From f3b7c8bb637c600df976b03e44e4bce4f10444aa Mon Sep 17 00:00:00 2001
From: Max Weffers <rcstar6696@gmail.com>
Date: Tue, 1 Oct 2019 13:02:00 +0200
Subject: [PATCH] sdm660: sepolicy: Start Q Bringup

---
 BoardConfigCommon.mk                  | 7 +++----
 sepolicy-minimal/file.te              | 4 ----
 sepolicy-minimal/file_contexts        | 5 -----
 sepolicy/vendor/app.te                | 1 -
 sepolicy/vendor/hal_camera_default.te | 1 -
 sepolicy/vendor/hwservice.te          | 2 +-
 sepolicy/vendor/init.te               | 1 -
 sepolicy/vendor/property.te           | 1 +
 sepolicy/vendor/system_app.te         | 1 -
 9 files changed, 5 insertions(+), 18 deletions(-)
 delete mode 100644 sepolicy-minimal/file.te
 delete mode 100644 sepolicy-minimal/file_contexts

diff --git a/BoardConfigCommon.mk b/BoardConfigCommon.mk
index 36c0a94e..8fcb8b14 100644
--- a/BoardConfigCommon.mk
+++ b/BoardConfigCommon.mk
@@ -277,10 +277,9 @@ BOARD_USES_QC_TIME_SERVICES := true
 
 # SELinux
 include device/qcom/sepolicy-legacy-um/sepolicy.mk
-# BOARD_SEPOLICY_DIRS += $(COMMON_PATH)/sepolicy/vendor
-# BOARD_PLAT_PUBLIC_SEPOLICY_DIR += $(COMMON_PATH)/sepolicy/public
-# BOARD_PLAT_PRIVATE_SEPOLICY_DIR += $(COMMON_PATH)/sepolicy/private
-BOARD_SEPOLICY_DIRS += $(COMMON_PATH)/sepolicy-minimal
+BOARD_SEPOLICY_DIRS += $(COMMON_PATH)/sepolicy/vendor
+BOARD_PLAT_PUBLIC_SEPOLICY_DIR += $(COMMON_PATH)/sepolicy/public
+BOARD_PLAT_PRIVATE_SEPOLICY_DIR += $(COMMON_PATH)/sepolicy/private
 
 # Telephony
 TARGET_USES_ALTERNATIVE_MANUAL_NETWORK_SELECT := true
diff --git a/sepolicy-minimal/file.te b/sepolicy-minimal/file.te
deleted file mode 100644
index d74de020..00000000
--- a/sepolicy-minimal/file.te
+++ /dev/null
@@ -1,4 +0,0 @@
-type adsprpcd_file, file_type;
-type bt_firmware_file, file_type;
-type firmware_file, file_type;
-type persist_file, file_type;
diff --git a/sepolicy-minimal/file_contexts b/sepolicy-minimal/file_contexts
deleted file mode 100644
index bfec23e6..00000000
--- a/sepolicy-minimal/file_contexts
+++ /dev/null
@@ -1,5 +0,0 @@
-# Root Symlinks
-/bt_firmware(/.*)?       u:object_r:bt_firmware_file:s0
-/dsp(/.*)?               u:object_r:adsprpcd_file:s0
-/firmware(/.*)?          u:object_r:firmware_file:s0
-/persist(/.*)?           u:object_r:persist_file:s0
diff --git a/sepolicy/vendor/app.te b/sepolicy/vendor/app.te
index fffdc3e0..6773cc2d 100644
--- a/sepolicy/vendor/app.te
+++ b/sepolicy/vendor/app.te
@@ -1,6 +1,5 @@
 # Allow appdomain to get vendor_camera_prop
 get_prop(appdomain, vendor_camera_prop)
-allow { appdomain -isolated_app } hal_mlipay_hwservice:hwservice_manager find;
 binder_call({ appdomain -isolated_app }, hal_mlipay_default)
 get_prop({ appdomain -isolated_app }, mlipay_prop)
 get_prop({ appdomain -isolated_app }, hal_fingerprint_prop)
diff --git a/sepolicy/vendor/hal_camera_default.te b/sepolicy/vendor/hal_camera_default.te
index cc77c2ee..342545ad 100644
--- a/sepolicy/vendor/hal_camera_default.te
+++ b/sepolicy/vendor/hal_camera_default.te
@@ -2,7 +2,6 @@ binder_call(hal_camera_default, hal_configstore_default)
 binder_call(hal_camera_default, hal_graphics_allocator_default)
 typeattribute hal_camera_default data_between_core_and_vendor_violators;
 
-allow hal_camera_default { hal_configstore_ISurfaceFlingerConfigs hal_graphics_allocator_hwservice }:hwservice_manager find;
 allow hal_camera_default sysfs:file { getattr open read };
 allow hal_camera_default sysfs_kgsl:file { getattr open read };
 
diff --git a/sepolicy/vendor/hwservice.te b/sepolicy/vendor/hwservice.te
index 32adecbd..6c299d1b 100644
--- a/sepolicy/vendor/hwservice.te
+++ b/sepolicy/vendor/hwservice.te
@@ -1,2 +1,2 @@
 type goodixhw_service, hwservice_manager_type;
-type hal_mlipay_hwservice, hwservice_manager_type, untrusted_app_visible_hwservice;
+type hal_mlipay_hwservice, hwservice_manager_type;
diff --git a/sepolicy/vendor/init.te b/sepolicy/vendor/init.te
index afc56b59..0c1f946d 100644
--- a/sepolicy/vendor/init.te
+++ b/sepolicy/vendor/init.te
@@ -3,7 +3,6 @@ allow init ipa_dev:chr_file open;
 allow init ion_device:chr_file ioctl;
 allow init property_socket:sock_file write;
 allow init sysfs_dm:file { open write };
-allow init tee_device:chr_file { write ioctl };
 allow init vendor_default_prop:property_service set;
 allow init sysfs_info:file { open read };
 allow init sysfs:file setattr;
diff --git a/sepolicy/vendor/property.te b/sepolicy/vendor/property.te
index 5d40afc5..354c0a16 100644
--- a/sepolicy/vendor/property.te
+++ b/sepolicy/vendor/property.te
@@ -2,6 +2,7 @@ type hal_fingerprint_prop, property_type;
 type mlipay_prop, property_type;
 type vendor_fp_prop, property_type;
 type ifaa_prop, property_type;
+type vendor_camera_prop, property_type;
 
 # Thermal engine
 type thermal_engine_prop, property_type;
diff --git a/sepolicy/vendor/system_app.te b/sepolicy/vendor/system_app.te
index ab0ae2f2..ede860b4 100644
--- a/sepolicy/vendor/system_app.te
+++ b/sepolicy/vendor/system_app.te
@@ -1,6 +1,5 @@
 allow system_app vendor_default_prop:file { getattr open read };
 allow system_app wificond:binder call;
-allow system_app hal_mlipay_hwservice:hwservice_manager find;
 allow system_app hal_mlipay_default:binder call;
 allow system_app kcal_dev:file rw_file_perms;
 allow system_app kcal_dev:dir search;