sepolicy: allow msm ipc ioctls

Solves the following denials.

 * avc: denied { ioctl } for pid=422 comm="readmac" path="socket:[13782]" dev="sockfs" ino=13782 ioctlcmd=c302 scontext=u:r:readmac:s0 tcontext=u:r:readmac:s0 tclass=socket

 * avc: denied { ioctl } for pid=439 comm="mmbn-daemon" path="socket:[16630]" dev="sockfs" ino=16630 ioctlcmd=c302 scontext=u:r:mmbn-daemon:s0 tcontext=u:r:mmbn-daemon:s0 tclass=socket

Change-Id: Ica9b1c39ef1d4ab2dda9960ec44b08c860e6accb

2 files changed, 4 insertions, 2 deletions

diff --git a/sepolicy/mmbn-daemon.te b/sepolicy/mmbn-daemon.te
index 9a6925b8..e18ccd9c 100644
--- a/sepolicy/mmbn-daemon.te
+++ b/sepolicy/mmbn-daemon.te
@@ -10,4 +10,5 @@ diag_use(mmbn-daemon)
 allow mmbn-daemon firmware_file:dir r_dir_perms;
 allow mmbn-daemon firmware_file:file r_file_perms;
 
-allow mmbn-daemon self:socket create_socket_perms_no_ioctl;
+allow mmbn-daemon self:socket create_socket_perms;
+allowxperm mmbn-daemon self:socket ioctl msm_sock_ipc_ioctls;
diff --git a/sepolicy/readmac.te b/sepolicy/readmac.te
index 2fd2ca97..3b904786 100644
--- a/sepolicy/readmac.te
+++ b/sepolicy/readmac.te
@@ -10,5 +10,6 @@ diag_use(readmac)
 allow readmac wifi_data_file:file create_file_perms;
 allow readmac wifi_data_file:dir create_dir_perms;
 
-allow readmac self:socket create_socket_perms_no_ioctl;
+allow readmac self:socket create_socket_perms;
+allowxperm readmac self:socket ioctl msm_sock_ipc_ioctls;
 allow readmac self:capability fsetid;