commit 39fe964e1873c4d8222b202a043f67b57793bffa
author Zvikomborero VIncent Zvikaramba <zvikovincent@gmail.com> Sun Aug 21 22:50:09 2016 -0400
committer Zvikomborero VIncent Zvikaramba <zvikovincent@gmail.com> Sun Aug 21 22:50:09 2016 -0400
tree 3548aa79440092bfbd30802ade9a9a18aa55b7ad
parent 3927d123a06cefd5b3f641a2d23bcb3ec06b36f0

Revert "Revert "Revert "Added new SELinux policies"""

This reverts commit 3927d123a06cefd5b3f641a2d23bcb3ec06b36f0.

sepolicy/at_distributor.te

diff --git a/sepolicy/at_distributor.te b/sepolicy/at_distributor.te
deleted file mode 100644
index c2984d0..0000000
--- a/sepolicy/at_distributor.te
+++ /dev/null
@@ -1,94 +0,0 @@
-#===================at_distributor============================
-type at_distributor, domain;
-type at_distributor_exec, exec_type, file_type;
-init_daemon_domain(at_distributor)
-net_domain(at_distributor)
-
-# To make VT call
-binder_use(at_distributor)
-
-allow at_distributor adbd:dir { read search ioctl open getattr };
-allow at_distributor alarm_device:chr_file { read lock getattr write ioctl open append };
-allow at_distributor app_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow at_distributor app_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow at_distributor ashmem_device:chr_file { getattr execute execute_no_trans };
-allow at_distributor at_distributor:appletalk_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow at_distributor at_distributor:capability { setuid dac_override sys_nice chown fsetid fowner };
-allow at_distributor at_distributor:dir { read search ioctl open getattr };
-allow at_distributor at_distributor:fd use;
-allow at_distributor at_distributor:fifo_file { read lock getattr write ioctl open append };
-allow at_distributor at_distributor:file { read lock getattr write ioctl open append };
-allow at_distributor at_distributor:ipc { unix_read setattr associate read create write getattr unix_write destroy };
-allow at_distributor at_distributor:key { search setattr read create write link view };
-allow at_distributor at_distributor:key_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow at_distributor at_distributor:lnk_file { read lock ioctl open getattr };
-allow at_distributor at_distributor:msg { receive send };
-allow at_distributor at_distributor:msgq { unix_read setattr associate read create write enqueue getattr unix_write destroy };
-allow at_distributor at_distributor:netlink_route_socket { nlmsg_write lock accept connect shutdown append create nlmsg_read write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow at_distributor at_distributor:netlink_selinux_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow at_distributor at_distributor:packet_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow at_distributor at_distributor:process { sigkill share getpgid signull setkeycreate siginh getattr setcurrent setrlimit rlimitinh fork getsession setexec setpgid setsched sigstop ptrace noatsecure setsockcreate setfscreate execheap sigchld execstack signal transition setcap execmem getcap getsched dyntransition };
-allow at_distributor at_distributor:rawip_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow at_distributor at_distributor:sem { unix_read setattr associate read create write getattr unix_write destroy };
-allow at_distributor at_distributor:shm { unix_read setattr associate read lock create write getattr unix_write destroy };
-allow at_distributor at_distributor:socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow at_distributor at_distributor:tcp_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind name_connect send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow at_distributor at_distributor:tun_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read attach_queue ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow at_distributor at_distributor:udp_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow at_distributor at_distributor:unix_dgram_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow at_distributor at_distributor:unix_stream_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow at_distributor at_distributor_exec:file { read open getattr entrypoint execute };
-allow at_distributor at_distributor_tmpfs:file { read write };
-allow at_distributor binderservicedomain:binder { transfer call };
-allow at_distributor binderservicedomain:fd use;
-allow at_distributor block_device:dir { read search ioctl open getattr };
-allow at_distributor carrier_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow at_distributor carrier_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow at_distributor cgroup:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow at_distributor cgroup:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow at_distributor dumplog_data_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow at_distributor dumplog_data_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow at_distributor dumplog_data_file:sock_file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow at_distributor dumpstate_exec:file { execute execute_no_trans };
-allow at_distributor dumpsys_exec:file { execute execute_no_trans };
-allow at_distributor efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow at_distributor efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow at_distributor firmware_file:dir { read search ioctl open getattr };
-allow at_distributor firmware_file:file { read lock ioctl open getattr };
-allow at_distributor imei_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow at_distributor imei_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow at_distributor init:process sigchld;
-allow at_distributor init:unix_stream_socket connectto;
-allow at_distributor kernel:system syslog_read;
-allow at_distributor nfc:binder { transfer call };
-allow at_distributor nfc:fd use;
-allow at_distributor property_socket:sock_file write;
-allow at_distributor qseecom_device:chr_file { read lock getattr write ioctl open append };
-allow at_distributor radio:binder { transfer call };
-allow at_distributor radio:fd use;
-allow at_distributor radio_data_file:dir { search read getattr write ioctl remove_name open add_name };
-allow at_distributor radio_data_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow at_distributor radio_device:chr_file { read lock getattr write ioctl open append };
-allow at_distributor radio_prop:property_service set;
-allow at_distributor rild:unix_stream_socket connectto;
-allow at_distributor sec-ril:unix_stream_socket connectto;
-allow at_distributor sec_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow at_distributor sec_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow at_distributor sensorhubservice:binder { transfer call };
-allow at_distributor sensorhubservice:fd use;
-allow at_distributor servicemanager:binder { transfer call };
-allow at_distributor servicemanager:fd use;
-allow at_distributor shell_exec:file { execute read lock getattr execute_no_trans ioctl open };
-allow at_distributor su_exec:file { execute read lock getattr execute_no_trans ioctl open };
-allow at_distributor sysfs:file { write open append };
-allow at_distributor sysfs_sec:file { setattr read lock getattr write ioctl open append };
-allow at_distributor sysfs_ss_writable:file { read lock getattr write ioctl open append };
-allow at_distributor sysfs_wake_lock:file { read lock getattr write ioctl open append };
-allow at_distributor system_app:binder { transfer call };
-allow at_distributor system_app:fd use;
-allow at_distributor system_data_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow at_distributor system_data_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow at_distributor system_file:file { getattr execute execute_no_trans };
-allow at_distributor system_server:binder transfer;
-allow at_distributor uart_device:chr_file { read lock getattr write ioctl open append };
-allow at_distributor zygote_exec:file { execute read lock getattr execute_no_trans ioctl open };

sepolicy/audiod.te

diff --git a/sepolicy/audiod.te b/sepolicy/audiod.te
index 116aa9e..b768df4 100644
--- a/sepolicy/audiod.te
+++ b/sepolicy/audiod.te
@@ -1,24 +1,3 @@
 #====================audiod==========================
 allow audiod snd_data_file:dir { add_name open search write };
 allow audiod snd_data_file:file {  getattr open read write create_file_perms };
-#new#
-allow audiod audiod:appletalk_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow audiod audiod:capability sys_nice;
-allow audiod audiod:ipc { unix_read setattr associate read create write getattr unix_write destroy };
-allow audiod audiod:key { search setattr read create write link view };
-allow audiod audiod:key_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow audiod audiod:msg { receive send };
-allow audiod audiod:msgq { unix_read setattr associate read create write enqueue getattr unix_write destroy };
-allow audiod audiod:netlink_route_socket { nlmsg_write lock accept connect shutdown append create nlmsg_read write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow audiod audiod:netlink_selinux_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow audiod audiod:packet_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow audiod audiod:process { sigkill share getpgid signull setkeycreate siginh getattr setcurrent setrlimit rlimitinh fork getsession setexec setpgid setsched sigstop ptrace noatsecure setsockcreate setfscreate execheap sigchld execstack signal transition setcap execmem getcap getsched dyntransition };
-allow audiod audiod:rawip_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow audiod audiod:sem { unix_read setattr associate read create write getattr unix_write destroy };
-allow audiod audiod:shm { unix_read setattr associate read lock create write getattr unix_write destroy };
-allow audiod audiod:socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow audiod audiod:tcp_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind name_connect send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow audiod audiod:tun_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read attach_queue ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow audiod audiod:udp_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow audiod audiod:unix_dgram_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow audiod audiod:unix_stream_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };

