gta4xl-common: cleanup sepolicy
* Remove these ugly filename comments
Change-Id: I4f52937da3cf8f75eae80d551fed40440a1e4b9a
diff --git a/sepolicy/vendor/cbd.te b/sepolicy/vendor/cbd.te
index 273b06a..009d203 100644
--- a/sepolicy/vendor/cbd.te
+++ b/sepolicy/vendor/cbd.te
@@ -1,3 +1 @@
-# cbd.te
-
allow cbd self:capability2 block_suspend;
diff --git a/sepolicy/vendor/charger.te b/sepolicy/vendor/charger.te
index cf66074..ea55463 100644
--- a/sepolicy/vendor/charger.te
+++ b/sepolicy/vendor/charger.te
@@ -1,5 +1,3 @@
-# charger.te
-
allow charger device:dir r_file_perms;
allow charger sysfs_battery:file r_file_perms;
allow charger sysfs_battery_writable:file r_file_perms;
diff --git a/sepolicy/vendor/device.te b/sepolicy/vendor/device.te
index 19f78b2..5e0807b 100644
--- a/sepolicy/vendor/device.te
+++ b/sepolicy/vendor/device.te
@@ -1,5 +1,3 @@
-# device.te
-
type cpefs_block_device, dev_type;
type gnss_device, dev_type;
type m2m1shot_device, dev_type;
diff --git a/sepolicy/vendor/domain.te b/sepolicy/vendor/domain.te
index 0e8ede6..de24957 100644
--- a/sepolicy/vendor/domain.te
+++ b/sepolicy/vendor/domain.te
@@ -1,5 +1,3 @@
-# domain.te
-
allow domain debugfs_mali:dir search;
allow domain debugfs_mali_mem:dir search;
allow domain debugfs_ion_dma:dir search;
diff --git a/sepolicy/vendor/file.te b/sepolicy/vendor/file.te
index 42f255d..6115375 100644
--- a/sepolicy/vendor/file.te
+++ b/sepolicy/vendor/file.te
@@ -1,33 +1,30 @@
-# file.te
-
-# ROOT
# /dqmdbg /omr /optics /prism
type omr_file, file_type;
type dqmdbg_file, file_type;
type optics_file, file_type;
type prism_file, file_type;
-# DATA
+# data types
type camera_vendor_data_file, file_type, data_file_type;
type display_vendor_data_file, file_type, data_file_type;
type media_vendor_data_file, file_type, data_file_type;
type mediadrm_vendor_data_file, file_type, data_file_type;
-# DEBUGFS
+# debug types
type debugfs_mali, fs_type, debugfs_type;
type debugfs_mali_mem, fs_type, debugfs_type;
type debugfs_ion, fs_type, debugfs_type;
type debugfs_ion_dma, fs_type, debugfs_type;
-# EFS
+# efs types
type cpdebug_efs_file, fs_type;
type mb_po_efs_file, fs_type;
-# PROC
+# proc types
type proc_simslot_count, fs_type, proc_type;
type proc_swappiness, fs_type, proc_type;
-# SYSFS
+# sysfs types
type sysfs_camera, sysfs_type, r_fs_type, fs_type;
type sysfs_camera_writable, sysfs_type, rw_fs_type, fs_type;
type sysfs_chipid, sysfs_type, r_fs_type, fs_type;
diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts
index f85254f..a1faf21 100644
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@@ -1,11 +1,11 @@
-### DATA
+## Data Files
/data/vendor/camera(/.*)? u:object_r:camera_vendor_data_file:s0
/data/vendor/display(/.*)? u:object_r:display_vendor_data_file:s0
/data/vendor/media(/.*)? u:object_r:media_vendor_data_file:s0
