Merge branch 'cm-14.1' of https://github.com/LineageOS/android_device_xiaomi_mido/tree/cm-14.1/sepolicy into cm-14.1/sepolicy

Remove p1a42(firelord's) assembled  sepolicy and instead, import it from LineageOS/android_device_xiaomi_mido:cm-14.1

Change-Id: I3c27ca778e8b4b151d4faa62e5ea65fb7644c41c

30 files changed, 42 insertions, 99 deletions

diff --git a/sepolicy/device.te b/sepolicy/device.te
new file mode 100644
index 0000000..d580073
--- /dev/null
+++ b/sepolicy/device.te
@@ -0,0 +1 @@
+type lirc_device, dev_type;
diff --git a/sepolicy/fast_charger_sw.te b/sepolicy/fast_charger_sw.te
deleted file mode 100644
index 9ef41a0..0000000
--- a/sepolicy/fast_charger_sw.te
+++ /dev/null
@@ -1,10 +0,0 @@
-# Fast charger
-type fast_charger_sw, domain;
-type fast_charger_sw_exec, exec_type, file_type;
-
-init_daemon_domain(fast_charger_sw)
-
-allow fast_charger_sw sysfs_fast_charger_sw:file { read open };
-allow fast_charger_sw sysfs_fast_charger_sw:file rw_file_perms;
-allow fast_charger_sw sysfs_fast_charger_sw:file setattr;
-allow fast_charger_sw sysfs_fast_charger_sw:dir search;
diff --git a/sepolicy/file.te b/sepolicy/file.te
index fbacbe9..0f02058 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -1,2 +1,5 @@
-type macaddr_data_file, file_type;
-type sysfs_fast_charger_sw, fs_type, sysfs_type;
+type fpc_data_file, file_type, data_file_type;
+type fpce_socket, file_type;
+type fpc_sysfs, fs_type, sysfs_type;
+type proc_touchpanel, fs_type, sysfs_type;
+type netmgrd_data_file, file_type;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index fe6c8b4..5273e39 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -1,24 +1,16 @@
-# Audio
-/dev/i2c_smartpa(/.*)?     		 	        u:object_r:audio_device:s0
+# Fpc Fingerprint
+/data/fpc(/.*)?					u:object_r:fpc_data_file:s0
+/dev/socket/fpce(/.*)?				u:object_r:fpce_socket:s0
+/sys/devices/soc/soc:fpc1020(/.*)?		u:object_r:fpc_sysfs:s0
 
-# Binaries
-/system/bin/fast_charger_sw 				u:object_r:fast_charger_sw_exec:s0
-/system/bin/vfmService					u:object_r:vfmService_exec:s0
+# Ir
+/dev/lirc[0-9]*					u:object_r:lirc_device:s0
 
-# OneKey & IDK why fastcharger needs
-/sys/devices/soc.0/gpio_keys.69(/.*)?			u:object_r:sysfs_fast_charger_sw:s0
+# Glove Mode
+/sys/class/tp_glove/tp_glove/glove_enable	u:object_r:proc_touchpanel:s0
 
-# Camera
-/data/cam_socket[12]                                    u:object_r:camera_socket:s0
+# Block devices
+/dev/block/bootdevice/by-name/persist		u:object_r:persist_block_device:s0
 