sepolicy/connfwexe.te

diff --git a/sepolicy/connfwexe.te b/sepolicy/connfwexe.te
deleted file mode 100644
index e80cd01..0000000
--- a/sepolicy/connfwexe.te
+++ /dev/null
@@ -1,66 +0,0 @@
-#======================connfwexe===========================================
-type connfwexe, domain;
-type connfwexe_exec, exec_type, file_type;
-init_daemon_domain(connfwexe)
-net_domain(connfwexe)
-
-# To make VT call
-binder_use(connfwexe)
-
-allow connfwexe ashmem_device:chr_file { getattr execute execute_no_trans };
-allow connfwexe block_device:dir { read search ioctl open getattr };
-allow connfwexe block_device:lnk_file { read lock ioctl open getattr };
-allow connfwexe bugreport_exec:file { execute execute_no_trans };
-allow connfwexe connfwexe:appletalk_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow connfwexe connfwexe:capability { setuid net_raw sys_boot sys_nice dac_override };
-allow connfwexe connfwexe:dir { read search ioctl open getattr };
-allow connfwexe connfwexe:fd use;
-allow connfwexe connfwexe:fifo_file { read lock getattr write ioctl open append };
-allow connfwexe connfwexe:file { read lock getattr write ioctl open append };
-allow connfwexe connfwexe:ipc { unix_read setattr associate read create write getattr unix_write destroy };
-allow connfwexe connfwexe:key { search setattr read create write link view };
-allow connfwexe connfwexe:key_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow connfwexe connfwexe:lnk_file { read lock ioctl open getattr };
-allow connfwexe connfwexe:msg { receive send };
-allow connfwexe connfwexe:msgq { unix_read setattr associate read create write enqueue getattr unix_write destroy };
-allow connfwexe connfwexe:netlink_route_socket { nlmsg_write lock accept connect shutdown append create nlmsg_read write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow connfwexe connfwexe:netlink_selinux_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow connfwexe connfwexe:packet_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow connfwexe connfwexe:process { sigkill share getpgid signull setkeycreate siginh getattr setcurrent setrlimit rlimitinh fork getsession setexec setpgid setsched sigstop ptrace noatsecure setsockcreate setfscreate execheap sigchld execstack signal transition setcap execmem getcap getsched dyntransition };
-allow connfwexe connfwexe:rawip_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow connfwexe connfwexe:sem { unix_read setattr associate read create write getattr unix_write destroy };
-allow connfwexe connfwexe:shm { unix_read setattr associate read lock create write getattr unix_write destroy };
-allow connfwexe connfwexe:socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow connfwexe connfwexe:tcp_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind name_connect send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow connfwexe connfwexe:tun_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read attach_queue ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow connfwexe connfwexe:udp_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow connfwexe connfwexe:unix_dgram_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow connfwexe connfwexe:unix_stream_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow connfwexe connfwexe_exec:file { read open getattr entrypoint execute };
-allow connfwexe connfwexe_tmpfs:file { read write };
-allow connfwexe dalvikcache_data_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow connfwexe ddexe:unix_stream_socket connectto;
-allow connfwexe dumplog_data_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow connfwexe dumplog_data_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow connfwexe dumplog_data_file:sock_file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow connfwexe dumpstate_exec:file { execute execute_no_trans };
-allow connfwexe dumpsys_exec:file { execute execute_no_trans };
-allow connfwexe emmcblk_device:blk_file { read lock getattr write ioctl open append };
-allow connfwexe init:process sigchld;
-allow connfwexe init:unix_stream_socket connectto;
-allow connfwexe property_socket:sock_file { write open append };
-allow connfwexe radio_data_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow connfwexe radio_data_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow connfwexe servicemanager:binder { transfer call };
-allow connfwexe servicemanager:fd use;
-allow connfwexe shell_exec:file { execute read lock getattr execute_no_trans ioctl open };
-allow connfwexe sysfs:file { read lock getattr write ioctl open append };
-allow connfwexe sysfs_ss_writable:file { read lock getattr write ioctl open append };
-allow connfwexe sysfs_wake_lock:file { read lock getattr write ioctl open append };
-allow connfwexe system_data_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow connfwexe system_data_file:sock_file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow connfwexe system_file:file { getattr execute execute_no_trans };
-allow connfwexe system_prop:property_service set;
-allow connfwexe system_server:binder { transfer call };
-allow connfwexe system_server:fd use;
-allow connfwexe zygote_exec:file { execute read lock getattr execute_no_trans ioctl open };

sepolicy/cs.te

diff --git a/sepolicy/cs.te b/sepolicy/cs.te
deleted file mode 100644
index b2c5923..0000000
--- a/sepolicy/cs.te
+++ /dev/null
@@ -1,47 +0,0 @@
-#===================cs========================
-type cs, domain;
-type cs_exec, exec_type, file_type;
-init_daemon_domain(cs)
-net_domain(cs)
-
-# To make VT call
-binder_use(cs)
-
-allow cs cs:appletalk_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow cs cs:capability sys_nice;
-allow cs cs:dir { read search ioctl open getattr };
-allow cs cs:fd use;
-allow cs cs:fifo_file { read lock getattr write ioctl open append };
-allow cs cs:file { read lock getattr write ioctl open append };
-allow cs cs:ipc { unix_read setattr associate read create write getattr unix_write destroy };
-allow cs cs:key { search setattr read create write link view };
-allow cs cs:key_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow cs cs:lnk_file { read lock ioctl open getattr };
-allow cs cs:msg { receive send };
-allow cs cs:msgq { unix_read setattr associate read create write enqueue getattr unix_write destroy };
-allow cs cs:netlink_route_socket { nlmsg_write lock accept connect shutdown append create nlmsg_read write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow cs cs:netlink_selinux_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow cs cs:packet_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow cs cs:process { sigkill share getpgid signull setkeycreate siginh getattr setcurrent setrlimit rlimitinh fork getsession setexec setpgid setsched sigstop ptrace noatsecure setsockcreate setfscreate execheap sigchld execstack signal transition setcap execmem getcap getsched dyntransition };
-allow cs cs:rawip_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow cs cs:sem { unix_read setattr associate read create write getattr unix_write destroy };
-allow cs cs:shm { unix_read setattr associate read lock create write getattr unix_write destroy };
-allow cs cs:socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow cs cs:tcp_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind name_connect send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow cs cs:tun_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read attach_queue ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow cs cs:udp_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow cs cs:unix_dgram_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow cs cs:unix_stream_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow cs cs_exec:file { read open getattr entrypoint execute };
-allow cs cs_socket:dir { write remove_name search open add_name };
-allow cs cs_socket:sock_file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow cs cs_tmpfs:file { read write };
-allow cs efs_file:dir { read search ioctl open getattr };
-allow cs efs_file:file { read lock ioctl open getattr };
-allow cs firmware_file:dir { read search ioctl open getattr };
-allow cs firmware_file:file { read lock ioctl open getattr };
-allow cs firmware_file:lnk_file { read lock ioctl open getattr };
-allow cs init:process sigchld;
-allow cs qseecom_device:chr_file { read lock getattr write ioctl open append };
-allow cs system_data_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow cs system_data_file:file { rename setattr read lock create getattr write ioctl link unlink open append };

sepolicy/ddexe.te

diff --git a/sepolicy/ddexe.te b/sepolicy/ddexe.te
deleted file mode 100644
index 474b7fe..0000000
--- a/sepolicy/ddexe.te
+++ /dev/null
@@ -1,41 +0,0 @@
-#=========ddexe================
-type ddexe, domain;
-type ddexe_exec, exec_type, file_type;
-init_daemon_domain(ddexe)
-net_domain(ddexe)
-
-# To make VT call
-binder_use(ddexe)
-
-allow ddexe ddexe:appletalk_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow ddexe ddexe:capability { setuid sys_nice dac_override };
-allow ddexe ddexe:dir { read search ioctl open getattr };
-allow ddexe ddexe:fd use;
-allow ddexe ddexe:fifo_file { read lock getattr write ioctl open append };
-allow ddexe ddexe:file { read lock getattr write ioctl open append };
-allow ddexe ddexe:ipc { unix_read setattr associate read create write getattr unix_write destroy };
-allow ddexe ddexe:key { search setattr read create write link view };
-allow ddexe ddexe:key_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow ddexe ddexe:lnk_file { read lock ioctl open getattr };
-allow ddexe ddexe:msg { receive send };
-allow ddexe ddexe:msgq { unix_read setattr associate read create write enqueue getattr unix_write destroy };
-allow ddexe ddexe:netlink_route_socket { nlmsg_write lock accept connect shutdown append create nlmsg_read write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow ddexe ddexe:netlink_selinux_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow ddexe ddexe:packet_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow ddexe ddexe:process { sigkill share getpgid signull setkeycreate siginh getattr setcurrent setrlimit rlimitinh fork getsession setexec setpgid setsched sigstop ptrace noatsecure setsockcreate setfscreate execheap sigchld execstack signal transition setcap execmem getcap getsched dyntransition };
-allow ddexe ddexe:rawip_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow ddexe ddexe:sem { unix_read setattr associate read create write getattr unix_write destroy };
-allow ddexe ddexe:shm { unix_read setattr associate read lock create write getattr unix_write destroy };
-allow ddexe ddexe:socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow ddexe ddexe:tcp_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind name_connect send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow ddexe ddexe:tun_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read attach_queue ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow ddexe ddexe:udp_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow ddexe ddexe:unix_dgram_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow ddexe ddexe:unix_stream_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow ddexe ddexe_exec:file { read open getattr entrypoint execute };
-allow ddexe ddexe_tmpfs:file { read write };
-allow ddexe device:file { read lock ioctl open getattr };
-allow ddexe gadget_serial_device:chr_file { read lock getattr write ioctl open append };
-allow ddexe init:process sigchld;
-allow ddexe system_data_file:dir { search read getattr write ioctl remove_name open add_name };
-allow ddexe system_data_file:sock_file { rename setattr read lock create getattr write ioctl link unlink open append };

sepolicy/file.te

diff --git a/sepolicy/file.te b/sepolicy/file.te
index 21dca77..321ad61 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -3,86 +3,12 @@
 

 type touchpanel_sysfs, fs_type, sysfs_type;

 

-type bugreport, domain;

-type bugreport_exec, exec_type, file_type;

-

-type icd, domain;

-type icd_exec, exec_type, file_type;

-

-type lpm, domain;

-type lpm_exec, exec_type, file_type;

-

-type dumpsys, domain;

-type dumpsys_exec, exec_type, file_type;

-

-type olsrd, domain;

-type olsrd_exec, exec_type, file_type;

-

-type jackservice, domain;

-type jackservice_exec, exec_type, file_type;

-

-type sensorhubservice, domain;

-type sensorhubservice_exec, exec_type, file_type;

-

-type cpk_efs_file, file_type;

-type carrier_efs_file, file_type;

-type iss_efs_file, file_type;

-type drm_efs_file, file_type;

-type modem_firmware, file_type;

-type otadm_efs_file, file_type;

-type pfw_efs_file, file_type;

-type prov_efs_file, file_type;

-type sensor_efs_file, file_type;

 type wifi_efs_file, file_type;

 type sensors_efs_file, file_type;

 type sysfs_camera, fs_type, sysfs_type;

 type sysfs_class_camera_rear, fs_type, sysfs_type;

-type sysfs_sensor_writable, fs_type, sysfs_type;

-type sysfs_sec, fs_type, sysfs_type;

-type sysfs_app_writable, fs_type, sysfs_type;

 type sysfs_input, fs_type, sysfs_type;

-type sysfs_ss_writable, fs_type, sysfs_type;

 type sysfs_vibeamp, fs_type, sysfs_type;

-type jack_data_file, file_type, data_file_type;

-type audit_log, file_type, data_file_type;

-type tima_log, file_type, data_file_type;

-type drm_playready_file, file_type, data_file_type;

-#type drm_data_file, file_type, data_file_type;

 type snd_data_file, file_type, data_file_type;

-type users_system_data_file, file_type, data_file_type;

-type keymaster_firmware_file, file_type;

-type sshdcpap_firmware_file, file_type;

-type tima_keystore_file, file_type, data_file_type;

-type app_library_file, file_type, data_file_type;

-type obb_apk_file, file_type, data_file_type;

-type app_efs_file, file_type;

