From 6546398c275f432dec3bed7563abb8385840f0ce Mon Sep 17 00:00:00 2001
From: mikeyuewang <mikeyuewang@google.com>
Date: Thu, 21 Mar 2024 17:05:37 +0000
Subject: [PATCH] Add the selinux policy for MDS to access modem_state file

Add the selinux policy for MDS to access modem_state file

avc deny:
2024-03-25 16:05:58.244  9667-9667  DiagnosticServi         com.google.mds                       I  type=1400 audit(0.0:14): avc:  denied  { read } for  name="modem_state" dev="sysfs" ino=76870 scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 app=com.google.mds
2024-03-25 16:05:58.244  9667-9667  DiagnosticServi         com.google.mds                       I  type=1400 audit(0.0:15): avc:  denied  { open } for  path="/sys/devices/platform/cpif/modem_state" dev="sysfs" ino=76870 scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 app=com.google.mds
2024-03-25 16:05:58.244  9667-9667  DiagnosticServi         com.google.mds                       I  type=1400 audit(0.0:16): avc:  denied  { getattr } for  path="/sys/devices/platform/cpif/modem_state" dev="sysfs" ino=76870 scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 app=com.google.mds

Bug: 331202327

Change-Id: I5e0088d274bc4f45010a19631ecbaece7cc3cc42
---
 radio/modem_diagnostic_app.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/radio/modem_diagnostic_app.te b/radio/modem_diagnostic_app.te
index aaf2aab2..03e3af64 100644
--- a/radio/modem_diagnostic_app.te
+++ b/radio/modem_diagnostic_app.te
@@ -7,6 +7,8 @@ allow modem_diagnostic_app app_api_service:service_manager find;
 allow modem_diagnostic_app radio_service:service_manager find;
 
 userdebug_or_eng(`
+  allow modem_diagnostic_app sysfs_modem_state:file r_file_perms;
+
   hal_client_domain(modem_diagnostic_app, hal_power_stats);
 
   allow modem_diagnostic_app hal_exynos_rild_hwservice:hwservice_manager find;