sepolicy: address some more denials

and nuke neverallows

sepolicy/vendor/file.te

@@ -6,7 +6,7 @@ type sysfs_msm_subsys, sysfs_type, fs_type;
 type sysfs_system_sleep_stats, sysfs_type, fs_type;
 type sysfs_rpm, sysfs_type, fs_type;
 type sysfs_power_stats, sysfs_type, fs_type;
-#type sysfs_graphics, sysfs_type, fs_type;
+type sysfs_tp, fs_type, sysfs_type;
 #type sysfs_ssr, sysfs_type, fs_type;
 #type sysfs_ssr_toggle,  sysfs_type, fs_type;
 #type sysfs_devfreq, sysfs_type, fs_type;

sepolicy/vendor/file_contexts

@@ -9,3 +9,6 @@
 # Custom HALs
 /vendor/bin/hw/android\.hardware\.light@2\.0-service                                             u:object_r:hal_light_default_exec:s0
 /vendor/bin/hw/android\.hardware\.power-service\.lenovo                                  u:object_r:hal_power_default_exec:s0
+
+# Touch
+/sys/class/touch/tp_dev/gesture_on  u:object_r:sysfs_tp:s0

sepolicy/vendor/hal_power_default.te

@@ -4,6 +4,9 @@ allow hal_power_default debugfs_wlan:file r_file_perms;
 allow hal_power_default sysfs_rpm:file r_file_perms;
 allow hal_power_default sysfs_system_sleep_stats:file r_file_perms;
 
+r_dir_file(hal_power_default, sysfs_tp)
+allow hal_power_default sysfs_tp:file write;
+
 # To do powerhint on nodes defined in powerhint.json
 allow hal_power_default sysfs_devfreq:dir search;
 allow hal_power_default sysfs_devfreq:{ file lnk_file } rw_file_perms;
@@ -22,3 +25,7 @@ set_prop(hal_power_default, vendor_power_prop)
 
 # Rule for hal_power_default to access graphics composer process
 unix_socket_connect(hal_power_default, pps, hal_graphics_composer_default);
+
+# Allow powerhal trigger dt2w node
+allow hal_power_default proc_touchpanel:dir search;
+allow hal_power_default proc_touchpanel:file r_file_perms;