/data/vendor/mediadrm(/.*)? u:object_r:mediadrm_vendor_data_file:s0
/data/camera(/.*)? u:object_r:camera_data_file:s0
-### DEV
+## Devices
/dev/block/platform/.+/by-name/cpefs u:object_r:cpefs_block_device:s0
# Bluetooth
@@ -33,8 +33,7 @@
/optics(/.*)? u:object_r:optics_file:s0
/prism(/.*)? u:object_r:prism_file:s0
-### SYSFS
-
+## Sysfs
# Block
/sys/devices/platform/13520000.ufs/host0/target0:0:0/0:0:0:[0-4]/block/sd[a-e]/queue/scheduler u:object_r:sysfs_io_sched_tuneable:s0
/sys/devices/platform/13550000.dwmmc2/mmc_host/mmc0/mmc0:aaaa/block/mmcblk0/queue/scheduler u:object_r:sysfs_io_sched_tuneable:s0
@@ -58,7 +57,7 @@
/sys/devices/soc0/machine u:object_r:sysfs_sec_gps:s0
/sys/devices/soc0/revision u:object_r:sysfs_sec_gps:s0
-### VENDOR
+## Vendor
/(vendor|system/vendor)/bin/wlbtd u:object_r:wlbtd_exec:s0
/(vendor|system/vendor)/bin/vendor\.samsung\.hardware\.security\.widevine\.keyprovisioning@[0-9]\.[0-9]-service u:object_r:hal_drm_widevine_exec:s0
diff --git a/sepolicy/vendor/fsck.te b/sepolicy/vendor/fsck.te
index f65a8c6..3ec3f2b 100644
--- a/sepolicy/vendor/fsck.te
+++ b/sepolicy/vendor/fsck.te
@@ -1,5 +1,3 @@
-# fsck.te
-
allow fsck efs_block_device:blk_file rw_file_perms;
allow fsck cpefs_block_device:blk_file rw_file_perms;
diff --git a/sepolicy/vendor/genfs_contexts b/sepolicy/vendor/genfs_contexts
index 973902b..534f788 100644
--- a/sepolicy/vendor/genfs_contexts
+++ b/sepolicy/vendor/genfs_contexts
@@ -1,21 +1,18 @@
-# genfs_contexts
-
-# DEBUGFS
+## DebugFS
genfscon debugfs /mali/ u:object_r:debugfs_mali:s0
genfscon debugfs /mali/mem/ u:object_r:debugfs_mali_mem:s0
genfscon debugfs /ion u:object_r:debugfs_ion:s0
genfscon debugfs /dma_buf u:object_r:debugfs_ion_dma:s0
-# PROC
+## Proc
genfscon proc /simslot_count u:object_r:proc_simslot_count:s0
genfscon proc /sys/vm/swappiness u:object_r:proc_swappiness:s0
-# SYSFS
-
-# class
+## Sysfs
+# Class
genfscon sysfs /class/video4linux u:object_r:sysfs_v4l:s0
-# devices
+# Devices
genfscon sysfs /devices/platform/panel/panel_drv/backlight/panel/brightness u:object_r:sysfs_backlight_writable:s0
genfscon sysfs /devices/platform/panel/panel_drv/backlight/panel/max_brightness u:object_r:sysfs_backlight_writable:s0
genfscon sysfs /devices/platform/13900000.spi/spi_master/spi6/spi6.0/input/input0/enabled u:object_r:sysfs_touchscreen_writable:s0
@@ -31,5 +28,5 @@
genfscon sysfs /devices/platform/11a10000.speedy/i2c-12/12-0000/s2mpu09-rtc/rtc/rtc0/hctosys u:object_r:sysfs_rtc:s0
genfscon sysfs /devices/system/chip-id/revision u:object_r:sysfs_chipid:s0
-# module
+# Module
genfscon sysfs /module/scsc_bt/parameters/bluetooth_address u:object_r:sysfs_bt_writable:s0
diff --git a/sepolicy/vendor/gpsd.te b/sepolicy/vendor/gpsd.te
index af26acf..b17f292 100644
--- a/sepolicy/vendor/gpsd.te
