From 5492a92a39977da6e0ccedc429beae28514fe29e Mon Sep 17 00:00:00 2001
From: Jayachandran C <jayachandranc@google.com>
Date: Fri, 11 Jun 2021 17:13:38 -0700
Subject: [PATCH] Allow telephony to access the file descriptor of the
 priv_apps tcp_socket

The priv_apps could register for QOS notifications for its tcp_socket.
This change allows telephony to access the file descriptor for the
tcp_socket so it could double check the source and destination address
of the socket when the QOS indication is received from modem.

This addresses the following SE policy denial
auditd  : type=1400 audit(0.0:219): avc: denied { read write } for
comm="ConnectivitySer" path="socket:[98511]" dev="sockfs" ino=98511
scontext=u:r:radio:s0 tcontext=u:r:priv_app:s0:c512,c768 tclass=tcp_socket
permissive=0

Bug: 190580419
Test: Manual
Change-Id: I35d4e1fb06242eb5fcbcb36439a55c11166b149b
---
 whitechapel/vendor/google/radio.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/whitechapel/vendor/google/radio.te b/whitechapel/vendor/google/radio.te
index 47a70dda..af56688b 100644
--- a/whitechapel/vendor/google/radio.te
+++ b/whitechapel/vendor/google/radio.te
@@ -1,3 +1,7 @@
 allow radio hal_exynos_rild_hwservice:hwservice_manager find;
 allow radio sysfs_vendor_sched:dir r_dir_perms;
 allow radio sysfs_vendor_sched:file w_file_perms;
+
+# Allow telephony to access file descriptor of the QOS socket
+# so it can make sure the QOS is meant for the intended addresses
+allow radio priv_app:tcp_socket { read write };