From 292ea20060371905a80814a9844e02e26c9dfac6 Mon Sep 17 00:00:00 2001
From: Manoj Basapathi <manojbm@codeaurora.org>
Date: Wed, 7 Apr 2021 11:23:49 +0530
Subject: [PATCH] sepolicy: enable tcmd

add socket connect rules for tcmd.

we can enable and disable tcmd feature by setting
persist.vendor.tcmd.feature to 1 and 0.

Change-Id: Ia298e37884d2a3d4626550df1a64dff0e53d14f5
---
 generic/private/tcmd.te              | 2 +-
 generic/private/untrusted_app_all.te | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/generic/private/tcmd.te b/generic/private/tcmd.te
index a277853c..b9633dd5 100644
--- a/generic/private/tcmd.te
+++ b/generic/private/tcmd.te
@@ -27,7 +27,7 @@
 
 #tcmd as domain
 type vendor_tcmd,domain;
-
+typeattribute vendor_tcmd mlstrustedsubject;
 typeattribute vendor_tcmd coredomain;
 
 type vendor_tcmd_exec, exec_type, system_file_type, file_type;
diff --git a/generic/private/untrusted_app_all.te b/generic/private/untrusted_app_all.te
index 3a533a4b..172df79d 100644
--- a/generic/private/untrusted_app_all.te
+++ b/generic/private/untrusted_app_all.te
@@ -28,3 +28,4 @@
 unix_socket_connect(untrusted_app_all, vendor_dpmtcm, vendor_dpmd)
 unix_socket_connect(untrusted_app_all, vendor_qvrd, vendor_qvrd)
 allow untrusted_app_all vendor_qvrd:fd use;
+unix_socket_connect(untrusted_app_all, vendor_dpmtcm, vendor_tcmd)