+++ b/sepolicy/vendor/gpsd.te
@@ -1,5 +1,3 @@
-# gpsd.te
-
r_dir_file(gpsd, sysfs_sec_gps);
allow gpsd sysfs_gps_writable:file rw_file_perms;
diff --git a/sepolicy/vendor/hal_audio_default.te b/sepolicy/vendor/hal_audio_default.te
index e54c9a6..6076203 100644
--- a/sepolicy/vendor/hal_audio_default.te
+++ b/sepolicy/vendor/hal_audio_default.te
@@ -1,5 +1,3 @@
-# hal_audio_default.te
-
allow hal_audio_default efs_file:dir search;
allow hal_audio_default imei_efs_file:dir search;
allow hal_audio_default imei_efs_file:file r_file_perms;
diff --git a/sepolicy/vendor/hal_camera_default.te b/sepolicy/vendor/hal_camera_default.te
index dabf2fa..30586ee 100644
--- a/sepolicy/vendor/hal_camera_default.te
+++ b/sepolicy/vendor/hal_camera_default.te
@@ -1,5 +1,3 @@
-# hal_camera_default.te
-
vndbinder_use(hal_camera_default);
binder_call(hal_camera_default, system_server);
diff --git a/sepolicy/vendor/hal_drm_clearkey.te b/sepolicy/vendor/hal_drm_clearkey.te
index 4135646..da9ce6c 100644
--- a/sepolicy/vendor/hal_drm_clearkey.te
+++ b/sepolicy/vendor/hal_drm_clearkey.te
@@ -1,5 +1,3 @@
-# hal_drm_clearkey.te
-
type hal_drm_clearkey, domain;
hal_server_domain(hal_drm_clearkey, hal_drm);
diff --git a/sepolicy/vendor/hal_drm_widevine.te b/sepolicy/vendor/hal_drm_widevine.te
index c7aaf07..32df1e3 100644
--- a/sepolicy/vendor/hal_drm_widevine.te
+++ b/sepolicy/vendor/hal_drm_widevine.te
@@ -1,13 +1,9 @@
-# hal_drm_widevine.te
-
type hal_drm_widevine, domain;
hal_server_domain(hal_drm_widevine, hal_drm);
type hal_drm_widevine_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_drm_widevine);
-allow hal_drm_widevine hal_vendor_wvkprov_hwservice:hwservice_manager { add find };
-
allow hal_drm_widevine mediadrm_vendor_data_file:dir create_dir_perms;
allow hal_drm_widevine mediadrm_vendor_data_file:file create_file_perms;
diff --git a/sepolicy/vendor/hal_gatekeeper_default.te b/sepolicy/vendor/hal_gatekeeper_default.te
index b239f59..1f7e263 100644
--- a/sepolicy/vendor/hal_gatekeeper_default.te
+++ b/sepolicy/vendor/hal_gatekeeper_default.te
@@ -1,3 +1 @@
-# hal_gatekeeper_default.te
-
teegris_use(hal_gatekeeper_default);
diff --git a/sepolicy/vendor/hal_gnss_default.te b/sepolicy/vendor/hal_gnss_default.te
index 2042386..6106c89 100644
--- a/sepolicy/vendor/hal_gnss_default.te
+++ b/sepolicy/vendor/hal_gnss_default.te
@@ -1,3 +1 @@
-# hal_gnss_default.te
-
allow hal_gnss_default gpsd:unix_stream_socket connectto;
diff --git a/sepolicy/vendor/hal_graphics_composer_default.te b/sepolicy/vendor/hal_graphics_composer_default.te
index 60a73bc..c707ab5 100644
--- a/sepolicy/vendor/hal_graphics_composer_default.te
+++ b/sepolicy/vendor/hal_graphics_composer_default.te
@@ -1,5 +1,3 @@
-# hal_graphics_composer_default.te
-
vndbinder_use(hal_graphics_composer_default);
