From f7948230ef65b8617db0762acc9b2fa54adf8ff9 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Mon, 19 Mar 2012 15:56:01 -0400
Subject: [PATCH] Integrate nfc_power and rild rules from tuna sepolicy by
 Bryan Hinton.

---
 file.te       | 1 +
 file_contexts | 1 +
 nfc.te        | 2 ++
 rild.te       | 1 +
 system.te     | 1 +
 5 files changed, 6 insertions(+)

diff --git a/file.te b/file.te
index 7d7f5fc9e..312ace8d3 100644
--- a/file.te
+++ b/file.te
@@ -8,6 +8,7 @@ type selinuxfs, fs_type;
 type cgroup, fs_type, mlstrustedobject;
 type sysfs, fs_type, mlstrustedobject;
 type sysfs_writable, fs_type, sysfs_type, mlstrustedobject;
+type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject;
 type inotify, fs_type, mlstrustedobject;
 type devpts, fs_type;
 type tmpfs, fs_type;
diff --git a/file_contexts b/file_contexts
index 9c8325a2b..1f9781c96 100644
--- a/file_contexts
+++ b/file_contexts
@@ -132,3 +132,4 @@
 # sysfs files
 #
 /sys/qemu_trace/process_name	--	u:object_r:sysfs_writable:s0
+/sys/devices/platform/nfc-power/nfc_power -- u:object_r:sysfs_nfc_power_writable:s0
diff --git a/nfc.te b/nfc.te
index b20d23699..72c2d69b7 100644
--- a/nfc.te
+++ b/nfc.te
@@ -8,3 +8,5 @@ allow nfc nfc_device:chr_file rw_file_perms;
 # Data file accesses.
 allow nfc nfc_data_file:dir create_dir_perms;
 allow nfc nfc_data_file:notdevfile_class_set create_file_perms;
+
+allow nfc sysfs_nfc_power_writable:file rw_file_perms;
diff --git a/rild.te b/rild.te
index 2857892df..5993af478 100644
--- a/rild.te
+++ b/rild.te
@@ -4,6 +4,7 @@ type rild_exec, exec_type, file_type;
 
 init_daemon_domain(rild)
 net_domain(rild)
+allow rild self:netlink_route_socket setopt;
 allow rild kernel:system module_request;
 unix_socket_connect(rild, property, init)
 unix_socket_connect(rild, qemud, qemud)
diff --git a/system.te b/system.te
index 7f299c92e..5fa9a917d 100644
--- a/system.te
+++ b/system.te
@@ -113,6 +113,7 @@ selinux_check_access(system)
 
 # XXX Label sysfs files with a specific type?
 allow system sysfs:file rw_file_perms;
+allow system sysfs_nfc_power_writable:file rw_file_perms;
 
 # Access devices.
 allow system device:dir r_dir_perms;
-- 
GitLab