sm6250-common: sepolicy: Address last remaining denials

Signed-off-by: SonalSingh18 <sonal.singh.19993@gmail.com>

sepolicy/private/system_suspend.te

@@ -1,2 +1,3 @@
 allow system_suspend sysfs:dir { open read };
-dontaudit system_suspend sysfs:file { getattr open read };
+allow system_suspend sysfs:file { getattr };
+dontaudit system_suspend sysfs:file { open read };

sepolicy/vendor/batterysecret.te

@@ -0,0 +1 @@
+allow batterysecret kmsg_device:chr_file { getattr };

sepolicy/vendor/bluetooth.te

@@ -0,0 +1 @@
+allow bluetooth incremental_prop:file { read };

sepolicy/vendor/hal_camera_default.te

@@ -0,0 +1,2 @@
+allow hal_camera_default mnt_vendor_file:dir { search };
+allow hal_camera_default proc_stat:file { read };

sepolicy/vendor/hal_fingerprint_default.te

@@ -23,4 +23,3 @@ binder_call(hal_fingerprint_default, hal_perf_default)
 r_dir_file(hal_fingerprint_default, firmware_file)
 set_prop(hal_fingerprint_default, hal_fingerprint_prop)
 dontaudit hal_fingerprint_default storage_file:dir search;
-

sepolicy/vendor/hal_health_default.te

@@ -1 +1 @@
-allow hal_health_default sysfs:file { open read };
+allow hal_health_default sysfs:file { getattr open read };

sepolicy/vendor/radio.te

@@ -0,0 +1 @@
+allow radio gpuservice:binder { call };

sepolicy/vendor/system_app.te

@@ -1,2 +1,5 @@
 allow system_app vendor_default_prop:file { getattr open read };
 allow system_app vendor_default_prop:file {map};
+allow system_app vendor_sysfs_graphics:file { getattr open read };
+allow system_app vendor_sysfs_msm_perf:dir { search };
+allow system_app apk_data_file:dir { write };

sepolicy/vendor/vendor_hal_gnss_qti

@@ -0,0 +1 @@
+allow vendor_hal_gnss_qti sysfs:file { read };

sepolicy/vendor/vendor_ims.te

@@ -0,0 +1 @@
+allow vendor_ims sysfs:file { read };

sepolicy/vendor/vendor_init.te

@@ -10,3 +10,6 @@ allow init adsprpcd_file:file mounton;
 set_prop(vendor_init, vendor_freq_prop)
 set_prop(vendor_init, vendor_camera_prop)
 set_prop(vendor_init, camera_prop)
+
+allow vendor_init persist_debug_prop:file { read };
+allow vendor_init default_prop:file { read };

sepolicy/vendor/vendor_netmgrd

@@ -0,0 +1 @@
+allow vendor_netmgrd sysfs:file { read };

sepolicy/vendor/vendor_per_mgr

@@ -0,0 +1 @@
+allow vendor_per_mgr sysfs:file { read };

sepolicy/vendor/vendor_per_proxy

@@ -0,0 +1 @@
+allow vendor_per_proxy sysfs:file { read };

sepolicy/vendor/vendor_port-bridge

@@ -0,0 +1 @@
+allow vendor_port-bridge sysfs:file { read };

sepolicy/vendor/vendor_rmt_storage

@@ -0,0 +1 @@
+allow vendor_rmt_storage sysfs:file { read };

sepolicy/vendor/vendor_sysfs_battery_supply.te

@@ -0,0 +1 @@
+allow vendor_sysfs_battery_supply vendor_sysfs_battery_supply:dir { read };

sepolicy/vendor/vendor_wcnss_service

@@ -0,0 +1 @@
+allow vendor_wcnss_service sysfs:file { read };