @@
+allow platform_app zygote:unix_stream_socket { getopt };
\ No newline at end of file
diff --git a/sepolicy/vendor/radio.te b/sepolicy/vendor/radio.te
index 4670c6a..1631645 100644
--- a/sepolicy/vendor/radio.te
+++ b/sepolicy/vendor/radio.te
@@ -1 +1,2 @@
 get_prop(radio, vendor_audio_prop)
+allow radio zygote:unix_stream_socket { getopt };
\ No newline at end of file
diff --git a/sepolicy/vendor/shell.te b/sepolicy/vendor/shell.te
new file mode 100644
index 0000000..78a1e53
--- /dev/null
+++ b/sepolicy/vendor/shell.te
@@ -0,0 +1 @@
+allow shell zygote:unix_stream_socket { getopt };
diff --git a/sepolicy/vendor/traceur_app.te b/sepolicy/vendor/traceur_app.te
new file mode 100644
index 0000000..807281d
--- /dev/null
+++ b/sepolicy/vendor/traceur_app.te
@@ -0,0 +1 @@
+allow traceur_app zygote:unix_stream_socket { getopt };
diff --git a/sepolicy/vendor/untrusted_app_27.te b/sepolicy/vendor/untrusted_app_27.te
new file mode 100644
index 0000000..e437c04
--- /dev/null
+++ b/sepolicy/vendor/untrusted_app_27.te
@@ -0,0 +1 @@
+allow untrusted_app_27 zygote:unix_stream_socket { getopt };
diff --git a/sepolicy/vendor/untrusted_app_29.te b/sepolicy/vendor/untrusted_app_29.te
new file mode 100644
index 0000000..b64c6f0
--- /dev/null
+++ b/sepolicy/vendor/untrusted_app_29.te
@@ -0,0 +1 @@
+allow untrusted_app_29 zygote:unix_stream_socket { getopt };