zenfone6: Fix some selinux denied
Change-Id: I59c1bc82cb4688c8706a644edba783d0096bab65
diff --git a/BoardConfig.mk b/BoardConfig.mk
index bad8ee4..af4805f 100755
--- a/BoardConfig.mk
+++ b/BoardConfig.mk
@@ -150,7 +150,6 @@
TARGET_USES_MKE2FS := true
# Sepolicy
-BOARD_SEPOLICY_DIRS += build/target/board/generic_arm64_ab/sepolicy
include vendor/omni/sepolicy/sepolicy.mk
BOARD_PLAT_PRIVATE_SEPOLICY_DIR += $(DEVICE_PATH)/sepolicy/private
diff --git a/sepolicy/private/dexoptanalyzer.te b/sepolicy/private/dexoptanalyzer.te
new file mode 100644
index 0000000..190125a
--- /dev/null
+++ b/sepolicy/private/dexoptanalyzer.te
@@ -0,0 +1 @@
+allow dexoptanalyzer system_file:file lock;
\ No newline at end of file
diff --git a/sepolicy/private/file.te b/sepolicy/private/file.te
index 8014234..aea529b 100644
--- a/sepolicy/private/file.te
+++ b/sepolicy/private/file.te
@@ -1,6 +1,10 @@
# rootfs
type asdf_file, file_type;
+type bat_file, file_type;
+type bt_firmware_file, file_type;
type demoapp_file, file_type;
+type firmware_file, fs_type, contextmount_type;
+type persist_file, file_type;
type voucher_file, file_type;
type xrom_file, file_type;
diff --git a/sepolicy/private/file_contexts b/sepolicy/private/file_contexts
index d922cc8..d9fece2 100644
--- a/sepolicy/private/file_contexts
+++ b/sepolicy/private/file_contexts
@@ -2,7 +2,12 @@
/ADF(/.*)? u:object_r:demoapp_file:s0
/APD(/.*)? u:object_r:demoapp_file:s0
/asdf(/.*)? u:object_r:asdf_file:s0
-/batinfo(/.*)? u:object_r:demoapp_file:s0
+/batinfo(/.*)? u:object_r:bat_file:s0
+/bt_firmware(/.*)? u:object_r:bt_firmware_file:s0
+/firmware(/.*)? u:object_r:firmware_file:s0
+/persist(/.*)? u:object_r:persist_file:s0
+/tombstones u:object_r:rootfs:s0
+/dsp u:object_r:rootfs:s0
/voucher(/.*)? u:object_r:voucher_file:s0
/xrom(/.*)? u:object_r:xrom_file:s0
diff --git a/sepolicy/private/init.te b/sepolicy/private/init.te
index 7d7e100..8f9c049 100644
--- a/sepolicy/private/init.te
+++ b/sepolicy/private/init.te
@@ -5,4 +5,7 @@
allow init { system_file vendor_file }:file mounton;
# Allow init to mount vendor configs
-allow init vendor_configs_file:dir mounton;
\ No newline at end of file
+allow init vendor_configs_file:dir mounton;
+allow init vendor_configs_file:file mounton;
+allow init vendor_overlay_file:dir mounton;
+allow init vendor_overlay_file:file mounton;
\ No newline at end of file
diff --git a/sepolicy/private/installd.te b/sepolicy/private/installd.te
new file mode 100644
index 0000000..8986bb2
--- /dev/null
+++ b/sepolicy/private/installd.te
@@ -0,0 +1 @@
+allow installd media_rw_data_file:file setattr;
\ No newline at end of file
diff --git a/sepolicy/private/isolated_app.te b/sepolicy/private/isolated_app.te
new file mode 100644
index 0000000..bb86219
--- /dev/null
+++ b/sepolicy/private/isolated_app.te
@@ -0,0 +1 @@
+allow isolated_app app_data_file:dir getattr;
\ No newline at end of file
diff --git a/sepolicy/private/mediaprovider.te b/sepolicy/private/mediaprovider.te
deleted file mode 100644
index c64bdfd..0000000
--- a/sepolicy/private/mediaprovider.te
+++ /dev/null
@@ -1 +0,0 @@
-allow mediaprovider mnt_media_rw_file:dir getattr;
\ No newline at end of file
diff --git a/sepolicy/private/priv_app.te b/sepolicy/private/priv_app.te
new file mode 100644
index 0000000..436884e
--- /dev/null
+++ b/sepolicy/private/priv_app.te
@@ -0,0 +1,14 @@
+#allow priv_app hal_memtrack_hwservice:hwservice_manager find;
+#allow priv_app mnt_vendor_file:dir search;
+allow priv_app firmware_file:filesystem getattr;
+allow priv_app bt_firmware_file:filesystem getattr;
+allow priv_app {
+ asdf_file
+ bat_file
+ demoapp_file
+ postinstall_mnt_dir
+ radio_data_file
+ system_app_data_file
+ voucher_file
+ xrom_file
+}:dir getattr;
diff --git a/sepolicy/private/property_contexts b/sepolicy/private/property_contexts
index cba3a13..a74db44 100644
--- a/sepolicy/private/property_contexts
+++ b/sepolicy/private/property_contexts
@@ -1 +1,10 @@
+gf.debug.dump_talog_data u:object_r:exported_system_prop:s0 exact int
+
+gsm.sim1.present u:object_r:exported_system_prop:s0
+gsm.sim2.present u:object_r:exported_system_prop:s0
+
+ro.camera.res.fmq.size u:object_r:exported_system_prop:s0 exact int
+ro.camera.req.fmq.size u:object_r:exported_system_prop:s0 exact int
+ro.product.system.manufacturer u:object_r:exported_system_prop:s0 exact int
+
vendor.camera.aux.packageblacklist u:object_r:vendor_camera_prop:s0
diff --git a/sepolicy/private/system_app.te b/sepolicy/private/system_app.te
index ee4f984..513a7aa 100644
--- a/sepolicy/private/system_app.te
+++ b/sepolicy/private/system_app.te
@@ -1,4 +1,6 @@
#allow system_app system_suspend_control_service:service_manager { find };
#allow system_app apex_service:service_manager { find };
allow system_app sysfs_gesture:file { rw_file_perms setattr };
-allow system_app proc_touchscreen:file { rw_file_perms setattr };
\ No newline at end of file
+allow system_app proc_touchscreen:file { rw_file_perms setattr };
+allow system_app proc_pagetypeinfo:file { read };
+allow system_app sysfs_zram:dir { search };
\ No newline at end of file