[TMP] Revert "begonia: sepolicy: Adapt to latest mtk common sepolicy"

This reverts commit f1a4198.

Reason for revert: Don't break feb release

BoardConfig.mk

@@ -155,7 +155,7 @@ ENABLE_VENDOR_RIL_SERVICE := true
 VENDOR_SECURITY_PATCH := $(PLATFORM_SECURITY_PATCH)
 
 # Sepolicy
-include device/mediatek/sepolicy/BoardSEPolicyConfig.mk
+include device/mediatek/sepolicy/SEPolicy.mk
 BOARD_VENDOR_SEPOLICY_DIRS += $(DEVICE_PATH)/sepolicy/vendor
 SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += $(DEVICE_PATH)/sepolicy/private
 SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += $(DEVICE_PATH)/sepolicy/public

sepolicy/vendor/cameraserver.te

@@ -2,7 +2,7 @@ allow cameraserver init:unix_stream_socket connectto;
 allow cameraserver property_socket:sock_file write;
 allow cameraserver adb_data_file:file read;
 
-get_prop(cameraserver, vendor_mtk_camera_prop)
+get_prop(cameraserver, mtk_camera_prop)
 get_prop(cameraserver, exported_default_prop)
-get_prop(cameraserver, vendor_mtk_audiohal_prop)
+get_prop(cameraserver, vendor_audio_prop)
 set_prop(cameraserver, system_prop)

sepolicy/vendor/file.te

@@ -1,11 +1,9 @@
-# Camera
-type camera_vendor_data_file, file_type, data_file_type;
-
 # Fingerprint
 type fingerprint_data_file, file_type, data_file_type, core_data_file_type;
-type sysfs_spm, fs_type, sysfs_type;
 type vendor_fingerprint_data_file, file_type, data_file_type;
 
-# Display
+# Last kernel
+type proc_last_kmsg, fs_type, proc_type;
+
 type sysfs_light, fs_type, sysfs_type, mlstrustedobject;
 type sysfs_graphics, sysfs_type, fs_type, mlstrustedobject;

sepolicy/vendor/file_contexts

@@ -1,6 +1,3 @@
-# Camera
-/data/vendor/camera(/.*)?           u:object_r:camera_vendor_data_file:s0
-
 # Fingerprint
 /mnt/vendor/persist/goodix(/.*)? u:object_r:vendor_fingerprint_data_file:s0
 /mnt/vendor/persist/fpc(/.*)?    u:object_r:vendor_fingerprint_data_file:s0
@@ -16,3 +13,4 @@
 
 # Mi Thermald
 /vendor/bin/mi_thermald       u:object_r:mi_thermald_exec:s0
+/data/vendor/thermal(/.*)?    u:object_r:thermal_data_file:s0

sepolicy/vendor/genfs_contexts

@@ -1,2 +1,5 @@
+# Last kernel
+genfscon proc /last_kmsg u:object_r:proc_last_kmsg:s0
+
 # Leds
 genfscon sysfs /devices/platform/11016000.i2c5/i2c-5/5-0034/mt6360_pmu_rgbled.4.auto/leds u:object_r:sysfs_leds:s0

sepolicy/vendor/hal_audio_default.te

@@ -18,8 +18,10 @@ allow hal_audio_default mtk_audiohal_data_file:file create_file_perms;
 
 allow hal_audio_default sysfs_boot_mode:file r_file_perms;
 
-get_prop(hal_audio_default, vendor_mtk_audiohal_prop)
-set_prop(hal_audio_default, vendor_mtk_audiohal_prop)
-get_prop(hal_audio_default, vendor_mtk_default_prop)
-get_prop(hal_audio_default, vendor_mtk_tel_switch_prop)
-get_prop(hal_audio_default, vendor_mtk_wmt_prop)
+allow hal_audio_default audiohal_prop:property_service set;
+get_prop(hal_audio_default, audiohal_prop)
+get_prop(hal_audio_default, mtk_default_prop)
+get_prop(hal_audio_default, tel_switch_prop)
+get_prop(hal_audio_default, vendor_audio_prop)
+set_prop(hal_audio_default, vendor_audio_prop)
+get_prop(hal_audio_default, wmt_prop)

