From 1420e3d5d742834b3d5e43e302cbd7c92c90cb3a Mon Sep 17 00:00:00 2001
From: SalmaxChang <salmaxchang@google.com>
Date: Tue, 15 Feb 2022 17:08:52 +0800
Subject: [PATCH] rfsd: fix avc errors

[    8.024353] type=1400 audit(1636594727.560:42): avc: denied { chown } for comm="rfsd" capability=0 scontext=u:r:rfsd:s0 tcontext=u:r:rfsd:s0 tclass=capability permissive=1
[    8.027666] type=1400 audit(1636594727.564:43): avc: denied { setuid } for comm="rfsd" capability=7 scontext=u:r:rfsd:s0 tcontext=u:r:rfsd:s0 tclass=capability permissive=1

Bug: 205904361
Change-Id: I6e30a9622b930273fbc524e6bc84f2112f79f11c
---
 tracking_denials/rfsd.te | 3 ---
 whitechapel_pro/rfsd.te  | 3 +++
 2 files changed, 3 insertions(+), 3 deletions(-)
 delete mode 100644 tracking_denials/rfsd.te

diff --git a/tracking_denials/rfsd.te b/tracking_denials/rfsd.te
deleted file mode 100644
index bf921ff4..00000000
--- a/tracking_denials/rfsd.te
+++ /dev/null
@@ -1,3 +0,0 @@
-# b/205904361
-dontaudit rfsd rfsd:capability { chown };
-dontaudit rfsd rfsd:capability { setuid };
diff --git a/whitechapel_pro/rfsd.te b/whitechapel_pro/rfsd.te
index 898e7fca..2d1f0928 100644
--- a/whitechapel_pro/rfsd.te
+++ b/whitechapel_pro/rfsd.te
@@ -2,6 +2,9 @@ type rfsd, domain;
 type rfsd_exec, vendor_file_type, exec_type, file_type;
 init_daemon_domain(rfsd)
 
+# Allow to setuid from root to radio and chown of modem efs files
+allow rfsd self:capability { chown setuid };
+
 # Allow to search block device and mnt dir for modem EFS partitions
 allow rfsd mnt_vendor_file:dir search;
 allow rfsd block_device:dir search;