init.shamu.rc: enable ims_rtp_daemon for VT bringup

Also addresses following SEdenials:

avc: denied { net_raw } for pid=604 comm="ims_rtp_daemon" capability=13 scontext=u:r:ims:s0 tcontext=u:r:ims:s0 tclass=capability permissive=1
avc: denied { write }  for pid=635 comm="ims_rtp_daemon" name="ims_datad" dev="tmpfs" ino=12930 scontext=u:r:ims:s0 tcontext=u:object_r:ims_socket:s0 class=sock_file permissive=1
avc: denied { write } for pid=635 comm="ims_rtp_daemon" name="ims_qmid" dev="tmpfs" ino=9588 scontext=u:r:ims:s0 tcontext=u:object_r:ims_socket:s0 tclass=sock_file permissive=1

Change-Id: I959768fe55f7b6568f6c7392ba6d499e75c80d9d
diff --git a/init.shamu.rc b/init.shamu.rc
index 4f5a1c1..37a5fe9 100644
--- a/init.shamu.rc
+++ b/init.shamu.rc
@@ -397,6 +397,16 @@
 on property:sys.ims.QMI_DAEMON_STATUS=1
     start imsdatadaemon
 
+service ims_rtp_daemon /system/bin/ims_rtp_daemon
+    class main
+    user root
+    socket ims_rtpd stream 0660 system radio
+    group system radio inet log
+    disabled
+
+on property:sys.ims.DATA_DAEMON_STATUS=1
+   start ims_rtp_daemon
+
 service sensors /system/bin/sensors.qcom
     class core
     user root
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index aa1195f..3f8b75b 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -80,6 +80,7 @@
 #Add context for IMS Socket node
 /dev/socket/ims_qmid            u:object_r:ims_socket:s0
 /dev/socket/ims_datad           u:object_r:ims_socket:s0
+/dev/socket/ims_rtpd            u:object_r:ims_socket:s0
 
 # Shared memory log
 /dev/smem_log                   u:object_r:shared_log_device:s0
@@ -157,6 +158,7 @@
 
 /system/bin/imsdatadaemon                       u:object_r:ims_exec:s0
 /system/bin/imsqmidaemon                        u:object_r:ims_exec:s0
+/system/bin/ims_rtp_daemon                      u:object_r:ims_exec:s0
 
 /dev/socket/cnd  u:object_r:cnd_socket:s0
 /system/bin/cnd  u:object_r:cnd_exec:s0
diff --git a/sepolicy/ims.te b/sepolicy/ims.te
index a9f4a35..cf84be2 100644
--- a/sepolicy/ims.te
+++ b/sepolicy/ims.te
@@ -13,6 +13,12 @@
 # Allow ims to communicate with netd.
 allow ims netd_socket:sock_file write;
 
+# Allow ims to communicate with cnd.
+allow ims cnd_socket:sock_file write;
+
+# Allow ims to communicate with cnd.
+allow ims cnd:unix_stream_socket connectto;
+
 # Needed to let ims daemon drop unneeded capabilities and to allow access to
 # net_bind
 allow ims self:capability { setpcap setuid net_bind_service };
@@ -43,6 +49,7 @@
 
 # Allow ims to tell init to start the ims data service via property=sys.ims.QMI_DAEMON_STATUS
 allow ims qcom_ims_prop:property_service set;
+allow ims ims_socket:sock_file write;
 
 allow ims wpa_socket:sock_file create_file_perms;
 allow ims wpa_socket:dir rw_dir_perms;