From 38ae1361bfac91f910452537ed0de1c56c0713cf Mon Sep 17 00:00:00 2001
From: Shanshan Guo <Shanshan.Guo@mediatek.com>
Date: Sat, 18 Jan 2020 10:14:58 +0800
Subject: [PATCH] [ALPS04653992] SEPolicy: mmap permission for app

[Detail]
In kernel 4.14, selinux security need to check if the process has the
map permission of mmap inode. App need the map permission to
read radio_data_file.

[Solution]
Add map permission for app to read radio_data_file.

MTK-Commit-Id: 698e603818ff37a59212a37a41ecbec8e8e30233

Change-Id: I8982ddbff40cfd7280c0a3dc5e8d2f6b6394e747
CR-Id: ALPS04653992
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
---
 non_plat/app.te | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/non_plat/app.te b/non_plat/app.te
index 5a64433..cdd4412 100644
--- a/non_plat/app.te
+++ b/non_plat/app.te
@@ -53,3 +53,8 @@ allowxperm appdomain proc_perfmgr:file ioctl {
 # Date : W19.4
 # Purpose : Allow MDP user access mdp driver
 allow appdomain mdp_device:chr_file rw_file_perms;
+
+# Date : W19.23
+# Operation : Migration
+# Purpose : For platform app com.android.gallery3d
+allow { appdomain -isolated_app } radio_data_file:file rw_file_perms;