msm8996-common: sepolicy: Remove duplicated rules.

  * And system_app and vold fixup.

3 files changed, 11 insertions, 5 deletions

diff --git a/sepolicy/hal_fingerprint_default.te b/sepolicy/hal_fingerprint_default.te
index 3a655b1..6d1b757 100644
--- a/sepolicy/hal_fingerprint_default.te
+++ b/sepolicy/hal_fingerprint_default.te
@@ -1,11 +1,12 @@
 typeattribute hal_fingerprint_default socket_between_core_and_vendor_violators;
 
 r_dir_file(hal_fingerprint_default, firmware_file)
-allow hal_fingerprint_default tee_device:chr_file ioctl;
-allow hal_fingerprint_default fpc_data_file:dir rw_dir_perms;
+
 allow hal_fingerprint_default sysfs_fingerprint:dir r_dir_perms;
 allow hal_fingerprint_default sysfs_fingerprint:file rw_file_perms;
+
 allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
 allow hal_fingerprint_default firmware_file:file r_file_perms;
+
 allow hal_fingerprint_default fpc_data_file:dir create_dir_perms;
 allow hal_fingerprint_default fpc_data_file:sock_file { create setattr unlink };
diff --git a/sepolicy/system_app.te b/sepolicy/system_app.te
index 56cb70d..fded46c 100644
--- a/sepolicy/system_app.te
+++ b/sepolicy/system_app.te
@@ -1,2 +1,7 @@
 allow system_app sysfs_fingerprint:file rw_file_perms;
 allow system_app shell_prop:property_service set;
+
+binder_call(system_app, wificond);
+
+dontaudit system_app netd_service:service_manager find;
+dontaudit system_app installd_service:service_manager find;
diff --git a/sepolicy/vold.te b/sepolicy/vold.te
index 4fda929..9df6017 100644
--- a/sepolicy/vold.te
+++ b/sepolicy/vold.te
@@ -1,3 +1,3 @@
-allow vold persist_file:dir r_file_perms;
-allow vold proc_irq:dir r_dir_perms;
-allow vold sysfs_scsi_devices_0000:file rw_file_perms;
+allow vold persist_file:dir r_dir_perms;
+dontaudit vold proc_irq:dir read;
+allow vold sysfs_scsi_devices_0000:file w_file_perms;