sepolicy/vendor/hal_fingerprint_default.te

@@ -4,6 +4,7 @@ allow hal_fingerprint_default init:unix_stream_socket connectto;
 allow hal_fingerprint_default mtee_trusty_file:dir r_dir_perms;
 allow hal_fingerprint_default mtee_trusty_file:file r_file_perms;
 allow hal_fingerprint_default property_socket:sock_file write;
+allow hal_fingerprint_default sysfs:file rw_file_perms;
 allow hal_fingerprint_default sysfs_batteryinfo:dir r_dir_perms;
 allow hal_fingerprint_default sysfs_batteryinfo:file r_file_perms;
 allow hal_fingerprint_default sysfs_pmu:dir r_dir_perms;
@@ -14,9 +15,17 @@ allow hal_fingerprint_default debugfs_fb:dir r_dir_perms;
 allow hal_fingerprint_default debugfs_fb:file r_file_perms;
 allow hal_fingerprint_default sysfs_net:dir r_dir_perms;
 allow hal_fingerprint_default sysfs_net:file r_file_perms;
+allow hal_fingerprint_default sysfs_mtkfb:dir r_dir_perms;
+allow hal_fingerprint_default sysfs_mtkfb:file r_file_perms;
+allow hal_fingerprint_default sysfsts_novatek:dir r_dir_perms;
+allow hal_fingerprint_default sysfsts_novatek:file r_file_perms;
 allow hal_fingerprint_default { fingerprint_data_file vendor_fingerprint_data_file }:dir r_dir_perms;
 allow hal_fingerprint_default { fingerprint_data_file vendor_fingerprint_data_file }:file rw_file_perms;
+allow hal_fingerprint_default vendor_data_file:dir rw_dir_perms;
+allow hal_fingerprint_default vendor_data_file:file { create_file_perms rw_file_perms };
 allow hal_fingerprint_default rootfs:dir r_dir_perms;
+allow hal_fingerprint_default fingerprint_device:chr_file rw_file_perms;
 allow hal_fingerprint_default uhid_device:chr_file rw_file_perms;
+allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl;
 
 set_prop(hal_fingerprint_default, vendor_fp_prop)

sepolicy/vendor/hal_health_default.te

@@ -0,0 +1 @@
+allow hal_health_default sysfs:file rw_file_perms;

sepolicy/vendor/hal_wifi_default.te

@@ -0,0 +1 @@
+set_prop(hal_wifi_default, wlan_fw_prop)

sepolicy/vendor/init.te

@@ -1,5 +1,9 @@
+# Purpose: Allow to init /proc/last_kmsg
+allow init proc_last_kmsg:file { r_file_perms setattr };
+
 allow init hwservicemanager:binder call;
 
 allow init self:netlink_kobject_uevent_socket read;
 allow init sysfs_wake_lock:file r_file_perms;
 allow init same_process_hal_file:file execute;
+allow init vendor_data_file:file w_file_perms;

sepolicy/vendor/mi_thermald.te

@@ -4,12 +4,10 @@ type thermal_data_file, data_file_type, file_type;
 
 init_daemon_domain(mi_thermald)
 
-set_prop(mi_thermald, thermal_normal_prop)
+set_prop(mi_thermald, thermal_engine_prop)
 
 allow mi_thermald thermal_data_file:dir rw_dir_perms;
 allow mi_thermald thermal_data_file:file create_file_perms;
-allow mi_thermald thermal_core_data_file:dir rw_dir_perms;
-allow mi_thermald thermal_core_data_file:file create_file_perms;
 
 allow mi_thermald self:capability { fsetid sys_boot };
 allow mi_thermald mi_thermald:capability { chown fowner };
@@ -21,6 +19,9 @@ allow mi_thermald sysfs_therm:file w_file_perms;
 r_dir_file(mi_thermald, sysfs_thermal)
 allow mi_thermald sysfs_thermal:file w_file_perms;
 
+r_dir_file(mi_thermald, sysfs)
+allow mi_thermald sysfs:file w_file_perms;
+
 r_dir_file(mi_thermald, sysfs_leds)
 allow mi_thermald sysfs_leds:file w_file_perms;
 

sepolicy/vendor/mtk_hal_camera.te

@@ -1,4 +1 @@
-allow mtk_hal_camera camera_vendor_data_file:dir create_dir_perms;
-allow mtk_hal_camera camera_vendor_data_file:file create_file_perms;
-
 set_prop(mtk_hal_camera, vendor_mi_camera_prop)

sepolicy/vendor/property.te

@@ -1,4 +1,3 @@
 vendor_restricted_prop(vendor_displayfeature_prop)
 vendor_restricted_prop(vendor_fp_prop)
 vendor_internal_prop(vendor_mi_camera_prop)
-vendor_public_prop(thermal_normal_prop)

sepolicy/vendor/property_contexts

@@ -1,6 +1,3 @@
-# Audio
-vendor.audio.            u:object_r:vendor_mtk_audiohal_prop:s0
-
 # Camera
 persist.vendor.camera.privapp.list    u:object_r:exported_default_prop:s0
 persist.vendor.camera.mi.             u:object_r:vendor_mi_camera_prop:s0
@@ -29,4 +26,4 @@ ro.hardware.fp.            u:object_r:vendor_fp_prop:s0
 ro.boot.fpsensor.          u:object_r:vendor_fp_prop:s0
 
 # Thermal
-vendor.sys.thermal.     u:object_r:thermal_normal_prop:s0
+vendor.sys.thermal.     u:object_r:thermal_engine_prop:s0

sepolicy/vendor/system_server.te

@@ -0,0 +1,2 @@
+# Last kernel
+allow system_server proc_last_kmsg:file r_file_perms;

sepolicy/vendor/vendor_init.te

@@ -0,0 +1,3 @@
+get_prop(vendor_init, persist_atm_prop)
+
+allow vendor_init { fingerprint_data_file vendor_fingerprint_data_file }:dir { rw_dir_perms relabelto setattr };