From b189b5f35ae96d7d8292eac2c47691b6c73d7986 Mon Sep 17 00:00:00 2001
From: mtk81216 <lina.wang@mediatek.com>
Date: Sat, 18 Jan 2020 10:04:54 +0800
Subject: [PATCH] [ALPS03974446] modify vendor_init selinux policy

[Detail]
vendor_init will parse meta_init.rc to ifup lo,which needs some
selinux policy. when meta mode has enabled loopback, gps tool can
run normally

[Solution]
add selinux rule to up lo interface

MTK-Commit-Id: b351d14a284871dae0783f4d48278a1fde515f4d

Change-Id: I962bfc0002a76d34e5366869cb5fea46ae1453da
CR-Id: ALPS03974446
Feature: Location Chipset Capability
---
 non_plat/vendor_init.te | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/non_plat/vendor_init.te b/non_plat/vendor_init.te
index abfd51c..60fa76b 100644
--- a/non_plat/vendor_init.te
+++ b/non_plat/vendor_init.te
@@ -35,3 +35,11 @@ set_prop(vendor_init, mtk_emmc_support_prop)
 allow vendor_init tmpfs:lnk_file create;
 
 set_prop(vendor_init, mtk_cxp_vendor_prop)
+
+# Run "ifup lo" to bring up the localhost interface
+allow vendor_init proc_hostname:file w_file_perms;
+allow vendor_init self:udp_socket { create ioctl };
+# in addition to unpriv ioctls granted to all domains, init also needs:
+allowxperm vendor_init self:udp_socket ioctl { SIOCSIFFLAGS };
+allow vendor_init self:global_capability_class_set net_raw;
+