Allow access to qcril.db Allow rild access to qcril.db Bug=63127055 allow rild to apply an advisory lock to /vendor/qcril.db to workaround a qcril locking vendor file unnecessarily I auditd : type=1400 audit(0.0:7): avc: denied { lock } for comm="rild" path="/vendor/qcril.db" dev="dm-1" ino=704 scontext=u:r:rild:s0 tcontext=u:object_r:vendor_file:s0 tclass=file permissive=0 Change-Id: I32f7464cad65443b9286d382e520fa0e2670a89d (cherry picked from commit 7441822fa6ebff797aed1a608a5074499023343f)

commit: 94b17e9a3576f5b07a9881267e799eb03f32929b [log] [tgz]
author: Sooraj Sasindran <sasindran@google.com> Fri Jun 30 16:34:15 2017 -0700
committer: android-build-team Robot <android-build-team-robot@google.com> Mon Jul 03 07:35:24 2017 +0000
tree: 0aa73e1d4d1dbd132ad063a4aabd9c9ce8f7b6b5
parent: 9abda38125bc55ca9fe33879a35db09c8f2abfe7 [diff]
diff --git a/sepolicy/rild.te b/sepolicy/rild.te
index ff99a9d..52f0919 100644
--- a/sepolicy/rild.te
+++ b/sepolicy/rild.te

@@ -19,6 +19,9 @@
 allow rild mediaserver_service:service_manager find;
 allow rild per_mgr_service:service_manager find;
 
+# rild needs 'lock' for /vendor/qcril.db
+allow rild vendor_file:file { lock };
+
 # allow rild to use qualcomm's socket ipc ioctls
 allow rild self:socket ioctl;
 allowxperm rild self:socket ioctl msm_sock_ipc_ioctls;
commit	94b17e9a3576f5b07a9881267e799eb03f32929b	[log] [tgz]
author	Sooraj Sasindran <sasindran@google.com>	Fri Jun 30 16:34:15 2017 -0700
committer	android-build-team Robot <android-build-team-robot@google.com>	Mon Jul 03 07:35:24 2017 +0000
tree	0aa73e1d4d1dbd132ad063a4aabd9c9ce8f7b6b5
parent	9abda38125bc55ca9fe33879a35db09c8f2abfe7 [diff]