From 84f48b50e171224420d6e322448e8b9594a4d10a Mon Sep 17 00:00:00 2001
From: SonalSingh18 <sonal.singh.19993@gmail.com>
Date: Sun, 24 Jan 2021 20:19:16 +0530
Subject: [PATCH] sm6250-common: sepolicy: Address last remaining denials

Signed-off-by: SonalSingh18 <sonal.singh.19993@gmail.com>
---
 sepolicy/private/system_suspend.te             | 3 ++-
 sepolicy/vendor/batterysecret.te               | 1 +
 sepolicy/vendor/bluetooth.te                   | 1 +
 sepolicy/vendor/hal_camera_default.te          | 2 ++
 sepolicy/vendor/hal_fingerprint_default.te     | 1 -
 sepolicy/vendor/hal_health_default.te          | 2 +-
 sepolicy/vendor/radio.te                       | 1 +
 sepolicy/vendor/system_app.te                  | 3 +++
 sepolicy/vendor/vendor_hal_gnss_qti            | 1 +
 sepolicy/vendor/vendor_ims.te                  | 1 +
 sepolicy/vendor/vendor_init.te                 | 3 +++
 sepolicy/vendor/vendor_netmgrd                 | 1 +
 sepolicy/vendor/vendor_per_mgr                 | 1 +
 sepolicy/vendor/vendor_per_proxy               | 1 +
 sepolicy/vendor/vendor_port-bridge             | 1 +
 sepolicy/vendor/vendor_rmt_storage             | 1 +
 sepolicy/vendor/vendor_sysfs_battery_supply.te | 1 +
 sepolicy/vendor/vendor_wcnss_service           | 1 +
 18 files changed, 23 insertions(+), 3 deletions(-)
 create mode 100644 sepolicy/vendor/batterysecret.te
 create mode 100644 sepolicy/vendor/bluetooth.te
 create mode 100644 sepolicy/vendor/hal_camera_default.te
 create mode 100644 sepolicy/vendor/radio.te
 create mode 100644 sepolicy/vendor/vendor_hal_gnss_qti
 create mode 100644 sepolicy/vendor/vendor_ims.te
 create mode 100644 sepolicy/vendor/vendor_netmgrd
 create mode 100644 sepolicy/vendor/vendor_per_mgr
 create mode 100644 sepolicy/vendor/vendor_per_proxy
 create mode 100644 sepolicy/vendor/vendor_port-bridge
 create mode 100644 sepolicy/vendor/vendor_rmt_storage
 create mode 100644 sepolicy/vendor/vendor_sysfs_battery_supply.te
 create mode 100644 sepolicy/vendor/vendor_wcnss_service

diff --git a/sepolicy/private/system_suspend.te b/sepolicy/private/system_suspend.te
index 03824e2..e2abdb7 100644
--- a/sepolicy/private/system_suspend.te
+++ b/sepolicy/private/system_suspend.te
@@ -1,2 +1,3 @@
 allow system_suspend sysfs:dir { open read };
-dontaudit system_suspend sysfs:file { getattr open read };
+allow system_suspend sysfs:file { getattr };
+dontaudit system_suspend sysfs:file { open read };
diff --git a/sepolicy/vendor/batterysecret.te b/sepolicy/vendor/batterysecret.te
new file mode 100644
index 0000000..a5afcf1
--- /dev/null
+++ b/sepolicy/vendor/batterysecret.te
@@ -0,0 +1 @@
+allow batterysecret kmsg_device:chr_file { getattr };
diff --git a/sepolicy/vendor/bluetooth.te b/sepolicy/vendor/bluetooth.te
new file mode 100644
index 0000000..5e4a5b5
--- /dev/null
+++ b/sepolicy/vendor/bluetooth.te
@@ -0,0 +1 @@
+allow bluetooth incremental_prop:file { read };
diff --git a/sepolicy/vendor/hal_camera_default.te b/sepolicy/vendor/hal_camera_default.te
new file mode 100644
index 0000000..c23ae77
--- /dev/null
+++ b/sepolicy/vendor/hal_camera_default.te
@@ -0,0 +1,2 @@
+allow hal_camera_default mnt_vendor_file:dir { search };
+allow hal_camera_default proc_stat:file { read };
diff --git a/sepolicy/vendor/hal_fingerprint_default.te b/sepolicy/vendor/hal_fingerprint_default.te
index 0fa98c8..99687b0 100644
--- a/sepolicy/vendor/hal_fingerprint_default.te
+++ b/sepolicy/vendor/hal_fingerprint_default.te
@@ -23,4 +23,3 @@ binder_call(hal_fingerprint_default, hal_perf_default)
 r_dir_file(hal_fingerprint_default, firmware_file)
 set_prop(hal_fingerprint_default, hal_fingerprint_prop)
 dontaudit hal_fingerprint_default storage_file:dir search;
