From 101db9756d5eff6840c748893e96e9153665cd89 Mon Sep 17 00:00:00 2001
From: Hsiu-Chang Chen <hsiuchangchen@google.com>
Date: Fri, 24 Jun 2022 17:07:25 +0800
Subject: [PATCH] Add sepolicy for lowi-server

06-24 16:58:55.724  9519  9519 I lowi-server: type=1400 audit(0.0:1980):
avc: denied { read write } for path="socket:[69473]" dev="sockfs" ino=69473
scontext=u:r:lowi_server:s0 tcontext=u:r:vendor_location:s0
tclass=unix_dgram_socket permissive=1

Bug: 235281415
Test: avc error is gone
Change-Id: I93615b98c08f6e6e5c3cc182bddcff30e452e103
---
 tracking_denials/lowi_server.te | 2 --
 vendor/lowi_server.te           | 2 +-
 2 files changed, 1 insertion(+), 3 deletions(-)
 delete mode 100644 tracking_denials/lowi_server.te

diff --git a/tracking_denials/lowi_server.te b/tracking_denials/lowi_server.te
deleted file mode 100644
index d3c1bd5..0000000
--- a/tracking_denials/lowi_server.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/235281415
-dontaudit lowi_server vendor_location:unix_dgram_socket { read write };
diff --git a/vendor/lowi_server.te b/vendor/lowi_server.te
index c1281f9..e107cf2 100644
--- a/vendor/lowi_server.te
+++ b/vendor/lowi_server.te
@@ -10,7 +10,7 @@ allow lowi_server self:netlink_route_socket create_socket_perms_no_ioctl;
 ## lowi-server
 ##############
 allow lowi_server vendor_location:fd use;
-allow lowi_server vendor_location:unix_dgram_socket sendto;
+allow lowi_server vendor_location:unix_dgram_socket {sendto read write};
 
 # some additional network access
 allow lowi_server self:netlink_generic_socket create_socket_perms_no_ioctl;