commit 7b298d0a149adf5b0bc007c5af82eece65e90b73
author Tim Zimmermann <tim@linux4.de> Sun Nov 28 07:29:26 2021 +0100
committer Tim Zimmermann <tim@linux4.de> Thu Jan 13 16:03:38 2022 +0100
tree 907b291d94bb46b4d87aeda1cfe0d96e6f2963f3
parent e366ba2b90ba948ee22aa20cb308698da365e665

gta4xl-common: address a few denials

Change-Id: I407ce1475c7df0d0c9b3944d9c6d6566bf5cceb2

sepolicy/vendor/bootanim.te

diff --git a/sepolicy/vendor/bootanim.te b/sepolicy/vendor/bootanim.te
new file mode 100644
index 0000000..75852e1
--- /dev/null
+++ b/sepolicy/vendor/bootanim.te
@@ -0,0 +1 @@
+dontaudit bootanim system_data_file:dir search;

sepolicy/vendor/hal_camera_default.te

diff --git a/sepolicy/vendor/hal_camera_default.te b/sepolicy/vendor/hal_camera_default.te
index 4e0c779..cf3d50d 100644
--- a/sepolicy/vendor/hal_camera_default.te
+++ b/sepolicy/vendor/hal_camera_default.te
@@ -17,3 +17,5 @@
 
 get_prop(hal_camera_default, exported_camera_prop);
 set_prop(hal_camera_default, vendor_camera_prop);
+
+dontaudit hal_camera_default default_prop:file read;

sepolicy/vendor/hal_sensors_default.te

diff --git a/sepolicy/vendor/hal_sensors_default.te b/sepolicy/vendor/hal_sensors_default.te
new file mode 100644
index 0000000..f9593cd
--- /dev/null
+++ b/sepolicy/vendor/hal_sensors_default.te
@@ -0,0 +1 @@
+dontaudit hal_sensors_default property_socket:sock_file write;

sepolicy/vendor/kernel.te

diff --git a/sepolicy/vendor/kernel.te b/sepolicy/vendor/kernel.te
index 5e2192b..a4295c2 100644
--- a/sepolicy/vendor/kernel.te
+++ b/sepolicy/vendor/kernel.te
@@ -1,7 +1,9 @@
 allow kernel self:capability mknod;
 
+allow kernel block_device:dir search;
 allow kernel device:dir { add_name write remove_name rmdir };
 allow kernel device:chr_file { create setattr getattr unlink };
+dontaudit kernel device:blk_file create;
 
 r_dir_file(kernel, efs_file);
 r_dir_file(kernel, app_efs_file);

sepolicy/vendor/system_server.te

diff --git a/sepolicy/vendor/system_server.te b/sepolicy/vendor/system_server.te
new file mode 100644
index 0000000..ee4a458
--- /dev/null
+++ b/sepolicy/vendor/system_server.te
@@ -0,0 +1 @@
+allow system_server self:capability sys_module;

sepolicy/vendor/vendor_init.te

diff --git a/sepolicy/vendor/vendor_init.te b/sepolicy/vendor/vendor_init.te
index 9dde684..0f00fc9 100644
--- a/sepolicy/vendor/vendor_init.te
+++ b/sepolicy/vendor/vendor_init.te
@@ -8,4 +8,7 @@
 
 allow vendor_init proc_swappiness:file rw_file_perms;
 
-allow vendor_init cpdebug_efs_file:lnk_file setattr;
+allow vendor_init cpdebug_efs_file:lnk_file { getattr setattr };
+allow vendor_init pdp_efs_file:file getattr;
+
+dontaudit vendor_init system_prop:file read;