From 6f8abd5708e35133a73d27d1ee75fea5fbb16736 Mon Sep 17 00:00:00 2001
From: Youxiu Wang <youxiu.wang@mediatek.com>
Date: Sat, 18 Jan 2020 10:19:51 +0800
Subject: [PATCH] [ALPS04763237] Modify permission forRIL

Reduce the scope of permission for RIL to access proc node.

MTK-Commit-Id: 4f0402b23acbbcf90e195f4c0bfc3bd249c1489e

Change-Id: I442119bd6696a40aa1a49bec781cfb947869b995
CR-Id: ALPS04763237
Feature: DSDS (Dual SIM Dual Standby) Framework-Common Framework(RIL)
---
 non_plat/file.te        | 4 ++++
 non_plat/genfs_contexts | 4 ++++
 non_plat/rild.te        | 5 ++++-
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/non_plat/file.te b/non_plat/file.te
index d942247..b1e5760 100644
--- a/non_plat/file.te
+++ b/non_plat/file.te
@@ -389,3 +389,7 @@ type sysfs_sensor, fs_type, sysfs_type;
 
 #MTEE trusty
 type mtee_trusty_file, fs_type, sysfs_type;
+
+# Date : 2019/08/29
+# Purpose: Allow rild access proc/aed/reboot-reason
+type proc_aed_reboot_reason, fs_type, proc_type;
\ No newline at end of file
diff --git a/non_plat/genfs_contexts b/non_plat/genfs_contexts
index 6d18b6f..1452962 100644
--- a/non_plat/genfs_contexts
+++ b/non_plat/genfs_contexts
@@ -220,3 +220,7 @@ genfscon sysfs /devices/virtual/sensor u:object_r:sysfs_sensor:s0
 
 # MTEE trusty
 genfscon sysfs /devices/platform/trusty u:object_r:mtee_trusty_file:s0
+
+# Date : 2019/08/29
+# Purpose: allow rild to access /proc/aed/reboot-reason
+genfscon proc /aed/reboot-reason u:object_r:proc_aed_reboot_reason:s0
\ No newline at end of file
diff --git a/non_plat/rild.te b/non_plat/rild.te
index 9472dba..67cf3eb 100644
--- a/non_plat/rild.te
+++ b/non_plat/rild.te
@@ -43,7 +43,6 @@ allow rild bluetooth_efs_file:dir r_dir_perms;
 # Violate Android P rule
 allow rild sdcardfs:dir r_dir_perms;
 #allow rild system_file:file x_file_perms;
-allow rild proc:file rw_file_perms;
 allow rild proc_net:file w_file_perms;
 
 # Allow rild to create and use netlink sockets.
@@ -155,3 +154,7 @@ allow rild proc_cmdline:file r_file_perms;
 # Operation: AP wifi path
 # Purpose: Allow packet can be filtered by RILD process
 allow rild self:netlink_netfilter_socket { create_socket_perms_no_ioctl };
+
+# Date : 2019/08/29
+# Purpose: Allow rild to access proc/aed/reboot-reason
+allow rild proc_aed_reboot_reason:file rw_file_perms;
\ No newline at end of file