From f2fa84055e71c4eb8ea301d2ea7d2c80f69373bb Mon Sep 17 00:00:00 2001
From: OdSazib <odsazib@gmail.com>
Date: Wed, 9 Dec 2020 09:32:15 +0600
Subject: [PATCH] sdm660-common: sepolicy: Address more denials

---
 sepolicy/vendor/gmscore_app.te        | 3 +++
 sepolicy/vendor/hal_camera_default.te | 1 +
 sepolicy/vendor/platform_app.te       | 1 +
 sepolicy/vendor/priv_app.te           | 1 +
 sepolicy/vendor/property_contexts     | 1 +
 sepolicy/vendor/system_server.te      | 1 +
 6 files changed, 8 insertions(+)
 create mode 100644 sepolicy/vendor/gmscore_app.te
 create mode 100644 sepolicy/vendor/priv_app.te

diff --git a/sepolicy/vendor/gmscore_app.te b/sepolicy/vendor/gmscore_app.te
new file mode 100644
index 00000000..898b2f13
--- /dev/null
+++ b/sepolicy/vendor/gmscore_app.te
@@ -0,0 +1,3 @@
+allow gmscore_app blkio_dev:dir search;
+allow gmscore_app bt_firmware_file:filesystem getattr;
+allow gmscore_app firmware_file:filesystem getattr;
diff --git a/sepolicy/vendor/hal_camera_default.te b/sepolicy/vendor/hal_camera_default.te
index b7a638a7..800becd5 100644
--- a/sepolicy/vendor/hal_camera_default.te
+++ b/sepolicy/vendor/hal_camera_default.te
@@ -5,6 +5,7 @@ allow hal_camera_default sysfs:file { getattr open read };
 allow hal_camera_default sysfs_kgsl:dir search;
 allow hal_camera_default sysfs_kgsl:file r_file_perms;
 allow hal_camera_default vendor_video_prop:file r_file_perms;
+allow hal_camera_default vendor_default_prop:property_service set;
 
 binder_call(hal_camera_default, hal_configstore_default)
 binder_call(hal_camera_default, hal_graphics_allocator_default)
diff --git a/sepolicy/vendor/platform_app.te b/sepolicy/vendor/platform_app.te
index ace04505..ff032a80 100644
--- a/sepolicy/vendor/platform_app.te
+++ b/sepolicy/vendor/platform_app.te
@@ -1 +1,2 @@
+allow platform_app blkio_dev:dir search;
 allow platform_app sysfs_kgsl:dir search;
diff --git a/sepolicy/vendor/priv_app.te b/sepolicy/vendor/priv_app.te
new file mode 100644
index 00000000..26c126e4
--- /dev/null
+++ b/sepolicy/vendor/priv_app.te
@@ -0,0 +1 @@
+allow priv_app blkio_dev:dir search;
diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts
index 8e201d52..f4642658 100644
--- a/sepolicy/vendor/property_contexts
+++ b/sepolicy/vendor/property_contexts
@@ -46,4 +46,5 @@ persist.sys.thermal.                    u:object_r:thermal_engine_prop:s0
 sys.thermal.                            u:object_r:thermal_engine_prop:s0
 
 # vendor_default_prop
+vendor.camera.cpuperf.en                u:object_r:vendor_default_prop:s0
 vendor.display.lcd_density              u:object_r:vendor_default_prop:s0
diff --git a/sepolicy/vendor/system_server.te b/sepolicy/vendor/system_server.te
index 18145c4b..f03abd1f 100644
--- a/sepolicy/vendor/system_server.te
+++ b/sepolicy/vendor/system_server.te
@@ -1,3 +1,4 @@
+allow system_server app_zygote:process getpgid;
 allow system_server blkio_dev:dir search;
 allow system_server default_android_service:service_manager add;
 allow system_server exported_camera_prop:file read;