From ebe77e31f427b03ab0a0371906d5e209af6a74c9 Mon Sep 17 00:00:00 2001
From: Sateshk Kumar Chinnappan <sateshkc@google.com>
Date: Tue, 13 Dec 2022 07:19:25 +0000
Subject: [PATCH] Add selinux rules for platform_apps to access vendor_ims_app
 udp socket for read/write of RTP packets.

This addresses the following SE policy denial
11-11 20:51:49.388000  2167  2167 I auditd  : type=1400 audit(0.0:11): avc: denied { read write } for comm="nnon.imsservice" path="socket:[111836]" dev="sockfs" ino=111836 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:r:vendor_ims_app:s0:c228,c256,c512,c768 tclass=udp_socket permissive=0 app=com.shannon.imsservice

Bug: 262320328
Test: Manual
Change-Id: I450f1faebd6c6a67e9f904c880360e75bad3cb40
---
 radio/vendor_ims_app.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/radio/vendor_ims_app.te b/radio/vendor_ims_app.te
index ed65eae1..a2a05c7f 100644
--- a/radio/vendor_ims_app.te
+++ b/radio/vendor_ims_app.te
@@ -13,6 +13,7 @@ allow vendor_ims_app cameraserver_service:service_manager find;
 allow vendor_ims_app mediametrics_service:service_manager find;
 
 allow vendor_ims_app self:udp_socket { create_socket_perms_no_ioctl };
+allow platform_app vendor_ims_app:udp_socket { getattr read write setopt shutdown };
 
 binder_call(vendor_ims_app, rild)
 set_prop(vendor_ims_app, vendor_rild_prop)