23 files changed, 2 insertions, 45 deletions

diff --git a/BoardConfigCommon.mk b/BoardConfigCommon.mk
index d9c9d15..82ae015 100644
--- a/BoardConfigCommon.mk
+++ b/BoardConfigCommon.mk
@@ -41,6 +41,7 @@ TARGET_NO_BOOTLOADER := true
 # Kernel
 BOARD_KERNEL_BASE := 0x80000000
 BOARD_KERNEL_CMDLINE := androidboot.hardware=qcom ehci-hcd.park=3 lpm_levels.sleep_disabled=1 cma=32M@0-0xffffffff
+BOARD_KERNEL_CMDLINE += androidboot.selinux=permissive
 BOARD_KERNEL_IMAGE_NAME := Image.gz-dtb
 BOARD_KERNEL_PAGESIZE := 4096
 BOARD_KERNEL_TAGS_OFFSET := 0x00000100
@@ -56,6 +57,7 @@ TARGET_BOARD_PLATFORM_GPU := qcom-adreno530
 
 # Properties
 BOARD_PROPERTY_OVERRIDES_SPLIT_ENABLED := true
+PRODUCT_FULL_TREBLE_OVERRIDE := true
 TARGET_VENDOR_PROP += $(VENDOR_PATH)/vendor.prop
 
 # Audio
diff --git a/sepolicy/audioserver.te b/sepolicy/audioserver.te
index 5c5f2fd..e69de29 100644
--- a/sepolicy/audioserver.te
+++ b/sepolicy/audioserver.te
@@ -1,2 +0,0 @@
-allow audioserver socket_device:sock_file write;
-allow audioserver thermal-engine:unix_stream_socket connectto;
diff --git a/sepolicy/bluetooth.te b/sepolicy/bluetooth.te
index 0f173e1..e69de29 100644
--- a/sepolicy/bluetooth.te
+++ b/sepolicy/bluetooth.te
@@ -1 +0,0 @@
-allow bluetooth wcnss_filter:unix_stream_socket { connectto };
diff --git a/sepolicy/cameraserver.te b/sepolicy/cameraserver.te
index c31c9f1..e69de29 100644
--- a/sepolicy/cameraserver.te
+++ b/sepolicy/cameraserver.te
@@ -1,3 +0,0 @@
-allow cameraserver init:unix_dgram_socket sendto;
-allow cameraserver hal_perf_hwservice:hwservice_manager find;
-allow cameraserver hal_perf_default:binder call;
diff --git a/sepolicy/dataservice_app.te b/sepolicy/dataservice_app.te
index 4f36595..e69de29 100644
--- a/sepolicy/dataservice_app.te
+++ b/sepolicy/dataservice_app.te
@@ -1,2 +0,0 @@
-allow dataservice_app cnd_socket:sock_file write;
-allow dataservice_app cnd:unix_stream_socket connectto;
diff --git a/sepolicy/dpmd.te b/sepolicy/dpmd.te
index b3a868b..f758949 100644
--- a/sepolicy/dpmd.te
+++ b/sepolicy/dpmd.te
@@ -1,3 +1 @@
 allow dpmd dpmd:capability { dac_override dac_read_search chown fsetid };
-allow dpmd socket_device:dir { add_name write };
-allow dpmd socket_device:sock_file { create setattr };
diff --git a/sepolicy/file.te b/sepolicy/file.te
index 5b39842..54cc974 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -1,5 +1,4 @@
 type fpc_data_file, data_file_type, file_type;
-type fpc_images_file, file_type;
 type nv_data_file, file_type, data_file_type;
 type sysfs_fpc_irq, sysfs_type, fs_type;
 type sysfs_fpc_proximity, sysfs_type, fs_type;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 54c3534..b084443 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -9,7 +9,6 @@
 # fingerprint
 /dev/fpc1020                                                    u:object_r:fpc1020_device:s0
 /data/fpc(/.*)?                                                 u:object_r:fpc_data_file:s0
-/data/fpc_images(/.*)?                                          u:object_r:fpc_images_file:s0
 /sys/devices/soc/soc:fpc_fpc1020/irq                            u:object_r:sysfs_fpc_irq:s0
 /sys/devices/soc/soc:fpc_fpc1020/proximity_state                u:object_r:sysfs_fpc_proximity:s0
 /sys/devices/soc/soc:fpc1020/utouch_disable                     u:object_r:sysfs_fpc_utouch_disable:s0
@@ -17,14 +16,6 @@
 # FRP partition
 /dev/block/bootdevice/by-name/config                            u:object_r:frp_block_device:s0
 
