msm8996-common: Reorder the sepolicy

* Fixup of ee7d7d4737b75ac25b29e98e9af39bfd9a2e17ee

Signed-off-by: Davide Garberi <dade.garberi@gmail.com>

5 files changed, 6 insertions, 21 deletions

diff --git a/sepolicy/charger.te b/sepolicy/charger.te
index 3b261b1..794e8e9 100644
--- a/sepolicy/charger.te
+++ b/sepolicy/charger.te
@@ -1,3 +1,2 @@
-allow charger device:dir read;
-allow charger device:dir open;
+allow charger device:dir { open read };
 allow charger self:capability { dac_override dac_read_search };
diff --git a/sepolicy/hal_fingerprint_default.te b/sepolicy/hal_fingerprint_default.te
index 8749fe8..8dbcb1c 100644
--- a/sepolicy/hal_fingerprint_default.te
+++ b/sepolicy/hal_fingerprint_default.te
@@ -2,18 +2,11 @@ r_dir_file(hal_fingerprint_default, firmware_file)
 allow hal_fingerprint_default tee_device:chr_file ioctl;
 allow hal_fingerprint_default sysfs:file write;
 allow hal_fingerprint_default fpc_data_file:dir rw_dir_perms;
-allow hal_fingerprint_default fpc_data_file:sock_file { create unlink setattr };
+allow hal_fingerprint_default { system_data_file fpc_data_file }:sock_file { create setattr unlink };
 allow hal_fingerprint_default fpc_images_file:dir rw_dir_perms;
 allow hal_fingerprint_default fpc_images_file:file create_file_perms;
 allow hal_fingerprint_default sysfs_fpc_irq:file rw_file_perms;
 allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
 allow hal_fingerprint_default firmware_file:dir { search read };
 allow hal_fingerprint_default firmware_file:file { read open };
-allow hal_fingerprint_default system_data_file:dir write;
-allow hal_fingerprint_default system_data_file:dir add_name;
-allow hal_fingerprint_default system_data_file:dir create;
-allow hal_fingerprint_default system_data_file:sock_file create;
-allow hal_fingerprint_default system_data_file:dir read;
-allow hal_fingerprint_default system_data_file:sock_file setattr;
-allow hal_fingerprint_default system_data_file:dir { open remove_name };
-allow hal_fingerprint_default system_data_file:sock_file unlink;
+allow hal_fingerprint_default system_data_file:dir { add_name create open read remove_name write };
diff --git a/sepolicy/priv_app.te b/sepolicy/priv_app.te
index e65e9c0..16583dc 100644
--- a/sepolicy/priv_app.te
+++ b/sepolicy/priv_app.te
@@ -1,6 +1,4 @@
 allow priv_app device:dir { open read };
 allow priv_app { camera_prop proc_interrupts }:file { open read };
 allow priv_app camera_prop:file getattr;
-allow priv_app proc_modules:file read;
-allow priv_app proc_modules:file open;
-allow priv_app proc_modules:file getattr;
+allow priv_app proc_modules:file { getattr open read };
diff --git a/sepolicy/rild.te b/sepolicy/rild.te
index cb1b549..dc15cea 100644
--- a/sepolicy/rild.te
+++ b/sepolicy/rild.te
@@ -11,8 +11,5 @@ allow rild default_android_service:service_manager find;
 allow rild radio_data_file:file { create getattr ioctl lock open read unlink write };
 allow rild radio_data_file:dir { add_name getattr open read remove_name search write };
 
-allow rild toolbox_exec:file getattr;
-allow rild toolbox_exec:file execute;
-allow rild toolbox_exec:file { open read };
-allow rild toolbox_exec:file execute_no_trans;
+allow rild toolbox_exec:file { getattr execute execute_no_trans open read };
 allow rild vendor_toolbox_exec:file execute_no_trans;
diff --git a/sepolicy/vold.te b/sepolicy/vold.te
index 175410f..d2533cb 100644
--- a/sepolicy/vold.te
+++ b/sepolicy/vold.te
@@ -1,3 +1 @@
-allow vold persist_file:dir read;
-allow vold persist_file:dir open;
-allow vold persist_file:dir ioctl;
+allow vold persist_file:dir { ioctl open read };