sepolicy: address denials on lte variant
Change-Id: I74f7b60fe4a941c883b59ada2049b36b6e169562
diff --git a/sepolicy/vendor/cbd.te b/sepolicy/vendor/cbd.te
new file mode 100644
index 0000000..273b06a
--- /dev/null
+++ b/sepolicy/vendor/cbd.te
@@ -0,0 +1,3 @@
+# cbd.te
+
+allow cbd self:capability2 block_suspend;
diff --git a/sepolicy/vendor/device.te b/sepolicy/vendor/device.te
index 6f067e2..19f78b2 100644
--- a/sepolicy/vendor/device.te
+++ b/sepolicy/vendor/device.te
@@ -1,5 +1,6 @@
# device.te
type cpefs_block_device, dev_type;
+type gnss_device, dev_type;
type m2m1shot_device, dev_type;
type secmem_device, dev_type;
diff --git a/sepolicy/vendor/domain.te b/sepolicy/vendor/domain.te
index 8f69661..21354c9 100644
--- a/sepolicy/vendor/domain.te
+++ b/sepolicy/vendor/domain.te
@@ -4,4 +4,4 @@
allow domain debugfs_mali_mem:dir search;
allow domain debugfs_ion_dma:dir search;
-dontaudit domain vendor_shimmed_lib:file read;
+dontaudit domain vendor_shimmed_lib:file { read getattr };
diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts
index c2423b2..77525e6 100644
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@@ -14,6 +14,9 @@
# Camera
/dev/m2m1shot_scaler0 u:object_r:m2m1shot_device:s0
+# GPS
+/dev/gnss_ipc u:object_r:gnss_device:s0
+
# Graphics
/dev/mali[0-9] u:object_r:gpu_device:s0
/dev/g2d u:object_r:graphics_device:s0
@@ -50,6 +53,9 @@
/sys/devices/platform/11980000.contexthub(/.*) u:object_r:sysfs_iio:s0
/sys/devices/platform/11c30000.adc(/.*) u:object_r:sysfs_iio:s0
+# GPS
+/sys/devices/soc0/machine u:object_r:sysfs_sec_gps:s0
+
### VENDOR
/(vendor|system/vendor)/bin/argosd u:object_r:argosd_exec:s0
/(vendor|system/vendor)/bin/wlbtd u:object_r:wlbtd_exec:s0
diff --git a/sepolicy/vendor/gpsd.te b/sepolicy/vendor/gpsd.te
index 7f9cd9c..0a9e611 100644
--- a/sepolicy/vendor/gpsd.te
+++ b/sepolicy/vendor/gpsd.te
@@ -1,6 +1,11 @@
# gpsd.te
-allow gpsd sysfs_sec_gps:dir search;
+r_dir_file(gpsd, sysfs_sec_gps);
+
allow gpsd sysfs_gps_writable:file rw_file_perms;
+allow gpsd sysfs_wake_lock:file rw_file_perms;
+
+allow gpsd self:capability2 block_suspend;
allow gpsd bt_device:chr_file rw_file_perms;
+allow gpsd gnss_device:chr_file rw_file_perms;
diff --git a/sepolicy/vendor/hal_gnss_default.te b/sepolicy/vendor/hal_gnss_default.te
new file mode 100644
index 0000000..2042386
--- /dev/null
+++ b/sepolicy/vendor/hal_gnss_default.te
@@ -0,0 +1,3 @@
+# hal_gnss_default.te
+
+allow hal_gnss_default gpsd:unix_stream_socket connectto;
diff --git a/sepolicy/vendor/zygote.te b/sepolicy/vendor/zygote.te
new file mode 100644
index 0000000..1234b67
--- /dev/null
+++ b/sepolicy/vendor/zygote.te
@@ -0,0 +1,3 @@
+# zygote.te
+
+allow zygote system_data_file:dir create_file_perms;