From b7a7716a4995ac476fc7dea960e601e3bc16307b Mon Sep 17 00:00:00 2001
From: Henrik Grimler <henrik@grimler.se>
Date: Sat, 5 Sep 2020 09:25:08 +0200
Subject: [PATCH] Use more macros following review

Use get_prop macro instead of r_file_perms as we otherwise hit
neverallow { ioctl lock } for props.
---
 sepolicy/crash_dump.te               | 5 +++--
 sepolicy/hal_audio_default.te        | 3 ++-
 sepolicy/hal_camera_default.te       | 3 ++-
 sepolicy/hal_keymaster_default.te    | 2 +-
 sepolicy/hal_vibrator_default.te     | 2 +-
 sepolicy/hal_wifi_hostapd_default.te | 2 +-
 sepolicy/property.te                 | 2 +-
 sepolicy/system_server.te            | 3 ++-
 8 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/sepolicy/crash_dump.te b/sepolicy/crash_dump.te
index 05ad1eb..138407f 100644
--- a/sepolicy/crash_dump.te
+++ b/sepolicy/crash_dump.te
@@ -1,3 +1,4 @@
-allow crash_dump hwservicemanager_prop:file { getattr open };
-allow crash_dump exported_camera_prop:file { getattr open };
+get_prop(crash_dump, hwservicemanager_prop)
+get_prop(crash_dump, exported_camera_prop)
+
 allow crash_dump app_data_file:file read;
diff --git a/sepolicy/hal_audio_default.te b/sepolicy/hal_audio_default.te
index bb5794c..9eb9415 100644
--- a/sepolicy/hal_audio_default.te
+++ b/sepolicy/hal_audio_default.te
@@ -8,6 +8,7 @@ allow hal_audio_default efs_file:dir search;
 
 allow hal_audio_default imei_efs_file:dir search;
 allow hal_audio_default imei_efs_file:file r_file_perms;
-allow hal_audio_default vendor_radio_prop:file { getattr open read };
+
+get_prop(hal_audio_default, vendor_radio_prop)
 
 allow hal_audio_default init:unix_stream_socket connectto;
diff --git a/sepolicy/hal_camera_default.te b/sepolicy/hal_camera_default.te
index 7311f67..313e7bc 100644
--- a/sepolicy/hal_camera_default.te
+++ b/sepolicy/hal_camera_default.te
@@ -7,8 +7,9 @@ allow hal_camera_default sysfs_virtual:dir search;
 allow hal_camera_default sysfs_virtual:file rw_file_perms;
 allow hal_camera_default sysfs_camera:dir search;
 allow hal_camera_default sysfs_camera:file rw_file_perms;
-allow hal_camera_default exported_camera_prop:file { getattr open read };
 allow hal_camera_default camera_data_file:dir search;
 
+get_prop(hal_camera_default, exported_camera_prop)
+
 binder_call(hal_camera_default, system_server)
 binder_call(system_server, hal_camera_default)
diff --git a/sepolicy/hal_keymaster_default.te b/sepolicy/hal_keymaster_default.te
index cb241b3..357775b 100644
--- a/sepolicy/hal_keymaster_default.te
+++ b/sepolicy/hal_keymaster_default.te
@@ -1 +1 @@
-allow hal_keymaster_default tee_prop:file { getattr open read };
+get_prop(hal_keymaster_default, tee_prop)
diff --git a/sepolicy/hal_vibrator_default.te b/sepolicy/hal_vibrator_default.te
index d4b5e86..a81495f 100644
--- a/sepolicy/hal_vibrator_default.te
+++ b/sepolicy/hal_vibrator_default.te
@@ -1,2 +1,2 @@
 allow hal_vibrator_default sysfs_virtual:dir search;
-allow hal_vibrator_default sysfs_virtual:file { open write getattr };
+allow hal_vibrator_default sysfs_virtual:file rw_file_perms;
diff --git a/sepolicy/hal_wifi_hostapd_default.te b/sepolicy/hal_wifi_hostapd_default.te
index 0489d84..c13b158 100644
--- a/sepolicy/hal_wifi_hostapd_default.te
+++ b/sepolicy/hal_wifi_hostapd_default.te
@@ -1,2 +1,2 @@
 allow hal_wifi_hostapd_default sysfs_virtual:dir search;
-allow hal_wifi_hostapd_default sysfs_virtual:lnk_file { read getattr };
+allow hal_wifi_hostapd_default sysfs_virtual:lnk_file r_file_perms;
diff --git a/sepolicy/property.te b/sepolicy/property.te
index e590d31..ec74269 100644
--- a/sepolicy/property.te
+++ b/sepolicy/property.te
@@ -11,4 +11,4 @@ type persist_data_wda_prop, property_type;
 type vendor_camera_prop, property_type;
 type vendor_factory_prop, property_type;
 type vendor_gps_prop, property_type;
-type vendor_nfc_prop, property_type;
\ No newline at end of file
+type vendor_nfc_prop, property_type;
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
index 1d0bc5c..e771758 100644
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@@ -8,4 +8,5 @@ allow system_server debugfs_ion:file r_file_perms;
 allow system_server debugfs_mali_mem:file r_file_perms;
 
 allow system_server frp_block_device:blk_file rw_file_perms;
-allow system_server vendor_radio_prop:file { getattr open read };
+
+get_prop(system_server, vendor_radio_prop)
-- 
2.20.1