From b1e82b80b7caf6be2bbf137dd528568555255ec8 Mon Sep 17 00:00:00 2001
From: Danny Wood <danwood76@gmail.com>
Date: Tue, 14 May 2019 16:06:49 +0100
Subject: [PATCH] universal7580: sepolicy: fix and cleanup denials hit during
 init

Change-Id: If58602ea177da08848338b3b7ccacb7bd299502c
---
 sepolicy/file.te        |  3 ++-
 sepolicy/genfs_contexts | 31 ++++++++++++++++++++++++++++---
 sepolicy/init.te        |  5 +++--
 sepolicy/kernel.te      |  3 +++
 sepolicy/system_app.te  |  1 +
 5 files changed, 37 insertions(+), 6 deletions(-)

diff --git a/sepolicy/file.te b/sepolicy/file.te
index 5aaefe1..e0b86cf 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -21,10 +21,11 @@ type gps_data_file, file_type, data_file_type, core_data_file_type;
 type gps_socket, file_type;
 
 # proc
-type proc_dirty_ratio, fs_type, proc_type;
+type proc_vm, fs_type, proc_type;
 type proc_dt_firmware, fs_type, proc_type;
 type proc_reset_reason, fs_type, proc_type;
 type proc_simslot_count, fs_type, proc_type;
+type proc_sec, fs_type, proc_type;
 
 ### sysfs types
 #type sysfs_writable, fs_type, sysfs_type, mlstrustedobject;
diff --git a/sepolicy/genfs_contexts b/sepolicy/genfs_contexts
index a7a9b16..93895d9 100644
--- a/sepolicy/genfs_contexts
+++ b/sepolicy/genfs_contexts
@@ -1,13 +1,18 @@
 genfscon proc /device-tree u:object_r:proc_dt_firmware:s0
 
-genfscon proc /sys/vm/dirty_ratio               u:object_r:proc_dirty:s0
-genfscon proc /sys/vm/dirty_bytes               u:object_r:proc_dirty:s0
-genfscon proc /sys/vm/dirty_background_bytes    u:object_r:proc_dirty:s0
+genfscon proc /sys/vm/dirty_ratio               u:object_r:proc_vm:s0
+genfscon proc /sys/vm/dirty_bytes               u:object_r:proc_vm:s0
+genfscon proc /sys/vm/dirty_background_bytes    u:object_r:proc_vm:s0
+genfscon proc /sys/vm/min_free_kbytes           u:object_r:proc_vm:s0
+
+genfscon proc /sys/vm/swappiness                u:object_r:proc_vm:s0
+genfscon proc /sys/vm/vfs_cache_pressure        u:object_r:proc_vm:s0
 
 genfscon proc /reset_reason     u:object_r:proc_reset_reason:s0
 genfscon proc /simslot_count    u:object_r:proc_simslot_count:s0
 
 # SEC devices
+genfscon proc /sec_log          u:object_r:proc_sec:s0
 #genfscon sysfs /class/sec/     u:object_r:sysfs_sec:s0
 
 # Power supply devices
@@ -25,6 +30,26 @@ genfscon sysfs /devices/virtual/sec/sec_touchkey/                           u:ob
 genfscon sysfs /devices/virtual/sec/sec_key/                                u:object_r:sysfs_input:s0
 genfscon sysfs /devices/virtual/sec/tsp/                                    u:object_r:sysfs_input:s0
 
+# SEC GPIO input devices
+genfscon sysfs /class/secgpio_check/secgpio_check_all/gpioinit_check        u:object_r:sysfs_input:s0
+genfscon sysfs /class/secgpio_check/secgpio_check_all/gpiosleep_check       u:object_r:sysfs_input:s0
+genfscon sysfs /class/secgpio_check/secgpio_check_all/checked_sleepGPIO     u:object_r:sysfs_input:s0
+
+# Input booster
+genfscon sysfs /class/input_booster/level   u:object_r:sysfs_input:s0
+genfscon sysfs /class/input_booster/head    u:object_r:sysfs_input:s0
+genfscon sysfs /class/input_booster/tail    u:object_r:sysfs_input:s0
+
+# CPU/Scheduler devices
+genfscon sysfs /power/cpufreq_table         u:object_r:sysfs_devices_system_cpu:s0
+genfscon sysfs /power/cpufreq_min_limit     u:object_r:sysfs_devices_system_cpu:s0
+genfscon sysfs /power/cpufreq_max_limit     u:object_r:sysfs_devices_system_cpu:s0
+
+genfscon sysfs /module/cpuidle/parameters/off                       u:object_r:sysfs_devices_system_cpu:s0
+genfscon sysfs /module/cpuidle_exynos64_smp/parameters/enable_mask  u:object_r:sysfs_devices_system_cpu:s0
+
+genfscon sysfs /module/workqueue/parameters/power_efficient         u:object_r:sysfs_devices_system_cpu:s0
+
 # Camera
 genfscon sysfs /devices/virtual/camera/             u:object_r:sysfs_camera:s0
 
diff --git a/sepolicy/init.te b/sepolicy/init.te
index 988a290..c1a3b03 100644
--- a/sepolicy/init.te
+++ b/sepolicy/init.te
@@ -79,8 +79,9 @@ allow init sysfs_multipdp:file setattr;
 
 # Proc files
 allow init proc_reset_reason:file rw_file_perms;
-allow init proc_dirty:file rw_file_perms;
+allow init proc_vm:file rw_file_perms;
 allow init proc_simslot_count:file rw_file_perms;
+allow init proc_sec:file rw_file_perms;
 
 # Sockets
-allow init socket_device:sock_file create;
+allow init socket_device:sock_file { read write getattr setattr create unlink };
diff --git a/sepolicy/kernel.te b/sepolicy/kernel.te
index 324eb19..bd8b009 100644
--- a/sepolicy/kernel.te
+++ b/sepolicy/kernel.te
@@ -21,3 +21,6 @@ allow kernel wifi_efs_file:file r_file_perms;
 
 # /data/misc/conn/.wifiver.info
 allow kernel wifi_data_file:file rw_file_perms;
+
+# Allow kernel to search tmpfs
+allow kernel tmpfs:dir search;
diff --git a/sepolicy/system_app.te b/sepolicy/system_app.te
index c9d70d0..4d74449 100644
--- a/sepolicy/system_app.te
+++ b/sepolicy/system_app.te
@@ -1,3 +1,4 @@
 allow system_app sysfs_mdnie:{ file lnk_file } rw_file_perms;
 allow system_app sysfs_mdnie:dir search;
+allow system_app sysfs_graphics:dir search;
 allow system_app wificond:binder call;
-- 
2.20.1