From b4fbecb9fbf3a23b615b828967188b2b90aed2da Mon Sep 17 00:00:00 2001
From: SalmaxChang <salmaxchang@google.com>
Date: Tue, 23 Mar 2021 15:11:38 +0800
Subject: [PATCH] modem_svc_sit: Fix avc errors

avc: denied { search } for comm="modem_svc_sit" name="vendor" dev="tmpfs" ino=2 scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir
avc: denied { write open } for path="/mnt/vendor/modem_userdata/replay/dds.bin" dev="sda7" ino=14 scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:modem_userdata_file:s0 tclass=file
avc: denied { remove_name } for name="dds.bin" dev="sda7" ino=14 scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:modem_userdata_file:s0 tclass=dir

Bug: 183467321
Change-Id: Ic5b8fcf324bb0a8b0f6312b3ae755d73a53f0e9c
---
 tracking_denials/modem_svc_sit.te          | 19 -------------------
 whitechapel/vendor/google/modem_svc_sit.te |  4 ++++
 2 files changed, 4 insertions(+), 19 deletions(-)
 delete mode 100644 tracking_denials/modem_svc_sit.te

diff --git a/tracking_denials/modem_svc_sit.te b/tracking_denials/modem_svc_sit.te
deleted file mode 100644
index dac076c7..00000000
--- a/tracking_denials/modem_svc_sit.te
+++ /dev/null
@@ -1,19 +0,0 @@
-# b/183467321
-dontaudit modem_svc_sit mnt_vendor_file:dir { search };
-dontaudit modem_svc_sit modem_userdata_file:file { write open };
-dontaudit modem_svc_sit modem_userdata_file:file { create };
-dontaudit modem_svc_sit modem_userdata_file:dir { add_name };
-dontaudit modem_svc_sit modem_userdata_file:dir { getattr };
-dontaudit modem_svc_sit modem_userdata_file:dir { search };
-dontaudit modem_svc_sit modem_userdata_file:dir { write };
-dontaudit modem_svc_sit modem_userdata_file:dir { remove_name };
-dontaudit modem_svc_sit modem_userdata_file:file { unlink };
-dontaudit modem_svc_sit modem_userdata_file:dir { getattr };
-dontaudit modem_svc_sit modem_userdata_file:dir { add_name };
-dontaudit modem_svc_sit modem_userdata_file:file { create };
-dontaudit modem_svc_sit modem_userdata_file:file { write open };
-dontaudit modem_svc_sit modem_userdata_file:file { unlink };
-dontaudit modem_svc_sit modem_userdata_file:dir { remove_name };
-dontaudit modem_svc_sit modem_userdata_file:dir { write };
-dontaudit modem_svc_sit modem_userdata_file:dir { search };
-dontaudit modem_svc_sit mnt_vendor_file:dir { search };
diff --git a/whitechapel/vendor/google/modem_svc_sit.te b/whitechapel/vendor/google/modem_svc_sit.te
index 9ee5976f..eeba9976 100644
--- a/whitechapel/vendor/google/modem_svc_sit.te
+++ b/whitechapel/vendor/google/modem_svc_sit.te
@@ -16,6 +16,10 @@ allow modem_svc_sit radio_vendor_data_file:dir create_dir_perms;
 allow modem_svc_sit radio_vendor_data_file:file create_file_perms;
 allow modem_svc_sit modem_stat_data_file:file create_file_perms;
 
+allow modem_svc_sit mnt_vendor_file:dir search;
+allow modem_svc_sit modem_userdata_file:dir create_dir_perms;
+allow modem_svc_sit modem_userdata_file:file create_file_perms;
+
 # RIL property
 get_prop(modem_svc_sit, vendor_rild_prop)