update sepolicy

sepolicy/common/device.te

@@ -1,2 +0,0 @@
-# Fingerprint
-type vfsspi_device, dev_type;

sepolicy/common/file.te

@@ -1 +0,0 @@
-type vfsspi_data_file, file_type, data_file_type;

sepolicy/common/file_contexts

@@ -1,9 +1,2 @@
-# data files
-/data/validity(/.*)?                                    u:object_r:vfsspi_data_file:s0
-
-# device nodes
-/dev/ttyHS3                                             u:object_r:audio_device:s0
-/dev/vfsspi                                             u:object_r:vfsspi_device:s0
-
 # sysfs
 /sys/devices(/.*)?/input/input[1-2]/enabled             u:object_r:sysfs_hal_pwr:s0

sepolicy/common/hal_fingerprint_default.te

@@ -1,6 +0,0 @@
-r_dir_file(hal_fingerprint_default, firmware_file)
-
-allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
-allow hal_fingerprint_default vfsspi_data_file:dir rw_dir_perms;
-allow hal_fingerprint_default vfsspi_data_file:file create_file_perms;
-allow hal_fingerprint_default vfsspi_device:chr_file rw_file_perms;

sepolicy/common/kernel.te

@@ -1,4 +0,0 @@
-# Samsung literally vfs_write()s to the es705 UART at /dev/ttyHS3 to
-# load the firmware. Without crafting a userspace helper or re-doing
-# the whole path, there is no way around this.
-allow kernel audio_device:chr_file rw_file_perms;

sepolicy/common/priv_app.te

@@ -0,0 +1 @@
+allow priv_app su_exec:file { read open };

sepolicy/common/tee.te

@@ -1,2 +0,0 @@
-allow tee vfsspi_data_file:dir create_dir_perms;
-allow tee vfsspi_data_file:file create_file_perms;

sepolicy/sepolicy.mk

@@ -16,4 +16,4 @@
 
 # Board specific SELinux policy variable definitions
 BOARD_SEPOLICY_DIRS += \
-    device/samsung/klte-common/sepolicy/common
+    device/samsung/viennalte/sepolicy/common