-type bin_nv_data_efs_file, file_type;

-type dumplog_data_file, file_type, data_file_type;

-type efs_gsm_file, file_type;

-type emmcblk_device, file_type;

-type smd_cxm_qmi_device, file_type;

-type imei_efs_file, file_type;

-type mbin_device, file_type;

-type nv_core_efs_file, file_type;

-type sec_efs_file, file_type;

-type carrier_file, file_type;

-type uart_device, file_type;

-type cs_socket, file_type;

-type system_fifo, file_type;

-type genlock_device, file_type;

-type ss_conn_daemon_socket, file_type;

-type timerirq_device, file_type;

-type jack_socket, file_type;

-type usb_serial_device, file_type;

-type drsd_socket, file_type;

-type epm_socket, file_type;

-type mtp_socket, file_type;

-type dun_device, file_type;

-type frigate_socket, file_type;

-type tz_socket, file_type;

-type sem_device, file_type;

-type i2c_device, file_type;

-type icd_device, file_type;

-type usb_bus_device, file_type;

-type swap_device, file_type;

-type secure_storage_device, file_type;

+type keymaster_firmware_file, file_type, data_file_type;

+type sshdcpap_firmware_file, file_type, data_file_type;

sepolicy/file_contexts

diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index a5ac85d..8624cf0 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -13,6 +13,8 @@
 /firmware/image/keymaste.*	u:object_r:keymaster_firmware_file:s0
 /firmware/image/sshdcpap.mdt	u:object_r:sshdcpap_firmware_file:s0
 
+/efs/wifi(/.*)?			u:object_r:wifi_efs_file:s0
+/dev/sec-nfc		  	u:object_r:nfc_device:s0
 /dev/i2c-1  			u:object_r:audio_device:s0
 
 # Camera
@@ -32,220 +34,3 @@
 
 # data files
 /data/snd(/.*)?                                     u:object_r:snd_data_file:s0
-
-############################# 
-# DATA file of qcom_common
-#
-/data/misc/gpsone_d(/.*)?	u:object_r:gps_data_file:s0
-
-############################# 
-# EFS file of sec_common
-#
-/cpefs(/.*)?                                     u:object_r:sec_efs_file:s0
-/efs/carrier(/.*)?	u:object_r:carrier_efs_file:s0
-/efs/cpk(/.*)?	                                 u:object_r:cpk_efs_file:s0
-/efs/drx(/.*)?                                   u:object_r:sec_efs_file:s0
-/efs/FactoryApp(/.*)?	u:object_r:app_efs_file:s0
-/efs/imei(/.*)?	u:object_r:imei_efs_file:s0
-/efs/ims_setting(/.*)?                           u:object_r:sec_efs_file:s0
-/efs/iss(/.*)?	                                 u:object_r:iss_efs_file:s0
-/efs/logguard(/.*)?	                         u:object_r:iss_efs_file:s0
-/efs/maxim(/.*)?	                         u:object_r:sec_efs_file:s0
-/efs/mc(/.*)?	                                 u:object_r:prov_efs_file:s0
-/efs/\.nv_core\.bak(.*)                            u:object_r:nv_core_efs_file:s0
-/efs/otadm(/.*)?	                         u:object_r:otadm_efs_file:s0
-/efs/otadm_sw_version                            u:object_r:otadm_efs_file:s0
-/efs/pfw_data(/.*)?	                         u:object_r:pfw_efs_file:s0
-/efs/prov(/.*)?	                                 u:object_r:prov_efs_file:s0
-/efs/prov_data(/.*)?	                         u:object_r:prov_efs_file:s0
-/efs/recovery(/.*)?	                         u:object_r:sec_efs_file:s0
-/efs/root(/.*)?	                                 u:object_r:app_efs_file:s0
-/efs/sec_efs(/.*)?                               u:object_r:sec_efs_file:s0
-/efs/security(/.*)?                              u:object_r:prov_efs_file:s0
-/efs/sktdm_mem(/.*)?                             u:object_r:sec_efs_file:s0
-/efs/SMS(/.*)?                                   u:object_r:sec_efs_file:s0
-/efs/SlideCount                                  u:object_r:app_efs_file:s0
-/efs/TEE(/.*)?                                   u:object_r:prov_efs_file:s0
-/efs/wifi(/.*)?	u:object_r:wifi_efs_file:s0
-/efs_gsm(/.*)?            u:object_r:efs_gsm_file:s0
-
-############################# 
-# EFS file of qcom_common
-#
-/efs/drm(/.*)?	u:object_r:drm_efs_file:s0
-/efs/.drm(/.*)?         u:object_r:drm_efs_file:s0
-
-############################# 
-# EFS file of slsi_common
-#
-/efs/gyro_cal_data	u:object_r:sensor_efs_file:s0
-/efs/nv_data.bin(.*)	u:object_r:bin_nv_data_efs_file:s0
-
-
-############################# 
-# MNT of bcom_common
-#
-/mnt/modemfsro(/.*)?	u:object_r:modem_firmware:s0
-/mnt/modemfsro_fix(/.*)?	u:object_r:modem_firmware:s0
-/mnt/modemfsrw(/.*)?	u:object_r:modem_firmware:s0
-/mnt/modemfw(/.*)?	u:object_r:modem_firmware:s0
-/mnt/modemlog(/.*)?	u:object_r:modem_firmware:s0
-
-############################# 
-# Carrier file of sec_common
-# carrier folder for Sprint(Qualcomm and SLSI)
-/carrier(/.*)?	u:object_r:carrier_file:s0
-
-############################# 
-# DATA file of sec_common
-#
-/data/app-lib(/.*)? 	u:object_r:app_library_file:s0
-/data/bcmnfc(/.*)?	u:object_r:nfc_data_file:s0
-/data/data/.*		u:object_r:app_data_file:s0
-#/data/data/.drm(/.*)?	u:object_r:drm_data_file:s0
-#/data/data/com.android.providers.downloads/cache u:object_r:download_file:s0
-/data/data/com.android.settings/files/wallpaper	u:object_r:wallpaper_file:s0
-/data/data/com.android.shell(/.*)?		u:object_r:shell_data_file:s0
-/data/data/imsqmisocket	u:object_r:system_data_file:s0
-/data/KEqvTaYEYkuJr1Mn+t-SwFvbgYo_(/.*)?  u:object_r:tima_keystore_file:s0
-/data/log(/.*)?	u:object_r:dumplog_data_file:s0
-/data/media.tmp(/.*)?	u:object_r:media_rw_data_file:s0
-/data/media/obb(/.*)?	u:object_r:obb_apk_file:s0
-#from nsa
-/data/misc/jack(/.*)?		u:object_r:jack_data_file:s0
-/data/misc/tima(/.*)?		u:object_r:tima_log:s0
-
-/data/system/users(/.*)?                u:object_r:users_system_data_file:s0
-/data/system/users(/.*)/wallpaper	u:object_r:wallpaper_file:s0
-/data/tee(/.*)?	                        u:object_r:tee_data_file:s0
-
-############################# 
-# System files of qcom_common
-#/system/bin/mfgloader	u:object_r:mfgloader_exec:s0
-/system/bin/qmiproxy	u:object_r:qmiproxy_exec:s0
-/system/bin/wlandutservice	u:object_r:wlandutservice_exec:s0
-
-############################# 
-# System files of sec_common
-# 
-/system/bin/app_process	u:object_r:zygote_exec:s0
-/system/bin/at_distributor      u:object_r:at_distributor_exec:s0
-/system/bin/mksh	u:object_r:shell_exec:s0
-/system/bin/bugreport	u:object_r:bugreport_exec:s0
-/system/bin/connfwexe	u:object_r:connfwexe_exec:s0
-/system/bin/cs				u:object_r:cs_exec:s0
-/system/bin/ddexe	u:object_r:ddexe_exec:s0
-/system/bin/dumpsys	u:object_r:dumpsys_exec:s0
-/system/bin/icd	u:object_r:icd_exec:s0
-/system/bin/insthk	u:object_r:insthk_exec:s0
-/system/bin/jackservice		u:object_r:jackservice_exec:s0
-/system/bin/olsrd	u:object_r:olsrd_exec:s0
-/system/bin/sec-ril	u:object_r:sec-ril_exec:s0
-/system/bin/sensorhubservice	u:object_r:sensorhubservice_exec:s0
-/system/bin/ss_conn_daemon	u:object_r:ss_conn_daemon_exec:s0
-/system/bin/smdexe	u:object_r:smdexe_exec:s0
-/system/bin/otp_server	u:object_r:otp_server_exec:s0
-# conflict with Qcom BSP, /system/bin/wcnss_service	u:object_r:wcnss_service_exec:s0
-/system/bin/wpa_supplicant_real u:object_r:wpa_exec:s0
-# to run resopt on system_server
-/system/bin/resopt	u:object_r:system_file:s0
-# to run zip on resopt, on system_server
-/system/bin/zip 	u:object_r:system_file:s0
-
-
-############################# 
-# DATA file
-#
-/data/data/.drm(/.*)?	u:object_r:drm_playready_file:s0
-#/data/data/.drm/.playready(/.*)?	u:object_r:drm_playready_file:s0
-#/data/data/.drm/.playready/aeskey.dat	u:object_r:drm_data_file:s0
-/data/nfc/(/.*)?		u:object_r:nfc_data_file:s0
-############################# 
-# efs file
-#
-# com.sec.android.preloadinstaller write currentlyFactoryReset
-# path was changed /efs/recovery/currentlyFactoryReset" by recovery team.
-#/efs/.currentlyFactoryReset            u:object_r:app_efs_file:s0
-# com.sec.imsservice write silent_redial
-/efs/silent_redial                     u:object_r:app_efs_file:s0
-# HDCP and Widevine key. support r/w for radio and system app
-/efs/h2k.dat                           u:object_r:cpk_efs_file:s0
-/efs/redata.bin                        u:object_r:cpk_efs_file:s0
-/efs/wv.keys                           u:object_r:cpk_efs_file:s0
-/efs/total_call_time                   u:object_r:app_efs_file:s0
-
-
-############################# 
-# System files of sec_common
-#
-/system/bin/ftm_ptt             u:object_r:ftm_ptt_exec:s0
-/system/bin/lpm                 u:object_r:lpm_exec:s0
-
-############################# 
-# Device node of sec_common
-#
-/dev/block/mmcblk[0-9].*	   u:object_r:emmcblk_device:s0
-/dev/block/zram[0-9]		u:object_r:ram_device:s0
-
-/sys/class/net/wlan0/queues/rx-[0-9]/rps_cpus             u:object_r:sysfs_ss_writable:s0
-/sys/class/kgsl/kgsl-3d0/dispatch(/.*)?     --            u:object_r:sysfs_ss_writable:s0
-/sys/class/power_supply/battery/camera                    u:object_r:sysfs_app_writable:s0
-
-############################# 
-# Device node of sec_common
-#
-/dev/.secure_storage(/.*)?		u:object_r:secure_storage_device:s0
-/dev/__kmsg	u:object_r:klog_device:s0
-/dev/alps_io	u:object_r:input_device:s0
-/dev/android_ssusbcon(/.*)?		u:object_r:usb_device:s0
-/dev/bcm2079x	u:object_r:nfc_device:s0
-/dev/block/mmcblk0p[0-9]*    u:object_r:emmcblk_device:s0
-/dev/block/mmcblk[0-9]*	   u:object_r:emmcblk_device:s0
-/dev/block/mmcblk1p.*   u:object_r:emmcblk_device:s0
-/dev/block/mmcblk1p1    u:object_r:emmcblk_device:s0
-# remove this label because of selabel_lookup_best_match /dev/block/platform/dw_mmc.*    u:object_r:dw_mmc_device:s0
-/dev/block/platform/msm_sdcc.1/by-name/param		u:object_r:emmcblk_device:s0
-/dev/block/sd[a-z][0-9]*    u:object_r:emmcblk_device:s0
-/dev/block/vnswap0		u:object_r:swap_device:s0
-/dev/bus/usb(/.*)?      u:object_r:usb_bus_device:s0
-/dev/cdma_.*		u:object_r:radio_device:s0
-# conflict with Qcom BSP, /dev/diag	u:object_r:diag_device:s0
-/dev/i2c.*		u:object_r:i2c_device:s0
-/dev/icd                u:object_r:icd_device:s0
-/dev/icdr               u:object_r:icd_device:s0
-/dev/pipes(/.*)?    u:object_r:system_fifo:s0
-/dev/p3		u:object_r:sem_device:s0
-/dev/p61		u:object_r:sem_device:s0
-/dev/pn547		u:object_r:nfc_device:s0
-/dev/sec-nfc		u:object_r:nfc_device:s0
-/dev/sec-nfc-fn		u:object_r:nfc_device:s0
-/dev/socket/bluetooth	u:object_r:bluetooth_socket:s0
-/dev/socket/cs_socket	u:object_r:cs_socket:s0
-/dev/socket/dir_enc_report	u:object_r:vold_socket:s0
-/dev/socket/drsd        u:object_r:drsd_socket:s0
-/dev/socket/frigate		u:object_r:frigate_socket:s0
-/dev/socket/jack(/.*)?          u:object_r:jack_socket:s0
-/dev/socket/mtp(/.*)?           u:object_r:mtp_socket:s0
-/dev/socket/ppm     u:object_r:epm_socket:s0
-/dev/socket/rild[0-9]*	u:object_r:rild_socket:s0
-/dev/socket/rild-debug[0-9]* u:object_r:rild_debug_socket:s0
-/dev/socket/ss_conn_daemon      u:object_r:ss_conn_daemon_socket:s0
-/dev/socket/tz                  u:object_r:tz_socket:s0
-/dev/sound_trigger_boost        u:object_r:audio_device:s0
-/dev/ssp_sensorhub	u:object_r:input_device:s0
-/dev/timerirq	u:object_r:timerirq_device:s0
-/dev/ttyGS[0-9]*	u:object_r:usb_serial_device:s0
-/dev/ttyUSB[0-9]*	u:object_r:usb_device:s0
-/dev/usb(/.*)?	u:object_r:usb_device:s0
-/dev/usb.*	u:object_r:usb_device:s0
-/dev/usb/tty.*	u:object_r:usb_device:s0
-/dev/usb_mtp_gadget.*	u:object_r:mtp_device:s0
-/dev/video4[0-9]        u:object_r:camera_device:s0
-
-/dev/efs_bridge	u:object_r:efsbridgehsic_device:s0
-/dev/ks_bridge	u:object_r:ksbridgehsic_device:s0
-/dev/rmnet_mux_ctrl	u:object_r:rmnet_device:s0
-
-/dev/ttyHSL[0-9]*	u:object_r:serial_device:s0
-#line 1 "vendor/samsung/common/sepolicy/model/ctsv4/file_contexts"
-

