From 2148026c92de2cdccf937d521e22d15d1e0067a5 Mon Sep 17 00:00:00 2001
From: Michael Bestas <mikeioannina@cyanogenmod.org>
Date: Sun, 4 Dec 2016 21:21:24 +0200
Subject: msm8916-common: Update sepolicies for 7.x

Change-Id: I8f7e6f80d64a149dff87ce8b2651f2939b481912
---
 rootdir/etc/init.qcom.rc     |  2 +-
 sepolicy/bluetooth_loader.te | 31 -------------------------------
 sepolicy/file_contexts       |  7 -------
 sepolicy/netmgrd.te          |  1 +
 sepolicy/property_contexts   |  1 -
 sepolicy/wcnss_service.te    |  1 -
 6 files changed, 2 insertions(+), 41 deletions(-)
 delete mode 100644 sepolicy/bluetooth_loader.te
 delete mode 100644 sepolicy/file_contexts
 create mode 100644 sepolicy/netmgrd.te
 delete mode 100644 sepolicy/property_contexts
 delete mode 100644 sepolicy/wcnss_service.te

diff --git a/rootdir/etc/init.qcom.rc b/rootdir/etc/init.qcom.rc
index f846b0f..fd64333 100644
--- a/rootdir/etc/init.qcom.rc
+++ b/rootdir/etc/init.qcom.rc
@@ -443,7 +443,7 @@ service qseecomd /system/bin/qseecomd
 service perfd /vendor/bin/perfd
    class main
    user root
-   group root
+   group root readproc
    disabled
    writepid /dev/cpuset/system-background/tasks
 
diff --git a/sepolicy/bluetooth_loader.te b/sepolicy/bluetooth_loader.te
deleted file mode 100644
index 242f4a2..0000000
--- a/sepolicy/bluetooth_loader.te
+++ /dev/null
@@ -1,31 +0,0 @@
-# Bluetooth executables and scripts
-type bluetooth_loader, domain;
-type bluetooth_loader_exec, exec_type, file_type;
-
-# Start bdAddrLoader from init
-init_daemon_domain(bluetooth_loader)
-
-# Run init.qcom.bt.sh
-allow bluetooth_loader shell_exec:file { entrypoint read };
-allow bluetooth_loader bluetooth_loader_exec:file { getattr open execute_no_trans };
-
-# init.qcom.bt.sh needs /system/bin/log access
-allow bluetooth_loader devpts:chr_file rw_file_perms;
-
-# Run hci_qcomm_init from init.qcom.bt.sh
-domain_auto_trans(bluetooth_loader, hci_attach_exec, hci_attach)
-allow hci_attach bluetooth_loader:fd use;
-
-# Set persist.service.bdroid.* and bluetooth.* property values
-set_prop(bluetooth_loader, bluetooth_prop)
-
-# Allow getprop/setprop for init.qcom.bt.sh
-allow bluetooth_loader system_file:file execute_no_trans;
-
-# Access the smd device
-allow bluetooth_loader hci_attach_dev:chr_file rw_file_perms;
-
-# And qmuxd
-allow bluetooth_loader qmuxd_socket:dir { write add_name remove_name search };
-allow bluetooth_loader qmuxd_socket:sock_file { create setattr getattr write unlink };
-allow bluetooth_loader qmuxd:unix_stream_socket { connectto };
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
deleted file mode 100644
index 6ac26d6..0000000
--- a/sepolicy/file_contexts
+++ /dev/null
@@ -1,7 +0,0 @@
-/persist/.genmac                                u:object_r:wifi_data_file:s0
-/persist/.bt_nv.bin                             u:object_r:bluetooth_data_file:s0
-
-/system/etc/init\.qcom\.bt\.sh                  u:object_r:bluetooth_loader_exec:s0
-
-/dev/smd3                                       u:object_r:hci_attach_dev:s0
-/dev/mmc3416x                                   u:object_r:sensors_device:s0
diff --git a/sepolicy/netmgrd.te b/sepolicy/netmgrd.te
new file mode 100644
index 0000000..a034c0c
--- /dev/null
+++ b/sepolicy/netmgrd.te
@@ -0,0 +1 @@
+allow netmgrd self:capability dac_override;
diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts
deleted file mode 100644
index a0b78e9..0000000
--- a/sepolicy/property_contexts
+++ /dev/null
@@ -1 +0,0 @@
-qualcomm.bt.                     u:object_r:bluetooth_prop:s0
diff --git a/sepolicy/wcnss_service.te b/sepolicy/wcnss_service.te
deleted file mode 100644
index a4fe3c0..0000000
--- a/sepolicy/wcnss_service.te
+++ /dev/null
@@ -1 +0,0 @@
-allow wcnss_service persist_file:dir search;
-- 
cgit v1.2.3