Allow system_server access to mpdecision sockets.

Change fixes the following class of denials.
  denied  { write } for  pid=551 comm="er.ServerThread" name="touchboost" dev="tmpfs" ino=6701 scontext=u:r:system_server:s0 tcontext=u:object_r:mpdecision_socket:s0 tclass=sock_file
  denied  { sendto } for  pid=551 comm="er.ServerThread" path="/dev/socket/mpdecision/touchboost" scontext=u:r:system_server:s0 tcontext=u:r:mpdecision:s0 tclass=unix_dgram_socket
  denied  { connectto } for  pid=536 comm="system_server" path="/dev/socket/mpdecision/touchboost" scontext=u:r:system_server:s0 tcontext=u:r:mpdecision:s0 tclass=unix_stream_socket

Change-Id: I9536efa852b2d8689239a0f12e6a01ef7640604e

1 files changed, 6 insertions, 0 deletions

diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
index 3e8e1f6..e72aa6f 100644
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@@ -5,3 +5,9 @@ allow system_server diag_device:chr_file rw_file_perms;
 # Grant access to Qualcomm MSM Interface (QMI) radio sockets to system services
 # (e.g., LocationManager)
 qmux_socket(system_server)
+
+# mpdecision socket access
+unix_socket_connect(system_server, mpdecision, mpdecision)
+unix_socket_send(system_server, mpdecision, mpdecision)
+allow system_server mpdecision:unix_stream_socket sendto;
+allow system_server mpdecision_socket:dir search;