sepolicy: Fix denials in location app

- Add rule for write access to dpmtcm_socket sock file - Add few domains to dont audit rule list for vendor_gles_data_file dir search. Change-Id: Iabc0250d2ac0bf28e4f4dd3d8c67b4bf20fbeb1e CRs-Fixed: 2469209
2019-06-11 17:14:30 +05:30
parent b362bed0fa
commit acd13b1cee
2 changed files with 6 additions and 0 deletions
--- a/generic/vendor/test/domain.te
+++ b/generic/vendor/test/domain.te
@@ -31,6 +31,10 @@ dontaudit {
    bootanim
    system_app
    platform_app
+    untrusted_app_27
+    zygote
+    location_app
+    location_app_test
    priv_app
    radio
    shell
--- a/qva/private/location_app.te
+++ b/qva/private/location_app.te
@@ -44,6 +44,8 @@ allow location_app app_api_service:service_manager find;
 allow location_app system_app_data_file:dir create_dir_perms;
 allow location_app system_app_data_file:file create_file_perms;

+unix_socket_connect(location_app, dpmtcm, dpmd);
+
 allow location_app cgroup:file rw_file_perms;

 unix_socket_send(location_app, seempdw, seempd);