From 16a190dd28fe4c526c6290b6a2f5a062de0fdec8 Mon Sep 17 00:00:00 2001
From: "Kevin F. Haggerty" <haggertk@lineageos.org>
Date: Sat, 5 Sep 2020 05:28:09 -0600
Subject: [PATCH] msm8974-common: sepolicy: Allow system_app to access storaged
 via IPC

avc: denied { call } for comm=4173796E635461736B202333
scontext=u:r:system_app:s0 tcontext=u:r:storaged:s0 tclass=binder
permissive=t0

Change-Id: I933dcebf2f5960d639ce47be379f62636e4ddd69
---
 sepolicy/private/system_app.te | 1 +
 sepolicy/sepolicy.mk           | 2 ++
 2 files changed, 3 insertions(+)
 create mode 100644 sepolicy/private/system_app.te

diff --git a/sepolicy/private/system_app.te b/sepolicy/private/system_app.te
new file mode 100644
index 0000000..39dedf5
--- /dev/null
+++ b/sepolicy/private/system_app.te
@@ -0,0 +1 @@
+binder_call(system_app, storaged)
diff --git a/sepolicy/sepolicy.mk b/sepolicy/sepolicy.mk
index 18f7153..6b1c882 100644
--- a/sepolicy/sepolicy.mk
+++ b/sepolicy/sepolicy.mk
@@ -19,3 +19,5 @@ include device/qcom/sepolicy-legacy/sepolicy.mk
 # Board specific SELinux policy variable definitions
 BOARD_SEPOLICY_DIRS += \
     device/samsung/msm8974-common/sepolicy/common
+BOARD_PLAT_PRIVATE_SEPOLICY_DIR += \
+    device/samsung/msm8974-common/sepolicy/private