commit f26f6cf992a9cb9e0a26b79893ae0cca68489d68
author Vincent Zvikaramba <zvikovincent@gmail.com> Mon Jul 18 21:44:10 2016 -0400
committer Vincent Zvikaramba <zvikovincent@gmail.com> Mon Jul 18 21:44:10 2016 -0400
tree 2b2c94da92e7b9faf170d3fb06d125585cb5dd7f
parent a7e69cfd6263e267bd8f73e43c8f4b52e49f7aaa

Added initial repo files derived from fortuna device tree.

sepolicy/bluetooth_loader.te

diff --git a/sepolicy/bluetooth_loader.te b/sepolicy/bluetooth_loader.te
new file mode 100644
index 0000000..d867e05
--- /dev/null
+++ b/sepolicy/bluetooth_loader.te
@@ -0,0 +1,43 @@
+# Bluetooth executables and scripts
+type bluetooth_loader, domain;
+type bluetooth_loader_exec, exec_type, file_type;
+
+# Start bdAddrLoader from init
+init_daemon_domain(bluetooth_loader)
+
+# Run init.qcom.bt.sh
+allow bluetooth_loader shell_exec:file { entrypoint read };
+allow bluetooth_loader bluetooth_loader_exec:file { getattr open execute_no_trans };
+
+# init.qcom.bt.sh needs /system/bin/log access
+allow bluetooth_loader devpts:chr_file rw_file_perms;
+
+# Run hci_qcomm_init from init.qcom.bt.sh
+domain_auto_trans(bluetooth_loader, hci_attach_exec, hci_attach)
+allow hci_attach bluetooth_loader:fd use;
+
+# Read mac address from persist partition
+allow bluetooth_loader persist_file:dir search;
+r_dir_file(bluetooth_loader, bluetooth_data_file)
+allow bluetooth_loader self:capability { dac_override dac_read_search chown };
+
+# It may write a random mac here
+allow bluetooth_loader persist_file:dir { add_name write };
+allow bluetooth_loader persist_file:file { create_file_perms };
+
+# Talk to init over the property socket
+unix_socket_connect(bluetooth_loader, property, init)
+# Set persist.service.bdroid.* and bluetooth.* property values
+allow bluetooth_loader bluetooth_prop:property_service set;
+
+# Allow getprop/setprop for init.qcom.bt.sh
+allow bluetooth_loader system_file:file execute_no_trans;
+
+# Access the smd device
+allow bluetooth_loader hci_attach_dev:chr_file rw_file_perms;
+
+# And qmuxd
+allow bluetooth_loader qmuxd_socket:dir { write add_name remove_name search };
+allow bluetooth_loader qmuxd_socket:sock_file { create setattr getattr write unlink };
+allow bluetooth_loader qmuxd:unix_stream_socket { connectto };
+#

sepolicy/file.te

diff --git a/sepolicy/file.te b/sepolicy/file.te
new file mode 100644
index 0000000..ab6ffb0
--- /dev/null
+++ b/sepolicy/file.te
@@ -0,0 +1,4 @@
+#Defines the files (configs, dumps, etc) used by display processes

+type display_misc_file, file_type, data_file_type;

+

+type touchpanel_sysfs, fs_type, sysfs_type;
\ No newline at end of file

sepolicy/file_contexts

diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
new file mode 100644
index 0000000..5222c5d
--- /dev/null
+++ b/sepolicy/file_contexts
@@ -0,0 +1,9 @@
+/persist/.genmac                                u:object_r:wifi_data_file:s0
+/persist/.bt_nv.bin                             u:object_r:bluetooth_data_file:s0
+
+/system/bin/btnvtool                            u:object_r:bluetooth_loader_exec:s0
+/system/etc/init\.qcom\.bt\.sh                  u:object_r:bluetooth_loader_exec:s0
+
+/dev/smd3                                       u:object_r:hci_attach_dev:s0
+
+/sys/devices/soc.0/78b9000.i2c/i2c-5/5-0040/gesture u:object_r:touchpanel_sysfs:s0

sepolicy/healthd.te

diff --git a/sepolicy/healthd.te b/sepolicy/healthd.te
new file mode 100644
index 0000000..f00e795
--- /dev/null
+++ b/sepolicy/healthd.te
@@ -0,0 +1 @@
+allow healthd rtc_device:chr_file rw_file_perms;

sepolicy/perfd.te

diff --git a/sepolicy/perfd.te b/sepolicy/perfd.te
new file mode 100644
index 0000000..6541f9c
--- /dev/null
+++ b/sepolicy/perfd.te
@@ -0,0 +1,2 @@
+allow perfd sysfs_devices_system_iosched:file rw_file_perms;
+unix_socket_connect(perfd, thermal, thermal-engine)

sepolicy/property_contexts

diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts
new file mode 100644
index 0000000..bb6cb2e
--- /dev/null
+++ b/sepolicy/property_contexts
@@ -0,0 +1,2 @@
+qualcomm.bluetooth.              u:object_r:bluetooth_prop:s0
+qualcomm.bt.                     u:object_r:bluetooth_prop:s0

sepolicy/qseecomd.te

diff --git a/sepolicy/qseecomd.te b/sepolicy/qseecomd.te
new file mode 100644
index 0000000..98a40fa
--- /dev/null
+++ b/sepolicy/qseecomd.te
@@ -0,0 +1,2 @@
+type qseecom_device, dev_type;
+allow tee system_prop:property_service set;

sepolicy/surfaceflinger.te

diff --git a/sepolicy/surfaceflinger.te b/sepolicy/surfaceflinger.te
new file mode 100644
index 0000000..abd05d1
--- /dev/null
+++ b/sepolicy/surfaceflinger.te
@@ -0,0 +1,2 @@
+# secure display
+allow surfaceflinger persist_file:dir r_dir_perms;

sepolicy/system_server.te

diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
new file mode 100644
index 0000000..ea39880
--- /dev/null
+++ b/sepolicy/system_server.te
@@ -0,0 +1,2 @@
+allow system_server touchpanel_sysfs:file rw_file_perms;
+allow system_server touchpanel_sysfs:dir { search };
\ No newline at end of file

sepolicy/wcnss_service.te

diff --git a/sepolicy/wcnss_service.te b/sepolicy/wcnss_service.te
new file mode 100644
index 0000000..a4fe3c0
--- /dev/null
+++ b/sepolicy/wcnss_service.te
@@ -0,0 +1 @@
+allow wcnss_service persist_file:dir search;