-# legacy paths
-/system/bin/sensors.qcom                                        u:object_r:sensors_exec:s0
-/system/bin/port-bridge                                         u:object_r:port-bridge_exec:s0
-/system/bin/time_daemon                                         u:object_r:time_daemon_exec:s0
-/system/bin/cnss-daemon                                         u:object_r:wcnss_service_exec:s0
-/system/bin/wcnss_filter                                        u:object_r:wcnss_filter_exec:s0
-/data/time(/.*)?                                                u:object_r:time_data_file:s0
-
 # lights
 /sys/devices/soc/75b7000\.i2c/i2c-9/9-[0-9a-f]+/leds(/.*)?    u:object_r:sysfs_leds:s0
 /sys/devices/soc/leds-qpnp-[0-9]+/leds(/.*)?                  u:object_r:sysfs_leds:s0
diff --git a/sepolicy/hal_audio_default.te b/sepolicy/hal_audio_default.te
index 9d9001b..e69de29 100644
--- a/sepolicy/hal_audio_default.te
+++ b/sepolicy/hal_audio_default.te
@@ -1,3 +0,0 @@
-allow hal_audio_default { socket_device thermal_socket }:sock_file write;
-allow hal_audio_default audio_data_file:sock_file { unlink create setattr };
-allow hal_audio_default thermal-engine:unix_stream_socket connectto;
diff --git a/sepolicy/hal_bluetooth_default.te b/sepolicy/hal_bluetooth_default.te
index fbe2fb9..e3fa85e 100644
--- a/sepolicy/hal_bluetooth_default.te
+++ b/sepolicy/hal_bluetooth_default.te
@@ -1,3 +1,2 @@
 allow hal_bluetooth_default bluetooth_data_file:dir { search write };
 allow hal_bluetooth_default bluetooth_data_file:file { append getattr open read write };
-allow hal_bluetooth_default wcnss_filter:unix_stream_socket { connectto };
diff --git a/sepolicy/hal_camera_default.te b/sepolicy/hal_camera_default.te
index 30dbf6a..e69de29 100644
--- a/sepolicy/hal_camera_default.te
+++ b/sepolicy/hal_camera_default.te
@@ -1 +0,0 @@
-allow hal_camera_default camera_data_file:sock_file write; 
diff --git a/sepolicy/hal_fingerprint_default.te b/sepolicy/hal_fingerprint_default.te
index 8dbcb1c..34df9e2 100644
--- a/sepolicy/hal_fingerprint_default.te
+++ b/sepolicy/hal_fingerprint_default.te
@@ -2,9 +2,6 @@ r_dir_file(hal_fingerprint_default, firmware_file)
 allow hal_fingerprint_default tee_device:chr_file ioctl;
 allow hal_fingerprint_default sysfs:file write;
 allow hal_fingerprint_default fpc_data_file:dir rw_dir_perms;
-allow hal_fingerprint_default { system_data_file fpc_data_file }:sock_file { create setattr unlink };
-allow hal_fingerprint_default fpc_images_file:dir rw_dir_perms;
-allow hal_fingerprint_default fpc_images_file:file create_file_perms;
 allow hal_fingerprint_default sysfs_fpc_irq:file rw_file_perms;
 allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
 allow hal_fingerprint_default firmware_file:dir { search read };
diff --git a/sepolicy/hal_perf_default.te b/sepolicy/hal_perf_default.te
index 434ac35..8505d25 100644
--- a/sepolicy/hal_perf_default.te
+++ b/sepolicy/hal_perf_default.te
@@ -1,3 +1 @@
-allow hal_perf_default property_socket:sock_file write;
-allow hal_perf_default init:unix_stream_socket connectto;
 allow hal_perf_default freq_prop:property_service set;
diff --git a/sepolicy/location.te b/sepolicy/location.te
index b9f963f..552344d 100644
--- a/sepolicy/location.te
+++ b/sepolicy/location.te
@@ -1,4 +1,3 @@
 allow location system_data_file:dir { write remove_name };
-allow location system_data_file:sock_file { unlink create setattr };
 allow location system_data_file:dir add_name;
 allow location wcnss_prop:file read;
diff --git a/sepolicy/mm-qcamerad.te b/sepolicy/mm-qcamerad.te
index 6b6626b..e69de29 100644
--- a/sepolicy/mm-qcamerad.te
+++ b/sepolicy/mm-qcamerad.te
@@ -1 +0,0 @@
-allow mm-qcamerad camera_data_file:{ file sock_file } { create unlink }; 
diff --git a/sepolicy/per_mgr.te b/sepolicy/per_mgr.te
index e7eaf7f..e69de29 100644
--- a/sepolicy/per_mgr.te
+++ b/sepolicy/per_mgr.te
@@ -1 +0,0 @@
-allow per_mgr servicemanager:binder { call transfer };
diff --git a/sepolicy/qseeproxy.te b/sepolicy/qseeproxy.te
index 9eeb608..e69de29 100644
--- a/sepolicy/qseeproxy.te
+++ b/sepolicy/qseeproxy.te
@@ -1,2 +0,0 @@
-allow qseeproxy servicemanager:binder { call transfer };
-allow qseeproxy default_android_service:service_manager find;
diff --git a/sepolicy/qti_init_shell.te b/sepolicy/qti_init_shell.te
index 54b1642..ccc278f 100644
--- a/sepolicy/qti_init_shell.te
+++ b/sepolicy/qti_init_shell.te
@@ -1,6 +1,3 @@
-allow qti_init_shell shell_exec:file { r_file_perms entrypoint };
-allow qti_init_shell toolbox_exec:file { r_file_perms execute_no_trans execute };
-
 allow qti_init_shell sysfs:file rw_file_perms; 
 