sepolicy/ftm_ptt.te

diff --git a/sepolicy/ftm_ptt.te b/sepolicy/ftm_ptt.te
deleted file mode 100644
index bec8307..0000000
--- a/sepolicy/ftm_ptt.te
+++ /dev/null
@@ -1,45 +0,0 @@
-#==================ftm_ptt=========================
-type ftm_ptt, domain;
-type ftm_ptt_exec, exec_type, file_type;
-init_daemon_domain(ftm_ptt)
-net_domain(ftm_ptt)
-
-# To make VT call
-binder_use(ftm_ptt)
-
-allow ftm_ptt dnsproxyd_socket:sock_file write;
-allow ftm_ptt ftm_ptt:appletalk_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow ftm_ptt ftm_ptt:capability net_raw;
-allow ftm_ptt ftm_ptt:dir { read search ioctl open getattr };
-allow ftm_ptt ftm_ptt:fd use;
-allow ftm_ptt ftm_ptt:fifo_file { read lock getattr write ioctl open append };
-allow ftm_ptt ftm_ptt:file { read lock getattr write ioctl open append };
-allow ftm_ptt ftm_ptt:ipc { unix_read setattr associate read create write getattr unix_write destroy };
-allow ftm_ptt ftm_ptt:key { search setattr read create write link view };
-allow ftm_ptt ftm_ptt:key_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow ftm_ptt ftm_ptt:lnk_file { read lock ioctl open getattr };
-allow ftm_ptt ftm_ptt:msg { receive send };
-allow ftm_ptt ftm_ptt:msgq { unix_read setattr associate read create write enqueue getattr unix_write destroy };
-allow ftm_ptt ftm_ptt:netlink_route_socket { nlmsg_write lock accept connect shutdown append create nlmsg_read write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow ftm_ptt ftm_ptt:netlink_selinux_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow ftm_ptt ftm_ptt:netlink_socket { setopt setattr read lock create getattr write ioctl connect shutdown bind getopt append };
-allow ftm_ptt ftm_ptt:packet_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow ftm_ptt ftm_ptt:process { sigkill share getpgid signull setkeycreate siginh getattr setcurrent setrlimit rlimitinh fork getsession setexec setpgid setsched sigstop ptrace noatsecure setsockcreate setfscreate execheap sigchld execstack signal transition setcap execmem getcap getsched dyntransition };
-allow ftm_ptt ftm_ptt:rawip_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow ftm_ptt ftm_ptt:sem { unix_read setattr associate read create write getattr unix_write destroy };
-allow ftm_ptt ftm_ptt:shm { unix_read setattr associate read lock create write getattr unix_write destroy };
-allow ftm_ptt ftm_ptt:socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow ftm_ptt ftm_ptt:tcp_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind name_connect send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow ftm_ptt ftm_ptt:tun_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read attach_queue ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow ftm_ptt ftm_ptt:udp_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow ftm_ptt ftm_ptt:unix_dgram_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow ftm_ptt ftm_ptt:unix_stream_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow ftm_ptt ftm_ptt_exec:file { read open getattr entrypoint execute };
-allow ftm_ptt ftm_ptt_tmpfs:file { read write };
-allow ftm_ptt fwmarkd_socket:sock_file write;
-allow ftm_ptt init:process sigchld;
-allow ftm_ptt netd:unix_stream_socket connectto;
-allow ftm_ptt node:tcp_socket node_bind;
-allow ftm_ptt node:udp_socket node_bind;
-allow ftm_ptt port:tcp_socket { name_bind name_connect };
-allow ftm_ptt port:udp_socket name_bind;

sepolicy/init.te

diff --git a/sepolicy/init.te b/sepolicy/init.te
index ba0aea9..0b0abb0 100644
--- a/sepolicy/init.te
+++ b/sepolicy/init.te
@@ -2,22 +2,3 @@
 allow init diag_exec:file execute_no_trans;
 allow init self:process execmem;
 allow init vfat:dir search;
-#new#
-allow init at_distributor:process { siginh transition rlimitinh };
-allow init at_distributor_exec:file { read getattr open execute };
-allow init connfwexe:process { siginh transition rlimitinh };
-allow init connfwexe_exec:file { read getattr open execute };
-allow init cs:process { siginh transition rlimitinh };
-allow init cs_exec:file { read getattr open execute };
-allow init ddexe:process { siginh transition rlimitinh };
-allow init ddexe_exec:file { read getattr open execute };
-allow init ftm_ptt:process { siginh transition rlimitinh };
-allow init ftm_ptt_exec:file { read getattr open execute };
-allow init qmiproxy:process { siginh transition rlimitinh };
-allow init qmiproxy_exec:file { read getattr open execute };
-allow init rild:process { siginh transition rlimitinh };
-allow init smdexe:process { siginh transition rlimitinh };
-allow init smdexe_exec:file { read getattr open execute };
-allow init ss_conn_daemon:process { siginh transition rlimitinh };
-allow init ss_conn_daemon_exec:file { read getattr open execute };
-allow init tee:process { siginh transition rlimitinh };

sepolicy/init_shell.te

diff --git a/sepolicy/init_shell.te b/sepolicy/init_shell.te
index 6657a8b..ff77ba7 100644
--- a/sepolicy/init_shell.te
+++ b/sepolicy/init_shell.te
@@ -1,23 +1,2 @@
 #============= init_shell ==============
 allow init_shell bluetooth_loader_exec:file execute_no_trans;
-allow init_shell at_distributor:dir getattr;
-allow init_shell at_distributor:file { read getattr open };
-allow init_shell connfwexe:dir getattr;
-allow init_shell ddexe:dir { read search open };
-allow init_shell ddexe:file getattr;
-allow init_shell firmware_file:dir { read search ioctl open getattr };
-allow init_shell firmware_file:file { read lock ioctl open getattr };
-allow init_shell fm_radio_device:chr_file { read lock getattr write ioctl open append };
-allow init_shell imei_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow init_shell imei_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow init_shell nfc:file { read getattr open };
-allow init_shell qmuxd:dir getattr;
-allow init_shell qmuxd:file { read getattr open };
-allow init_shell qseecom_device:chr_file { read lock getattr write ioctl open append };
-allow init_shell radio:dir getattr;
-allow init_shell radio:file { read getattr open };
-allow init_shell radio_device:chr_file { read lock getattr write ioctl open append };
-allow init_shell rild:dir { read open };
-allow init_shell rild:file { read open };
-allow init_shell sec-ril:dir getattr;
-allow init_shell tee:dir { read getattr open search };

