From 954ce897e9c513106742a1891c5e2a87e340d605 Mon Sep 17 00:00:00 2001
From: Ultra119 <pasasvistak0@gmail.com>
Date: Sat, 7 May 2022 20:44:12 +0300
Subject: [PATCH] sdm710-common: sepolicy: Allow zygote to access
 unix_stream_socket

*W FinalizerDaemon: type=1400 audit(0.0:232): avc: denied { getopt } for path="/dev/socket/usap_pool_primary" scontext=u:r:system_app:s0 tcontext=u:r:zygote:s0 tclass=unix_stream_socket permissive=0
*W FinalizerDaemon: type=1400 audit(0.0:355): avc: denied { getopt } for path="/dev/socket/usap_pool_primary" scontext=u:r:platform_app:s0:c512,c768 tcontext=u:r:zygote:s0 tclass=unix_stream_socket permissive=0 app=com.motorola.dolby.dolbyui
*W FinalizerDaemon: type=1400 audit(0.0:438): avc: denied { getopt } for path="/dev/socket/usap_pool_primary" scontext=u:r:priv_app:s0:c512,c768 tcontext=u:r:zygote:s0 tclass=unix_stream_socket permissive=0 app=com.android.wallpaper
---
 sepolicy/vendor/platform_app.te | 1 +
 sepolicy/vendor/priv_app.te     | 1 +
 sepolicy/vendor/system_app.te   | 4 +++-
 3 files changed, 5 insertions(+), 1 deletion(-)
 create mode 100644 sepolicy/vendor/platform_app.te
 create mode 100644 sepolicy/vendor/priv_app.te

diff --git a/sepolicy/vendor/platform_app.te b/sepolicy/vendor/platform_app.te
new file mode 100644
index 0000000..147993c
--- /dev/null
+++ b/sepolicy/vendor/platform_app.te
@@ -0,0 +1 @@
+allow platform_app zygote:unix_stream_socket getopt;
\ No newline at end of file
diff --git a/sepolicy/vendor/priv_app.te b/sepolicy/vendor/priv_app.te
new file mode 100644
index 0000000..c091ed4
--- /dev/null
+++ b/sepolicy/vendor/priv_app.te
@@ -0,0 +1 @@
+allow priv_app zygote:unix_stream_socket getopt;
\ No newline at end of file
diff --git a/sepolicy/vendor/system_app.te b/sepolicy/vendor/system_app.te
index c8ca201..2467230 100644
--- a/sepolicy/vendor/system_app.te
+++ b/sepolicy/vendor/system_app.te
@@ -1,2 +1,4 @@
 # Allow KProfiles to be adjusted by a system app
-allow system_app sysfs_kprofiles:file rw_file_perms;
\ No newline at end of file
+allow system_app sysfs_kprofiles:file rw_file_perms;
+
+allow system_app zygote:unix_stream_socket getopt;