zenfone6: Update Sepolicy for A11
Remove voucher root folder
Change-Id: I49940a8153e918085abc3e511812797ee84ca837
diff --git a/BoardConfig.mk b/BoardConfig.mk
index a2f4652..44421ef 100755
--- a/BoardConfig.mk
+++ b/BoardConfig.mk
@@ -141,7 +141,7 @@
BOARD_USES_PRODUCTIMAGE := true
TARGET_COPY_OUT_VENDOR := vendor
-BOARD_ROOT_EXTRA_FOLDERS := ADF APD asdf batinfo voucher xrom
+BOARD_ROOT_EXTRA_FOLDERS := ADF APD asdf batinfo xrom
# Platform
TARGET_BOARD_PLATFORM := msmnile
@@ -160,6 +160,7 @@
include vendor/omni/sepolicy/sepolicy.mk
include device/qcom/sepolicy/SEPolicy.mk
BOARD_PLAT_PRIVATE_SEPOLICY_DIR += $(DEVICE_PATH)/sepolicy/private
+PRODUCT_PRIVATE_SEPOLICY_DIRS += $(DEVICE_PATH)/sepolicy/product/private
# Treble
BOARD_VNDK_VERSION := current
diff --git a/sepolicy/private/file.te b/sepolicy/private/file.te
index 6bc562f..8d0f7c5 100644
--- a/sepolicy/private/file.te
+++ b/sepolicy/private/file.te
@@ -5,7 +5,6 @@
type demoapp_file, file_type;
type firmware_file, fs_type, contextmount_type;
type persist_file, file_type;
-type voucher_file, file_type;
type xrom_file, file_type;
# Offscreen Gestures
diff --git a/sepolicy/private/file_contexts b/sepolicy/private/file_contexts
index 558ea20..3fb48b4 100644
--- a/sepolicy/private/file_contexts
+++ b/sepolicy/private/file_contexts
@@ -8,9 +8,4 @@
/persist(/.*)? u:object_r:persist_file:s0
/tombstones u:object_r:rootfs:s0
/dsp u:object_r:rootfs:s0
-/voucher(/.*)? u:object_r:voucher_file:s0
/xrom(/.*)? u:object_r:xrom_file:s0
-
-# Vendor overlay
-/(product|system/product)/vendor_overlay/[0-9]+/etc(/.*)? u:object_r:vendor_configs_file:s0
-/(product|system/product)/vendor_overlay/[0-9]+/lib(64)?/hw u:object_r:vendor_hal_file:s0
diff --git a/sepolicy/private/init.te b/sepolicy/private/init.te
index 7d7e100..aed6f07 100644
--- a/sepolicy/private/init.te
+++ b/sepolicy/private/init.te
@@ -3,6 +3,3 @@
# Allow init to bind mount over vendor file
allow init { system_file vendor_file }:file mounton;
-
-# Allow init to mount vendor configs
-allow init vendor_configs_file:dir mounton;
\ No newline at end of file
diff --git a/sepolicy/private/priv_app.te b/sepolicy/private/priv_app.te
index 436884e..1a240a4 100644
--- a/sepolicy/private/priv_app.te
+++ b/sepolicy/private/priv_app.te
@@ -9,6 +9,5 @@
postinstall_mnt_dir
radio_data_file
system_app_data_file
- voucher_file
- xrom_file
+ xrom_file
}:dir getattr;
diff --git a/sepolicy/private/untrusted_app.te b/sepolicy/private/untrusted_app.te
index 9ec121b..efdde1d 100644
--- a/sepolicy/private/untrusted_app.te
+++ b/sepolicy/private/untrusted_app.te
@@ -1 +1 @@
-allow untrusted_app persist_camera_prop:file { read open getattr map};
\ No newline at end of file
+allow untrusted_app vendor_persist_camera_prop:file { read open getattr map};
\ No newline at end of file
diff --git a/sepolicy/product/private/file_contexts b/sepolicy/product/private/file_contexts
new file mode 100644
index 0000000..57a49b8
--- /dev/null
+++ b/sepolicy/product/private/file_contexts
@@ -0,0 +1,3 @@
+# Vendor overlay
+/(product|system/product)/vendor_overlay/[0-9]+/etc(/.*)? u:object_r:vendor_configs_file:s0
+/(product|system/product)/vendor_overlay/[0-9]+/lib(64)?/hw u:object_r:vendor_hal_file:s0
diff --git a/sepolicy/product/private/init.te b/sepolicy/product/private/init.te
new file mode 100644
index 0000000..e43297d
--- /dev/null
+++ b/sepolicy/product/private/init.te
@@ -0,0 +1,2 @@
+# Allow init to mount vendor configs
+allow init vendor_configs_file:dir mounton;