Allow access to qcril.db

Allow rild access to qcril.db


allow rild to apply an advisory lock to /vendor/qcril.db to
workaround a qcril locking vendor file unnecessarily

I auditd  : type=1400 audit(0.0:7): avc: denied { lock } for
comm="rild" path="/vendor/qcril.db" dev="dm-1" ino=704
scontext=u:r:rild:s0 tcontext=u:object_r:vendor_file:s0
tclass=file permissive=0

Change-Id: I32f7464cad65443b9286d382e520fa0e2670a89d
(cherry picked from commit 7441822fa6ebff797aed1a608a5074499023343f)
diff --git a/sepolicy/rild.te b/sepolicy/rild.te
index ff99a9d..52f0919 100644
--- a/sepolicy/rild.te
+++ b/sepolicy/rild.te
@@ -19,6 +19,9 @@
 allow rild mediaserver_service:service_manager find;
 allow rild per_mgr_service:service_manager find;
+# rild needs 'lock' for /vendor/qcril.db
+allow rild vendor_file:file { lock };
 # allow rild to use qualcomm's socket ipc ioctls
 allow rild self:socket ioctl;
 allowxperm rild self:socket ioctl msm_sock_ipc_ioctls;