gta4xl-common: sepolicy: Address some denials
Change-Id: I93fda1770cfc6b0a0647b17a340c1a3ab819b475
diff --git a/sepolicy/vendor/audioserver.te b/sepolicy/vendor/audioserver.te
new file mode 100644
index 0000000..a2bc4c2
--- /dev/null
+++ b/sepolicy/vendor/audioserver.te
@@ -0,0 +1 @@
+dontaudit audioserver vendor_default_prop:file read;
diff --git a/sepolicy/vendor/file.te b/sepolicy/vendor/file.te
index 6e65561..3f8d0b0 100644
--- a/sepolicy/vendor/file.te
+++ b/sepolicy/vendor/file.te
@@ -19,6 +19,8 @@
# sysfs types
type sysfs_audio, sysfs_type, r_fs_type, fs_type;
+type sysfs_block, sysfs_type, r_fs_type, fs_type;
+type sysfs_block_writable, sysfs_type, rw_fs_type, fs_type;
type sysfs_camera, sysfs_type, r_fs_type, fs_type;
type sysfs_camera_writable, sysfs_type, rw_fs_type, fs_type;
type sysfs_chipid, sysfs_type, r_fs_type, fs_type;
diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts
index 1f349f9..926f78f 100644
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@@ -45,6 +45,10 @@
/efs/wv.keys u:object_r:sec_efs_file:s0
## Sysfs
+# Block
+/sys/devices/platform/(.*)/block/sda/queue/discard_max_bytes u:object_r:sysfs_block_writable:s0
+/sys/devices/platform/(.*)/block/mmcblk0/mmcblk0p[0-9]+/start u:object_r:sysfs_block:s0
+
# Camera
/sys/devices/virtual/camera/rear/fw_update u:object_r:sysfs_camera_writable:s0
/sys/devices/virtual/camera/rear/ssrm_camera_info u:object_r:sysfs_camera_writable:s0
diff --git a/sepolicy/vendor/fsck_untrusted.te b/sepolicy/vendor/fsck_untrusted.te
new file mode 100644
index 0000000..6d25d9c
--- /dev/null
+++ b/sepolicy/vendor/fsck_untrusted.te
@@ -0,0 +1 @@
+allow fsck_untrusted sysfs_block:file r_file_perms;
diff --git a/sepolicy/vendor/gpsd.te b/sepolicy/vendor/gpsd.te
index bfc67f3..8946762 100644
--- a/sepolicy/vendor/gpsd.te
+++ b/sepolicy/vendor/gpsd.te
@@ -12,3 +12,5 @@
allow gpsd gpsd_exec:file execute_no_trans;
get_prop(gpsd, bootanim_system_prop);
+
+binder_call(gpsd, servicemanager)
diff --git a/sepolicy/vendor/hal_graphics_composer_default.te b/sepolicy/vendor/hal_graphics_composer_default.te
index c707ab5..3ad0244 100644
--- a/sepolicy/vendor/hal_graphics_composer_default.te
+++ b/sepolicy/vendor/hal_graphics_composer_default.te
@@ -17,4 +17,4 @@
allow hal_graphics_composer_default sysfs_chipid:file r_file_perms;
get_prop(hal_graphics_composer_default, vendor_camera_prop);
-get_prop(hal_graphics_composer_default, vendor_hwc_prop);
+set_prop(hal_graphics_composer_default, vendor_hwc_prop);
diff --git a/sepolicy/vendor/hal_sensors_default.te b/sepolicy/vendor/hal_sensors_default.te
index f9593cd..43aba4b 100644
--- a/sepolicy/vendor/hal_sensors_default.te
+++ b/sepolicy/vendor/hal_sensors_default.te
@@ -1 +1,3 @@
+binder_call(hal_sensors_default, system_server)
+
dontaudit hal_sensors_default property_socket:sock_file write;
diff --git a/sepolicy/vendor/hal_wifi_default.te b/sepolicy/vendor/hal_wifi_default.te
index 17c802c..441f770 100644
--- a/sepolicy/vendor/hal_wifi_default.te
+++ b/sepolicy/vendor/hal_wifi_default.te
@@ -1,7 +1,7 @@
set_prop(hal_wifi_default, vendor_wlan_prop);
-allow hal_wifi_default conn_vendor_data_file:dir search;
-allow hal_wifi_default conn_vendor_data_file:file rw_file_perms;
+allow hal_wifi_default conn_vendor_data_file:dir rw_dir_perms;
+allow hal_wifi_default conn_vendor_data_file:file create_file_perms;
allow hal_wifi_default wifi_vendor_data_file:dir search;
allow hal_wifi_default mnt_vendor_file:dir search;
diff --git a/sepolicy/vendor/init.te b/sepolicy/vendor/init.te
index 4fa194b..ffb41ad 100644
--- a/sepolicy/vendor/init.te
+++ b/sepolicy/vendor/init.te
@@ -8,3 +8,5 @@
allow init socket_device:sock_file { create setattr unlink };
allow init sysfs_graphics_writable:file rw_file_perms;
+
+allow init sysfs_block_writable:file rw_file_perms;
diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts
index cd0dcc0..bc45d53 100644
--- a/sepolicy/vendor/property_contexts
+++ b/sepolicy/vendor/property_contexts
@@ -2,7 +2,7 @@
persist.vendor.sys.camera. u:object_r:vendor_camera_prop:s0
# HWC
-vendor.hwc.exynos.vsync_mode u:object_r:vendor_hwc_prop:s0
+vendor.hwc. u:object_r:vendor_hwc_prop:s0
# Wlan
vendor.wlan. u:object_r:vendor_wlan_prop:s0
diff --git a/sepolicy/vendor/ueventd.te b/sepolicy/vendor/ueventd.te
index e294368..ac76677 100644
--- a/sepolicy/vendor/ueventd.te
+++ b/sepolicy/vendor/ueventd.te
@@ -1,4 +1,5 @@
allow ueventd self:capability sys_nice;
+dontaudit ueventd self:capability2 mac_admin;
allow ueventd metadata_file:dir search;
dontaudit ueventd gsi_metadata_file:dir search;
diff --git a/sepolicy/vendor/vendor_init.te b/sepolicy/vendor/vendor_init.te
index 82b6ce3..2d5d744 100644
--- a/sepolicy/vendor/vendor_init.te
+++ b/sepolicy/vendor/vendor_init.te
@@ -12,4 +12,5 @@
allow vendor_init sysfs_graphics_writable:file rw_file_perms;
+dontaudit vendor_init radio_prop:file read;
dontaudit vendor_init system_prop:file read;