sepolicy/insthk.te

diff --git a/sepolicy/insthk.te b/sepolicy/insthk.te
deleted file mode 100644
index 47e9ba7..0000000
--- a/sepolicy/insthk.te
+++ /dev/null
@@ -1,42 +0,0 @@
-#===============insthk====================
-type insthk, domain;
-type insthk_exec, exec_type, file_type;
-init_daemon_domain(insthk)
-net_domain(insthk)
-
-# To make VT call
-binder_use(insthk)
-
-allow insthk drm_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow insthk drm_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow insthk drm_efs_file:lnk_file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow insthk firmware_file:file { read lock ioctl open getattr };
-allow insthk init:process sigchld;
-allow insthk insthk:appletalk_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow insthk insthk:capability { sys_nice chown ipc_lock dac_override };
-allow insthk insthk:dir { read search ioctl open getattr };
-allow insthk insthk:fd use;
-allow insthk insthk:fifo_file { read lock getattr write ioctl open append };
-allow insthk insthk:file { read lock getattr write ioctl open append };
-allow insthk insthk:ipc { unix_read setattr associate read create write getattr unix_write destroy };
-allow insthk insthk:key { search setattr read create write link view };
-allow insthk insthk:key_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow insthk insthk:lnk_file { read lock ioctl open getattr };
-allow insthk insthk:msg { receive send };
-allow insthk insthk:msgq { unix_read setattr associate read create write enqueue getattr unix_write destroy };
-allow insthk insthk:netlink_route_socket { nlmsg_write lock accept connect shutdown append create nlmsg_read write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow insthk insthk:netlink_selinux_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow insthk insthk:packet_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow insthk insthk:process { sigkill share getpgid signull setkeycreate siginh getattr setcurrent setrlimit rlimitinh fork getsession setexec setpgid setsched sigstop ptrace noatsecure setsockcreate setfscreate execheap sigchld execstack signal transition setcap execmem getcap getsched dyntransition };
-allow insthk insthk:rawip_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow insthk insthk:sem { unix_read setattr associate read create write getattr unix_write destroy };
-allow insthk insthk:shm { unix_read setattr associate read lock create write getattr unix_write destroy };
-allow insthk insthk:socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow insthk insthk:tcp_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind name_connect send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow insthk insthk:tun_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read attach_queue ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow insthk insthk:udp_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow insthk insthk:unix_dgram_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow insthk insthk:unix_stream_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow insthk insthk_exec:file { read open getattr entrypoint execute };
-allow insthk insthk_tmpfs:file { read write };
-allow insthk qseecom_device:chr_file { read lock getattr write ioctl open append };

sepolicy/mediaserver.te

diff --git a/sepolicy/mediaserver.te b/sepolicy/mediaserver.te
index 8832b65..e91df9d 100644
--- a/sepolicy/mediaserver.te
+++ b/sepolicy/mediaserver.te
@@ -4,29 +4,3 @@
 allow mediaserver camera_prop:property_service set;
 allow mediaserver snd_data_file:dir { add_name open search write };
 allow mediaserver snd_data_file:file {  getattr open read write create_file_perms };
-allow mediaserver at_distributor:fd use;
-allow mediaserver efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow mediaserver efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow mediaserver firmware_file:dir { read search ioctl open getattr };
-allow mediaserver firmware_file:file { read lock ioctl open getattr };
-allow mediaserver fm_radio_device:chr_file { read lock getattr write ioctl open append };
-allow mediaserver nfc:binder { transfer call };
-allow mediaserver nfc:fd use;
-allow mediaserver radio:binder { transfer call };
-allow mediaserver radio:dir { read search ioctl open getattr };
-allow mediaserver radio:fd use;
-allow mediaserver radio:file { read lock ioctl open getattr };
-allow mediaserver radio_data_file:dir search;
-allow mediaserver radio_data_file:file { read lock ioctl open getattr };
-allow mediaserver sec_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow mediaserver sec_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow mediaserver system_data_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow mediaserver system_data_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow mediaserver system_data_file:sock_file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow mediaserver system_fifo:dir { read search ioctl open getattr };
-allow mediaserver system_file:dir { read search ioctl open getattr };
-allow mediaserver system_file:file { getattr execute execute_no_trans };
-allow mediaserver system_prop:property_service set;
-allow mediaserver system_server:binder { transfer call };
-allow mediaserver system_server:dir { read search ioctl open getattr };
-allow mediaserver system_server:fd use;

sepolicy/mtp.te

diff --git a/sepolicy/mtp.te b/sepolicy/mtp.te
deleted file mode 100644
index 792850b..0000000
--- a/sepolicy/mtp.te
+++ /dev/null
@@ -1,22 +0,0 @@
-#================mtp=====================
-allow mtp kernel:system module_request;
-allow mtp mtp:appletalk_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow mtp mtp:ipc { unix_read setattr associate read create write getattr unix_write destroy };
-allow mtp mtp:key { search setattr read create write link view };
-allow mtp mtp:key_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow mtp mtp:msg { receive send };
-allow mtp mtp:msgq { unix_read setattr associate read create write enqueue getattr unix_write destroy };
-allow mtp mtp:netlink_route_socket { nlmsg_write lock accept connect shutdown append create nlmsg_read write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow mtp mtp:netlink_selinux_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow mtp mtp:packet_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow mtp mtp:process { sigkill share getpgid signull setkeycreate siginh getattr setcurrent setrlimit rlimitinh fork getsession setexec setpgid setsched sigstop ptrace noatsecure setsockcreate setfscreate execheap sigchld execstack signal transition setcap execmem getcap getsched dyntransition };
-allow mtp mtp:rawip_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow mtp mtp:sem { unix_read setattr associate read create write getattr unix_write destroy };
-allow mtp mtp:shm { unix_read setattr associate read lock create write getattr unix_write destroy };
-allow mtp mtp:socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow mtp mtp:tcp_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind name_connect send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow mtp mtp:tun_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read attach_queue ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow mtp mtp:udp_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow mtp mtp:unix_dgram_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow mtp mtp:unix_stream_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow mtp port:tcp_socket name_connect;

sepolicy/otp_server.te

diff --git a/sepolicy/otp_server.te b/sepolicy/otp_server.te
deleted file mode 100644
index 8f21f76..0000000
--- a/sepolicy/otp_server.te
+++ /dev/null
@@ -1,54 +0,0 @@
-#======================otp_server================================
-type otp_server, domain;
-type otp_server_exec, exec_type, file_type;
-init_daemon_domain(otp_server)
-net_domain(otp_server)
-
-# To make VT call
-binder_use(otp_server)
-
-allow otp_server app_efs_file:file { read open };
-allow otp_server efs_file:dir { read search ioctl open getattr };
-allow otp_server efs_file:file { read lock ioctl open getattr };
-allow otp_server efs_file:lnk_file { read lock ioctl open getattr };
-allow otp_server firmware_file:dir { read search ioctl open getattr };
-allow otp_server firmware_file:file { read lock ioctl open getattr };
-allow otp_server init:process sigchld;
-allow otp_server otp_server:appletalk_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow otp_server otp_server:capability sys_nice;
-allow otp_server otp_server:dir { read search ioctl open getattr };
-allow otp_server otp_server:fd use;
-allow otp_server otp_server:fifo_file { read lock getattr write ioctl open append };
-allow otp_server otp_server:file { read lock getattr write ioctl open append };
-allow otp_server otp_server:ipc { unix_read setattr associate read create write getattr unix_write destroy };
-allow otp_server otp_server:key { search setattr read create write link view };
-allow otp_server otp_server:key_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow otp_server otp_server:lnk_file { read lock ioctl open getattr };
-allow otp_server otp_server:msg { receive send };
-allow otp_server otp_server:msgq { unix_read setattr associate read create write enqueue getattr unix_write destroy };
-allow otp_server otp_server:netlink_route_socket { nlmsg_write lock accept connect shutdown append create nlmsg_read write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow otp_server otp_server:netlink_selinux_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow otp_server otp_server:packet_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow otp_server otp_server:process { sigkill share getpgid signull setkeycreate siginh getattr setcurrent setrlimit rlimitinh fork getsession setexec setpgid setsched sigstop ptrace noatsecure setsockcreate setfscreate execheap sigchld execstack signal transition setcap execmem getcap getsched dyntransition };
-allow otp_server otp_server:rawip_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow otp_server otp_server:sem { unix_read setattr associate read create write getattr unix_write destroy };
-allow otp_server otp_server:shm { unix_read setattr associate read lock create write getattr unix_write destroy };
-allow otp_server otp_server:socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow otp_server otp_server:tcp_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind name_connect send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow otp_server otp_server:tun_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read attach_queue ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow otp_server otp_server:udp_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow otp_server otp_server:unix_dgram_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow otp_server otp_server:unix_stream_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow otp_server otp_server_exec:file { read open getattr entrypoint execute };
-allow otp_server otp_server_tmpfs:file { read write };
-allow otp_server platform_app_data_file:dir { search read getattr write ioctl remove_name open add_name };
-allow otp_server platform_app_data_file:file { read lock getattr write ioctl open append };
-allow otp_server qseecom_device:chr_file { read write ioctl open };
-allow otp_server radio_data_file:dir search;
-allow otp_server radio_data_file:file { read open };
-allow otp_server servicemanager:binder { transfer call };
-allow otp_server shell_exec:file { read execute open execute_no_trans };
-allow otp_server system_file:file execute_no_trans;
-allow otp_server system_server:fifo_file { read write ioctl getattr };
-allow otp_server system_server:process sigchld;
-allow otp_server wifi_efs_file:file { read open };

sepolicy/property_contexts

diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts
index c8b9256..f61ea51 100644
--- a/sepolicy/property_contexts
+++ b/sepolicy/property_contexts
@@ -3,3 +3,4 @@
 