 allow qti_init_shell kmsg_device:chr_file { open write };
diff --git a/sepolicy/radio.te b/sepolicy/radio.te
index c23fafe..e69de29 100644
--- a/sepolicy/radio.te
+++ b/sepolicy/radio.te
@@ -1 +0,0 @@
-allow radio qmuxd_socket:dir search; 
diff --git a/sepolicy/readmac.te b/sepolicy/readmac.te
index ea2391e..26a3551 100644
--- a/sepolicy/readmac.te
+++ b/sepolicy/readmac.te
@@ -9,7 +9,6 @@ allow readmac persist_file:dir rw_dir_perms;
 allow readmac persist_file:file create_file_perms;
 
 allow readmac self:capability dac_override;
-allow readmac self:socket create_socket_perms_no_ioctl;
 
 allow readmac diag_device:chr_file rw_file_perms;
 allow readmac sysfs:file r_file_perms;
diff --git a/sepolicy/rild.te b/sepolicy/rild.te
index dc15cea..f578ebd 100644
--- a/sepolicy/rild.te
+++ b/sepolicy/rild.te
@@ -1,4 +1,3 @@
-allow rild servicemanager:binder call;
 allow rild nv_data_file:dir rw_dir_perms;
 allow rild nv_data_file:file create_file_perms;
 
@@ -6,7 +5,6 @@ allow rild { vendor_configs_file vendor_file }:file ioctl;
 
 allow rild qcom_ims_prop:property_service set;
 
-allow rild default_android_service:service_manager find;
 
 allow rild radio_data_file:file { create getattr ioctl lock open read unlink write };
 allow rild radio_data_file:dir { add_name getattr open read remove_name search write };
diff --git a/sepolicy/system_app.te b/sepolicy/system_app.te
index 7de707d..25177b5 100644
--- a/sepolicy/system_app.te
+++ b/sepolicy/system_app.te
@@ -1,3 +1 @@
 allow system_app sysfs_fpc_proximity:file rw_file_perms;
-allow system_app time_daemon:unix_stream_socket connectto;
-allow system_app wificond:binder call;
diff --git a/sepolicy/thermal-engine.te b/sepolicy/thermal-engine.te
index 7f8e14a..02f8521 100644
--- a/sepolicy/thermal-engine.te
+++ b/sepolicy/thermal-engine.te
@@ -7,5 +7,4 @@ allow thermal-engine sysfs_usb_supply:file r_file_perms;
 allow thermal-engine diag_device:chr_file { read write };
 allow thermal-engine diag_device:chr_file open;
 allow thermal-engine diag_device:chr_file ioctl;
-allow thermal-engine socket_device:sock_file { create setattr };
 allow thermal-engine sysfs_uio:dir read;