From 631007d58c11b391a48c0dfd6a00c9b08dfd94f9 Mon Sep 17 00:00:00 2001
From: "Kevin F. Haggerty" <haggertk@lineageos.org>
Date: Sat, 18 Apr 2020 10:42:22 -0600
Subject: [PATCH] msm8974-common: sepolicy: Update for move of
 init.{qcom,target}.rc to /vendor

Change-Id: Ic0042ed52e7aeb3faba856411fd0a1b298446125
---
 sepolicy/common/init.te        | 52 +---------------------------------
 sepolicy/common/vendor_init.te | 20 +++++++++++++
 2 files changed, 21 insertions(+), 51 deletions(-)
 create mode 100644 sepolicy/common/vendor_init.te

diff --git a/sepolicy/common/init.te b/sepolicy/common/init.te
index 061cf7a..27cde41 100644
--- a/sepolicy/common/init.te
+++ b/sepolicy/common/init.te
@@ -1,51 +1 @@
-# This really is necessary for init.qcom.rc to manually restorecon the
-# /data/data/com.android.providers.telephony/(databases|shared_prefs)
-# symlinks. Without the manual restorecon, we would have to allow rild
-# to read any system_data_file:lnk_file.
-selinux_check_context(init)
-
-allow init {
-    sysfs_iio
-    sysfs_sec_tsp
-    sysfs_sensors
-}:lnk_file read;
-
-allow init {
-    sysfs_audio
-    sysfs_batteryinfo
-    sysfs_bluetooth_writable
-    sysfs_camera
-    sysfs_graphics
-    sysfs_hal_pwr
-    sysfs_iio
-    sysfs_input
-    sysfs_kgsl
-    sysfs_leds
-    sysfs_mdnie
-    sysfs_msmuart_file
-    sysfs_sec_bamdmux
-    sysfs_sec_barcode_emul
-    sysfs_sec_epen
-    sysfs_sec_ir
-    sysfs_sec_key
-    sysfs_sec_led
-    sysfs_sec_switch
-    sysfs_sec_thermistor
-    sysfs_sec_touchkey
-    sysfs_sec_tsp
-    sysfs_sensors
-    sysfs_socinfo
-    sysfs_usb_otg
-    sysfs_wifi_writeable
-}:file setattr;
-
-allow init {
-    sysfs_cpu_boost
-    sysfs_devices_system_cpu
-    sysfs_lowmemorykiller
-    sysfs_mmc_host
-    sysfs_msm_perf
-    sysfs_msm_power
-    sysfs_sec_key
-    sysfs_thermal
-}:file w_file_perms;
+allow init efs_file:dir mounton;
diff --git a/sepolicy/common/vendor_init.te b/sepolicy/common/vendor_init.te
new file mode 100644
index 0000000..b991eb1
--- /dev/null
+++ b/sepolicy/common/vendor_init.te
@@ -0,0 +1,20 @@
+# This really is necessary for init.qcom.rc to manually restorecon the
+# /data/data/com.android.providers.telephony/(databases|shared_prefs)
+# symlinks. Without the manual restorecon, we would have to allow rild
+# to read any system_data_file:lnk_file.
+selinux_check_context(vendor_init)
+
+allow vendor_init {
+    packages_list_file
+    seapp_contexts_file
+}:file r_file_perms;
+
+allow vendor_init {
+  radio_data_file
+  system_data_file
+}:lnk_file create_file_perms;
+
+allow vendor_init radio_data_file:lnk_file relabelto;
+allow vendor_init system_data_file:lnk_file relabelfrom;
+
+allow vendor_init wifi_data_file:file create_file_perms;