LG8n: Kang sepolicy from pre-Reboot branch

* Wouldn't kanging be faster

Signed-off-by: Shirayuki39 <lorddemecrius83@proton.me>

BoardConfig.mk

@@ -160,6 +160,10 @@ ENABLE_VENDOR_RIL_SERVICE := true
 # Selinux
 include device/mediatek/sepolicy_vndr/SEPolicy.mk
 
+SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += $(DEVICE_PATH)/sepolicy/private
+SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += $(DEVICE_PATH)/sepolicy/public
+BOARD_VENDOR_SEPOLICY_DIRS += $(DEVICE_PATH)/sepolicy/vendor
+
 # Vendor Security Patch
 VENDOR_SECURITY_PATCH := 2024-03-05
 

sepolicy/private/isolated_app.te

@@ -0,0 +1 @@
+allow isolated_app app_data_file:file setattr;

sepolicy/private/property_contexts

@@ -0,0 +1,8 @@
+# Fingerprint
+gf.debug.                                   u:object_r:vendor_fingerprint_prop:s0
+
+# Hardware
+ro.hardware.chipname                        u:object_r:exported_default_prop:s0
+
+# SVN
+ro.product.svn                              u:object_r:build_prop:s0

sepolicy/private/radio.te

@@ -0,0 +1 @@
+get_prop(radio, system_mtk_vodata_prop)

sepolicy/private/system_app.te

@@ -0,0 +1 @@
+allow system_app proc_pagetypeinfo:file r_file_perms;

sepolicy/private/system_suspend.te

@@ -0,0 +1,3 @@
+allow system_suspend sysfs_wakeup:dir r_dir_perms;
+allow system_suspend sysfs_battery:dir { open read };
+allow system_suspend sysfs_extcon:dir r_dir_perms;

sepolicy/private/vendor_init.te

@@ -0,0 +1 @@
+dontaudit vendor_init system_mtk_fd_prop:property_service set;

sepolicy/private/vold_prepare_subdirs.te

@@ -0,0 +1 @@
+allow vold_prepare_subdirs checkin_data_file:dir relabelfrom;

sepolicy/public/file.te

@@ -0,0 +1 @@
+type sysfs_battery, sysfs_type, fs_type;

sepolicy/public/property.te

@@ -0,0 +1,5 @@
+# Camera
+vendor_public_prop(vendor_camera_prop)
+
+# Fingerprint
+system_public_prop(vendor_fingerprint_prop)

sepolicy/public/property_contexts

@@ -0,0 +1,5 @@
+jpeg.exif.icc.profile                       u:object_r:exported_default_prop:s0
+
+gce.test                                    u:object_r:exported_default_prop:s0
+vilte.test                                  u:object_r:exported_default_prop:s0
+prepend.test                                u:object_r:exported_default_prop:s0

sepolicy/public/ueventd.te

@@ -0,0 +1 @@
+allow ueventd tmpfs:blk_file { getattr setattr relabelfrom };

sepolicy/vendor/awinic.te

@@ -0,0 +1 @@
+allow mtk_hal_audio aw87xxx_vmax:file { read getattr open };

sepolicy/vendor/cameraserver.te

@@ -0,0 +1 @@
+get_prop(cameraserver, vendor_camera_prop)

sepolicy/vendor/ccci_mdinit.te

@@ -0,0 +1 @@
+get_prop(ccci_mdinit, vendor_mtk_service_nvram_restore_prop)

sepolicy/vendor/device.te

@@ -0,0 +1,6 @@
+# Camera
+type cml421_ois_device, dev_type;
+type cwvi5300_device, dev_type;
+
+# Tranfs
+type tranfs_block_device, dev_type;

sepolicy/vendor/dontaudit.te

@@ -0,0 +1,9 @@
+dontaudit {
+    mobicore
+    mtk_hal_camera
+} shell_data_file:dir search;
+
+dontaudit ueventd tranfs_block_device:blk_file rw_file_perms;
+dontaudit audioserver vendor_audio_prop:file read;
+dontaudit stflashtool nfc_prop:file read;
+dontaudit hal_audio_default hal_power_hwservice:hwservice_manager find;

