sdm660-common: sepolicy: Address more denials

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>

sepolicy/private/bootanim.te

@@ -0,0 +1 @@
+get_prop(bootanim, userspace_reboot_exported_prop)

sepolicy/private/fsck.te

@@ -0,0 +1 @@
+allow fsck self:capability { kill };

sepolicy/private/init.te

@@ -1 +1,3 @@
 allow init property_type:file { append create getattr map open read relabelto rename setattr unlink write };
+allow init iorapd_data_file:file { getattr };
+allow init hwservicemanager:binder { call transfer };

sepolicy/private/kernel.te

@@ -0,0 +1 @@
+allow kernel self:capability { kill };

sepolicy/private/platform_app.te

@@ -0,0 +1,4 @@
+get_prop(platform_app, exported_camera_prop)
+
+# Allow systemui to read audio prop
+get_prop(platform_app, exported_audio_prop)

sepolicy/private/system_server.te

@@ -1,2 +1,6 @@
+
 # Allow system_server to set persist_camera_prop
 get_prop(system_server, vendor_persist_camera_prop)
+
+get_prop(system_server, userspace_reboot_config_prop)
+get_prop(system_server, userspace_reboot_exported_prop)

sepolicy/vendor/cameraserver.te

@@ -1,3 +1,5 @@
 binder_call(cameraserver, mediacodec);
 get_prop(cameraserver, vendor_persist_camera_prop)
 get_prop(cameraserver, vendor_video_prop)
+set_prop(cameraserver, camera_prop)
+binder_call(cameraserver, mediacodec)

sepolicy/vendor/hal_power_stats_default.te

@@ -11,7 +11,7 @@ r_dir_file(hal_power_stats_default, sysfs_power_stats)
 # The following folders are incidentally accessed by hal_power_stats_default and are not needed.
 dontaudit hal_power_stats_default sysfs_power_stats_ignore:dir r_dir_perms;
 dontaudit hal_power_stats_default sysfs_power_stats_ignore:file r_file_perms;
-dontaudit hal_power_stats_default sysfs:file read;
+dontaudit hal_power_stats_default sysfs:file { open read };
 
 vndbinder_use(hal_power_stats)
 add_service(hal_power_stats_server, power_stats_service)