Allow access to qcril.db
Allow rild access to qcril.db
Bug=63127055
allow rild to apply an advisory lock to /vendor/qcril.db to
workaround a qcril locking vendor file unnecessarily
I auditd : type=1400 audit(0.0:7): avc: denied { lock } for
comm="rild" path="/vendor/qcril.db" dev="dm-1" ino=704
scontext=u:r:rild:s0 tcontext=u:object_r:vendor_file:s0
tclass=file permissive=0
Change-Id: I32f7464cad65443b9286d382e520fa0e2670a89d
(cherry picked from commit 7441822fa6ebff797aed1a608a5074499023343f)
diff --git a/sepolicy/rild.te b/sepolicy/rild.te
index ff99a9d..52f0919 100644
--- a/sepolicy/rild.te
+++ b/sepolicy/rild.te
@@ -19,6 +19,9 @@
allow rild mediaserver_service:service_manager find;
allow rild per_mgr_service:service_manager find;
+# rild needs 'lock' for /vendor/qcril.db
+allow rild vendor_file:file { lock };
+
# allow rild to use qualcomm's socket ipc ioctls
allow rild self:socket ioctl;
allowxperm rild self:socket ioctl msm_sock_ipc_ioctls;