From 5e2ac8ab48e42a7428e738a94f7089b226ad6b08 Mon Sep 17 00:00:00 2001
From: SalmaxChang <salmaxchang@google.com>
Date: Mon, 22 Nov 2021 12:03:05 +0800
Subject: [PATCH] Fix modem related avc errors

avc: denied { read } for name="u:object_r:vendor_modem_prop:s0" dev="tmpfs" ino=317 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_modem_prop:s0 tclass=file permissive=1
avc: denied { read } for comm="dmd" name="u:object_r:vendor_persist_config_default_prop:s0" dev="tmpfs" ino=319 scontext=u:r:dmd:s0 tcontext=u:object_r:vendor_persist_config_default_prop:s0 tclass=file permissive=1
avc: denied { read } for name="u:object_r:vendor_persist_config_default_prop:s0" dev="tmpfs" ino=319 scontext=u:r:vcd:s0 tcontext=u:object_r:vendor_persist_config_default_prop:s0 tclass=file permissive=1

Bug: 205073232
Bug: 205073025
Bug: 206045605
Change-Id: I3f76a138b4d6eeffb488fb5e5e15985ac6ef707d
---
 tracking_denials/dmd.te           | 5 -----
 tracking_denials/vcd.te           | 5 -----
 tracking_denials/vendor_init.te   | 5 -----
 whitechapel_pro/dmd.te            | 1 +
 whitechapel_pro/property_contexts | 1 +
 whitechapel_pro/vcd.te            | 1 +
 whitechapel_pro/vendor_init.te    | 1 +
 7 files changed, 4 insertions(+), 15 deletions(-)
 delete mode 100644 tracking_denials/dmd.te
 delete mode 100644 tracking_denials/vcd.te

diff --git a/tracking_denials/dmd.te b/tracking_denials/dmd.te
deleted file mode 100644
index de764e70..00000000
--- a/tracking_denials/dmd.te
+++ /dev/null
@@ -1,5 +0,0 @@
-# b/205073232
-dontaudit dmd vendor_persist_config_default_prop:file { getattr };
-dontaudit dmd vendor_persist_config_default_prop:file { map };
-dontaudit dmd vendor_persist_config_default_prop:file { open };
-dontaudit dmd vendor_persist_config_default_prop:file { read };
diff --git a/tracking_denials/vcd.te b/tracking_denials/vcd.te
deleted file mode 100644
index 66f5c0c9..00000000
--- a/tracking_denials/vcd.te
+++ /dev/null
@@ -1,5 +0,0 @@
-# b/205073025
-dontaudit vcd vendor_persist_config_default_prop:file { getattr };
-dontaudit vcd vendor_persist_config_default_prop:file { map };
-dontaudit vcd vendor_persist_config_default_prop:file { open };
-dontaudit vcd vendor_persist_config_default_prop:file { read };
diff --git a/tracking_denials/vendor_init.te b/tracking_denials/vendor_init.te
index 6f615a22..c6a4b4d3 100644
--- a/tracking_denials/vendor_init.te
+++ b/tracking_denials/vendor_init.te
@@ -1,9 +1,4 @@
 # b/205656950
 dontaudit vendor_init thermal_link_device:file { create };
-# b/206045605
-dontaudit vendor_init vendor_modem_prop:file { getattr };
-dontaudit vendor_init vendor_modem_prop:file { map };
-dontaudit vendor_init vendor_modem_prop:file { open };
-dontaudit vendor_init vendor_modem_prop:file { read };
 # b/207062206
 dontaudit vendor_init proc_sched:file { write };
diff --git a/whitechapel_pro/dmd.te b/whitechapel_pro/dmd.te
index c247bb46..1cb17dc7 100644
--- a/whitechapel_pro/dmd.te
+++ b/whitechapel_pro/dmd.te
@@ -20,6 +20,7 @@ allow dmd self:tcp_socket { create_socket_perms_no_ioctl listen accept bind };
 set_prop(dmd, vendor_diag_prop)
 set_prop(dmd, vendor_slog_prop)
 set_prop(dmd, vendor_modem_prop)
+get_prop(dmd, vendor_persist_config_default_prop)
 
 # Grant to access hwservice manager
 get_prop(dmd, hwservicemanager_prop)
diff --git a/whitechapel_pro/property_contexts b/whitechapel_pro/property_contexts
index 52416407..417f0e43 100644
--- a/whitechapel_pro/property_contexts
+++ b/whitechapel_pro/property_contexts
@@ -42,6 +42,7 @@ persist.vendor.ril.                        u:object_r:vendor_rild_prop:s0
 vendor.ril.                                u:object_r:vendor_rild_prop:s0
 vendor.radio.ril.                          u:object_r:vendor_rild_prop:s0
 vendor.sys.rild_reset                      u:object_r:vendor_rild_prop:s0
+persist.vendor.radio.                      u:object_r:vendor_rild_prop:s0
 ro.vendor.config.build_carrier             u:object_r:vendor_carrier_prop:s0
 
 persist.vendor.config.                     u:object_r:vendor_persist_config_default_prop:s0
diff --git a/whitechapel_pro/vcd.te b/whitechapel_pro/vcd.te
index 211d3675..c5c229ee 100644
--- a/whitechapel_pro/vcd.te
+++ b/whitechapel_pro/vcd.te
@@ -4,6 +4,7 @@ userdebug_or_eng(`
   init_daemon_domain(vcd)
 
   get_prop(vcd, vendor_rild_prop);
+  get_prop(vcd, vendor_persist_config_default_prop);
 
   allow vcd serial_device:chr_file rw_file_perms;
   allow vcd radio_device:chr_file rw_file_perms;
diff --git a/whitechapel_pro/vendor_init.te b/whitechapel_pro/vendor_init.te
index 68ac08be..e2ec60fa 100644
--- a/whitechapel_pro/vendor_init.te
+++ b/whitechapel_pro/vendor_init.te
@@ -6,6 +6,7 @@ set_prop(vendor_init, vendor_cbd_prop)
 set_prop(vendor_init, vendor_ready_prop)
 get_prop(vendor_init, vendor_battery_profile_prop)
 set_prop(vendor_init, vendor_device_prop)
+set_prop(vendor_init, vendor_modem_prop)
 
 allow vendor_init proc_dirty:file w_file_perms;