sepolicy/vendor/em_app.te

@@ -0,0 +1 @@
+dontaudit em_app mtk_hal_nvramagent_hwservice:hwservice_manager find;

sepolicy/vendor/file.te

@@ -0,0 +1,28 @@
+# Camera
+type sysfs_tran_cam_file, fs_type, sysfs_type;
+type transsion_camera_data_file, file_type, data_file_type, mlstrustedobject;
+type vendor_watermark_data_file, file_type, data_file_type, mlstrustedobject;
+
+# Data
+type storage_dbg_data_file, file_type, data_file_type;
+
+# Fingerprint
+type sysfs_fp_name_path, fs_type, sysfs_type;
+type vendor_gf_data_file, file_type, data_file_type;
+
+# NFC
+type nfc_vendor_data_file, file_type, data_file_type;
+
+# Gesture
+type proc_gesture_function, fs_type, proc_type, sysfs_type;
+type proc_main_gesture_function, fs_type, proc_type, sysfs_type;
+
+# OTG
+type sysfs_OTG_STATE_file, fs_type, sysfs_type;
+
+# Torch
+type sysfs_sub_torch_file, fs_type, sysfs_type;
+type sysfs_torch_file, fs_type, sysfs_type;
+
+# VMAX
+type aw87xxx_vmax, fs_type, sysfs_type;

sepolicy/vendor/file_contexts

@@ -0,0 +1,48 @@
+# Camera
+/dev/cml421_ois(/.*)?                                                                   u:object_r:cml421_ois_device:s0
+/dev/cwvi5300                                                                           u:object_r:cwvi5300_device:s0
+/data/vendor/camera_watermark(/.*)?                                                     u:object_r:vendor_watermark_data_file:s0
+/data/vendor/multicam(/.*)?                                                             u:object_r:transsion_camera_data_file:s0
+
+# Data
+/data/storage_dbg(/.*)?                                                                 u:object_r:storage_dbg_data_file:s0
+
+# Extcon
+/sys/devices/platform/extcon_usb/extcon/extcon0/cable.1/state                           u:object_r:sysfs_OTG_STATE_file:s0
+
+# Fingerprint
+/dev/fortsense_fp                                                                               u:object_r:fingerprint_device:s0
+/(system\/vendor|vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service   u:object_r:hal_fingerprint_default_exec:s0
+/(vendor|system/vendor)/bin/hw/vendor\.fptool\.fingerprint@2\.0-service      u:object_r:hal_fingerprint_default_exec:s0
+/sys/kernel/tran_fp(/.*)?                                                                       u:object_r:sysfs_fp_name_path:s0
+/data/vendor/goodix/gf_data(/.*)?                                                               u:object_r:vendor_gf_data_file:s0
+
+# Health
+/(vendor|system\/vendor)/bin/hw/android\.hardware\.health@2\.1-service         u:object_r:hal_health_default_exec:s0
+
+# NFC
+/dev/pn54x                                                                                  u:object_r:nfc_device:s0
+/dev/pn553                                                                                  u:object_r:nfc_device:s0
+/dev/nxpnfc                                                                                 u:object_r:nfc_device:s0
+
+# Power
+/sys/devices/platform/soc/11017000.i2c/i2c-5/5-0053/power_supply/charger(/.*)?                     u:object_r:sysfs_batteryinfo:s0
+
+# Sensor stuff
+/(vendor|system\/vendor)/bin/hw/android\.hardware\.sensors@[0-9]\.[0-9]-service(\.multihal)?  u:object_r:hal_sensors_default_exec:s0
+
+# Trancam
+/(system\/vendor|vendor)/bin/hw/vendor\.transsion\.hardware\.trancam\.trancamserver@1\.0-service     u:object_r:trancamserver_exec:s0
+/sys/devices/platform/(odm/odm:tran_battery|tran_battery)/tran_cam                              u:object_r:sysfs_tran_cam_file:s0
+
+# Tranfs
+/dev/block/sdc62                                                                        u:object_r:tranfs_block_device:s0
+
+# Vibrator
+/(vendor|system\/vendor)/bin/hw/android\.hardware\.vibrator@1\.0-service              u:object_r:hal_vibrator_default_exec:s0
+/(vendor|system\/vendor)/bin/hw/android\.hardware\.vibrator-service.example           u:object_r:hal_vibrator_default_exec:s0
+/(vendor|system\/vendor)/bin/hw/android\.hardware\.vibrator@1\.0-service-mediatek            u:object_r:hal_vibrator_default_exec:s0
+/(vendor|system\/vendor)/bin/hw/android\.hardware\.vibrator@1\.0-service-mediatek-lazy       u:object_r:hal_vibrator_default_exec:s0
+/(vendor|system\/vendor)/bin/hw/android\.hardware\.vibrator-service\.example                 u:object_r:hal_vibrator_default_exec:s0
+/(vendor|system\/vendor)/bin/hw/android\.hardware\.vibrator-service\.mediatek                u:object_r:hal_vibrator_default_exec:s0
+/sys/devices/platform/soc/1101a000.i2c/i2c-6/6-005a/leds/vibrator_single(/.*)?           u:object_r:sysfs_vibrator:s0