-
diff --git a/sepolicy/vendor/hal_health_default.te b/sepolicy/vendor/hal_health_default.te
index 71f12f1..64e4b19 100644
--- a/sepolicy/vendor/hal_health_default.te
+++ b/sepolicy/vendor/hal_health_default.te
@@ -1 +1 @@
-allow hal_health_default sysfs:file { open read };
+allow hal_health_default sysfs:file { getattr open read };
diff --git a/sepolicy/vendor/radio.te b/sepolicy/vendor/radio.te
new file mode 100644
index 0000000..df65108
--- /dev/null
+++ b/sepolicy/vendor/radio.te
@@ -0,0 +1 @@
+allow radio gpuservice:binder { call };
diff --git a/sepolicy/vendor/system_app.te b/sepolicy/vendor/system_app.te
index 0e8c66c..c00231b 100644
--- a/sepolicy/vendor/system_app.te
+++ b/sepolicy/vendor/system_app.te
@@ -1,2 +1,5 @@
 allow system_app vendor_default_prop:file { getattr open read };
 allow system_app vendor_default_prop:file {map};
+allow system_app vendor_sysfs_graphics:file { getattr open read };
+allow system_app vendor_sysfs_msm_perf:dir { search };
+allow system_app apk_data_file:dir { write };
diff --git a/sepolicy/vendor/vendor_hal_gnss_qti b/sepolicy/vendor/vendor_hal_gnss_qti
new file mode 100644
index 0000000..85fa146
--- /dev/null
+++ b/sepolicy/vendor/vendor_hal_gnss_qti
@@ -0,0 +1 @@
+allow vendor_hal_gnss_qti sysfs:file { read };
diff --git a/sepolicy/vendor/vendor_ims.te b/sepolicy/vendor/vendor_ims.te
new file mode 100644
index 0000000..fc04f33
--- /dev/null
+++ b/sepolicy/vendor/vendor_ims.te
@@ -0,0 +1 @@
+allow vendor_ims sysfs:file { read };
diff --git a/sepolicy/vendor/vendor_init.te b/sepolicy/vendor/vendor_init.te
index 90b700b..5ec32c9 100644
--- a/sepolicy/vendor/vendor_init.te
+++ b/sepolicy/vendor/vendor_init.te
@@ -10,3 +10,6 @@ allow init adsprpcd_file:file mounton;
 set_prop(vendor_init, vendor_freq_prop)
 set_prop(vendor_init, vendor_camera_prop)
 set_prop(vendor_init, camera_prop)
+
+allow vendor_init persist_debug_prop:file { read };
+allow vendor_init default_prop:file { read };
diff --git a/sepolicy/vendor/vendor_netmgrd b/sepolicy/vendor/vendor_netmgrd
new file mode 100644
index 0000000..da617d9
--- /dev/null
+++ b/sepolicy/vendor/vendor_netmgrd
@@ -0,0 +1 @@
+allow vendor_netmgrd sysfs:file { read };
diff --git a/sepolicy/vendor/vendor_per_mgr b/sepolicy/vendor/vendor_per_mgr
new file mode 100644
index 0000000..8fde621
--- /dev/null
+++ b/sepolicy/vendor/vendor_per_mgr
@@ -0,0 +1 @@
+allow vendor_per_mgr sysfs:file { read };
diff --git a/sepolicy/vendor/vendor_per_proxy b/sepolicy/vendor/vendor_per_proxy
new file mode 100644
index 0000000..72ac960
--- /dev/null
+++ b/sepolicy/vendor/vendor_per_proxy
@@ -0,0 +1 @@
+allow vendor_per_proxy sysfs:file { read };
diff --git a/sepolicy/vendor/vendor_port-bridge b/sepolicy/vendor/vendor_port-bridge
new file mode 100644
index 0000000..d2e71a6
--- /dev/null
+++ b/sepolicy/vendor/vendor_port-bridge
@@ -0,0 +1 @@
+allow vendor_port-bridge sysfs:file { read };
diff --git a/sepolicy/vendor/vendor_rmt_storage b/sepolicy/vendor/vendor_rmt_storage
new file mode 100644
index 0000000..7750a6b
--- /dev/null
+++ b/sepolicy/vendor/vendor_rmt_storage
@@ -0,0 +1 @@
+allow vendor_rmt_storage sysfs:file { read };
diff --git a/sepolicy/vendor/vendor_sysfs_battery_supply.te b/sepolicy/vendor/vendor_sysfs_battery_supply.te
new file mode 100644
index 0000000..1cef7f6
--- /dev/null
+++ b/sepolicy/vendor/vendor_sysfs_battery_supply.te
@@ -0,0 +1 @@
+allow vendor_sysfs_battery_supply vendor_sysfs_battery_supply:dir { read };
diff --git a/sepolicy/vendor/vendor_wcnss_service b/sepolicy/vendor/vendor_wcnss_service
new file mode 100644
index 0000000..e9e9db6
--- /dev/null
+++ b/sepolicy/vendor/vendor_wcnss_service
@@ -0,0 +1 @@
+allow vendor_wcnss_service sysfs:file { read };