From a0fbeb97c0476891e177fb04953367aae90fc8a9 Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Fri, 15 May 2015 15:47:48 -0700
Subject: [PATCH] Allow tty and wireless extensions ioctls

Allow tty ioctls TIOCOUTQ 0x5411 and FIOCLEX 0x5451.

Allow/audit all wireless extension ioctls.

Bug: 21120188
Change-Id: Icd447ee40351c615c236f041931d210751e0f0c3
---
 untrusted_app.te | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/untrusted_app.te b/untrusted_app.te
index 7a9e2dd3d..b0adf100b 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -102,7 +102,8 @@ allow untrusted_app { apk_tmp_file apk_private_tmp_file }:file r_file_perms;
 # determine if wifi is present
 # from include/uapi/linux/wireless.h:
 # #define SIOCSIWCOMMIT 0x8B00 /* Commit pending changes to driver */
-allow untrusted_app self:{ rawip_socket tcp_socket udp_socket } { 0x8900-0x8926 0x8928-0x89ff 0x8b00 };
+allow untrusted_app self:{ rawip_socket tcp_socket udp_socket } { 0x5411 0x5451 0x8900-0x8926 0x8928-0x89ff 0x8b00-0x8bff };
+auditallow untrusted_app self:{ rawip_socket tcp_socket udp_socket } { 0x8b00-0x8bff };
 
 # Allow GMS core to access perfprofd output, which is stored
 # in /data/misc/perfprofd/. GMS core will need to list all