From e2f23f0e91442552b7bd68564773bcef073e3a4d Mon Sep 17 00:00:00 2001
From: Steve Kondik <steve@cyngn.com>
Date: Sat, 19 Sep 2015 22:49:20 -0700
Subject: [PATCH] cm: Fix a few denials

 * Missed a few things when cleaning up devices.

Change-Id: Ib71afd696a564aeeaa80c34ca9744a39891f4b63
---
 sepolicy/qcom/bootanim.te   | 5 +++++
 sepolicy/qcom/mpdecision.te | 5 +++++
 sepolicy/zygote.te          | 2 ++
 3 files changed, 12 insertions(+)
 create mode 100644 sepolicy/qcom/mpdecision.te

diff --git a/sepolicy/qcom/bootanim.te b/sepolicy/qcom/bootanim.te
index 9987b46b..4b4ca71f 100644
--- a/sepolicy/qcom/bootanim.te
+++ b/sepolicy/qcom/bootanim.te
@@ -1,3 +1,8 @@
 allow bootanim mpctl_socket:dir search;
 unix_socket_connect(bootanim, mpctl, perfd)
 unix_socket_send(bootanim, mpctl, perfd)
+
+allow bootanim mpdecision:dir search;
+allow bootanim mpdecision:file r_file_perms;
+unix_socket_connect(bootanim, mpctl, mpdecision)
+unix_socket_send(bootanim, mpctl, mpdecision)
diff --git a/sepolicy/qcom/mpdecision.te b/sepolicy/qcom/mpdecision.te
new file mode 100644
index 00000000..9399b326
--- /dev/null
+++ b/sepolicy/qcom/mpdecision.te
@@ -0,0 +1,5 @@
+allow mpdecision sysfs_devices_system_iosched:file rw_file_perms;
+unix_socket_connect(mpdecision, thermal, thermal-engine)
+
+# read /proc/pid files
+r_dir_file(mpdecision, domain)
diff --git a/sepolicy/zygote.te b/sepolicy/zygote.te
index 8bee8fe7..a93d90ea 100644
--- a/sepolicy/zygote.te
+++ b/sepolicy/zygote.te
@@ -1,3 +1,5 @@
 allow zygote theme_data_file:file r_file_perms;
 allow zygote theme_data_file:dir r_dir_perms;
 
+# ps command may do this
+allow untrusted_app zygote:process getsched;