hal_client_domain(hal_graphics_composer_default, hal_graphics_allocator);
diff --git a/sepolicy/vendor/hal_health_default.te b/sepolicy/vendor/hal_health_default.te
index abe62a2..b2e91c1 100644
--- a/sepolicy/vendor/hal_health_default.te
+++ b/sepolicy/vendor/hal_health_default.te
@@ -1,3 +1 @@
-# hal_health_default.te
-
r_dir_file(hal_health_default, sysfs_battery);
diff --git a/sepolicy/vendor/hal_keymaster_default.te b/sepolicy/vendor/hal_keymaster_default.te
index df7ee38..9120e58 100644
--- a/sepolicy/vendor/hal_keymaster_default.te
+++ b/sepolicy/vendor/hal_keymaster_default.te
@@ -1,3 +1 @@
-# hal_keymaster_default.te
-
teegris_use(hal_keymaster_default);
diff --git a/sepolicy/vendor/hal_memtrack_default.te b/sepolicy/vendor/hal_memtrack_default.te
index f8a4a28..a355a6e 100644
--- a/sepolicy/vendor/hal_memtrack_default.te
+++ b/sepolicy/vendor/hal_memtrack_default.te
@@ -1,5 +1,3 @@
-# hal_memtrack_default.te
-
r_dir_file(hal_memtrack_default, debugfs_mali);
r_dir_file(hal_memtrack_default, debugfs_mali_mem);
r_dir_file(hal_memtrack_default, debugfs_ion);
diff --git a/sepolicy/vendor/hal_power_default.te b/sepolicy/vendor/hal_power_default.te
index ba9e1d6..ff647c1 100644
--- a/sepolicy/vendor/hal_power_default.te
+++ b/sepolicy/vendor/hal_power_default.te
@@ -1,5 +1,3 @@
-# hal_power_default.te
-
allow hal_power_default pm_qos_device:chr_file rw_file_perms;
allow hal_power_default sysfs_battery:dir search;
diff --git a/sepolicy/vendor/hal_sensors_default.te b/sepolicy/vendor/hal_sensors_default.te
index fa17c6a..95c0e02 100644
--- a/sepolicy/vendor/hal_sensors_default.te
+++ b/sepolicy/vendor/hal_sensors_default.te
@@ -1,3 +1 @@
-# hal_sensors_default.te
-
set_prop(hal_sensors_default, vendor_sensors_prop);
diff --git a/sepolicy/vendor/hal_wifi_default.te b/sepolicy/vendor/hal_wifi_default.te
index 95666c1..ea7456f 100644
--- a/sepolicy/vendor/hal_wifi_default.te
+++ b/sepolicy/vendor/hal_wifi_default.te
@@ -1,5 +1,3 @@
-# hal_wifi_default.te
-
set_prop(hal_wifi_default, vendor_wlan_prop);
allow hal_wifi_default conn_vendor_data_file:dir search;
diff --git a/sepolicy/vendor/hal_wifi_supplicant_default.te b/sepolicy/vendor/hal_wifi_supplicant_default.te
index d64ba93..21882f7 100644
--- a/sepolicy/vendor/hal_wifi_supplicant_default.te
+++ b/sepolicy/vendor/hal_wifi_supplicant_default.te
@@ -1,4 +1,2 @@
-# hal_wifi_supplicant_default.te
-
allow hal_wifi_supplicant_default conn_vendor_data_file:dir search;
allow hal_wifi_supplicant_default conn_vendor_data_file:file rw_file_perms;
diff --git a/sepolicy/vendor/hwservice_contexts b/sepolicy/vendor/hwservice_contexts
index ff9d0b7..8bfe03d 100644
--- a/sepolicy/vendor/hwservice_contexts
+++ b/sepolicy/vendor/hwservice_contexts
@@ -4,4 +4,3 @@
vendor.samsung.hardware.radio.bridge::ISehBridge u:object_r:hal_telephony_hwservice:s0
