msm8953-common: Address laser denials

based https://github.com/LineageOS/android_device_motorola_griffin

sepolicy/vendor/device.te

@@ -1,2 +1,3 @@
 type adspd_device, dev_type;
 type isdbt_device, dev_type;
+type laser_device, dev_type;

sepolicy/vendor/file_contexts

@@ -37,6 +37,7 @@
 /(mnt/vendor)/persist/camera(/.*)?                            u:object_r:persist_camera_file:s0
 /sys/devices/virtual/laser(/.*)?                              u:object_r:sysfs_sensor:s0
 /sys/devices/virtual/input/input4(/.*)?                       u:object_r:sysfs_sensor:s0
+/dev/laser                                                    u:object_r:laser_device:s0
 
 /(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-fpcservice    u:object_r:hal_fingerprint_fpc_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service-ets   u:object_r:hal_fingerprint_fpc_exec:s0
@@ -52,6 +53,8 @@
 /sys/kernel/debug/rmt_storage(/.*)?                           u:object_r:debugfs_rmts:s0
 /sys/kernel/boot_wlan(/.*)?                                   u:object_r:sysfs_wifi:s0
 
+/(vendor|system/vendor)/bin/vl53l1_daemon                     u:object_r:vl53l1_exec:s0
+
 /sys/devices/soc/soc:fpc_fpc1020(/.*)?                        u:object_r:sysfs_fingerprint:s0
 /sys/devices/soc/0.et320(/.*)?                                u:object_r:sysfs_fingerprint:s0
 /(mnt/vendor)/persist/egis(/.*)?                              u:object_r:fingerprint_data_file:s0

sepolicy/vendor/mm-qcamerad.te

@@ -5,6 +5,7 @@ allow mm-qcamerad persist_file:dir { getattr open read search  };
 allow mm-qcamerad persist_file:file { read open getattr };
 allow mm-qcamerad property_socket:sock_file write;
 allow mm-qcamerad mnt_vendor_file:file rw_file_perms;
+allow mm-qcamerad laser_device:chr_file { ioctl open read write };
 
 # TODO(b/36599434): Remove this once mm-qcamerad stops using Binder services
 typeattribute mm-qcamerad binder_in_vendor_violators;

sepolicy/vendor/mmi-laser-sh.te

@@ -0,0 +1,12 @@
+type mmi-laser-sh, domain;
+type mmi-laser-sh_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(mmi-laser-sh)
+
+allow mmi-laser-sh kmsg_device:chr_file { write open };
+allow mmi-laser-sh persist_file:dir { search open read getattr };
+allow mmi-laser-sh persist_file:file { open read getattr };
+allow mmi-laser-sh vendor_shell_exec:file { entrypoint read getattr };
+allow mmi-laser-sh sysfs:file { write getattr open };
+allow mmi-laser-sh vendor_toolbox_exec:file { execute execute_no_trans getattr open read };
+allow mmi-laser-sh mnt_vendor_file:file { getattr open read };
+allow mmi-laser-sh mnt_vendor_file:dir search;

sepolicy/vendor/vl53l1.te

@@ -0,0 +1,9 @@
+type vl53l1, domain;
+type vl53l1_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(vl53l1)
+
+allow vl53l1 self:netlink_socket { create bind };
+allow vl53l1 sysfs_sensor:dir r_dir_perms;
+allow vl53l1 self:netlink_socket { read write };
+allow vl53l1 sysfs_sensor:file { open read };