cm: Fix a few denials
* Missed a few things when cleaning up devices.
Change-Id: Ib71afd696a564aeeaa80c34ca9744a39891f4b63
Signed-off-by: Josue Rivera <prbassplayer@gmail.com>
diff --git a/sepolicy/qcom/bootanim.te b/sepolicy/qcom/bootanim.te
index 9987b46..4b4ca71 100644
--- a/sepolicy/qcom/bootanim.te
+++ b/sepolicy/qcom/bootanim.te
@@ -1,3 +1,8 @@
allow bootanim mpctl_socket:dir search;
unix_socket_connect(bootanim, mpctl, perfd)
unix_socket_send(bootanim, mpctl, perfd)
+
+allow bootanim mpdecision:dir search;
+allow bootanim mpdecision:file r_file_perms;
+unix_socket_connect(bootanim, mpctl, mpdecision)
+unix_socket_send(bootanim, mpctl, mpdecision)
diff --git a/sepolicy/qcom/mpdecision.te b/sepolicy/qcom/mpdecision.te
new file mode 100644
index 0000000..9399b32
--- /dev/null
+++ b/sepolicy/qcom/mpdecision.te
@@ -0,0 +1,5 @@
+allow mpdecision sysfs_devices_system_iosched:file rw_file_perms;
+unix_socket_connect(mpdecision, thermal, thermal-engine)
+
+# read /proc/pid files
+r_dir_file(mpdecision, domain)
diff --git a/sepolicy/sepolicy.mk b/sepolicy/sepolicy.mk
index 7955d8f..abd001d 100644
--- a/sepolicy/sepolicy.mk
+++ b/sepolicy/sepolicy.mk
@@ -32,4 +32,5 @@
uncrypt.te \
userinit.te \
vold.te \
+ zygote.te \
mac_permissions.xml
diff --git a/sepolicy/zygote.te b/sepolicy/zygote.te
new file mode 100644
index 0000000..5e5ce5c
--- /dev/null
+++ b/sepolicy/zygote.te
@@ -0,0 +1,2 @@
+# ps command may do this
+allow untrusted_app zygote:process getsched;