vendor.samsung.hardware.radio.channel::ISehChannel u:object_r:hal_telephony_hwservice:s0
vendor.samsung.hardware.radio::ISehRadio u:object_r:hal_telephony_hwservice:s0
-vendor.samsung.hardware.security.widevine.keyprovisioning::ISehWidevineKeyProvisioning u:object_r:hal_vendor_wvkprov_hwservice:s0
diff --git a/sepolicy/vendor/init.te b/sepolicy/vendor/init.te
index 42bdb2d..25839dd 100644
--- a/sepolicy/vendor/init.te
+++ b/sepolicy/vendor/init.te
@@ -1,5 +1,3 @@
-# init.te
-
allow init omr_file:dir mounton;
allow init efs_file:dir mounton;
allow init mnt_vendor_file:dir mounton;
diff --git a/sepolicy/vendor/kernel.te b/sepolicy/vendor/kernel.te
index b123351..5e2192b 100644
--- a/sepolicy/vendor/kernel.te
+++ b/sepolicy/vendor/kernel.te
@@ -1,5 +1,3 @@
-# kernel.te
-
allow kernel self:capability mknod;
allow kernel device:dir { add_name write remove_name rmdir };
diff --git a/sepolicy/vendor/mediacodec.te b/sepolicy/vendor/mediacodec.te
index d3f9b19..eac449a 100644
--- a/sepolicy/vendor/mediacodec.te
+++ b/sepolicy/vendor/mediacodec.te
@@ -1,5 +1,3 @@
-# mediacodec.te
-
hal_client_domain(mediacodec, hal_power);
r_dir_file(mediacodec, sysfs_v4l);
diff --git a/sepolicy/vendor/netd.te b/sepolicy/vendor/netd.te
index c558dfd..9cd518c 100644
--- a/sepolicy/vendor/netd.te
+++ b/sepolicy/vendor/netd.te
@@ -1,5 +1,3 @@
-# netd.te
-
allow netd sysfs_net_mtu_writable:file rw_file_perms;
allow netd self:capability sys_module;
diff --git a/sepolicy/vendor/proc_net.te b/sepolicy/vendor/proc_net.te
index ead9d1e..0f22770 100644
--- a/sepolicy/vendor/proc_net.te
+++ b/sepolicy/vendor/proc_net.te
@@ -1,3 +1 @@
-# proc_net.te
-
allow proc_net proc:filesystem associate;
diff --git a/sepolicy/vendor/property.te b/sepolicy/vendor/property.te
index 419c3d6..767e988 100644
--- a/sepolicy/vendor/property.te
+++ b/sepolicy/vendor/property.te
@@ -1,5 +1,3 @@
-# property.te
-
type persist_rmnet_prop, property_type;
type persist_data_df_prop, property_type;
type persist_data_wda_prop, property_type;
diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts
index 8f2ddc9..27fbc05 100644
--- a/sepolicy/vendor/property_contexts
+++ b/sepolicy/vendor/property_contexts
@@ -1,26 +1,24 @@
-# property_contexts
-
-persist.rmnet. u:object_r:persist_rmnet_prop:s0
-persist.data.df. u:object_r:persist_data_df_prop:s0
-persist.data.wda. u:object_r:persist_data_wda_prop:s0
-
-# CAMERA
+# Camera
persist.vendor.sys.camera. u:object_r:vendor_camera_prop:s0
-# FACTORY
+# Factory
ro.factory.factory_binary u:object_r:vendor_factory_prop:s0
# HWC
hwc.exynos.vsync_mode u:object_r:vendor_hwc_prop:s0
-# RADIO
+# Radio
ro.radio.needcalibration u:object_r:vendor_radio_prop:s0
-# SENSORS
+# Sensors
persist.sns.camera_light u:object_r:vendor_sensors_prop:s0
-# WLAN
+# Wlan
vendor.wlan. u:object_r:vendor_wlan_prop:s0