 persist.soc_camera.flicker		u:object_r:camera_prop:s0
 service.camera.hdmi_preview		u:object_r:camera_prop:s0
+

sepolicy/qmiproxy.te

diff --git a/sepolicy/qmiproxy.te b/sepolicy/qmiproxy.te
deleted file mode 100644
index ecb4ce5..0000000
--- a/sepolicy/qmiproxy.te
+++ /dev/null
@@ -1,42 +0,0 @@
-#==========================qmiproxy===================================
-type qmiproxy, domain;
-type qmiproxy_exec, exec_type, file_type;
-init_daemon_domain(qmiproxy)
-net_domain(qmiproxy)
-
-# To make VT call
-binder_use(qmiproxy)
-
-allow qmiproxy diag_device:chr_file { read lock getattr write ioctl open append };
-allow qmiproxy init:process sigchld;
-allow qmiproxy init:unix_stream_socket connectto;
-allow qmiproxy property_socket:sock_file { write open append };
-allow qmiproxy qmiproxy:appletalk_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow qmiproxy qmiproxy:dir { read search ioctl open getattr };
-allow qmiproxy qmiproxy:fd use;
-allow qmiproxy qmiproxy:fifo_file { read lock getattr write ioctl open append };
-allow qmiproxy qmiproxy:file { read lock getattr write ioctl open append };
-allow qmiproxy qmiproxy:ipc { unix_read setattr associate read create write getattr unix_write destroy };
-allow qmiproxy qmiproxy:key { search setattr read create write link view };
-allow qmiproxy qmiproxy:key_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow qmiproxy qmiproxy:lnk_file { read lock ioctl open getattr };
-allow qmiproxy qmiproxy:msg { receive send };
-allow qmiproxy qmiproxy:msgq { unix_read setattr associate read create write enqueue getattr unix_write destroy };
-allow qmiproxy qmiproxy:netlink_route_socket { nlmsg_write lock accept connect shutdown append create nlmsg_read write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow qmiproxy qmiproxy:netlink_selinux_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow qmiproxy qmiproxy:packet_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow qmiproxy qmiproxy:process { sigkill share getpgid signull setkeycreate siginh getattr setcurrent setrlimit rlimitinh fork getsession setexec setpgid setsched sigstop ptrace noatsecure setsockcreate setfscreate execheap sigchld execstack signal transition setcap execmem getcap getsched dyntransition };
-allow qmiproxy qmiproxy:rawip_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow qmiproxy qmiproxy:sem { unix_read setattr associate read create write getattr unix_write destroy };
-allow qmiproxy qmiproxy:shm { unix_read setattr associate read lock create write getattr unix_write destroy };
-allow qmiproxy qmiproxy:socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow qmiproxy qmiproxy:tcp_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind name_connect send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow qmiproxy qmiproxy:tun_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read attach_queue ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow qmiproxy qmiproxy:udp_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow qmiproxy qmiproxy:unix_dgram_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow qmiproxy qmiproxy:unix_stream_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow qmiproxy qmiproxy_exec:file { read open getattr entrypoint execute };
-allow qmiproxy qmiproxy_tmpfs:file { read write };
-allow qmiproxy qmuxd_socket:dir { write remove_name search open add_name };
-allow qmiproxy qmuxd_socket:sock_file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow qmiproxy radio_prop:property_service set;

sepolicy/qmuxd.te

diff --git a/sepolicy/qmuxd.te b/sepolicy/qmuxd.te
index c28f17e..0bfb65f 100644
--- a/sepolicy/qmuxd.te
+++ b/sepolicy/qmuxd.te
@@ -1,4 +1,2 @@
 #============= qmuxd ==============
 allow qmuxd devpts:chr_file { read write };
-allow qmuxd bugreport_exec:file { execute execute_no_trans };
-allow qmuxd cgroup:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };

sepolicy/radio.te

diff --git a/sepolicy/radio.te b/sepolicy/radio.te
deleted file mode 100644
index 7263bfb..0000000
--- a/sepolicy/radio.te
+++ /dev/null
@@ -1,102 +0,0 @@
-#====================radio======================
-allow radio app_data_file:dir { read search ioctl open getattr };
-allow radio app_data_file:file { read lock getattr write ioctl open append };
-allow radio app_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow radio app_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow radio app_library_file:dir { read search ioctl open getattr };
-allow radio at_distributor:binder transfer;
-allow radio at_distributor:unix_stream_socket connectto;
-allow radio bluetooth_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow radio bluetooth_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow radio bugreport_exec:file { execute execute_no_trans };
-allow radio carrier_file:dir { read search ioctl open getattr };
-allow radio carrier_file:file { read lock ioctl open getattr };
-allow radio cpk_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow radio cpk_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow radio device:sock_file write;
-allow radio devpts:chr_file { read write };
-allow radio drm_data_file:dir { read lock reparent getattr ioctl rmdir remove_name open add_name };
-allow radio drm_data_file:file { read lock ioctl open getattr };
-allow radio dumplog_data_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow radio dumplog_data_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow radio dumplog_data_file:sock_file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow radio dumpstate:binder transfer;
-allow radio dumpstate_exec:file { execute execute_no_trans };
-allow radio dumpstate_socket:sock_file write;
-allow radio dumpsys:binder transfer;
-allow radio dumpsys_exec:file { execute execute_no_trans };
-allow radio efs_file:dir { rename search setattr create reparent getattr ioctl link rmdir remove_name unlink open add_name };
-allow radio efs_file:file { rename setattr lock create getattr ioctl link unlink open };
-allow radio genlock_device:chr_file { read lock getattr write ioctl open append };
-allow radio gpu_device:chr_file { execute read lock getattr write ioctl open append };
-allow radio graphics_device:chr_file { read lock getattr write ioctl open append };
-allow radio healthd:binder { transfer call };
-allow radio healthd:fd use;
-allow radio imei_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow radio imei_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-#allow radio ims_service:service_manager add;
-allow radio init:unix_stream_socket { read write setopt connectto };
-allow radio init_shell:unix_stream_socket connectto;
-allow radio init_tmpfs:file read;
-allow radio insthk_exec:file { getattr execute execute_no_trans };
-allow radio jackservice:binder { transfer call };
-allow radio jackservice:fd use;
-allow radio log_device:chr_file { read lock ioctl open getattr };
-allow radio mediaserver:binder transfer;
-allow radio platform_app_data_file:file { write open append };
-allow radio qmuxd_socket:sock_file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow radio radio:appletalk_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow radio radio:ipc { unix_read setattr associate read create write getattr unix_write destroy };
-allow radio radio:key { search setattr read create write link view };
-allow radio radio:key_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow radio radio:lnk_file { read lock ioctl open getattr };
-allow radio radio:msg { receive send };
-allow radio radio:msgq { unix_read setattr associate read create write enqueue getattr unix_write destroy };
-allow radio radio:netlink_route_socket { nlmsg_write lock accept connect shutdown append create nlmsg_read write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow radio radio:packet_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow radio radio:process { sigkill share getpgid signull setkeycreate siginh getattr setcurrent setrlimit rlimitinh fork getsession setexec setpgid setsched sigstop ptrace noatsecure setsockcreate setfscreate execheap sigchld execstack signal transition setcap execmem getcap getsched dyntransition };
-allow radio radio:rawip_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow radio radio:sem { unix_read setattr associate read create write getattr unix_write destroy };
-allow radio radio:shm { unix_read setattr associate read lock create write getattr unix_write destroy };
-allow radio radio:socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow radio radio:tcp_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind name_connect send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow radio radio:tun_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read attach_queue ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow radio radio:udp_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow radio radio:unix_dgram_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow radio radio:unix_stream_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow radio rild_socket:sock_file { write open append };
-allow radio sdcard_type:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow radio sdcard_type:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow radio sec_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow radio sec_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow radio sensorhubservice:binder { transfer call };
-allow radio sensorhubservice:fd use;
-allow radio servicemanager:binder { transfer call };
-allow radio servicemanager:fd use;
-allow radio shell_data_file:dir { read search ioctl open getattr };
-allow radio shell_data_file:file { read lock ioctl open getattr };
-allow radio shell_exec:file { execute read lock getattr execute_no_trans ioctl open };
-allow radio surfaceflinger:binder transfer;
-allow radio sysfs:file { open append };
-allow radio sysfs_battery_supply:file { read lock getattr write ioctl open append };
-allow radio sysfs_sec:file { read lock getattr write ioctl open append };
-allow radio sysfs_sensor_writable:file { read lock getattr write ioctl open append };
-allow radio sysfs_ss_writable:file { read lock getattr write ioctl open append };
-allow radio system_app:fifo_file { write open append };
-allow radio system_app:unix_stream_socket connectto;
-allow radio system_app_data_file:file setattr;
-allow radio system_data_file:dir { read search ioctl open getattr };
-allow radio system_data_file:file { read lock ioctl open getattr };
-allow radio system_file:file execute_no_trans;
-allow radio system_file:lnk_file getattr;
-allow radio system_prop:property_service set;
-allow radio system_server:tcp_socket { read write };
-allow radio system_server:unix_stream_socket { connectto setopt };
-#allow radio telecom_service:service_manager add;
-allow radio tmpfs:file { read lock ioctl open getattr };
-allow radio tz_socket:sock_file write;
-allow radio usb_device:chr_file { read lock getattr write ioctl open append };
-allow radio wifi_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow radio wifi_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow radio zygote:binder { transfer call };
-allow radio zygote:fd use;

