zenfone6: Selinux Enforcing :)
Change-Id: Iceb74a5d8ca3dd49ea707cb505d787c53a3df6d7
diff --git a/sepolicy/private/file.te b/sepolicy/private/file.te
index ce2daf2..2a2a99a 100644
--- a/sepolicy/private/file.te
+++ b/sepolicy/private/file.te
@@ -10,4 +10,4 @@
# Offscreen Gestures
type sysfs_gesture, sysfs_type, fs_type;
-type sysfs_touchscreen, sysfs_type, fs_type;
\ No newline at end of file
+type proc_touchscreen, proc_type, sysfs_type, fs_type;
\ No newline at end of file
diff --git a/sepolicy/private/file_contexts b/sepolicy/private/file_contexts
index 54f9451..d2462df 100644
--- a/sepolicy/private/file_contexts
+++ b/sepolicy/private/file_contexts
@@ -6,12 +6,6 @@
/voucher(/.*)? u:object_r:voucher_file:s0
/xrom(/.*)? u:object_r:xrom_file:s0
-# Gestures
-/proc/driver/glove u:object_r:sysfs_gesture:s0
-/proc/driver/gesture_type u:object_r:sysfs_gesture:s0
-/proc/driver/swipeup u:object_r:sysfs_gesture:s0
-/sys/devices/platform/soc/soc:asustek_googlekey/googlekey_enable u:object_r:sysfs_gesture:s0
-
# HALs
/(product|system/product)/vendor_overlay/[0-9]+/bin/hw/android\.hardware\.light@2\.0-service u:object_r:hal_light_default_exec:s0
diff --git a/sepolicy/private/genfs_contexts b/sepolicy/private/genfs_contexts
index 550fd10..ac504cd 100644
--- a/sepolicy/private/genfs_contexts
+++ b/sepolicy/private/genfs_contexts
@@ -1 +1,5 @@
-genfscon proc /driver/dclick u:object_r:sysfs_touchscreen:s0
\ No newline at end of file
+genfscon sysfs /devices/platform/soc/soc:asustek_googlekey/googlekey_enable u:object_r:sysfs_gesture:s0
+genfscon proc /driver/dclick u:object_r:proc_touchscreen:s0
+genfscon proc /driver/gesture_type u:object_r:proc_touchscreen:s0
+genfscon proc /driver/glove u:object_r:proc_touchscreen:s0
+genfscon proc /driver/swipeup u:object_r:proc_touchscreen:s0
\ No newline at end of file
diff --git a/sepolicy/private/init.te b/sepolicy/private/init.te
index 8caaa57..7d7e100 100644
--- a/sepolicy/private/init.te
+++ b/sepolicy/private/init.te
@@ -1,5 +1,4 @@
# Allow init to chown/chmod on pseudo files in /sys
-allow init sysfs_touchscreen:file { rw_file_perms setattr };
allow init sysfs_gesture:file { rw_file_perms setattr };
# Allow init to bind mount over vendor file
diff --git a/sepolicy/private/rs.te b/sepolicy/private/rs.te
new file mode 100644
index 0000000..2dffbab
--- /dev/null
+++ b/sepolicy/private/rs.te
@@ -0,0 +1,2 @@
+allow rs surfaceflinger:fd use;
+allow rs sdcardfs:file rw_file_perms;
\ No newline at end of file
diff --git a/sepolicy/private/system_app.te b/sepolicy/private/system_app.te
index b73fb60..ee4f984 100644
--- a/sepolicy/private/system_app.te
+++ b/sepolicy/private/system_app.te
@@ -1 +1,4 @@
-allow system_app sysfs_gesture:file { rw_file_perms setattr };
\ No newline at end of file
+#allow system_app system_suspend_control_service:service_manager { find };
+#allow system_app apex_service:service_manager { find };
+allow system_app sysfs_gesture:file { rw_file_perms setattr };
+allow system_app proc_touchscreen:file { rw_file_perms setattr };
\ No newline at end of file
diff --git a/sepolicy/private/system_server.te b/sepolicy/private/system_server.te
index eb2a942..b6b8e25 100644
--- a/sepolicy/private/system_server.te
+++ b/sepolicy/private/system_server.te
@@ -1,4 +1,4 @@
-allow system_server sysfs_touchscreen:file rw_file_perms;
+allow system_server proc_touchscreen:file rw_file_perms;
allow system_server sysfs_gesture:file rw_file_perms;
# allow system server to get vendor_camera_prop