-# WLBTD
+# wlbtd
vendor.wlbtd. u:object_r:vendor_wlbtd_prop:s0
+
+persist.rmnet. u:object_r:persist_rmnet_prop:s0
+persist.data.df. u:object_r:persist_data_df_prop:s0
+persist.data.wda. u:object_r:persist_data_wda_prop:s0
diff --git a/sepolicy/vendor/secril_config_svc.te b/sepolicy/vendor/secril_config_svc.te
index 269c28c..f88a43f 100644
--- a/sepolicy/vendor/secril_config_svc.te
+++ b/sepolicy/vendor/secril_config_svc.te
@@ -1,3 +1 @@
-# secril_config_svc.te
-
allow secril_config_svc proc_simslot_count:file r_file_perms;
diff --git a/sepolicy/vendor/surfaceflinger.te b/sepolicy/vendor/surfaceflinger.te
index 9ecea05..044e456 100644
--- a/sepolicy/vendor/surfaceflinger.te
+++ b/sepolicy/vendor/surfaceflinger.te
@@ -1,3 +1 @@
-# surfaceflinger.te
-
r_dir_file(surfaceflinger, hal_graphics_composer_default);
diff --git a/sepolicy/vendor/tzdaemon.te b/sepolicy/vendor/tzdaemon.te
index cc0fc29..cee98d6 100644
--- a/sepolicy/vendor/tzdaemon.te
+++ b/sepolicy/vendor/tzdaemon.te
@@ -1,8 +1,5 @@
-# tzdaemon.te
-
allow tzdaemon efs_file:dir search;
-allow tzdaemon tee_efs_file:dir search;
allow tzdaemon mnt_vendor_file:dir search;
-allow tzdaemon tee_efs_file:dir { rw_file_perms add_name create remove_name };
-allow tzdaemon tee_efs_file:file { rw_file_perms create rename unlink };
+allow tzdaemon tee_efs_file:dir create_dir_perms;
+allow tzdaemon tee_efs_file:file create_file_perms;
diff --git a/sepolicy/vendor/ueventd.te b/sepolicy/vendor/ueventd.te
index 5c7c11e..e294368 100644
--- a/sepolicy/vendor/ueventd.te
+++ b/sepolicy/vendor/ueventd.te
@@ -1,5 +1,3 @@
-# ueventd.te
-
allow ueventd self:capability sys_nice;
allow ueventd metadata_file:dir search;
diff --git a/sepolicy/vendor/vendor_init.te b/sepolicy/vendor/vendor_init.te
index 0d41332..423e8cd 100644
--- a/sepolicy/vendor/vendor_init.te
+++ b/sepolicy/vendor/vendor_init.te
@@ -1,5 +1,3 @@
-# vendor_init.te
-
set_prop(vendor_init, persist_rmnet_prop);
set_prop(vendor_init, persist_data_df_prop);
set_prop(vendor_init, persist_data_wda_prop);
diff --git a/sepolicy/vendor/vold.te b/sepolicy/vendor/vold.te
index 46279cc..ea1e1a6 100644
--- a/sepolicy/vendor/vold.te
+++ b/sepolicy/vendor/vold.te
@@ -1,4 +1,2 @@
-# vold.te
-
allow vold efs_file:dir r_file_perms;
allow vold mnt_vendor_file:dir r_file_perms;
diff --git a/sepolicy/vendor/wlbtd.te b/sepolicy/vendor/wlbtd.te
index bfcc87c..e0d0a45 100644
--- a/sepolicy/vendor/wlbtd.te
+++ b/sepolicy/vendor/wlbtd.te
@@ -1,5 +1,3 @@
-# wlbtd.te
-
type wlbtd, domain;
type wlbtd_exec, exec_type, vendor_file_type, file_type;
diff --git a/sepolicy/vendor/zygote.te b/sepolicy/vendor/zygote.te
index 1234b67..c5d7119 100644
--- a/sepolicy/vendor/zygote.te
+++ b/sepolicy/vendor/zygote.te
@@ -1,3 +1 @@
-# zygote.te
-
allow zygote system_data_file:dir create_file_perms;