-# Fingerprint
-/data/validity(/.*)?					u:object_r:fingerprintd_data_file:s0
-
-# Partitions
-/dev/block/bootdevice/by-name/cache                     u:object_r:cache_block_device:s0
-
-# tfa9890
-/dev/i2c-4						u:object_r:audio_device:s0
-
-# NFC
-/dev/bcm2079x						u:object_r:nfc_device:s0
+# Data files
+/data/misc/netmgr/log\.txt			u:object_r:netmgrd_data_file:s0
diff --git a/sepolicy/fingerprintd.te b/sepolicy/fingerprintd.te
index 92f632b..94f8db8 100644
--- a/sepolicy/fingerprintd.te
+++ b/sepolicy/fingerprintd.te
@@ -1,14 +1,10 @@
-allow fingerprintd tee_device:chr_file { read write ioctl open };
-r_dir_file(fingerprintd, firmware_file)
-allow fingerprintd storage_file:dir search;
+allow fingerprintd fingerprint_service:service_manager find;
+allow fingerprintd fpc_sysfs:file rw_file_perms;
+allow fingerprintd fpc_sysfs:dir rw_dir_perms;
+allow fingerprintd tee_device:chr_file rw_file_perms;
+allow fingerprintd firmware_file:dir search;
+allow fingerprintd firmware_file:file r_file_perms;
 allow fingerprintd uhid_device:chr_file rw_file_perms;
-allow fingerprintd system_data_file:file { open };
-allow fingerprintd init:process { signull };
-allow fingerprintd device:fifo_file { lock };
-allow fingerprintd fingerprintd_data_file:file { lock };
-allow fingerprintd input_device:dir r_dir_perms;
-allow fingerprintd input_device:chr_file r_file_perms;
-allow fingerprintd firmware_file:file { read getattr open };
-allow fingerprintd sysfs:file write;
-allow fingerprintd system_data_file:dir { write remove_name add_name };
-allow fingerprintd system_data_file:sock_file { create unlink };
+allow fingerprintd fpc_data_file:dir rw_dir_perms;
+allow fingerprintd fpc_data_file:sock_file create_file_perms;
+set_prop(fingerprintd, system_prop)
diff --git a/sepolicy/fsck.te b/sepolicy/fsck.te
new file mode 100644
index 0000000..1500b5f
--- /dev/null
+++ b/sepolicy/fsck.te
@@ -0,0 +1 @@
+allow fsck persist_block_device:blk_file rw_file_perms;
diff --git a/sepolicy/genfs_contexts b/sepolicy/genfs_contexts
new file mode 100644
index 0000000..29a57f9
--- /dev/null
+++ b/sepolicy/genfs_contexts
@@ -0,0 +1 @@
+genfscon proc /touchpanel    u:object_r:proc_touchpanel:s0
diff --git a/sepolicy/healthd.te b/sepolicy/healthd.te
deleted file mode 100644
index cdf9e70..0000000
--- a/sepolicy/healthd.te
+++ /dev/null
@@ -1,2 +0,0 @@
-allow healthd device:dir r_dir_perms;
-allow healthd rtc_device:chr_file rw_file_perms;
diff --git a/sepolicy/init.te b/sepolicy/init.te
deleted file mode 100644
index 690ed28..0000000
--- a/sepolicy/init.te
+++ /dev/null
@@ -1,12 +0,0 @@
-# Unsure what init is doing here
-allow init app_data_file:dir setattr;
-allow init sdcardd_exec:file getattr;
-
-allow init firmware_file:dir mounton;
-allow init pstorefs:dir mounton;
-
-allow init fingerprintd_data_file:chr_file { lock };
-allow init fingerprintd_data_file:file { lock };
-allow init fingerprintd:process { signull };
-allow init device:fifo_file { lock };
-allow init tee_device:chr_file { read write ioctl open };
diff --git a/sepolicy/logd.te b/sepolicy/logd.te
deleted file mode 100644
index a7f6ba4..0000000
--- a/sepolicy/logd.te
+++ /dev/null
@@ -1,2 +0,0 @@
-allow logd logd:capability { dac_override };
-allow logd logd:dir { getattr };
diff --git a/sepolicy/mediadrmserver.te b/sepolicy/mediadrmserver.te
deleted file mode 100644
index fa4a043..0000000
--- a/sepolicy/mediadrmserver.te
+++ /dev/null
@@ -1,2 +0,0 @@
-allow mediadrmserver firmware_file:dir search;
-allow mediadrmserver firmware_file:file { getattr open read };
diff --git a/sepolicy/mediaserver.te b/sepolicy/mediaserver.te
deleted file mode 100644
index 67f0026..0000000
--- a/sepolicy/mediaserver.te
+++ /dev/null
@@ -1 +0,0 @@
-allow mediaserver audiod:binder call;
diff --git a/sepolicy/mm-qcamerad.te b/sepolicy/mm-qcamerad.te
deleted file mode 100644
index 1b2de69..0000000
--- a/sepolicy/mm-qcamerad.te
+++ /dev/null
@@ -1,5 +0,0 @@
-allow mm-qcamerad persist_file:dir search;
-allow mm-qcamerad persist_file:file r_file_perms;
-allow mm-qcamerad system_data_file:dir w_dir_perms;
-allow mm-qcamerad system_data_file:file open;
-set_prop(mm-qcamerad, debug_prop)
diff --git a/sepolicy/netmgrd.te b/sepolicy/netmgrd.te
index a034c0c..e3d6d6e 100644
--- a/sepolicy/netmgrd.te
+++ b/sepolicy/netmgrd.te
@@ -1 +1,4 @@
+type_transition netmgrd system_data_file:file netmgrd_data_file "log.txt";
+
 allow netmgrd self:capability dac_override;
+allow netmgrd netmgrd_data_file:file create_file_perms;
