From 2bd9ab21044dec0111c3670e45d18db91703a5df Mon Sep 17 00:00:00 2001
From: Shanshan Guo <Shanshan.Guo@mediatek.com>
Date: Sat, 18 Jan 2020 10:14:59 +0800
Subject: [PATCH] [ALPS04654001] SEPolicy: add ioctlcmd for app

[Detail]
For Andorid Q, there is a more stringent restriction
for ioctl, app need to access pipe by ioctlcmd=0x5402.
avc: denied { ioctl } for comm="kd" path="pipe:[7173861]"
dev="pipefs" ino=7173861 ioctlcmd=0x5402
scontext=u:r:untrusted_app_25:s0:c512,c768
tcontext=u:r:untrusted_app_25:s0:c512,c768
tclass=fifo_file permissive=0 app=com.tencent.qqpimsecure

[Solution]
Add sepolicy for app to access pipe by ioctlcmd=0x5402

MTK-Commit-Id: d38b9f7f97aab7b23d80d0f3aac8e25a790c8c91

Change-Id: I5ac20bf2dffa0c297b32aaebd75db9e04c35cc79
CR-Id: ALPS04654001
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
---
 non_plat/app.te | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/non_plat/app.te b/non_plat/app.te
index cdd4412..d902cd2 100644
--- a/non_plat/app.te
+++ b/non_plat/app.te
@@ -58,3 +58,8 @@ allow appdomain mdp_device:chr_file rw_file_perms;
 # Operation : Migration
 # Purpose : For platform app com.android.gallery3d
 allow { appdomain -isolated_app } radio_data_file:file rw_file_perms;
+
+# Date : W19.23
+# Operation : Migration
+# Purpose : For app com.tencent.qqpimsecure
+allowxperm appdomain appdomain:fifo_file ioctl SNDCTL_TMR_START;