Fix new rild denials.

Denials seen on hammerhead but seem
appropriate for general policy.

<5>[ 8.339347] type=1400 audit(3731546.390:17): avc: denied { ioctl } for pid=314 comm="rild" path="socket:[7996]" dev="sockfs" ino=7996 scontext=u:r:rild:s0 tcontext=u:r:rild:s0 tclass=socket
<5>[ 8.339065] type=1400 audit(3731546.390:16): avc: denied { create } for pid=314 comm="rild" scontext=u:r:rild:s0 tcontext=u:r:rild:s0 tclass=socket
<5>[ 11.232121] type=1400 audit(3731549.289:22): avc: denied { read } for pid=620 comm="rild" scontext=u:r:rild:s0 tcontext=u:r:rild:s0 tclass=socket

Change-Id: Ieaca5360afbb44d5da21c7c24bdd5e7c5758f0a2
This commit is contained in:
Robert Craig 2013-12-05 17:24:03 -05:00 committed by rpcraig
parent b2547644ef
commit aa376831e8

View file

@ -45,3 +45,5 @@ allow rild self:netlink_kobject_uevent_socket { bind create getopt read setopt }
# Access to wake locks # Access to wake locks
allow rild sysfs_wake_lock:file rw_file_perms; allow rild sysfs_wake_lock:file rw_file_perms;
allow rild self:socket create_socket_perms;