sepolicy/vendor/fsck.te

@@ -0,0 +1,2 @@
+allow fsck tmpfs:blk_file { read write ioctl };
+allow fsck tranfs_block_device:blk_file rw_file_perms;

sepolicy/vendor/fuelgauged_nvram.te

@@ -0,0 +1,2 @@
+allow fuelgauged_nvram sysfs_dt_firmware_android:dir search;
+allow fuelgauged_nvram sysfs_dt_firmware_android:file r_file_perms;

sepolicy/vendor/genfs_contexts

@@ -0,0 +1,48 @@
+# Battery
+genfscon sysfs /devices/platform/odm/odm:usb_switch/power_supply/usb_switch                         u:object_r:sysfs_battery:s0
+
+# Devices
+genfscon sysfs /devices/platform/11270000.ufshci/host0/target0:0:0/0:0:0:0/block/sda/queue         u:object_r:sysfs_devices_block:s0
+genfscon sysfs /devices/platform/11270000.ufshci/host0/target0:0:0/0:0:0:0/block/sdb/queue         u:object_r:sysfs_devices_block:s0
+genfscon sysfs /devices/platform/11270000.ufshci/host0/target0:0:0/0:0:0:0/block/sdc/queue         u:object_r:sysfs_devices_block:s0
+genfscon sysfs /devices/platform/11270000.ufshci/host0/target0:0:0/0:0:0:1/block/sda/queue         u:object_r:sysfs_devices_block:s0
+genfscon sysfs /devices/platform/11270000.ufshci/host0/target0:0:0/0:0:0:1/block/sdb/queue         u:object_r:sysfs_devices_block:s0
+genfscon sysfs /devices/platform/11270000.ufshci/host0/target0:0:0/0:0:0:1/block/sdc/queue         u:object_r:sysfs_devices_block:s0
+genfscon sysfs /devices/platform/11270000.ufshci/host0/target0:0:0/0:0:0:2/block/sda/queue         u:object_r:sysfs_devices_block:s0
+genfscon sysfs /devices/platform/11270000.ufshci/host0/target0:0:0/0:0:0:2/block/sdb/queue         u:object_r:sysfs_devices_block:s0
+genfscon sysfs /devices/platform/11270000.ufshci/host0/target0:0:0/0:0:0:2/block/sdc/queue         u:object_r:sysfs_devices_block:s0
+
+# Extcon
+genfscon sysfs /devices/platform/extcon_usb                                                        u:object_r:sysfs_extcon:s0
+genfscon sysfs /devices/platform/extcon_usb1                                                       u:object_r:sysfs_extcon:s0
+
+# Health
+genfscon sysfs /devices/platform/soc/11017000.i2c/i2c-5/5-006b/power_supply/charger(/.*)?           u:object_r:sysfs_batteryinfo:s0
+
+# Gesture
+genfscon proc /gesture_function                                                                     u:object_r:proc_gesture_function:s0
+genfscon proc /main_gesture_function                                                                u:object_r:proc_main_gesture_function:s0
+
+# Label wakeup nodes
+genfscon sysfs /devices/platform/11cb0000.i2c3/i2c-3/3-0018/wakeup                                  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/11cb0000.i2c3/i2c-3/3-0028/wakeup                                  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/11d03000.i2c7/i2c-7/7-0008/wakeup                                  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/11f00000.i2c5/i2c-5/5-004e/wakeup                                  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/15020000.imgsys/wakeup                                         u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/15020000.imgsys_config/wakeup                                  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/19030000.vpu_core0/wakeup                                          u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/19031000.vpu_core1/wakeup                                          u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/1a000000.camsys/wakeup                                             u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/extcon_usb/wakeup                                                  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/odm/odm:usb_switch/power_supply/usb_switch/wakeup                  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/pca_dv2_algo/wakeup                                                u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/usb0/11200000.xhci0/wakeup                                         u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/usb0/wakeup                                                        u:object_r:sysfs_wakeup:s0
+
+# Torch
+genfscon sysfs /devices/virtual/sub_torch/sub_torch/sub_torch_level                                 u:object_r:sysfs_sub_torch_file:s0
+genfscon sysfs /devices/virtual/torch/torch/torch_level                                             u:object_r:sysfs_torch_file:s0
+
+# aw87xxx vmax
+genfscon sysfs /devices/platform/1101a000.i2c7/i2c-7/7-0058/vmax u:object_r:aw87xxx_vmax:s0
+

