From 880ca53df24e5024b3f95e248358443c0c8c4b1f Mon Sep 17 00:00:00 2001
From: Max Weffers <rcstar6696@gmail.com>
Date: Tue, 12 May 2020 16:45:35 +0200
Subject: [PATCH] sdm660-common: sepolicy: Address some denials

Change-Id: Iaba642838e51a2c39c2961e30456148f9794f60e
---
 sepolicy/vendor/genfs_contexts         | 22 ++++++++++++++++++++++
 sepolicy/vendor/hal_camera_default.te  |  2 +-
 sepolicy/vendor/hal_sensors_default.te |  1 +
 sepolicy/vendor/property_contexts      |  1 +
 sepolicy/vendor/vendor_init.te         |  2 ++
 5 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/sepolicy/vendor/genfs_contexts b/sepolicy/vendor/genfs_contexts
index 90fcfbaa..46592970 100644
--- a/sepolicy/vendor/genfs_contexts
+++ b/sepolicy/vendor/genfs_contexts
@@ -1,6 +1,28 @@
 # Battery
 genfscon sysfs /devices/soc/c176000.i2c/i2c-2/2-001d            u:object_r:sysfs_battery_supply:s0
 
+# Fingerprint
+genfscon sysfs /devices/soc/soc:fingerprint_fpc/device_prepare  u:object_r:fingerprint_sysfs:s0
+genfscon sysfs /devices/soc/soc:fingerprint_fpc/fingerdown_wait u:object_r:fingerprint_sysfs:s0
+genfscon sysfs /devices/soc/soc:fingerprint_fpc/irq             u:object_r:fingerprint_sysfs:s0
+genfscon sysfs /devices/soc/soc:fingerprint_fpc/irq_enable      u:object_r:fingerprint_sysfs:s0
+genfscon sysfs /devices/soc/soc:fingerprint_fpc/wakeup_enable   u:object_r:fingerprint_sysfs:s0
+genfscon sysfs /devices/soc/soc:fpc1020/device_prepare          u:object_r:fingerprint_sysfs:s0
+genfscon sysfs /devices/soc/soc:fpc1020/fingerdown_wait         u:object_r:fingerprint_sysfs:s0
+genfscon sysfs /devices/soc/soc:fpc1020/irq                     u:object_r:fingerprint_sysfs:s0
+genfscon sysfs /devices/soc/soc:fpc1020/irq_enable              u:object_r:fingerprint_sysfs:s0
+genfscon sysfs /devices/soc/soc:fpc1020/wakeup_enable           u:object_r:fingerprint_sysfs:s0
+
+# Graphics
+genfscon sysfs /devices/virtual/graphics/fb0                    u:object_r:sysfs_graphics:s0
+genfscon sysfs /devices/virtual/graphics/fb1                    u:object_r:sysfs_graphics:s0
+genfscon sysfs /devices/virtual/graphics/fb2                    u:object_r:sysfs_graphics:s0
+genfscon sysfs /devices/virtual/graphics/fb3                    u:object_r:sysfs_graphics:s0
+
+# Camera
+genfscon sysfs /devices/soc/ca0c000.qcom,cci/ca0c000.qcom,cci:qcom,camera@3/video4linux/video5/name                                     u:object_r:sysfs_graphics:s0
+genfscon sysfs /camera_sensorid/sensorid                        u:object_r:sysfs_graphics:s0
+
 # RTC
 genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,pm660_rtc/rtc     u:object_r:sysfs_rtc:s0
 
diff --git a/sepolicy/vendor/hal_camera_default.te b/sepolicy/vendor/hal_camera_default.te
index 8346b2f5..8d1d20fa 100644
--- a/sepolicy/vendor/hal_camera_default.te
+++ b/sepolicy/vendor/hal_camera_default.te
@@ -3,7 +3,7 @@ binder_call(hal_camera_default, hal_graphics_allocator_default)
 typeattribute hal_camera_default data_between_core_and_vendor_violators;
 
 allow hal_camera_default sysfs:file { getattr open read };
-allow hal_camera_default sysfs_kgsl:file { getattr open read };
+allow hal_camera_default sysfs_kgsl:file r_file_perms;
 
 allow hal_camera_default media_rw_data_file:file { getattr };
 
diff --git a/sepolicy/vendor/hal_sensors_default.te b/sepolicy/vendor/hal_sensors_default.te
index c2045f3d..cca11199 100644
--- a/sepolicy/vendor/hal_sensors_default.te
+++ b/sepolicy/vendor/hal_sensors_default.te
@@ -1,2 +1,3 @@
 allow hal_sensors_default sysfs:file { read open };
 allow hal_sensors_default sysfs_info:file { read write };
+set_prop(hal_sensors_default, camera_prop)
diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts
index 49a7a6b3..407dbc71 100644
--- a/sepolicy/vendor/property_contexts
+++ b/sepolicy/vendor/property_contexts
@@ -14,6 +14,7 @@ cpp.set.clock                       u:object_r:camera_prop:s0
 disable.cpp.power.collapse          u:object_r:camera_prop:s0
 persist.camera.                     u:object_r:camera_prop:s0
 persist.vendor.camera.              u:object_r:vendor_camera_prop:s0
+vendor.camera.eis.gyro_name             u:object_r:vendor_camera_prop:s0
 
 # Fingerprint
 gf.debug.dump_data                  u:object_r:vendor_fp_prop:s0
diff --git a/sepolicy/vendor/vendor_init.te b/sepolicy/vendor/vendor_init.te
index a09afe90..0e2b9f64 100644
--- a/sepolicy/vendor/vendor_init.te
+++ b/sepolicy/vendor/vendor_init.te
@@ -30,3 +30,5 @@ allow vendor_init rootfs:lnk_file setattr;
 allow vendor_init fingerprint_data_file:dir setattr;
 set_prop(vendor_init, camera_prop)
 set_prop(vendor_init, vendor_camera_prop)
+set_prop(vendor_init, freq_prop)
+set_prop(vendor_init, fm_prop)