From 3afd698bbd545d389966b6473b20bea8c9186ecc Mon Sep 17 00:00:00 2001
From: bengris32 <bengris32@protonmail.ch>
Date: Sun, 25 Sep 2022 15:56:15 +0100
Subject: [PATCH] sepolicy: basic: non_plat: Address nvram_daemon denials

Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: I86df292fa27eb3756deaf537085607c20c7f6a99
---
 basic/non_plat/nvram_daemon.te | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/basic/non_plat/nvram_daemon.te b/basic/non_plat/nvram_daemon.te
index eba4cf6..cc1e59b 100644
--- a/basic/non_plat/nvram_daemon.te
+++ b/basic/non_plat/nvram_daemon.te
@@ -76,4 +76,12 @@ allow nvram_daemon sysfs_boot_mode:file r_file_perms;
 read_fstab(nvram_daemon)
 
 # Purpose: Wifi NVRAM ConnFem Kernel node access
-allow nvram_daemon connfem_device:chr_file rw_file_perms;
\ No newline at end of file
+allow nvram_daemon connfem_device:chr_file rw_file_perms;
+
+# Purpose: Allow nvram_daemon to search /mnt/vendor/nvdata for fstab
+allow nvram_daemon mnt_vendor_file:dir search;
+allow nvram_daemon self:capability { fowner chown fsetid };
+allow nvram_daemon sysfs_boot_mode:file r_file_perms;
+allow nvram_daemon proc_cmdline:file r_file_perms;
+allow nvram_daemon sysfs_dt_firmware_android:dir r_dir_perms;
+allow nvram_daemon sysfs_dt_firmware_android:file r_file_perms;