sepolicy/vendor/hal_audio_default.te

@@ -0,0 +1,11 @@
+allow hal_audio_default ccci_aud_device:chr_file rw_file_perms;
+allow hal_audio_default ebc_device:chr_file rw_file_perms;
+allow hal_audio_default mtk_audiohal_data_file:dir create_dir_perms;
+allow hal_audio_default mtk_audiohal_data_file:file create_file_perms;
+allow hal_audio_default sysfs_boot_info:file r_file_perms;
+allow hal_audio_default vow_device:chr_file rw_file_perms;
+
+dontaudit hal_audio_default hal_power_hwservice:hwservice_manager find;
+
+get_prop(hal_audio_default, vendor_audio_prop)
+set_prop(hal_audio_default, vendor_mtk_audiohal_prop)

sepolicy/vendor/hal_fingerprint_default.te

@@ -0,0 +1,12 @@
+allow hal_fingerprint_default input_device:chr_file rw_file_perms;
+allow hal_fingerprint_default input_device:dir r_dir_perms;
+allow hal_fingerprint_default mnt_vendor_file:dir search;
+allow hal_fingerprint_default persist_data_file:dir create_dir_perms;
+allow hal_fingerprint_default persist_data_file:file create_file_perms;
+allow hal_fingerprint_default self:netlink_kobject_uevent_socket { read create bind setopt };
+allow hal_fingerprint_default sysfs_fp_name_path:dir r_dir_perms;
+allow hal_fingerprint_default sysfs_fp_name_path:file rw_file_perms;
+allow hal_fingerprint_default vendor_gf_data_file:dir create_dir_perms;
+allow hal_fingerprint_default vendor_gf_data_file:file create_file_perms;
+
+set_prop(hal_fingerprint_default, vendor_fingerprint_prop)

sepolicy/vendor/hal_health_default.te

@@ -0,0 +1,3 @@
+allow hal_health_default sysfs:file read;
+allow hal_health_default sysfs_battery:file { getattr open read };
+allow hal_health_default sysfs_battery:dir search;

sepolicy/vendor/hal_keymint_default.te

@@ -0,0 +1,2 @@
+# Allow Keymint to set MTK TEEI Props
+set_prop(hal_keymint_default, vendor_mtk_soter_teei_prop)

sepolicy/vendor/hal_nfc_default.te

@@ -0,0 +1,12 @@
+allow hal_nfc_default nxpnfc_hwservice:hwservice_manager { add find };
+
+set_prop(hal_nfc, vendor_nfc_prop)
+
+allow hal_nfc_default nfc_device:chr_file { read write };
+allow hal_nfc_default nfc_data_file:file getattr;
+
+allow hal_nfc_default vendor_nfc_prop:file { read open map getattr };
+allow hal_nfc_default vendor_nfc_prop:property_service set;
+
+allow hal_nfc_default nfc_vendor_data_file:dir { getattr add_name read write search remove_name };
+allow hal_nfc_default nfc_vendor_data_file:file { getattr open create read write unlink setattr append };

