From bc8a258620d159dd976e246e327ed92ea4fc7b7e Mon Sep 17 00:00:00 2001
From: mtk07742 <yongjun.luo@mediatek.com>
Date: Sat, 18 Jan 2020 10:11:50 +0800
Subject: [PATCH] [ALPS04424750] SEPolicy:add perm for system_server

For Android Q, there is a more stringent restriction for ioctl,
system_server need some permissoin to access proc_ged by ioctlcmd
in MTBF.

MTK-Commit-Id: f4a14dea0b118232234da13c860c66e1b31b3c5d

Change-Id: Idd1b3376f8980273f5e91985d91729c1ab50dd59
CR-Id: ALPS04424750
Feature: [Module]SystemServer
---
 non_plat/system_server.te | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/non_plat/system_server.te b/non_plat/system_server.te
index 7c2141a..bc75661 100644
--- a/non_plat/system_server.te
+++ b/non_plat/system_server.te
@@ -205,4 +205,9 @@ get_prop(system_server, persist_mtk_aee_prop);
 # Date : W19.15
 # Operation : alarm device permission
 # Purpose : support power-off alarm
-allow system_server alarm_device:chr_file rw_file_perms;
\ No newline at end of file
+allow system_server alarm_device:chr_file rw_file_perms;
+
+# Date : WK19.7
+# Operation: Q migration
+# Purpose : Allow system_server to use ioctl/ioctlcmd
+allowxperm system_server proc_ged:file ioctl GED_BRIDGE_IO_LOG_BUF_GET;