Fix rmt related denials.
None of these showed up until we switched into enforcing.
Addresses the following denials:
<5>[ 4.048124] type=1400 audit(13849623.620:5): avc: denied { sys_admin } for pid=184 comm="rmt_storage" capability=21 scontext=u:r:rmt:s0 tcontext=u:r:rmt:s0 tclass=capability
<5>[ 4.049224] type=1400 audit(13849623.630:6): avc: denied { search } for pid=184 comm="rmt_storage" name="block" dev="tmpfs" ino=5836 scontext=u:r:rmt:s0 tcontext=u:object_r:block_device:s0 tclass=dir
Change-Id: Id8f7d4207489972576f88989f890b46ca6c5a04f
diff --git a/sepolicy/rmt.te b/sepolicy/rmt.te
index a52b45d..fa94b80 100644
--- a/sepolicy/rmt.te
+++ b/sepolicy/rmt.te
@@ -12,7 +12,10 @@
# opens and reads /dev/block/mmcblk0
allow rmt root_block_device:blk_file r_file_perms;
-allow rmt root_block_device:dir r_dir_perms;
+allow rmt block_device:dir r_dir_perms;
+
+# Needed for ioprio_set(IOPRIO_WHO_PROCESS, 0, IOPRIO_CLASS_RT << IOPRIO_CLASS_SHIFT);
+allow rmt self:capability sys_admin;
# Allow reads/writes to modem related block devices
allow rmt modem_block_device:blk_file rw_file_perms;