sepolicy/rild.te

diff --git a/sepolicy/rild.te b/sepolicy/rild.te
index db0134b..b88247a 100644
--- a/sepolicy/rild.te
+++ b/sepolicy/rild.te
@@ -1,107 +1,2 @@
 #============= rild ==============
 allow rild proc_net:file { open read write };
-allow rild anr_data_file:dir { search read getattr write ioctl remove_name open add_name };
-allow rild anr_data_file:file { read lock getattr write ioctl open append };
-allow rild app_data_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow rild app_data_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow rild app_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow rild app_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow rild ashmem_device:chr_file execute;
-allow rild at_distributor:dir { read search ioctl open getattr };
-allow rild at_distributor:file { read lock ioctl open getattr };
-allow rild bin_nv_data_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow rild block_device:dir { read search ioctl open getattr };
-allow rild bluetooth:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow rild bluetooth:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow rild ctl_dumpstate_prop:property_service set;
-allow rild ctl_rildaemon_prop:property_service set;
-allow rild device:dir { search read getattr write ioctl remove_name open add_name };
-allow rild device:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow rild diag_device:chr_file { read lock getattr write ioctl open append };
-allow rild dumplog_data_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow rild dumplog_data_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow rild dumplog_data_file:sock_file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow rild dumpstate_exec:file { getattr execute execute_no_trans };
-allow rild dumpstate_socket:sock_file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow rild dumpsys_exec:file { execute execute_no_trans };
-allow rild efs_gsm_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow rild efs_gsm_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow rild emmcblk_device:blk_file { read lock getattr write ioctl open append };
-allow rild esoc_device:chr_file { read lock getattr write ioctl open append };
-allow rild fuse:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow rild fuse:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow rild gpsd:dir { read search ioctl open getattr };
-allow rild gpsd:file { read lock ioctl open getattr };
-allow rild imei_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow rild imei_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow rild init:dir { read search ioctl open getattr };
-allow rild init:file { read lock ioctl open getattr };
-allow rild init:tun_socket relabelfrom;
-allow rild mbin_device:lnk_file { read lock ioctl open getattr };
-allow rild media_rw_data_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow rild media_rw_data_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow rild mediaserver:binder { transfer call };
-allow rild mediaserver:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow rild mediaserver:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow rild nv_core_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow rild per_mgr:binder { transfer call };
-allow rild per_mgr:fd use;
-allow rild platform_app:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow rild platform_app:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow rild proc:file { write open append };
-allow rild proc_net:file { write open append };
-allow rild qmuxd_socket:sock_file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow rild radio:dir { read search ioctl open getattr };
-allow rild radio:file { read lock ioctl open getattr };
-allow rild radio_data_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow rild rild:appletalk_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow rild rild:capability { setuid net_raw dac_override dac_read_search chown net_admin };
-allow rild rild:ipc { unix_read setattr associate read create write getattr unix_write destroy };
-allow rild rild:key { search setattr read create write link view };
-allow rild rild:key_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow rild rild:msg { receive send };
-allow rild rild:msgq { unix_read setattr associate read create write enqueue getattr unix_write destroy };
-allow rild rild:netlink_route_socket { nlmsg_write lock accept connect shutdown append create nlmsg_read write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow rild rild:netlink_selinux_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow rild rild:packet_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow rild rild:process { sigkill share getpgid signull setkeycreate siginh getattr setcurrent setrlimit rlimitinh fork getsession setexec setpgid setsched sigstop ptrace noatsecure setsockcreate setfscreate execheap sigchld execstack signal transition setcap execmem getcap getsched dyntransition };
-allow rild rild:rawip_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow rild rild:sem { unix_read setattr associate read create write getattr unix_write destroy };
-allow rild rild:shm { unix_read setattr associate read lock create write getattr unix_write destroy };
-allow rild rild:socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow rild rild:tcp_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind name_connect send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow rild rild:tun_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read attach_queue ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow rild rild:udp_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow rild rild:unix_dgram_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow rild rild:unix_stream_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow rild rild_tmpfs:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow rild rild_tmpfs:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow rild sec_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow rild sec_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow rild smd_cxm_qmi_device:chr_file { write open append };
-allow rild smdexe:dir { read search ioctl open getattr };
-allow rild smdexe:file { read lock ioctl open getattr };
-allow rild socket_device:dir write;
-allow rild ssr_device:chr_file { read open };
-allow rild sysfs:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow rild sysfs_sec:dir { search read getattr write ioctl remove_name open add_name };
-allow rild sysfs_sec:file { read lock getattr write ioctl open append };
-allow rild sysfs_sec:lnk_file { read lock getattr write ioctl open append };
-allow rild sysfs_ss_writable:file { read lock getattr write ioctl open append };
-allow rild system_app:dir search;
-allow rild system_app:file { read lock ioctl open getattr };
-allow rild system_app_data_file:dir { search read getattr write ioctl remove_name open add_name };
-allow rild system_app_data_file:file { setattr read lock getattr write ioctl open append };
-allow rild system_data_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow rild system_file:dir { read search ioctl open getattr };
-allow rild system_prop:property_service set;
-allow rild system_server:binder { transfer call };
-allow rild system_server:fd use;
-allow rild tombstone_data_file:dir { read search ioctl open getattr };
-allow rild tombstone_data_file:file { read lock ioctl open getattr };
-allow rild tun_device:chr_file { read lock getattr write ioctl open append };
-allow rild uart_device:chr_file { read lock getattr write ioctl open append };
-allow rild usb_device:chr_file { write open append };
-allow rild wpa:dir { read search ioctl open getattr };
-allow rild wpa:file { read lock ioctl open getattr };
-allow rild zygote_exec:file { execute read lock getattr execute_no_trans ioctl open };

sepolicy/sec-ril.te

diff --git a/sepolicy/sec-ril.te b/sepolicy/sec-ril.te
deleted file mode 100644
index b699266..0000000
--- a/sepolicy/sec-ril.te
+++ /dev/null
@@ -1,83 +0,0 @@
-#============sec-ril===========================
-type sec-ril, domain;
-type sec-ril_exec, exec_type, file_type;
-init_daemon_domain(sec-ril)
-net_domain(sec-ril)
-
-# To make VT call
-binder_use(sec-ril)
-
-allow sec-ril alarm_device:chr_file write;
-allow sec-ril anr_data_file:dir { read search ioctl open getattr };
-allow sec-ril anr_data_file:file { read lock getattr write ioctl open append };
-allow sec-ril app_data_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow sec-ril app_data_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow sec-ril app_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow sec-ril app_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow sec-ril ashmem_device:chr_file { execute read lock getattr execute_no_trans ioctl open };
-allow sec-ril carrier_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow sec-ril carrier_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow sec-ril dumplog_data_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow sec-ril dumplog_data_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow sec-ril dumplog_data_file:sock_file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow sec-ril dumpstate_exec:file { execute execute_no_trans };
-allow sec-ril dumpsys_exec:file { execute execute_no_trans };
-allow sec-ril efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow sec-ril efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow sec-ril imei_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow sec-ril imei_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow sec-ril init:process sigchld;
-allow sec-ril init:unix_stream_socket connectto;
-allow sec-ril kernel:system { module_request syslog_read };
-allow sec-ril property_socket:sock_file write;
-allow sec-ril qmuxd:unix_stream_socket connectto;
-allow sec-ril qmuxd_socket:dir { write add_name };
-allow sec-ril qmuxd_socket:sock_file { write create setattr };
-allow sec-ril radio_data_file:dir { search read getattr write ioctl remove_name open add_name };
-allow sec-ril radio_data_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow sec-ril radio_device:chr_file { read lock getattr write ioctl open append };
-allow sec-ril radio_prop:property_service set;
-allow sec-ril rild:unix_stream_socket connectto;
-allow sec-ril rootfs:file execute;
-allow sec-ril sec-ril:appletalk_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow sec-ril sec-ril:capability { setuid sys_module sys_nice dac_override net_raw chown net_admin };
-allow sec-ril sec-ril:dir { read search ioctl open getattr };
-allow sec-ril sec-ril:fd use;
-allow sec-ril sec-ril:fifo_file { read lock getattr write ioctl open append };
-allow sec-ril sec-ril:file { read lock getattr write ioctl open append };
-allow sec-ril sec-ril:ipc { unix_read setattr associate read create write getattr unix_write destroy };
-allow sec-ril sec-ril:key { search setattr read create write link view };
-allow sec-ril sec-ril:key_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow sec-ril sec-ril:lnk_file { read lock ioctl open getattr };
-allow sec-ril sec-ril:msg { receive send };
-allow sec-ril sec-ril:msgq { unix_read setattr associate read create write enqueue getattr unix_write destroy };
-allow sec-ril sec-ril:netlink_route_socket { nlmsg_write lock accept connect shutdown append create nlmsg_read write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow sec-ril sec-ril:netlink_selinux_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow sec-ril sec-ril:packet_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow sec-ril sec-ril:process { sigkill share getpgid signull setkeycreate siginh getattr setcurrent setrlimit rlimitinh fork getsession setexec setpgid setsched sigstop ptrace noatsecure setsockcreate setfscreate execheap sigchld execstack signal transition setcap execmem getcap getsched dyntransition };
-allow sec-ril sec-ril:rawip_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow sec-ril sec-ril:sem { unix_read setattr associate read create write getattr unix_write destroy };
-allow sec-ril sec-ril:shm { unix_read setattr associate read lock create write getattr unix_write destroy };
-allow sec-ril sec-ril:socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow sec-ril sec-ril:tcp_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind name_connect send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow sec-ril sec-ril:tun_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read attach_queue ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow sec-ril sec-ril:udp_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow sec-ril sec-ril:unix_dgram_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow sec-ril sec-ril:unix_stream_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow sec-ril sec-ril_exec:file { read open getattr entrypoint execute };
-allow sec-ril sec-ril_tmpfs:file { read write };
-allow sec-ril sec_efs_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow sec-ril sec_efs_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow sec-ril servicemanager:binder { transfer call };
-allow sec-ril servicemanager:fd use;
-allow sec-ril shell_exec:file { execute read lock getattr execute_no_trans ioctl open };
-allow sec-ril sysfs:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow sec-ril sysfs_ss_writable:file { read lock getattr write ioctl open append };
-allow sec-ril sysfs_wake_lock:file { read write open };
-allow sec-ril system_data_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow sec-ril system_data_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow sec-ril system_file:file { getattr execute execute_no_trans };
-allow sec-ril system_prop:property_service set;
-allow sec-ril system_server:binder { transfer call };
-allow sec-ril system_server:fd use;
-allow sec-ril zygote_exec:file { execute read lock getattr execute_no_trans ioctl open };