sepolicy/vendor/hal_sensors_default.te

@@ -0,0 +1,35 @@
+# Allow to read sensor devices
+allow hal_sensors_default hal_graphics_allocator_default:fd use;
+allow hal_sensors_default gpu_device:dir create_dir_perms;
+allow hal_sensors_default gpu_device:chr_file rw_file_perms;
+allow hal_sensors_default dri_device:chr_file rw_file_perms;
+allow hal_sensors_default ion_device:dir create_dir_perms;
+allow hal_sensors_default ion_device:chr_file rw_file_perms;
+allow hal_sensors_default system_file:dir r_dir_perms;
+allow hal_sensors_default sysfs_sensor:dir r_dir_perms;
+allow hal_sensors_default sysfs_sensor:file rw_file_perms;
+allow hal_sensors_default hwmsensor_device:chr_file r_file_perms;
+allow hal_sensors_default sensorlist_device:chr_file rw_file_perms;
+allow hal_sensors_default m_acc_misc_device:chr_file rw_file_perms;
+allow hal_sensors_default m_als_misc_device:chr_file rw_file_perms;
+allow hal_sensors_default m_ps_misc_device:chr_file rw_file_perms;
+allow hal_sensors_default m_mag_misc_device:chr_file rw_file_perms;
+allow hal_sensors_default m_gyro_misc_device:chr_file rw_file_perms;
+allow hal_sensors_default m_baro_misc_device:chr_file rw_file_perms;
+allow hal_sensors_default m_hmdy_misc_device:chr_file rw_file_perms;
+allow hal_sensors_default m_act_misc_device:chr_file rw_file_perms;
+allow hal_sensors_default m_pedo_misc_device:chr_file rw_file_perms;
+allow hal_sensors_default m_situ_misc_device:chr_file rw_file_perms;
+allow hal_sensors_default m_step_c_misc_device:chr_file rw_file_perms;
+allow hal_sensors_default m_fusion_misc_device:chr_file rw_file_perms;
+allow hal_sensors_default m_bio_misc_device:chr_file rw_file_perms;
+allow hal_sensors_default hf_manager_device:chr_file rw_file_perms;
+allow hal_sensors_default sensor_data_file:file create_file_perms;
+allow hal_sensors_default sensor_data_file:dir create_dir_perms;
+allow hal_sensors_default nvcfg_file:file create_file_perms;
+allow hal_sensors_default nvcfg_file:dir create_dir_perms;
+allow hal_sensors_default mnt_vendor_file:dir search;
+allow hal_sensors_default merged_hal_service:fd use;
+allow hal_sensors_default sysfs_mtk_nanohub_state:file r_file_perms;
+
+allow hal_sensors_default system_server:binder call;

sepolicy/vendor/hal_vibrator_default.te

@@ -0,0 +1,2 @@
+allow hal_vibrator_default sysfs_leds:dir search;
+allow hal_vibrator_default sysfs_leds:file rw_file_perms;

sepolicy/vendor/hal_wifi_default.te

@@ -0,0 +1 @@
+get_prop(hal_wifi_default, persist_vendor_debug_wifi_prop)

sepolicy/vendor/hwservice.te

@@ -0,0 +1,5 @@
+# Camera
+type hal_trancamserver_hwservice, hwservice_manager_type;
+
+# NXP NFC
+type nxpnfc_hwservice, hwservice_manager_type;

sepolicy/vendor/hwservice_contexts

@@ -0,0 +1,17 @@
+# Camera
+vendor.transsion.hardware.trancam.trancamserver::ITrancamserver                     u:object_r:hal_trancamserver_hwservice:s0
+
+# Fingerprint
+vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemon             u:object_r:hal_fingerprint_hwservice:s0
+vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemonExt          u:object_r:hal_fingerprint_hwservice:s0
+vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemonHbd          u:object_r:hal_fingerprint_hwservice:s0
+vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemonFido         u:object_r:hal_fingerprint_hwservice:s0
+vendor.mediatek.hardware.biometrics.fingerprint::ITranBiometricsFingerprint         u:object_r:hal_fingerprint_hwservice:s0
+vendor.fptool.fingerprint::IFptoolFingerprint                                   u:object_r:hal_fingerprint_hwservice:s0
+
+# NXP NFC
+vendor.nxp.nxpnfc::INxpNfc                                                               u:object_r:nxpnfc_hwservice:s0
+vendor.nxp.nxpnfclegacy::INxpNfcLegacy                                                   u:object_r:nxpnfc_hwservice:s0
+
+# Wi-Fi
+vendor.transsion.hardware.wifi.hostapd::IHostapd                                    u:object_r:hal_wifi_hostapd_hwservice:s0

