Merged sepolicies from fortunave3g tree
diff --git a/sepolicy/bluetooth.te b/sepolicy/bluetooth.te
new file mode 100644
index 0000000..10b56e1
--- /dev/null
+++ b/sepolicy/bluetooth.te
@@ -0,0 +1 @@
+allow bluetooth bluetooth_efs_file:file read;
diff --git a/sepolicy/bluetooth_loader.te b/sepolicy/bluetooth_loader.te
index d867e05..e54520d 100644
--- a/sepolicy/bluetooth_loader.te
+++ b/sepolicy/bluetooth_loader.te
@@ -18,12 +18,15 @@
# Read mac address from persist partition
allow bluetooth_loader persist_file:dir search;
+allow bluetooth_loader efs_file:dir search;
+allow bluetooth_loader bluetooth_efs_file:dir search;
+allow bluetooth_loader bluetooth_efs_file:file { open read };
r_dir_file(bluetooth_loader, bluetooth_data_file)
allow bluetooth_loader self:capability { dac_override dac_read_search chown };
# It may write a random mac here
-allow bluetooth_loader persist_file:dir { add_name write };
-allow bluetooth_loader persist_file:file { create_file_perms };
+#allow bluetooth_loader persist_file:dir { add_name write };
+#allow bluetooth_loader persist_file:file { create_file_perms };
# Talk to init over the property socket
unix_socket_connect(bluetooth_loader, property, init)
diff --git a/sepolicy/file.te b/sepolicy/file.te
index ab6ffb0..77448eb 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -1,4 +1,10 @@
#Defines the files (configs, dumps, etc) used by display processes
type display_misc_file, file_type, data_file_type;
-type touchpanel_sysfs, fs_type, sysfs_type;
\ No newline at end of file
+type touchpanel_sysfs, fs_type, sysfs_type;
+
+type wifi_efs_file, file_type;
+type sensors_efs_file, file_type;
+type sysfs_camera, fs_type, sysfs_type;
+type sysfs_input, fs_type, sysfs_type;
+type sysfs_vibeamp, fs_type, sysfs_type;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 5222c5d..b1ed368 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -1,9 +1,29 @@
/persist/.genmac u:object_r:wifi_data_file:s0
/persist/.bt_nv.bin u:object_r:bluetooth_data_file:s0
+/sys/devices/soc.0/78b9000.i2c/i2c-5/5-0040/gesture u:object_r:touchpanel_sysfs:s0
+
+# Bluetooth
/system/bin/btnvtool u:object_r:bluetooth_loader_exec:s0
/system/etc/init\.qcom\.bt\.sh u:object_r:bluetooth_loader_exec:s0
-
+/persist/.bt_nv.bin u:object_r:bluetooth_data_file:s0
/dev/smd3 u:object_r:hci_attach_dev:s0
+/efs/bluetooth(/.*)? u:object_r:bluetooth_efs_file:s0
-/sys/devices/soc.0/78b9000.i2c/i2c-5/5-0040/gesture u:object_r:touchpanel_sysfs:s0
+/efs/wifi(/.*)? u:object_r:wifi_efs_file:s0
+/dev/sec-nfc u:object_r:nfc_device:s0
+/dev/i2c-1 u:object_r:audio_device:s0
+
+# Camera
+/sys/devices/virtual/camera(/.*)? u:object_r:sysfs_camera:s0
+/data/cam_socket.* u:object_r:camera_socket:s0
+
+# Workaround for input
+/sys/devices/soc.0/i2c.78/i2c-11/11-0020/input/input1/enabled u:object_r:sysfs_input:s0
+/sys/devices/soc.0/i2c.72/i2c-12/12-0048/input/input3/enabled u:object_r:sysfs_input:s0
+
+# Sensors
+/efs/prox_cal u:object_r:sensors_efs_file:s0
+
+# CMHW
+/sys/devices/virtual/timed_output/vibrator(/.*)? u:object_r:sysfs_vibeamp:s0
diff --git a/sepolicy/kernel.te b/sepolicy/kernel.te
new file mode 100644
index 0000000..18a2049
--- /dev/null
+++ b/sepolicy/kernel.te
@@ -0,0 +1 @@
+allow kernel block_device:blk_file rw_file_perms;
diff --git a/sepolicy/mediaserver.te b/sepolicy/mediaserver.te
index 51b8bb1..ca49e5c 100644
--- a/sepolicy/mediaserver.te
+++ b/sepolicy/mediaserver.te
@@ -1,3 +1,4 @@
#============= mediaserver ==============
allow mediaserver sysfs_wake_lock:file { open read write };
allow mediaserver system_data_file:sock_file write;
