commit 34eb27ec0c7e6d2676fe5209261eccafd53a3ad8
author Joel Galenson <jgalenson@google.com> Thu Apr 12 17:05:05 2018 -0700
committer Joel Galenson <jgalenson@google.com> Mon Apr 16 10:45:34 2018 -0700
tree 6c7b0c5e36520d2eb4e91801d6aec27dd24ce388
parent 0146b2fe32bd3d0378a22064f84409b013b1d1c8

Allow some denials we have seen.

This addresses the following denials:

avc: denied { read } for comm="ramdump" name="cmdline" dev="proc" scontext=u:r:htc_ramdump:s0 tcontext=u:object_r:proc_cmdline:s0 tclass=file permissive=0
avc: denied { search } for comm="ramdump" name="android" dev="sysfs" scontext=u:r:htc_ramdump:s0 tcontext=u:object_r:sysfs_dt_firmware_android:s0 tclass=dir permissive=0
avc: denied { read } for comm="lowi-server" name="u:object_r:wifi_prop:s0" dev="tmpfs" scontext=u:r:location:s0 tcontext=u:object_r:wifi_prop:s0 tclass=file permissive=0

Bug: 78117980
Test: Build.
Change-Id: Ib4841f1ddb7c62a5996259e2942bd3697e3e634a
(cherry picked from commit 26357109454217465e029c7885d7c5fd77e5ad61)

sepolicy/hrdump.te

diff --git a/sepolicy/hrdump.te b/sepolicy/hrdump.te
index 5d43a10..1ebd70c 100644
--- a/sepolicy/hrdump.te
+++ b/sepolicy/hrdump.te
@@ -17,4 +17,7 @@
 allow htc_ramdump ramdump_vendor_data_file:dir { create_dir_perms };
 allow htc_ramdump block_device:dir { search };
 allow htc_ramdump ramdump_block_device:blk_file { open read };
+
+allow htc_ramdump proc_cmdline:file r_file_perms;
+r_dir_file(htc_ramdump, sysfs_dt_firmware_android)
 ')

sepolicy/location.te

diff --git a/sepolicy/location.te b/sepolicy/location.te
index c51e756..2375691 100644
--- a/sepolicy/location.te
+++ b/sepolicy/location.te
@@ -66,3 +66,5 @@
 allow location port:tcp_socket name_connect;
 allow location self:tcp_socket { connect create read setopt write };
 allow location self:udp_socket { create ioctl read write };
+
+get_prop(location, wifi_prop)