From c8da10e03bf1c6b184e1b01a8afada13e392f2ad Mon Sep 17 00:00:00 2001
From: Jason Riordan <jriordan001@gmail.com>
Date: Mon, 23 Jan 2017 13:39:32 -0500
Subject: mofd: clean up selinux denials

* allow rild read acces to factory_files
* allow vold to access to crypto modules

Change-Id: Ibfc2a1c60f5aa588a3a23184047ca1ed6220a424
---
 sepolicy/init.te | 1 +
 sepolicy/rild.te | 1 +
 sepolicy/vold.te | 1 +
 3 files changed, 3 insertions(+)

diff --git a/sepolicy/init.te b/sepolicy/init.te
index 8fae893..122ac47 100644
--- a/sepolicy/init.te
+++ b/sepolicy/init.te
@@ -9,6 +9,7 @@ allow init binfmt_miscfs:file w_file_perms;
 # /local_cfg
 allow init tmpfs:lnk_file create_file_perms;
 allow init rootfs:lnk_file setattr;
+allow init rootfs:dir relabelto;
 
 # /cache/telephony/[12]
 allow init radio_cache_file:file rw_file_perms;
diff --git a/sepolicy/rild.te b/sepolicy/rild.te
index 11865d8..2ffeb90 100644
--- a/sepolicy/rild.te
+++ b/sepolicy/rild.te
@@ -1,5 +1,6 @@
 allow rild asus_config_file:dir search;
 allow rild device:dir r_dir_perms;
+allow rild factory_file:file r_file_perms;
 allow rild factory_file:dir { search };
 allow rild proc_net:file w_file_perms;
 allow rild radio_cache_file:dir { create_file_perms rw_dir_perms };
diff --git a/sepolicy/vold.te b/sepolicy/vold.te
index 1b107ab..223a5c0 100644
--- a/sepolicy/vold.te
+++ b/sepolicy/vold.te
@@ -2,3 +2,4 @@ allow vold asus_config_file:dir { r_dir_perms setattr };
 allow vold asus_tee_device:chr_file { read open ioctl setattr };
 allow vold factory_file:dir { rw_dir_perms setattr };
 allow vold factory_file:file { create_file_perms rw_file_perms setattr };
+allow vold kernel:system module_request;
-- 
cgit v1.2.3