msm8996-common: Fix more SELinux denials.

1 files changed, 30 insertions, 5 deletions

diff --git a/sepolicy/priv_app.te b/sepolicy/priv_app.te
index 363a55f..800db6e 100644
--- a/sepolicy/priv_app.te
+++ b/sepolicy/priv_app.te
@@ -1,8 +1,33 @@
 allow priv_app adsprpcd_file:filesystem getattr;
-allow priv_app device:dir open;
-allow priv_app proc_interrupts:file open;
-allow priv_app proc_modules:file r_file_perms;
+allow priv_app asec_apk_file:dir r_dir_perms;
+allow priv_app bt_firmware_file:dir r_dir_perms;
+allow priv_app cache_private_backup_file:dir r_dir_perms;
+allow priv_app cgroup:dir r_dir_perms;
+allow priv_app configfs:dir r_dir_perms;
+allow priv_app configfs:file r_file_perms;
+allow priv_app file_contexts_file:file r_file_perms;
+allow priv_app firmware_file:dir r_file_perms;
+allow priv_app hal_memtrack_default:binder call;
+allow priv_app hal_memtrack_hwservice:hwservice_manager find;
+allow priv_app hwservice_contexts_file:file r_file_perms;
+allow priv_app keylayout_file:dir r_file_perms;
+allow priv_app mac_perms_file:file r_file_perms;
+allow priv_app mnt_media_rw_file:dir r_dir_perms;
+allow priv_app nonplat_service_contexts_file:file r_file_perms;
+allow priv_app persist_file:dir r_dir_perms;
 allow priv_app proc_stat:file r_file_perms;
-allow priv_app vendor_file:file rx_file_perms;
 allow priv_app qemu_hw_mainkeys_prop:file r_file_perms;
-allow priv_app hal_memtrack_hwservice:hwservice_manager find;
+allow priv_app radio_data_file:dir r_dir_perms;
+allow priv_app seapp_contexts_file:file r_file_perms;
+allow priv_app sepolicy_file:file r_file_perms;
+allow priv_app service_contexts_file:file r_file_perms;
+allow priv_app system_app_data_file:dir r_dir_perms;
+allow priv_app vendor_file:file rx_file_perms;
+allow priv_app vndservice_contexts_file:file r_file_perms;
+
+r_dir_file(priv_app, sysfs_type)
+
+# Clean up logspam
+dontaudit priv_app device:dir read;
+dontaudit priv_app proc_interrupts:file read;
+dontaudit priv_app proc_modules:file read;