+allow mediaserver camera_prop:property_service set;
diff --git a/sepolicy/mm-qcamerad.te b/sepolicy/mm-qcamerad.te
index 0b9b19d..ad989c9 100644
--- a/sepolicy/mm-qcamerad.te
+++ b/sepolicy/mm-qcamerad.te
@@ -1,3 +1,5 @@
#============= mm-qcamerad ==============
-allow mm-qcamerad sysfs:file { open read write };
+allow mm-qcamerad sysfs_camera:dir search;
+allow mm-qcamerad sysfs:file { getattr open read write };
allow mm-qcamerad system_data_file:sock_file { create unlink };
+type_transition mm-qcamerad system_data_file:sock_file camera_socket "cam_socket3";
diff --git a/sepolicy/property.te b/sepolicy/property.te
new file mode 100644
index 0000000..2026491
--- /dev/null
+++ b/sepolicy/property.te
@@ -0,0 +1 @@
+type camera_prop, property_type;
diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts
index bb6cb2e..f61ea51 100644
--- a/sepolicy/property_contexts
+++ b/sepolicy/property_contexts
@@ -1,2 +1,6 @@
qualcomm.bluetooth. u:object_r:bluetooth_prop:s0
qualcomm.bt. u:object_r:bluetooth_prop:s0
+
+persist.soc_camera.flicker u:object_r:camera_prop:s0
+service.camera.hdmi_preview u:object_r:camera_prop:s0
+
diff --git a/sepolicy/system_app.te b/sepolicy/system_app.te
new file mode 100644
index 0000000..6f95b1a
--- /dev/null
+++ b/sepolicy/system_app.te
@@ -0,0 +1,4 @@
+allow system_app sysfs_input:file { read write };
+allow system_app sysfs_input:dir search;
+allow system_app sysfs_input:file rw_file_perms;
+allow system_app sysfs_input:lnk_file read;
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
index 09cc706..0f48cb2 100644
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@@ -2,3 +2,6 @@
allow system_server efs_file:dir search;
allow system_server touchpanel_sysfs:file rw_file_perms;
allow system_server touchpanel_sysfs:dir { search };
+allow system_server sensors_efs_file:file { open read };
+allow system_server sysfs_vibeamp:dir search;
+allow system_server sysfs_vibeamp:file { getattr open read write };
diff --git a/sepolicy/time_daemon.te b/sepolicy/time_daemon.te
index b6586f4..369c708 100644
--- a/sepolicy/time_daemon.te
+++ b/sepolicy/time_daemon.te
@@ -1,3 +1,5 @@
#============= time_daemon ==============
-allow time_daemon time_data_file:dir remove_name;
-allow time_daemon time_data_file:file getattr;
+allow time_daemon platform_app:dir { read search };
+allow time_daemon platform_app:file { open read };
+allow time_daemon time_data_file:dir { remove_name };
+allow time_daemon time_data_file:file { getattr append unlink };
diff --git a/sepolicy/ueventd.te b/sepolicy/ueventd.te
index b6ade0a..7793f0f 100644
--- a/sepolicy/ueventd.te
+++ b/sepolicy/ueventd.te
@@ -1,3 +1,5 @@
#============= ueventd ==============
allow ueventd vfat:file { open read };
allow ueventd vfat:dir search;
+allow ueventd sysfs_camera:file { open read write };
+allow ueventd sysfs_vibeamp:file { open read write };
diff --git a/sepolicy/vold.te b/sepolicy/vold.te
new file mode 100644
index 0000000..b5ff262
--- /dev/null
+++ b/sepolicy/vold.te
@@ -0,0 +1,2 @@
+allow vold efs_file:dir { getattr read open ioctl };
+allow vold persist_file:dir { getattr read open ioctl };
diff --git a/sepolicy/wcnss_service.te b/sepolicy/wcnss_service.te
index 18965d7..0b207ce 100644
--- a/sepolicy/wcnss_service.te
+++ b/sepolicy/wcnss_service.te
@@ -1,3 +1,6 @@
#============= wcnss_service ==============
allow wcnss_service persist_file:dir search;
allow wcnss_service system_data_file:dir { read write };
+allow wcnss_service efs_file:dir search;
+allow wcnss_service wifi_efs_file:dir search;
+allow wcnss_service wifi_efs_file:file { getattr open read };