From 0adb92fe3d6a96b622d7ca417ced50e33b9f727f Mon Sep 17 00:00:00 2001
From: Davide Garberi <dade.garberi@gmail.com>
Date: Mon, 24 Sep 2018 15:16:54 +0200
Subject: msm8996-common: sepolicy: Address some denials

Change-Id: Id7520ca339db83eeeb8b3e608a44809141e30df3
Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
---
 sepolicy/init.te | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'sepolicy/init.te')

diff --git a/sepolicy/init.te b/sepolicy/init.te
index 55f9fac..5d8c97e 100644
--- a/sepolicy/init.te
+++ b/sepolicy/init.te
@@ -1,12 +1,13 @@
+typeattribute init data_between_core_and_vendor_violators;
 allow init adsprpcd_file:filesystem { mount relabelfrom relabelto };
 allow init debugfs_ipc:dir relabelfrom;
 allow init debugfs_ipc:file relabelfrom;
 allow init proc_kernel_sched:file write;
-allow init sysfs_scsi_devices_0000:dir write;
+allow init proc:file { getattr open read setattr };
 allow init { ion_device tee_device }:chr_file ioctl;
 allow init hidl_base_hwservice:hwservice_manager add;
-allow init sysfs_fingerprint:file { open read write };
+allow init sysfs_fingerprint:file { open read setattr write };
+allow init sysfs:file setattr;
 allow init tee_device:chr_file write;
 allow init hidl_base_hwservice:hwservice_manager add;
-allow init sysfs_fingerprint:file { open read write };
 allow init system_server:binder call;
-- 
cgit v1.2.3