zenfone6 Bring Up sepolicy for Q
Change-Id: Ief387a0eda62d9415d3e714fdb135d5ca69bc6ee
diff --git a/BoardConfig.mk b/BoardConfig.mk
index 5df6910..cfa4d74 100755
--- a/BoardConfig.mk
+++ b/BoardConfig.mk
@@ -160,10 +160,17 @@
TARGET_USES_MKE2FS := true
# Sepolicy
+BOARD_SEPOLICY_DIRS += build/target/board/generic_arm64_ab/sepolicy
include vendor/omni/sepolicy/sepolicy.mk
-#BOARD_PLAT_PRIVATE_SEPOLICY_DIR += device/qcom/sepolicy/private
-#BOARD_PLAT_PUBLIC_SEPOLICY_DIR += device/qcom/sepolicy/public
BOARD_PLAT_PRIVATE_SEPOLICY_DIR += $(DEVICE_PATH)/sepolicy/private
+BOARD_PLAT_PUBLIC_SEPOLICY_DIR += \
+ device/qcom/sepolicy/generic/public \
+ device/qcom/sepolicy/qva/public
+
+BOARD_PLAT_PRIVATE_SEPOLICY_DIR += \
+ device/qcom/sepolicy/generic/private \
+ device/qcom/sepolicy/qva/private
+
# Treble
BOARD_VNDK_VERSION := current
diff --git a/sepolicy/private/file.te b/sepolicy/private/file.te
index e67b2d5..28fcbe5 100644
--- a/sepolicy/private/file.te
+++ b/sepolicy/private/file.te
@@ -3,12 +3,9 @@
type demoapp_file, file_type;
type voucher_file, file_type;
type xrom_file, file_type;
-type firmware_file, file_type;
-type bt_firmware_file, file_type;
# Offscreen Gestures
type sysfs_gesture, sysfs_type, fs_type;
type sysfs_touchscreen, sysfs_type, fs_type;
-# vendor camera files
-type vendor_camera_data_file, file_type, data_file_type;
\ No newline at end of file
+type system_configs_file, system_file_type, file_type;
\ No newline at end of file
diff --git a/sepolicy/private/file_contexts b/sepolicy/private/file_contexts
index dd3fd11..3cd156d 100644
--- a/sepolicy/private/file_contexts
+++ b/sepolicy/private/file_contexts
@@ -3,13 +3,11 @@
/APD(/.*)? u:object_r:demoapp_file:s0
/asdf(/.*)? u:object_r:asdf_file:s0
/batinfo(/.*)? u:object_r:demoapp_file:s0
-/bt_firmware(/.*)? u:object_r:bt_firmware_file:s0
-/firmware(/.*)? u:object_r:firmware_file:s0
/voucher(/.*)? u:object_r:voucher_file:s0
/xrom(/.*)? u:object_r:xrom_file:s0
# Audio
-/system/etc/audio_policy_configuration.xml u:object_r:vendor_configs_file:s0
+/system/etc/audio_policy_configuration.xml u:object_r:system_configs_file:s0
# Gestures
/sys/devices/platform/soc/c80000.i2c/i2c-4/4-0038/fts_glove_mode u:object_r:sysfs_gesture:s0
@@ -18,8 +16,5 @@
/sys/devices/platform/soc/soc:asustek_googlekey/googlekey_enable u:object_r:sysfs_gesture:s0
# Modules
-/system/lib/modules/wlan\.ko u:object_r:vendor_file:s0
-/system/lib64/hw/lights\.msmnile\.so u:object_r:vendor_file:s0
-
-# vendor camera files
-/data/vendor/camera(/.*)? u:object_r:vendor_camera_data_file:s0
+/system/lib/modules/wlan\.ko u:object_r:system_file:s0
+/system/lib64/hw/lights\.msmnile\.so u:object_r:system_file:s0
diff --git a/sepolicy/private/init.te b/sepolicy/private/init.te
index 5c71641..6bcafe7 100644
--- a/sepolicy/private/init.te
+++ b/sepolicy/private/init.te
@@ -2,5 +2,8 @@
allow init sysfs_touchscreen:file { rw_file_perms setattr };
allow init sysfs_gesture:file { rw_file_perms setattr };
+# Allow init to bind mount over vendor file
+allow init { system_file vendor_file }:file mounton;
+
# Allow init to mount vendor configs
-allow init vendor_configs_file:file mounton;
\ No newline at end of file
+allow init { system_configs_file vendor_configs_file }:file mounton;
\ No newline at end of file
diff --git a/sepolicy/private/platform_app.te b/sepolicy/private/platform_app.te
index 1be62db..8287807 100644
--- a/sepolicy/private/platform_app.te
+++ b/sepolicy/private/platform_app.te
@@ -1,5 +1 @@
-#allow platform_app vendor_file:file r_file_perms;
-#allow platform_app asus_prop:file r_file_perms;
-allow platform_app app_data_file:file { execute };
-allow platform_app vendor_camera_data_file:dir { add_name create getattr remove_name rw_file_perms search setattr };
-allow platform_app vendor_camera_data_file:file { create getattr unlink rw_file_perms setattr };
\ No newline at end of file
+allow platform_app app_data_file:file { execute };
\ No newline at end of file
diff --git a/sepolicy/private/priv_app.te b/sepolicy/private/priv_app.te
deleted file mode 100644
index 254a44f..0000000
--- a/sepolicy/private/priv_app.te
+++ /dev/null
@@ -1,2 +0,0 @@
-allow priv_app firmware_file:filesystem { getattr };
-allow priv_app bt_firmware_file:filesystem { getattr };
\ No newline at end of file
diff --git a/sepolicy/private/property.te b/sepolicy/private/property.te
index 787663f..3f5cd8b 100644
--- a/sepolicy/private/property.te
+++ b/sepolicy/private/property.te
@@ -1,2 +1 @@
-#type asus_prop, property_type;
type vendor_camera_prop, property_type;
\ No newline at end of file
diff --git a/sepolicy/private/vendor_init.te b/sepolicy/private/vendor_init.te
new file mode 100644
index 0000000..56fa776
--- /dev/null
+++ b/sepolicy/private/vendor_init.te
@@ -0,0 +1,2 @@
+# Allow vendor_init to load wlan kernel module
+allow vendor_init system_file:system module_load;
\ No newline at end of file