diff --git a/sepolicy/nfc.te b/sepolicy/nfc.te
deleted file mode 100644
index bf2eb22..0000000
--- a/sepolicy/nfc.te
+++ /dev/null
@@ -1 +0,0 @@
-allow nfc device:chr_file { ioctl };
diff --git a/sepolicy/priv_app.te b/sepolicy/priv_app.te
deleted file mode 100644
index 130d66b..0000000
--- a/sepolicy/priv_app.te
+++ /dev/null
@@ -1 +0,0 @@
-allow priv_app device:dir { read open };
diff --git a/sepolicy/qmuxd.te b/sepolicy/qmuxd.te
deleted file mode 100644
index 134d26b..0000000
--- a/sepolicy/qmuxd.te
+++ /dev/null
@@ -1 +0,0 @@
-allow qmuxd diag_device:chr_file { ioctl open read write };
diff --git a/sepolicy/qti_init_shell.te b/sepolicy/qti_init_shell.te
new file mode 100644
index 0000000..49d274e
--- /dev/null
+++ b/sepolicy/qti_init_shell.te
@@ -0,0 +1,4 @@
+allow qti_init_shell proc_touchpanel:dir { rw_dir_perms setattr };
+allow qti_init_shell bluetooth_data_file:file r_file_perms;
+allow qti_init_shell bluetooth_loader_exec:file { read open };
+allow qti_init_shell sysfs:dir write;
diff --git a/sepolicy/rfs_access.te b/sepolicy/rfs_access.te
deleted file mode 100644
index e31de9a..0000000
--- a/sepolicy/rfs_access.te
+++ /dev/null
@@ -1 +0,0 @@
-allow rfs_access rfs_access:capability { net_raw };
diff --git a/sepolicy/rmt_storage.te b/sepolicy/rmt_storage.te
deleted file mode 100644
index 2585f62..0000000
--- a/sepolicy/rmt_storage.te
+++ /dev/null
@@ -1,4 +0,0 @@
-allow rmt_storage firmware_file:dir r_dir_perms;
-allow rmt_storage firmware_file:file r_file_perms;
-allow rmt_storage self:capability { dac_override net_raw };
-allow rmt_storage modem_efs_partition_device:blk_file rw_file_perms;
diff --git a/sepolicy/shell.te b/sepolicy/shell.te
deleted file mode 100644
index 99fc8b3..0000000
--- a/sepolicy/shell.te
+++ /dev/null
@@ -1,2 +0,0 @@
-allow shell firmware_file:dir { read open };
-allow shell firmware_file:file getattr;
diff --git a/sepolicy/system_app.te b/sepolicy/system_app.te
deleted file mode 100644
index d14791e..0000000
--- a/sepolicy/system_app.te
+++ /dev/null
@@ -1 +0,0 @@
-allow system_app fingerprintd:binder { call };
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
index f6a3527..cc05b6d 100644
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@@ -1 +1,3 @@
-allow system_server persist_file:file { read write open };
+allow system_server proc_touchpanel:dir search;
+allow system_server proc_touchpanel:file rw_file_perms;
+allow system_server lirc_device:chr_file rw_file_perms;
diff --git a/sepolicy/tee.te b/sepolicy/tee.te
index b0eabfe..6bb224d 100644
--- a/sepolicy/tee.te
+++ b/sepolicy/tee.te
@@ -1,6 +1 @@
-allow tee proc:file write;
-allow tee fingerprintd_data_file:file rw_file_perms;
-allow tee fingerprintd_data_file:dir r_dir_perms;
-allow tee system_data_file:dir r_dir_perms;
-allow tee fingerprintd_data_file:dir create_dir_perms;
-allow tee fingerprintd_data_file:file create_file_perms;
+allow tee system_data_file:dir create_dir_perms;
diff --git a/sepolicy/thermal-engine.te b/sepolicy/thermal-engine.te
deleted file mode 100644
index e96cc33..0000000
--- a/sepolicy/thermal-engine.te
+++ /dev/null
@@ -1 +0,0 @@
-allow thermal-engine self:capability sys_nice;
diff --git a/sepolicy/time_daemon.te b/sepolicy/time_daemon.te
deleted file mode 100644
index 30b1d90..0000000
--- a/sepolicy/time_daemon.te
+++ /dev/null
@@ -1 +0,0 @@
-allow time_daemon persist_file:dir search;
diff --git a/sepolicy/ueventd.te b/sepolicy/ueventd.te
index 29859c9..801be3d 100644
--- a/sepolicy/ueventd.te
+++ b/sepolicy/ueventd.te
@@ -1,2 +1 @@
-allow ueventd sysfs_fast_charger_sw:file w_file_perms;
-allow ueventd sysfs_fast_charger_sw:dir search;
+allow ueventd fpc_sysfs:file rw_file_perms;
diff --git a/sepolicy/vfmService.te b/sepolicy/vfmService.te
deleted file mode 100644
index c5f1378..0000000
--- a/sepolicy/vfmService.te
+++ /dev/null
@@ -1,5 +0,0 @@
-# vfmService daemon
-type vfmService, domain;
-type vfmService_exec, exec_type, file_type;
-
-init_daemon_domain(vfmService)
diff --git a/sepolicy/vold.te b/sepolicy/vold.te
index e6439ef..018770e 100644
--- a/sepolicy/vold.te
+++ b/sepolicy/vold.te
@@ -1 +1 @@
-allow vold persist_file:dir { getattr read };
+allow vold proc_touchpanel:dir r_dir_perms;
diff --git a/sepolicy/wcnss_service.te b/sepolicy/wcnss_service.te
deleted file mode 100644
index 9720633..0000000
--- a/sepolicy/wcnss_service.te
+++ /dev/null
@@ -1,2 +0,0 @@
-allow wcnss_service wcnss_device:dir search;
-allow wcnss_service macaddr_data_file:file { open read getattr };