From bf7161db5600494ffcdba208bb81803550d38aac Mon Sep 17 00:00:00 2001
From: Xiaofan Jiang <xiaofanj@google.com>
Date: Wed, 14 Aug 2024 00:37:53 +0000
Subject: [PATCH] gs101: update shared_modem_platform sepolicy for UMI

Bug: 357139752

Flag: EXEMPT sepolicy

[   68.189198] type=1400 audit(1722986580.568:59): avc:  denied  { unlink } for  comm="binder:892_2" name="modem_svc_socket" dev="dm-52" ino=20239 scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=sock_file permissive=1
[   68.189448] type=1400 audit(1722986580.568:60): avc:  denied  { create } for  comm="binder:892_2" name="modem_svc_socket" scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=sock_file permissive=1

Change-Id: I7e28f5a8c7f8a6909fccdc813e7c94ce8c7f8831
---
 whitechapel/vendor/google/modem_svc_sit.te | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/whitechapel/vendor/google/modem_svc_sit.te b/whitechapel/vendor/google/modem_svc_sit.te
index 0eb7498d..8e4ac3d6 100644
--- a/whitechapel/vendor/google/modem_svc_sit.te
+++ b/whitechapel/vendor/google/modem_svc_sit.te
@@ -41,4 +41,10 @@ perfetto_producer(modem_svc_sit)
 # Allow modem_svc_sit to access modem image file/dir
 allow modem_svc_sit modem_img_file:dir r_dir_perms;
 allow modem_svc_sit modem_img_file:file r_file_perms;
-allow modem_svc_sit modem_img_file:lnk_file r_file_perms;
\ No newline at end of file
+allow modem_svc_sit modem_img_file:lnk_file r_file_perms;
+
+# Allow modem_svc_sit to access socket for UMI
+userdebug_or_eng(`
+  allow modem_svc_sit radio_vendor_data_file:sock_file { create unlink };
+')
+