From 5320556c8e570dd716d7c29420f6846f460174df Mon Sep 17 00:00:00 2001
From: Prateek Chaubey <chaubeyprateek@gmail.com>
Date: Sun, 6 Aug 2017 14:40:22 +0200
Subject: [PATCH] land: address some denials

---
 sepolicy/ims.te        | 1 +
 sepolicy/init.te       | 2 ++
 sepolicy/location.te   | 2 ++
 sepolicy/radio.te      | 1 +
 sepolicy/system_app.te | 2 ++
 5 files changed, 8 insertions(+)
 create mode 100644 sepolicy/ims.te
 create mode 100644 sepolicy/init.te
 create mode 100644 sepolicy/location.te
 create mode 100644 sepolicy/radio.te
 create mode 100644 sepolicy/system_app.te

diff --git a/sepolicy/ims.te b/sepolicy/ims.te
new file mode 100644
index 0000000..7491188
--- /dev/null
+++ b/sepolicy/ims.te
@@ -0,0 +1 @@
+allow ims self:capability { net_raw net_admin };
diff --git a/sepolicy/init.te b/sepolicy/init.te
new file mode 100644
index 0000000..4fd1a19
--- /dev/null
+++ b/sepolicy/init.te
@@ -0,0 +1,2 @@
+allow init fingerprintd:binder { transfer call };
+allow init gx_fpd_device:chr_file { write ioctl };
diff --git a/sepolicy/location.te b/sepolicy/location.te
new file mode 100644
index 0000000..0869913
--- /dev/null
+++ b/sepolicy/location.te
@@ -0,0 +1,2 @@
+allow location sysfs_wake_lock:file { write open };
+allow location diag_device:chr_file { read write };
diff --git a/sepolicy/radio.te b/sepolicy/radio.te
new file mode 100644
index 0000000..cedd222
--- /dev/null
+++ b/sepolicy/radio.te
@@ -0,0 +1 @@
+allow system_server radio_prop:property_service set;
diff --git a/sepolicy/system_app.te b/sepolicy/system_app.te
new file mode 100644
index 0000000..9faef20
--- /dev/null
+++ b/sepolicy/system_app.te
@@ -0,0 +1,2 @@
+# Allow binder calls to fingerprintd
+binder_call(system_app, fingerprintd)