From c5f0e9723f0703092c24e2d115db5e8ea3cbdb2b Mon Sep 17 00:00:00 2001
From: SalmaxChang <salmaxchang@google.com>
Date: Tue, 15 Feb 2022 17:03:06 +0800
Subject: [PATCH] cbd: fix avc errors

avc: denied { search } for comm="cbd" name="/" dev="sda1" ino=3 scontext=u:r:cbd:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=1
avc: denied { setuid } for comm="cbd" capability=7 scontext=u:r:cbd:s0 tcontext=u:r:cbd:s0 tclass=capability permissive=1

Bug: 205779872
Bug: 205904432
Change-Id: I09f1ac5473b728d5e6f38b01dc83f4b9c4c8fbcc
---
 tracking_denials/cbd.te | 4 ----
 whitechapel_pro/cbd.te  | 4 ++++
 2 files changed, 4 insertions(+), 4 deletions(-)
 delete mode 100644 tracking_denials/cbd.te

diff --git a/tracking_denials/cbd.te b/tracking_denials/cbd.te
deleted file mode 100644
index 6527506e..00000000
--- a/tracking_denials/cbd.te
+++ /dev/null
@@ -1,4 +0,0 @@
-# b/205779872
-dontaudit cbd persist_file:dir { search };
-# b/205904432
-dontaudit cbd cbd:capability { setuid };
diff --git a/whitechapel_pro/cbd.te b/whitechapel_pro/cbd.te
index 835a0e1c..c4cfe7a6 100644
--- a/whitechapel_pro/cbd.te
+++ b/whitechapel_pro/cbd.te
@@ -6,6 +6,9 @@ set_prop(cbd, vendor_modem_prop)
 set_prop(cbd, vendor_cbd_prop)
 set_prop(cbd, vendor_rild_prop)
 
+# Allow cbd to set gid/uid from too to radio
+allow cbd self:capability { setgid setuid };
+
 allow cbd mnt_vendor_file:dir r_dir_perms;
 
 allow cbd kmsg_device:chr_file rw_file_perms;
@@ -27,6 +30,7 @@ allow cbd proc_cmdline:file r_file_perms;
 
 allow cbd persist_modem_file:dir create_dir_perms;
 allow cbd persist_modem_file:file create_file_perms;
+allow cbd persist_file:dir search;
 
 allow cbd radio_vendor_data_file:dir create_dir_perms;
 allow cbd radio_vendor_data_file:file create_file_perms;