From 72d6549660809b661e05c5f8dde5296958072443 Mon Sep 17 00:00:00 2001
From: Anush02198 <Anush.4376@gmail.com>
Date: Sat, 15 May 2021 12:44:36 +0530
Subject: [PATCH] sdm660-common: Address some more denials

Signed-off-by: Anush02198 <Anush.4376@gmail.com>
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
---
 sepolicy/vendor/gmscore_app.te      | 4 ++++
 sepolicy/vendor/gpuservice.te       | 2 +-
 sepolicy/vendor/init.te             | 1 +
 sepolicy/vendor/netutils_wrapper.te | 1 +
 sepolicy/vendor/qti_init_shell.te   | 3 +++
 sepolicy/vendor/vold.te             | 1 +
 sepolicy/vendor/zygote.te           | 1 +
 7 files changed, 12 insertions(+), 1 deletion(-)
 create mode 100644 sepolicy/vendor/netutils_wrapper.te
 create mode 100644 sepolicy/vendor/zygote.te

diff --git a/sepolicy/vendor/gmscore_app.te b/sepolicy/vendor/gmscore_app.te
index b2b7f71b..0c5dc5a0 100644
--- a/sepolicy/vendor/gmscore_app.te
+++ b/sepolicy/vendor/gmscore_app.te
@@ -1,2 +1,6 @@
 binder_call(gmscore_app, hal_memtrack_default);
+
 dontaudit gmscore_app { bt_firmware_file firmware_file }:filesystem getattr;
+
+allow gmscore_app adsprpcd_file:dir{ search };
+allow gmscore_app exported_camera_prop:file { read open getattr };
diff --git a/sepolicy/vendor/gpuservice.te b/sepolicy/vendor/gpuservice.te
index 247d58e7..3fc6e46f 100644
--- a/sepolicy/vendor/gpuservice.te
+++ b/sepolicy/vendor/gpuservice.te
@@ -1 +1 @@
-allow gpuservice graphics_config_prop:file { open read getattr };
+allow gpuservice graphics_config_prop:file { open read map getattr };
diff --git a/sepolicy/vendor/init.te b/sepolicy/vendor/init.te
index ebcc39d7..b537fba9 100644
--- a/sepolicy/vendor/init.te
+++ b/sepolicy/vendor/init.te
@@ -13,3 +13,4 @@ allow init {
 }:filesystem getattr;
 allow init firmware_file:filesystem { getattr };
 allow init bt_firmware_file:filesystem { getattr };
+allow init apex_metadata_file:lnk_file { read };
diff --git a/sepolicy/vendor/netutils_wrapper.te b/sepolicy/vendor/netutils_wrapper.te
new file mode 100644
index 00000000..439eec2e
--- /dev/null
+++ b/sepolicy/vendor/netutils_wrapper.te
@@ -0,0 +1 @@
+allow netutils_wrapper netutils_wrapper:capability { kill };
diff --git a/sepolicy/vendor/qti_init_shell.te b/sepolicy/vendor/qti_init_shell.te
index 474cd68d..4e426bf1 100644
--- a/sepolicy/vendor/qti_init_shell.te
+++ b/sepolicy/vendor/qti_init_shell.te
@@ -2,6 +2,9 @@ allow qti_init_shell ctl_start_prop:property_service set;
 allow qti_init_shell ctl_stop_prop:property_service set;
 allow qti_init_shell self:perf_event cpu;
 allow qti_init_shell sysfs:file { setattr write };
+allow qti_init_shell qti_init_shell:perf_event { cpu };
+allow qti_init_shell vendor_default_prop:property_service { set };
+allow qti_init_shell system_prop:property_service { set };
 
 dontaudit qti_init_shell system_prop:property_service set;
 dontaudit qti_init_shell self:capability { dac_override dac_read_search };
diff --git a/sepolicy/vendor/vold.te b/sepolicy/vendor/vold.te
index d8c45675..7602fa18 100644
--- a/sepolicy/vendor/vold.te
+++ b/sepolicy/vendor/vold.te
@@ -1 +1,2 @@
 allow vold sysfs_mmc_host:file write;
+allow vold vendor_apex_file:file { getattr };
diff --git a/sepolicy/vendor/zygote.te b/sepolicy/vendor/zygote.te
new file mode 100644
index 00000000..30609bc2
--- /dev/null
+++ b/sepolicy/vendor/zygote.te
@@ -0,0 +1 @@
+allow zygote exported_camera_prop:file { open read getattr write };