sepolicy/vendor/init.te

@@ -0,0 +1,5 @@
+allow init sysfs_devices_block:file rw_file_perms;
+allow init tranfs_block_device:blk_file { read relabelto };
+
+get_prop(init, vendor_mtk_service_nvram_restore_prop)
+get_prop(init, vts_status_prop)

sepolicy/vendor/mediacodec.te

@@ -0,0 +1 @@
+get_prop(mediacodec, vendor_mtk_omx_core_prop)

sepolicy/vendor/mtk_hal_camera.te

@@ -0,0 +1,18 @@
+binder_call(mtk_hal_camera, trancamserver)
+
+allow mtk_hal_camera cml421_ois_device:chr_file rw_file_perms;
+allow mtk_hal_camera cwvi5300_device:chr_file rw_file_perms;
+allow mtk_hal_camera sysfs_dt_firmware_android:dir search;
+allow mtk_hal_camera sysfs_dt_firmware_android:file r_file_perms;
+allow mtk_hal_camera sysfs_sub_torch_file:file rw_file_perms;
+allow mtk_hal_camera sysfs_torch_file:file rw_file_perms;
+allow mtk_hal_camera sysfs_tran_cam_file:file rw_file_perms;
+allow mtk_hal_camera transsion_camera_data_file:dir { write search add_name };
+allow mtk_hal_camera transsion_camera_data_file:file {read write create open };
+allow mtk_hal_camera vendor_watermark_data_file:dir { read write open add_name search };
+allow mtk_hal_camera vendor_watermark_data_file:file { read write create getattr open };
+
+allow mtk_hal_camera hal_trancamserver_hwservice:hwservice_manager find;
+
+get_prop(mtk_hal_camera, vendor_camera_prop)
+set_prop(mtk_hal_camera, vendor_mtk_camera_prop)

sepolicy/vendor/mtk_hal_power.te

@@ -0,0 +1,3 @@
+allow mtk_hal_power proc_meminfo:file r_file_perms;
+allow mtk_hal_power proc_gesture_function:file rw_file_perms;
+allow mtk_hal_power proc_main_gesture_function:file rw_file_perms;

sepolicy/vendor/mtk_hal_pq.te

@@ -0,0 +1 @@
+allow mtk_hal_pq ion_device:chr_file rw_file_perms;

sepolicy/vendor/netdagent.te

@@ -0,0 +1 @@
+dontaudit netdagent self:udp_socket create_socket_perms;

sepolicy/vendor/netutils_wrapper.te

@@ -0,0 +1,4 @@
+allow netutils_wrapper ccci_vts_device:chr_file rw_file_perms;
+allow netutils_wrapper ccci_wifi_proxy_device:chr_file rw_file_perms;
+allow netutils_wrapper rild:file r_file_perms;
+allow netutils_wrapper ccci_device:chr_file rw_file_perms;

sepolicy/vendor/nfc.te

@@ -0,0 +1,5 @@
+# allow NFC process to call into the NFC HAL
+allow nfc nfc_data_file:dir create_dir_perms;
+allow nfc nxpnfc_hwservice:hwservice_manager find;
+allow nfc nfc_vendor_data_file:dir { create_dir_perms add_name search read write create remove_name };
+allow nfc nfc_vendor_data_file:file create_file_perms;

sepolicy/vendor/nvram_daemon.te

@@ -0,0 +1 @@
+set_prop(nvram_daemon, vendor_mtk_service_nvram_restore_prop)

sepolicy/vendor/platform_app.te

@@ -0,0 +1,2 @@
+#============= platform_app ==============
+allow platform_app nfc_service:service_manager find;

