mondrianwifi: sepolicy

BoardConfig.mk

@@ -44,7 +44,7 @@ DEVICE_MANIFEST_FILE += $(DEVICE_PATH)/manifest.xml
 
 # Kernel
 BOARD_KERNEL_BASE := 0x00000000
-BOARD_KERNEL_CMDLINE := console=null androidboot.hardware=qcom user_debug=31 msm_rtb.filter=0x37 ehci-hcd.park=3 zcache.enabled=1 zcache.compressor=lz4 androidboot.selinux=permissive
+BOARD_KERNEL_CMDLINE := console=null androidboot.hardware=qcom user_debug=31 msm_rtb.filter=0x37 ehci-hcd.park=3 zcache.enabled=1 zcache.compressor=lz4
 BOARD_KERNEL_IMAGE_NAME := zImage
 BOARD_KERNEL_PAGESIZE := 2048
 BOARD_KERNEL_SEPARATED_DT := true

sepolicy/common/audioserver.te

@@ -0,0 +1 @@
+allow audioserver vendor_default_prop:file r_file_perms;

sepolicy/common/file_contexts

@@ -2,9 +2,12 @@
 /misc            u:object_r:misc_block_device:s0
 
 # DRM
-/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.3-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.4-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0
 /data/vendor/mediadrm(/.*)? u:object_r:mediadrm_vendor_data_file:s0
 
+# Power
+/(vendor|system/vendor)/bin/hw/android\.hardware\.light(@[0-9].[0-9])?-service\.samsung           u:object_r:hal_light_default_exec:s0
+
 # sysfs - iio
 /sys/bus/iio/devices/iio:device[0-9]+(/.*)? u:object_r:sysfs_iio:s0
 /sys/devices/[a-f0-9]+\.i2c/i2c-[0-9]+/[0-9]+-[0-9]+/iio:device[0-9](/.*)? u:object_r:sysfs_iio:s0

sepolicy/common/hal_gnss_default.te

@@ -0,0 +1 @@
+allow hal_gnss_default system_prop:file r_file_perms;

sepolicy/common/hal_graphics_allocator_default.te

@@ -0,0 +1 @@
+allow hal_graphics_allocator_default default_prop:file r_file_perms;

sepolicy/common/hal_graphics_composer_default.te

@@ -0,0 +1,2 @@
+allow hal_graphics_composer_default default_prop:file r_file_perms;
+allow hal_graphics_composer_default system_prop:file r_file_perms;

sepolicy/common/hal_sensors_default.te

@@ -1 +1,3 @@
+allow hal_sensors_default default_prop:file r_file_perms;
+allow hal_sensors_default proc:file r_file_perms;
 allow hal_sensors_default sensors_data_file:file create_file_perms;

sepolicy/common/init.te

@@ -1,2 +1,4 @@
 allow init sysfs:file setattr;
+allow init sysfs_graphics:file rw_file_perms;
+allow init sysfs_sec_touchkey:file rw_file_perms;
 allow init system_file:file execute_no_trans;

sepolicy/common/mediacodec.te

@@ -0,0 +1 @@
+allow mediacodec default_prop:file r_file_perms;

sepolicy/common/mediaserver.te

@@ -0,0 +1,2 @@
+allow mediaserver package_native_service:service_manager find;
+allow mediaserver vendor_default_prop:file r_file_perms;

sepolicy/common/mm-qcamerad.te

@@ -0,0 +1 @@
+allow mm-qcamerad default_prop:file r_file_perms;

sepolicy/common/mpdecision.te

@@ -0,0 +1 @@
+allow mpdecision default_prop:file r_file_perms;

sepolicy/common/system_server.te

@@ -0,0 +1,2 @@
+allow system_server init:binder call;
+allow system_server build_bootimage_prop:file r_file_perms;

sepolicy/common/vendor_init.te

@@ -0,0 +1,7 @@
+allow vendor_init apexd_prop:file read;
+allow vendor_init bootanim_system_prop:file read;
+allow vendor_init default_prop:property_service set;
+allow vendor_init radio_core_data_file:dir { getattr search setattr };
+allow vendor_init shell_prop:file read;
+allow vendor_init system_prop:file r_file_perms;
+allow vendor_init system_prop:property_service set;