From f374f825b2a279519b73a42334ef0137d20c2f35 Mon Sep 17 00:00:00 2001
From: Dhina17 <dhinalogu@gmail.com>
Date: Wed, 12 Feb 2020 21:03:31 +0530
Subject: [PATCH] onclite: sepolicy: Address denials
Signed-off-by: Dhina17 <dhinalogu@gmail.com>
---
sepolicy/bootanim.te | 1 +
sepolicy/cameraserver.te | 1 +
sepolicy/hal_audio_default.te | 1 +
sepolicy/init.te | 2 ++
sepolicy/qti_init_shell.te | 1 +
sepolicy/surfaceflinger.te | 1 +
sepolicy/thermal-engine.te | 5 +++++
sepolicy/vendor_init.te | 2 ++
sepolicy/vold.te | 2 ++
sepolicy/wcnss_service.te | 3 +++
10 files changed, 19 insertions(+)
create mode 100644 sepolicy/bootanim.te
create mode 100644 sepolicy/cameraserver.te
create mode 100644 sepolicy/hal_audio_default.te
create mode 100644 sepolicy/surfaceflinger.te
create mode 100644 sepolicy/thermal-engine.te
create mode 100644 sepolicy/wcnss_service.te
diff --git a/sepolicy/bootanim.te b/sepolicy/bootanim.te
new file mode 100644
index 0000000..a4b5148
--- /dev/null
+++ b/sepolicy/bootanim.te
@@ -0,0 +1 @@
+allow bootanim sysfs_kgsl:dir { search };
diff --git a/sepolicy/cameraserver.te b/sepolicy/cameraserver.te
new file mode 100644
index 0000000..41316eb
--- /dev/null
+++ b/sepolicy/cameraserver.te
@@ -0,0 +1 @@
+allow cameraserver vendor_file:file { execute getattr open read };
diff --git a/sepolicy/hal_audio_default.te b/sepolicy/hal_audio_default.te
new file mode 100644
index 0000000..5880aa4
--- /dev/null
+++ b/sepolicy/hal_audio_default.te
@@ -0,0 +1 @@
+allow hal_audio_default sysfs:dir { open read};
diff --git a/sepolicy/init.te b/sepolicy/init.te
index b11561c..1d0e99b 100644
--- a/sepolicy/init.te
+++ b/sepolicy/init.te
@@ -1 +1,3 @@
allow init proc_boot_reason:file r_file_perms;
+allow init system_file:file { execute_no_trans };
+allow init vendor_file:file { execute execute_no_trans };
diff --git a/sepolicy/qti_init_shell.te b/sepolicy/qti_init_shell.te
index e324d21..7fe783f 100644
--- a/sepolicy/qti_init_shell.te
+++ b/sepolicy/qti_init_shell.te
@@ -1,5 +1,6 @@
typeattribute qti_init_shell data_between_core_and_vendor_violators;
+allow qti_init_shell proc_boot_reason:file { open read };
allow qti_init_shell proc_touchpanel:dir { r_dir_perms setattr };
allow qti_init_shell proc_touchpanel:file { getattr setattr };
allow qti_init_shell bluetooth_data_file:file r_file_perms;
diff --git a/sepolicy/surfaceflinger.te b/sepolicy/surfaceflinger.te
new file mode 100644
index 0000000..e8f54c5
--- /dev/null
+++ b/sepolicy/surfaceflinger.te
@@ -0,0 +1 @@
+allow surfaceflinger vendor_firmware_file:file {open read};
diff --git a/sepolicy/thermal-engine.te b/sepolicy/thermal-engine.te
new file mode 100644
index 0000000..5a0aeb4
--- /dev/null
+++ b/sepolicy/thermal-engine.te
@@ -0,0 +1,5 @@
+allow thermal-engine system_prop:file { getattr open read };
+allow thermal-engine sysfs:dir { open read };
+allow thermal-engine property_socket:sock_file { write };
+allow thermal-engine init:unix_stream_socket {connectto };
+
diff --git a/sepolicy/vendor_init.te b/sepolicy/vendor_init.te
index 6cf7029..99ce8b0 100644
--- a/sepolicy/vendor_init.te
+++ b/sepolicy/vendor_init.te
@@ -9,3 +9,5 @@ allow vendor_init {
wifi_data_file
wpa_socket
}:dir { create search getattr open read setattr ioctl write add_name remove_name rmdir relabelfrom };
+
+allow vendor_init fm_prop:file { getattr open read };
diff --git a/sepolicy/vold.te b/sepolicy/vold.te
index 018770e..7e29fcc 100644
--- a/sepolicy/vold.te
+++ b/sepolicy/vold.te
@@ -1 +1,3 @@
allow vold proc_touchpanel:dir r_dir_perms;
+allow vold tee_device:chr_file {read write};
+allow vold vendor_file:file { getattr open read };
diff --git a/sepolicy/wcnss_service.te b/sepolicy/wcnss_service.te
new file mode 100644
index 0000000..63bd097
--- /dev/null
+++ b/sepolicy/wcnss_service.te
@@ -0,0 +1,3 @@
+allow wcnss_service property_socket:sock_file { write };
+allow wcnss_service init:unix_stream_socket { connectto };
+allow wcnss_service system_prop:file { getattr open read };
--
GitLab