sepolicy/shell.te

diff --git a/sepolicy/shell.te b/sepolicy/shell.te
index 46b2c42..1676908 100644
--- a/sepolicy/shell.te
+++ b/sepolicy/shell.te
@@ -1,7 +1,3 @@
 #============= shell ==============
 allow shell block_device:dir search;
 #allow shell labeledfs:filesystem remount;
-allow shell efs_file:dir { read search ioctl open getattr };
-allow shell firmware_file:dir { read search ioctl open getattr };
-allow shell firmware_file:file { read lock ioctl open getattr };
-allow shell firmware_file:lnk_file { read lock ioctl open getattr };

sepolicy/smdexe.te

diff --git a/sepolicy/smdexe.te b/sepolicy/smdexe.te
deleted file mode 100644
index 65e387d..0000000
--- a/sepolicy/smdexe.te
+++ /dev/null
@@ -1,44 +0,0 @@
-#============smdexe============
-type smdexe, domain;
-type smdexe_exec, exec_type, file_type;
-init_daemon_domain(smdexe)
-net_domain(smdexe)
-
-# To make VT call
-binder_use(smdexe)
-
-allow smdexe ddexe:unix_stream_socket connectto;
-allow smdexe dun_device:chr_file { read lock getattr write ioctl open append };
-allow smdexe init:process sigchld;
-allow smdexe rild:unix_stream_socket connectto;
-allow smdexe smd_device:chr_file { read lock getattr write ioctl open append };
-allow smdexe smdexe:appletalk_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow smdexe smdexe:capability { setuid sys_nice dac_override };
-allow smdexe smdexe:dir { read search ioctl open getattr };
-allow smdexe smdexe:fd use;
-allow smdexe smdexe:fifo_file { read lock getattr write ioctl open append };
-allow smdexe smdexe:file { read lock getattr write ioctl open append };
-allow smdexe smdexe:ipc { unix_read setattr associate read create write getattr unix_write destroy };
-allow smdexe smdexe:key { search setattr read create write link view };
-allow smdexe smdexe:key_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow smdexe smdexe:lnk_file { read lock ioctl open getattr };
-allow smdexe smdexe:msg { receive send };
-allow smdexe smdexe:msgq { unix_read setattr associate read create write enqueue getattr unix_write destroy };
-allow smdexe smdexe:netlink_route_socket { nlmsg_write lock accept connect shutdown append create nlmsg_read write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow smdexe smdexe:netlink_selinux_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow smdexe smdexe:packet_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow smdexe smdexe:process { sigkill share getpgid signull setkeycreate siginh getattr setcurrent setrlimit rlimitinh fork getsession setexec setpgid setsched sigstop ptrace noatsecure setsockcreate setfscreate execheap sigchld execstack signal transition setcap execmem getcap getsched dyntransition };
-allow smdexe smdexe:rawip_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow smdexe smdexe:sem { unix_read setattr associate read create write getattr unix_write destroy };
-allow smdexe smdexe:shm { unix_read setattr associate read lock create write getattr unix_write destroy };
-allow smdexe smdexe:socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow smdexe smdexe:tcp_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind name_connect send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow smdexe smdexe:tun_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read attach_queue ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow smdexe smdexe:udp_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow smdexe smdexe:unix_dgram_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow smdexe smdexe:unix_stream_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow smdexe smdexe_exec:file { read open getattr entrypoint execute };
-allow smdexe smdexe_tmpfs:file { read write };
-allow smdexe sysfs:file { read lock getattr write ioctl open append };
-allow smdexe sysfs_ss_writable:file { read lock getattr write ioctl open append };
-allow smdexe system_data_file:sock_file { read lock getattr write ioctl open append };

sepolicy/ss_conn_daemon.te

diff --git a/sepolicy/ss_conn_daemon.te b/sepolicy/ss_conn_daemon.te
deleted file mode 100644
index f720ad6..0000000
--- a/sepolicy/ss_conn_daemon.te
+++ /dev/null
@@ -1,45 +0,0 @@
-#============ss_conn_daemon=================
-type ss_conn_daemon, domain;
-type ss_conn_daemon_exec, exec_type, file_type;
-init_daemon_domain(ss_conn_daemon)
-net_domain(ss_conn_daemon)
-
-# To make VT call
-binder_use(ss_conn_daemon)
-
-allow ss_conn_daemon init:process sigchld;
-allow ss_conn_daemon node:tcp_socket node_bind;
-allow ss_conn_daemon node:udp_socket node_bind;
-allow ss_conn_daemon port:tcp_socket { name_bind name_connect };
-allow ss_conn_daemon port:udp_socket name_bind;
-allow ss_conn_daemon ss_conn_daemon:appletalk_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow ss_conn_daemon ss_conn_daemon:capability sys_nice;
-allow ss_conn_daemon ss_conn_daemon:dir { read search ioctl open getattr };
-allow ss_conn_daemon ss_conn_daemon:fd use;
-allow ss_conn_daemon ss_conn_daemon:fifo_file { read lock getattr write ioctl open append };
-allow ss_conn_daemon ss_conn_daemon:file { read lock getattr write ioctl open append };
-allow ss_conn_daemon ss_conn_daemon:ipc { unix_read setattr associate read create write getattr unix_write destroy };
-allow ss_conn_daemon ss_conn_daemon:key { search setattr read create write link view };
-allow ss_conn_daemon ss_conn_daemon:key_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow ss_conn_daemon ss_conn_daemon:lnk_file { read lock ioctl open getattr };
-allow ss_conn_daemon ss_conn_daemon:msg { receive send };
-allow ss_conn_daemon ss_conn_daemon:msgq { unix_read setattr associate read create write enqueue getattr unix_write destroy };
-allow ss_conn_daemon ss_conn_daemon:netlink_route_socket { nlmsg_write lock accept connect shutdown append create nlmsg_read write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow ss_conn_daemon ss_conn_daemon:netlink_selinux_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow ss_conn_daemon ss_conn_daemon:packet_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow ss_conn_daemon ss_conn_daemon:process { sigkill share getpgid signull setkeycreate siginh getattr setcurrent setrlimit rlimitinh fork getsession setexec setpgid setsched sigstop ptrace noatsecure setsockcreate setfscreate execheap sigchld execstack signal transition setcap execmem getcap getsched dyntransition };
-allow ss_conn_daemon ss_conn_daemon:rawip_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow ss_conn_daemon ss_conn_daemon:sem { unix_read setattr associate read create write getattr unix_write destroy };
-allow ss_conn_daemon ss_conn_daemon:shm { unix_read setattr associate read lock create write getattr unix_write destroy };
-allow ss_conn_daemon ss_conn_daemon:socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow ss_conn_daemon ss_conn_daemon:tcp_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind name_connect send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow ss_conn_daemon ss_conn_daemon:tun_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read attach_queue ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow ss_conn_daemon ss_conn_daemon:udp_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow ss_conn_daemon ss_conn_daemon:unix_dgram_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow ss_conn_daemon ss_conn_daemon:unix_stream_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow ss_conn_daemon ss_conn_daemon_exec:file { read open getattr entrypoint execute };
-allow ss_conn_daemon ss_conn_daemon_socket:sock_file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow ss_conn_daemon ss_conn_daemon_tmpfs:file { read write };
-allow ss_conn_daemon system_data_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow ss_conn_daemon system_data_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow ss_conn_daemon usb_device:chr_file { rename setattr read lock create getattr write ioctl link unlink open append };

sepolicy/wlandutservice.te

diff --git a/sepolicy/wlandutservice.te b/sepolicy/wlandutservice.te
deleted file mode 100644
index 1dbb935..0000000
--- a/sepolicy/wlandutservice.te
+++ /dev/null
@@ -1,43 +0,0 @@
-#===========wlandutservice=====================
-type wlandutservice, domain;
-type wlandutservice_exec, exec_type, file_type;
-init_daemon_domain(wlandutservice)
-net_domain(wlandutservice)
-
-# To make VT call
-binder_use(wlandutservice)
-
-allow wlandutservice init:process sigchld;
-allow wlandutservice init:unix_stream_socket connectto;
-allow wlandutservice servicemanager:binder { transfer call };
-allow wlandutservice shell_exec:file { execute read lock getattr execute_no_trans ioctl open };
-allow wlandutservice system_data_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
-allow wlandutservice system_data_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
-allow wlandutservice system_file:file { execute read lock getattr execute_no_trans ioctl open };
-allow wlandutservice wlandutservice:appletalk_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow wlandutservice wlandutservice:capability { net_admin sys_nice };
-allow wlandutservice wlandutservice:dir { read search ioctl open getattr };
-allow wlandutservice wlandutservice:fd use;
-allow wlandutservice wlandutservice:fifo_file { read lock getattr write ioctl open append };
-allow wlandutservice wlandutservice:file { read lock getattr write ioctl open append };
-allow wlandutservice wlandutservice:ipc { unix_read setattr associate read create write getattr unix_write destroy };
-allow wlandutservice wlandutservice:key { search setattr read create write link view };
-allow wlandutservice wlandutservice:key_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow wlandutservice wlandutservice:lnk_file { read lock ioctl open getattr };
-allow wlandutservice wlandutservice:msg { receive send };
-allow wlandutservice wlandutservice:msgq { unix_read setattr associate read create write enqueue getattr unix_write destroy };
-allow wlandutservice wlandutservice:netlink_route_socket { nlmsg_write lock accept connect shutdown append create nlmsg_read write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow wlandutservice wlandutservice:netlink_selinux_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow wlandutservice wlandutservice:packet_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow wlandutservice wlandutservice:process { sigkill share getpgid signull setkeycreate siginh getattr setcurrent setrlimit rlimitinh fork getsession setexec setpgid setsched sigstop ptrace noatsecure setsockcreate setfscreate execheap sigchld execstack signal transition setcap execmem getcap getsched dyntransition };
-allow wlandutservice wlandutservice:rawip_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow wlandutservice wlandutservice:sem { unix_read setattr associate read create write getattr unix_write destroy };
-allow wlandutservice wlandutservice:shm { unix_read setattr associate read lock create write getattr unix_write destroy };
-allow wlandutservice wlandutservice:socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow wlandutservice wlandutservice:tcp_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind name_connect send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow wlandutservice wlandutservice:tun_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read attach_queue ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow wlandutservice wlandutservice:udp_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
-allow wlandutservice wlandutservice:unix_dgram_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow wlandutservice wlandutservice:unix_stream_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
-allow wlandutservice wlandutservice_exec:file { read open getattr entrypoint execute };
-#allow wlandutservice wlandutservice_service:service_manager add;