angler: selinux: add selinux rules for atfwd
avc: denied { add } for service=AtCmdFwd scontext=u:r:system_app:s0 tcontext=u:object_r:default_android_service:s0 tclass=service_manager
avc: denied { add } for service=AtCmdFwd scontext=u:r:system_app:s0 tcontext=u:object_r:atfwd_service:s0 tclass=service_manager
avc: denied { add } for service=AtCmdFwd scontext=u:r:system_app:s0 tcontext=u:object_r:atfwd_service:s0 tclass=service_manager
Bug: 23263806
Change-Id: Ia003f0ac26cd82db7aefa3a8cb45d9bb1fe216c6
diff --git a/sepolicy/atfwd.te b/sepolicy/atfwd.te
index ef12342..ba887f3 100644
--- a/sepolicy/atfwd.te
+++ b/sepolicy/atfwd.te
@@ -13,4 +13,5 @@
set_prop(atfwd, radio_atfwd_prop)
+allow atfwd atfwd_service:service_manager find;
qmux_socket(atfwd)
diff --git a/sepolicy/service.te b/sepolicy/service.te
index 85d311d..69d4811 100644
--- a/sepolicy/service.te
+++ b/sepolicy/service.te
@@ -1 +1,2 @@
type per_mgr_service, service_manager_type;
+type atfwd_service, service_manager_type;
diff --git a/sepolicy/service_contexts b/sepolicy/service_contexts
index 93b38b7..fd17e6e 100644
--- a/sepolicy/service_contexts
+++ b/sepolicy/service_contexts
@@ -1 +1,2 @@
vendor.qcom.PeripheralManager u:object_r:per_mgr_service:s0
+AtCmdFwd u:object_r:atfwd_service:s0
diff --git a/sepolicy/system_app.te b/sepolicy/system_app.te
index d08bb3f..014dfcb 100644
--- a/sepolicy/system_app.te
+++ b/sepolicy/system_app.te
@@ -3,3 +3,5 @@
allow system_app oem_qmi_server:unix_stream_socket connectto;
set_prop(system_app, ctl_ppd_prop)
+
+allow system_app atfwd_service:service_manager add;
