i9300: N sepolicy bringup

Change-Id: I43faf589a203892dc5caa47bd2453afb249e61b8
author: Simon Shields <keepcalm444@gmail.com> 2016-09-14 00:41:42 +1000
committer: Trafalgar Square <schneller.demian@gmail.com> 2016-12-04 12:40:28 +0100
commit: fe8429f5f82f04e4721b1556e2fa118268355c70 (patch)
tree: 059cd7316e4a018c048cc81311f5bad7909cee6f
parent: 1531cf5a3d6f80a33da241514b228d3f69122a2a (diff)
7 files changed, 6 insertions, 24 deletions
diff --git a/selinux/device.te b/selinux/device.te
index 854958d..21a9e6b 100644
--- a/selinux/device.te
+++ b/selinux/device.te
@@ -1,4 +1,3 @@
 type rfkill_device, dev_type;
 type efs_block_device, dev_type;
 type hpd_device, dev_type;
-type mfc_device, dev_type;
diff --git a/selinux/file.te b/selinux/file.te
index 12b280a..3c52317 100644
--- a/selinux/file.te
+++ b/selinux/file.te
@@ -1,8 +1,6 @@
-type firmware_mfc, file_type;
-type firmware_exynos, file_type;
-
 type sensors_data_file, file_type, data_file_type;
 type sysfs_display, fs_type, sysfs_type;
+type sysfs_gps, fs_type, sysfs_type;
 
 type efs_device_file, file_type;
 type radio_data, file_type;
diff --git a/selinux/file_contexts b/selinux/file_contexts
index 6e54311..291135c 100644
--- a/selinux/file_contexts
+++ b/selinux/file_contexts
@@ -1,8 +1,3 @@
-# GFX
-/dev/mali                               u:object_r:gpu_device:s0
-/dev/ump                                u:object_r:gpu_device:s0
-/dev/fimg2d                             u:object_r:gpu_device:s0
-
 # RIL
 /dev/link_pm                            u:object_r:radio_device:s0
 /dev/umts_boot0                         u:object_r:radio_device:s0
@@ -22,11 +17,6 @@
 /dev/block/mmcblk0p9                    u:object_r:system_block_device:s0
 /dev/block/mmcblk0p12                   u:object_r:userdata_block_device:s0
 
-# Camera
-/data/ISP_CV                            u:object_r:camera_data_file:s0
-/dev/exynos-mem                         u:object_r:video_device:s0
-/dev/s3c-mfc                            u:object_r:mfc_device:s0
-
 # Bluetooth
 /dev/ttySAC0                            u:object_r:hci_attach_dev:s0
 /efs/bluetooth(/.*)?                    u:object_r:bluetooth_efs_file:s0
@@ -38,10 +28,12 @@
 # GPS
 /dev/ttySAC1                            u:object_r:gps_device:s0
 /system/bin/gps_daemon.sh               u:object_r:glgps_exec:s0
+/sys/devices/virtual/gpio/gpio128/value u:object_r:sysfs_gps:s0
 
 # Sensors
 /dev/akm8975                            u:object_r:sensors_device:s0
 /efs/gyro_cal_data                      u:object_r:sensors_data_file:s0
+/efs/FactoryApp/baro_delta              u:object_r:sensors_data_file:s0
 /sys/class/sensors/accelerometer_sensor u:object_r:sysfs_sensor:s0
 
 # Wifi
@@ -49,11 +41,6 @@
 /data/.cid.info                         u:object_r:wifi_data_file:s0
 /efs/wifi/.mac.info                     u:object_r:wifi_data_file:s0
 
-# Firmwares
-/system/vendor/firmware(/.*)?           u:object_r:firmware_exynos:s0
-/system/vendor/firmware/mfc_fw.bin      u:object_r:firmware_mfc:s0
-/data/cfw(/.*)?                         u:object_r:firmware_exynos:s0
-
 # Vibrator
 /dev/tspdrv                             u:object_r:input_device:s0
 
diff --git a/selinux/gpsd.te b/selinux/gpsd.te
index 589d15f..7132af7 100644
--- a/selinux/gpsd.te
+++ b/selinux/gpsd.te
@@ -16,7 +16,7 @@ allow glgps node:udp_socket { node_bind name_bind };
 allow glgps port:tcp_socket name_connect;
 allow glgps self:tcp_socket { getopt write read };
 
-allow glgps sysfs:file { setattr write };
+allow glgps sysfs_gps:file rw_file_perms;
 allow glgps gps_device:chr_file { ioctl open read write };
 allow glgps glgps:udp_socket { create bind };
 allow glgps glgps:tcp_socket { create connect };
diff --git a/selinux/rild.te b/selinux/rild.te
index 5da4924..7c61f10 100644
--- a/selinux/rild.te
+++ b/selinux/rild.te
@@ -2,6 +2,7 @@ allow rild self:netlink_socket { create bind read write };
 allow rild self:netlink_route_socket { write };
 allow rild self:netlink_kobject_uevent_socket { create bind read write setopt };
 allow rild rild:process { execmem };
+allow rild toolbox_exec:file rx_file_perms;
 
 allow rild radio_data_file:dir setattr;
 allow rild unlabeled:dir search;
diff --git a/selinux/sysinit.te b/selinux/sysinit.te
index 0436ffe..542dd91 100644
--- a/selinux/sysinit.te
+++ b/selinux/sysinit.te
@@ -1,7 +1,4 @@
 allow sysinit firmware_exynos:dir { read search open getattr };
-allow sysinit userinit_exec:file { getattr execute execute_no_trans read open };
 allow sysinit firmware_exynos:dir { read search open getattr write remove_name add_name };
 allow sysinit firmware_exynos:file { read open write getattr setattr create unlink };
 allow sysinit sysinit:capability { dac_override chown fowner fsetid };
-allow sysinit unlabeled:dir { search };
-allow sysinit surfaceflinger_exec:file { getattr };
diff --git a/selinux/system_server.te b/selinux/system_server.te
index edf79dc..c0303a5 100644
--- a/selinux/system_server.te
+++ b/selinux/system_server.te
@@ -16,7 +16,7 @@ allow system_server uhid_device:chr_file { read ioctl write open };
 allow system_server storage_stub_file:dir getattr;
 
 
-# for sensors
+# for sensors, GPS
 allow system_server system_file:file execmod;
 
 # /efs/wifi/.mac.info
author	Simon Shields <keepcalm444@gmail.com>	2016-09-14 00:41:42 +1000
committer	Trafalgar Square <schneller.demian@gmail.com>	2016-12-04 12:40:28 +0100
commit	fe8429f5f82f04e4721b1556e2fa118268355c70 (patch)
tree	059cd7316e4a018c048cc81311f5bad7909cee6f
parent	1531cf5a3d6f80a33da241514b228d3f69122a2a (diff)