From 201f6ab690af8b2fa7c531cc4ea54c1ff8d146e2 Mon Sep 17 00:00:00 2001
From: Danny Wood <danwood76@gmail.com>
Date: Thu, 28 Jan 2021 14:45:42 +0000
Subject: [PATCH] universal7580: sepolicy: Update for 11

Change-Id: I477df3907a17134276a00a35c3192e82e64c9368
---
 sepolicy/fsck.te                  | 2 +-
 sepolicy/gpsd.te                  | 5 ++++-
 sepolicy/hal_graphics_composer.te | 4 ++++
 sepolicy/hwservicemanager.te      | 5 +++++
 sepolicy/vold.te                  | 3 +++
 5 files changed, 17 insertions(+), 2 deletions(-)
 create mode 100644 sepolicy/hwservicemanager.te

diff --git a/sepolicy/fsck.te b/sepolicy/fsck.te
index 6185843..002ec71 100644
--- a/sepolicy/fsck.te
+++ b/sepolicy/fsck.te
@@ -1,3 +1,3 @@
 # /dev/block/mmcblk0p[0-9]*
 allow fsck emmcblk_device:blk_file rw_file_perms;
-allowxperm fsck emmcblk_device:blk_file ioctl { BLKDISCARDZEROES BLKROGET };
+allowxperm fsck emmcblk_device:blk_file ioctl { BLKGETSIZE64 BLKDISCARDZEROES BLKROGET };
diff --git a/sepolicy/gpsd.te b/sepolicy/gpsd.te
index 60c4c2b..7af7a6a 100644
--- a/sepolicy/gpsd.te
+++ b/sepolicy/gpsd.te
@@ -13,7 +13,10 @@ unix_socket_connect(gpsd, property, netd)
 allow gpsd system_server:unix_stream_socket rw_socket_perms;
 
 binder_call(gpsd, system_server)
-binder_use(gpsd)
+binder_call(gpsd, system_suspend_server)
+hwbinder_use(gpsd)
+
+allow gpsd system_suspend_hwservice:hwservice_manager { find };
 
 # Sockets
 type_transition gpsd gps_data_file:sock_file gps_socket;
diff --git a/sepolicy/hal_graphics_composer.te b/sepolicy/hal_graphics_composer.te
index 1916c0a..bfea7e3 100644
--- a/sepolicy/hal_graphics_composer.te
+++ b/sepolicy/hal_graphics_composer.te
@@ -1,3 +1,5 @@
+vndbinder_use(hal_graphics_composer_default);
+
 # Graphics sysfs
 allow hal_graphics_composer_default sysfs_graphics:dir  search;
 allow hal_graphics_composer_default sysfs_graphics:file rw_file_perms;
@@ -5,3 +7,5 @@ allow hal_graphics_composer_default sysfs_graphics:file rw_file_perms;
 # uevent socket
 allow hal_graphics_composer_default self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
 
+# Video devices
+allow hal_graphics_composer_default video_device:chr_file rw_file_perms;
diff --git a/sepolicy/hwservicemanager.te b/sepolicy/hwservicemanager.te
new file mode 100644
index 0000000..7fadfd8
--- /dev/null
+++ b/sepolicy/hwservicemanager.te
@@ -0,0 +1,5 @@
+# gpsd
+#allow hwservicemanager gpsd:dir search;
+#allow hwservicemanager gpsd:file { read open };
+#allow hwservicemanager gpsd:process getattr;
+#allow hwservicemanager gpsd:binder transfer;
diff --git a/sepolicy/vold.te b/sepolicy/vold.te
index 4da2966..d5f06a5 100644
--- a/sepolicy/vold.te
+++ b/sepolicy/vold.te
@@ -6,3 +6,6 @@ allow vold emmcblk_device:blk_file { setattr unlink rw_file_perms };
 
 allow vold sysfs_mmc:file w_file_perms;
 r_dir_file(vold, proc_dt_firmware)
+
+# sswap
+allow vold sysfs_sswap:file w_file_perms;
-- 
2.20.1