Move tlcd_sock policy over to manta.
Also remove the old socket file from init so that we do not have
to allow it by drmserver.
Change-Id: I7d5a5f964133177e7d466b9759fcf6300fec345d
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
diff --git a/init.manta.rc b/init.manta.rc
index b4641ee..349a9eb 100644
--- a/init.manta.rc
+++ b/init.manta.rc
@@ -26,6 +26,9 @@
mkdir /data/media 0770 media_rw media_rw
restorecon_recursive /data/media
+ # Remove old socket so that it is re-created in the right context.
+ rm /data/app/tlcd_sock
+
setprop vold.post_fs_data_done 1
mkdir /data/misc/wifi 0770 wifi wifi
mkdir /data/misc/wifi/sockets 0770 wifi wifi
diff --git a/sepolicy/drmserver.te b/sepolicy/drmserver.te
index eba2500..f756f7e 100644
--- a/sepolicy/drmserver.te
+++ b/sepolicy/drmserver.te
@@ -1 +1,8 @@
allow drmserver secmem_device:chr_file rw_file_perms;
+
+# /data/app/tlcd_sock socket file.
+# Clearly, /data/app is the most logical place to create a socket. Not.
+type drmserver_socket, file_type;
+allow drmserver apk_data_file:dir rw_dir_perms;
+type_transition drmserver apk_data_file:sock_file drmserver_socket;
+allow drmserver drmserver_socket:sock_file create_file_perms;