From 1086506de4da2629be52f548a6e0166e8a9cb1c5 Mon Sep 17 00:00:00 2001
From: Shanshan Guo <Shanshan.Guo@mediatek.com>
Date: Sat, 18 Jan 2020 10:08:47 +0800
Subject: [PATCH] [ALPS04345534] SEPolicy: add permission for system_app

[Detail]
For Andorid Q, there is a more stringent restriction for ioctl,
system_app need to access proc_ged by ioctlcmd=0x6700

MTK-Commit-Id: c610a674e4a9dcdadde0eb619326359253f59f15

Change-Id: I33cd7c4e29b6bec1dc0956cf6d4a136f08f1d511
CR-Id: ALPS04345534
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
---
 non_plat/system_app.te | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/non_plat/system_app.te b/non_plat/system_app.te
index a7e9def..a3ac9d2 100644
--- a/non_plat/system_app.te
+++ b/non_plat/system_app.te
@@ -29,3 +29,8 @@ allow system_app mtk_thermal_config_prop:file { getattr open read };
 allow system_app aee_exp_data_file:file r_file_perms;
 allow system_app aee_exp_data_file:dir r_dir_perms;
 allow system_app md_monitor:unix_stream_socket connectto;
+
+# Date : WK19.11
+# Operation: Q migration
+# Purpose : Allow system_app to use ioctl/ioctlcmd
+allowxperm system_app proc_ged:file ioctl GED_BRIDGE_IO_LOG_BUF_GET;