From e521ebbc45708ac436d9a8197a82b720cb267a24 Mon Sep 17 00:00:00 2001
From: Xiaofan Jiang <xiaofanj@google.com>
Date: Fri, 10 Jan 2025 03:09:56 +0000
Subject: [PATCH] gs101: update selinux to allow UMI on user build

Bug: 375335464

[   68.189198] type=1400 audit(1722986580.568:59): avc:  denied  { unlink } for  comm="binder:892_2" name="modem_svc_socket" dev="dm-52" ino=20239 scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=sock_file permissive=1
[   68.189448] type=1400 audit(1722986580.568:60): avc:  denied  { create } for  comm="binder:892_2" name="modem_svc_socket" scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=sock_file permissive=1
[   68.189448] type=1400 audit(1722986580.568:60): avc:  denied  { write } for  comm="binder:892_2" name="modem_svc_socket" scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=sock_file permissive=1


Flag: EXEMPT Critical modem system service
Change-Id: Iedda88ebf6d03ea8218ae7843a226be8021491c0
---
 whitechapel/vendor/google/modem_svc_sit.te | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/whitechapel/vendor/google/modem_svc_sit.te b/whitechapel/vendor/google/modem_svc_sit.te
index 467e8799..8f6c240f 100644
--- a/whitechapel/vendor/google/modem_svc_sit.te
+++ b/whitechapel/vendor/google/modem_svc_sit.te
@@ -45,7 +45,5 @@ allow modem_svc_sit modem_img_file:file r_file_perms;
 allow modem_svc_sit modem_img_file:lnk_file r_file_perms;
 
 # Allow modem_svc_sit to access socket for UMI
-userdebug_or_eng(`
-  allow modem_svc_sit radio_vendor_data_file:sock_file { create unlink };
-')
+allow modem_svc_sit radio_vendor_data_file:sock_file { create unlink write};