mofd: clean up selinux denials

* allow rild read acces to factory_files
* allow vold to access to crypto modules

Change-Id: Ibfc2a1c60f5aa588a3a23184047ca1ed6220a424

3 files changed, 3 insertions, 0 deletions

diff --git a/sepolicy/init.te b/sepolicy/init.te
index 8fae893..122ac47 100644
--- a/sepolicy/init.te
+++ b/sepolicy/init.te
@@ -9,6 +9,7 @@ allow init binfmt_miscfs:file w_file_perms;
 # /local_cfg
 allow init tmpfs:lnk_file create_file_perms;
 allow init rootfs:lnk_file setattr;
+allow init rootfs:dir relabelto;
 
 # /cache/telephony/[12]
 allow init radio_cache_file:file rw_file_perms;
diff --git a/sepolicy/rild.te b/sepolicy/rild.te
index 11865d8..2ffeb90 100644
--- a/sepolicy/rild.te
+++ b/sepolicy/rild.te
@@ -1,5 +1,6 @@
 allow rild asus_config_file:dir search;
 allow rild device:dir r_dir_perms;
+allow rild factory_file:file r_file_perms;
 allow rild factory_file:dir { search };
 allow rild proc_net:file w_file_perms;
 allow rild radio_cache_file:dir { create_file_perms rw_dir_perms };
diff --git a/sepolicy/vold.te b/sepolicy/vold.te
index 1b107ab..223a5c0 100644
--- a/sepolicy/vold.te
+++ b/sepolicy/vold.te
@@ -2,3 +2,4 @@ allow vold asus_config_file:dir { r_dir_perms setattr };
 allow vold asus_tee_device:chr_file { read open ioctl setattr };
 allow vold factory_file:dir { rw_dir_perms setattr };
 allow vold factory_file:file { create_file_perms rw_file_perms setattr };
+allow vold kernel:system module_request;