From 908a8fcf14ba578aa3fecbaa421615083e5dc31c Mon Sep 17 00:00:00 2001
From: Jinhee Kim <jinhee.k@samsung.com>
Date: Fri, 9 Sep 2022 10:15:55 +0900
Subject: [PATCH 1/2] sepolicy: gs101: allowed permissions required for network
 access

avc: denied { write } for comm="Thread-102" name="dnsproxyd" dev="tmpfs" ino=1022 scontext=u:r:vendor_ims_app:s0:c251,c256,c512,c768 tcontext=u:object_r:dnsproxyd_socket:s0 tclass=sock_file permissive=0 app=com.shannon.imsservice
avc: denied { node_bind } for comm="Thread-102" src=50174 scontext=u:r:vendor_ims_app:s0:c251,c256,c512,c768 tcontext=u:object_r:node:s0 tclass=udp_socket permissive=0 app=com.shannon.imsservice

Bug: 242231557
Test: The tester verified IMS didn't crash and no avc denied log
Change-Id: Icc3762cef7f9766d845f1e1a56af1315fc97163b
Signed-off-by: Jinhee Kim <jinhee.k@samsung.com>
Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
Merged-In: Icc3762cef7f9766d845f1e1a56af1315fc97163b
---
 whitechapel/vendor/google/vendor_ims_app.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/whitechapel/vendor/google/vendor_ims_app.te b/whitechapel/vendor/google/vendor_ims_app.te
index 8d655747..0b87783a 100644
--- a/whitechapel/vendor/google/vendor_ims_app.te
+++ b/whitechapel/vendor/google/vendor_ims_app.te
@@ -1,5 +1,6 @@
 type vendor_ims_app, domain;
 app_domain(vendor_ims_app)
+net_domain(vendor_ims_app)
 
 allow vendor_ims_app app_api_service:service_manager find;
 allow vendor_ims_app audioserver_service:service_manager find;

From 060b56231029ab628e5d33ecfae5f67af8a5b74c Mon Sep 17 00:00:00 2001
From: Hana Kim <hanaa.kim@samsung.com>
Date: Thu, 12 May 2022 15:27:45 +0900
Subject: [PATCH 2/2] Sepolicy: add permission to allow create, connect udp
 socket

Bug: 226412527
Test: The tester verified IMS didn't crash and no avc denied log
Signed-off-by: Hana Kim <hanaa.kim@samsung.com>
Change-Id: Id9ba79ba87010326c53b6aec408e5cdb291122a6
Merged-In: Id9ba79ba87010326c53b6aec408e5cdb291122a6
---
 whitechapel/vendor/google/vendor_ims_app.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/whitechapel/vendor/google/vendor_ims_app.te b/whitechapel/vendor/google/vendor_ims_app.te
index 0b87783a..140d9c25 100644
--- a/whitechapel/vendor/google/vendor_ims_app.te
+++ b/whitechapel/vendor/google/vendor_ims_app.te
@@ -12,6 +12,8 @@ allow vendor_ims_app mediaserver_service:service_manager find;
 allow vendor_ims_app cameraserver_service:service_manager find;
 allow vendor_ims_app mediametrics_service:service_manager find;
 
+allow vendor_ims_app self:udp_socket { create_socket_perms_no_ioctl };
+
 binder_call(vendor_ims_app, rild)
 set_prop(vendor_ims_app, vendor_rild_prop)
 set_prop(vendor_ims_app, radio_prop)