sepolicy/vendor/priv_app.te

@@ -0,0 +1 @@
+allow priv_app metadata_file:dir { read open getattr };

sepolicy/vendor/property.te

@@ -0,0 +1,8 @@
+# Audio
+vendor_internal_prop(vendor_audio_prop)
+
+# NVRAM
+vendor_restricted_prop(vendor_mtk_service_nvram_restore_prop)
+
+# NFC
+vendor_internal_prop(vendor_nfc_prop)

sepolicy/vendor/property_contexts

@@ -0,0 +1,35 @@
+# Audio
+ro.vendor.qti.va_aosp.support               u:object_r:vendor_audio_prop:s0
+
+# Camera
+persist.vendor.camera.                      u:object_r:vendor_camera_prop:s0
+ro.mtk_cam_dualzoom_support                 u:object_r:vendor_mtk_camera_prop:s0
+ro.mtk_cam_stereo_camera_support            u:object_r:vendor_mtk_camera_prop:s0
+vendor.debug.seninf.hs_trail                u:object_r:vendor_mtk_camera_prop:s0
+
+st_repair.debug.                            u:object_r:exported_default_prop:s0
+RUNTIME_OVERRIDE_OPENCL_MEM_TYPE            u:object_r:exported_default_prop:s0
+RUNTIME_OVERRIDE_LOG_LEVEL                  u:object_r:exported_default_prop:s0
+demo.                                       u:object_r:exported_default_prop:s0
+
+# Display
+ro.vendor.mtk_hdr_video_support             u:object_r:vendor_mtk_default_prop:s0
+
+# Fingerprint
+persist.vendor.goodix.dump_data             u:object_r:vendor_fingerprint_prop:s0
+persist.vendor.sys.fp.goodix.spmt.flag      u:object_r:vendor_fingerprint_prop:s0
+vendor.fp.goodix.X.offset                   u:object_r:vendor_fingerprint_prop:s0
+vendor.fp.goodix.Y.offset                   u:object_r:vendor_fingerprint_prop:s0
+vendor.fp.transsion.lcmname                 u:object_r:vendor_fingerprint_prop:s0
+
+# Key manager
+ro.mtk_key_manager_support                  u:object_r:vendor_mtk_default_prop:s0
+
+# NFC properties
+persist.vendor.nfc.            u:object_r:vendor_nfc_prop:s0
+
+# NVRAM
+vendor.service.nvram_restore                u:object_r:vendor_mtk_service_nvram_restore_prop:s0
+
+# VT
+ro.vendor.vt.                               u:object_r:vendor_mtk_vendor_vt_prop:s0

sepolicy/vendor/system_server.te

@@ -0,0 +1,3 @@
+allow system_server sysfs_OTG_STATE_file:file { read write getattr open };
+
+get_prop(system_server, wifi_hal_prop)

sepolicy/vendor/thermal_core.te

@@ -0,0 +1 @@
+allow thermal_core sysfs_thermal:dir search;

sepolicy/vendor/trancamserver.te

@@ -0,0 +1,7 @@
+type trancamserver, domain, halserverdomain;
+type trancamserver_exec, exec_type, file_type, vendor_file_type;
+
+init_daemon_domain(trancamserver)
+
+allow trancamserver hal_trancamserver_hwservice:hwservice_manager { find add };
+allow trancamserver hidl_base_hwservice:hwservice_manager add;

sepolicy/vendor/untrusted_app.te

@@ -0,0 +1,3 @@
+allow untrusted_app unlabeled:filesystem getattr;
+
+get_prop(untrusted_app, vendor_camera_prop)

sepolicy/vendor/vendor_init.te

@@ -0,0 +1,6 @@
+allow vendor_init cgroup:file rw_file_perms;
+allow vendor_init proc:file write;
+allow vendor_init storage_dbg_data_file:dir create_dir_perms;
+
+set_prop(vendor_init, vendor_mtk_camera_prop)
+get_prop(vendor_init, vts_status_prop)

sepolicy/vendor/vtservice.te

@@ -0,0 +1 @@
+get_prop(vtservice, vendor_mtk_vendor_vt_prop)