From 8d789ade9fb889040ad4866a927c661a79995dc2 Mon Sep 17 00:00:00 2001
From: dianlujitao <dianlujitao@lineageos.org>
Date: Wed, 19 Feb 2020 23:00:30 +0800
Subject: [PATCH] sdm660-common: sepolicy: Clean up sepolicy rules

Change-Id: I9d7312e6aaafdde2c0751f4887f05d8d5029ee04
---
 sepolicy/vendor/file_contexts                    | 1 -
 sepolicy/vendor/hal_cas_default.te               | 1 -
 sepolicy/vendor/hal_fingerprint_sdm660.te        | 1 +
 sepolicy/vendor/hal_graphics_composer_default.te | 2 --
 sepolicy/vendor/hal_perf_default.te              | 1 -
 sepolicy/vendor/hvdcp.te                         | 1 -
 sepolicy/vendor/location.te                      | 1 -
 sepolicy/vendor/netmgrd.te                       | 1 -
 sepolicy/vendor/system_server.te                 | 2 +-
 sepolicy/vendor/thermal-engine.te                | 4 ----
 sepolicy/vendor/vndservicemanager.te             | 3 ---
 11 files changed, 2 insertions(+), 16 deletions(-)
 delete mode 100644 sepolicy/vendor/hal_cas_default.te
 delete mode 100644 sepolicy/vendor/hal_graphics_composer_default.te
 delete mode 100644 sepolicy/vendor/hal_perf_default.te
 delete mode 100644 sepolicy/vendor/hvdcp.te
 delete mode 100644 sepolicy/vendor/location.te
 delete mode 100644 sepolicy/vendor/netmgrd.te
 delete mode 100644 sepolicy/vendor/vndservicemanager.te

diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts
index 8d562670..c290c128 100644
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@@ -16,7 +16,6 @@
 /sys/devices/soc/soc:fpc1020(/.*)?              u:object_r:fingerprint_sysfs:s0
 /sys/bus/platform/devices/soc:fingerprint_fpc(/.*)?  u:object_r:fingerprint_sysfs:s0
 
-
 # Hall Switch
 /sys/module/hall/parameters(/.*)?               u:object_r:hall_dev:s0
 
diff --git a/sepolicy/vendor/hal_cas_default.te b/sepolicy/vendor/hal_cas_default.te
deleted file mode 100644
index 18b00de5..00000000
--- a/sepolicy/vendor/hal_cas_default.te
+++ /dev/null
@@ -1 +0,0 @@
-vndbinder_use(hal_cas_default)
diff --git a/sepolicy/vendor/hal_fingerprint_sdm660.te b/sepolicy/vendor/hal_fingerprint_sdm660.te
index ab8fad9e..3e0fc21c 100644
--- a/sepolicy/vendor/hal_fingerprint_sdm660.te
+++ b/sepolicy/vendor/hal_fingerprint_sdm660.te
@@ -20,6 +20,7 @@ allow hal_fingerprint_sdm660 fingerprintd_data_file:file create_file_perms;
 allow hal_fingerprint_sdm660 fingerprint_data_file:file rw_file_perms;
 
 allow hal_fingerprint_sdm660 fingerprint_sysfs:file rw_file_perms;
+allow hal_fingerprint_sdm660 fingerprint_sysfs:dir r_dir_perms;
 
 allow hal_fingerprint_sdm660 hal_perf_hwservice:hwservice_manager find;
 allow hal_fingerprint_sdm660 rootfs:dir read;
diff --git a/sepolicy/vendor/hal_graphics_composer_default.te b/sepolicy/vendor/hal_graphics_composer_default.te
deleted file mode 100644
index 39e8fb4b..00000000
--- a/sepolicy/vendor/hal_graphics_composer_default.te
+++ /dev/null
@@ -1,2 +0,0 @@
-allow hal_graphics_composer_default sysfs_graphics:file r_file_perms;
-allow hal_graphics_composer_default sysfs_graphics:lnk_file read;
diff --git a/sepolicy/vendor/hal_perf_default.te b/sepolicy/vendor/hal_perf_default.te
deleted file mode 100644
index 115df51c..00000000
--- a/sepolicy/vendor/hal_perf_default.te
+++ /dev/null
@@ -1 +0,0 @@
-dontaudit hal_perf_default self:capability { dac_override dac_read_search };
diff --git a/sepolicy/vendor/hvdcp.te b/sepolicy/vendor/hvdcp.te
deleted file mode 100644
index 49a6b78c..00000000
--- a/sepolicy/vendor/hvdcp.te
+++ /dev/null
@@ -1 +0,0 @@
-allow hvdcp sysfs:file { open read };
diff --git a/sepolicy/vendor/location.te b/sepolicy/vendor/location.te
deleted file mode 100644
index 4333581b..00000000
--- a/sepolicy/vendor/location.te
+++ /dev/null
@@ -1 +0,0 @@
-allow location sysfs:file { read open };
diff --git a/sepolicy/vendor/netmgrd.te b/sepolicy/vendor/netmgrd.te
deleted file mode 100644
index 47ce266d..00000000
--- a/sepolicy/vendor/netmgrd.te
+++ /dev/null
@@ -1 +0,0 @@
-allow netmgrd property_socket:sock_file write;
diff --git a/sepolicy/vendor/system_server.te b/sepolicy/vendor/system_server.te
index 1425346a..08454841 100644
--- a/sepolicy/vendor/system_server.te
+++ b/sepolicy/vendor/system_server.te
@@ -5,4 +5,4 @@ allow system_server sysfs_rtc:file r_file_perms;
 allow system_server vendor_camera_prop:file { getattr open read };
 allow system_server vendor_default_prop:file { getattr open read };
 allow system_server thermal_service:service_manager find;
-allow system_server sysfs_battery_supply:file { getattr open read write };
+allow system_server sysfs_battery_supply:file rw_file_perms;
diff --git a/sepolicy/vendor/thermal-engine.te b/sepolicy/vendor/thermal-engine.te
index db8f8eb8..3dcbe674 100644
--- a/sepolicy/vendor/thermal-engine.te
+++ b/sepolicy/vendor/thermal-engine.te
@@ -6,8 +6,4 @@ allow thermal-engine property_socket:sock_file write;
 dontaudit thermal-engine self:capability dac_override;
 
 set_prop(thermal-engine, thermal_engine_prop);
-
-r_dir_file(thermal-engine sysfs_devfreq)
-r_dir_file(thermal-engine sysfs_graphics)
 r_dir_file(thermal-engine sysfs_thermal)
-dontaudit thermal-engine sysfs:dir read;
diff --git a/sepolicy/vendor/vndservicemanager.te b/sepolicy/vendor/vndservicemanager.te
deleted file mode 100644
index 8d04dea5..00000000
--- a/sepolicy/vendor/vndservicemanager.te
+++ /dev/null
@@ -1,3 +0,0 @@
-allow vndservicemanager hal_fingerprint_default:dir { search read open };
-allow vndservicemanager hal_fingerprint_default:file { read open };
-allow vndservicemanager hal_fingerprint_default:process getattr;