From 3e5e42415fcccfdd023292562a4b29ecc61ba6c2 Mon Sep 17 00:00:00 2001
From: luca020400 <luca.stefani.ge1@gmail.com>
Date: Thu, 29 Aug 2019 10:10:20 +0000
Subject: [PATCH] sdm710-common: sepolicy: Address neverallows

---
 sepolicy/private/file.te       | 2 +-
 sepolicy/private/file_contexts | 1 +
 sepolicy/private/init.te       | 2 ++
 3 files changed, 4 insertions(+), 1 deletion(-)
 create mode 100644 sepolicy/private/init.te

diff --git a/sepolicy/private/file.te b/sepolicy/private/file.te
index 6e890db..d86e6d1 100644
--- a/sepolicy/private/file.te
+++ b/sepolicy/private/file.te
@@ -2,5 +2,5 @@ type adsprpcd_file, file_type;
 type bt_firmware_file, file_type;
 type firmware_file, file_type;
 type persist_file, file_type;
+type sysfs_graphics, sysfs_type, fs_type;
 type sysfs_white_led, sysfs_type, fs_type;
-
diff --git a/sepolicy/private/file_contexts b/sepolicy/private/file_contexts
index 57764e0..24b6d40 100644
--- a/sepolicy/private/file_contexts
+++ b/sepolicy/private/file_contexts
@@ -6,3 +6,4 @@
 /dsp(/.*)?               u:object_r:adsprpcd_file:s0
 /firmware(/.*)?          u:object_r:firmware_file:s0
 /persist(/.*)?           u:object_r:persist_file:s0
+
diff --git a/sepolicy/private/init.te b/sepolicy/private/init.te
new file mode 100644
index 0000000..75b1267
--- /dev/null
+++ b/sepolicy/private/init.te
@@ -0,0 +1,2 @@
+# Allow init to chown/chmod on pseudo files in /sys
+allow init sysfs_graphics:file { open read setattr };