msm8953-common: Update sepolicy

sepolicy/vendor/hal_dms_default.te

@@ -8,6 +8,7 @@ allow hal_dms_default hal_audio_default:binder call;
 allow hal_dms_default platform_app:binder call;
 allow hal_dms_default vendor_data_file:file { rw_file_perms create };
 allow hal_dms_default vendor_data_file:dir { rw_file_perms add_name };
+dontaudit hal_dms_default vendor_file:file execute_no_trans;
 
 allow hal_dms_default vendor_media_data_file:dir { add_name remove_name read write search open };
 allow hal_dms_default vendor_media_data_file:file { read write open create ioctl getattr lock unlink };

sepolicy/vendor/hal_light_default.te

@@ -1 +1,2 @@
 allow hal_light_default sysfs:file { open getattr write };
+dontaudit hal_light_default vendor_file:file execute_no_trans;

sepolicy/vendor/mm-qcamerad.te

@@ -0,0 +1,20 @@
+typeattribute mm-qcamerad data_between_core_and_vendor_violators;
+allow mm-qcamerad camera_prop:property_service set;
+allow mm-qcamerad init:unix_stream_socket connectto;
+allow mm-qcamerad persist_file:dir { getattr open read search  };
+allow mm-qcamerad persist_file:file { read open getattr };
+allow mm-qcamerad property_socket:sock_file write;
+allow mm-qcamerad mnt_vendor_file:file rw_file_perms;
+
+# TODO(b/36599434): Remove this once mm-qcamerad stops using Binder services
+typeattribute mm-qcamerad binder_in_vendor_violators;
+allow mm-qcamerad binder_device:chr_file { read write };
+
+allow mm-qcamerad fwk_sensor_hwservice:hwservice_manager find;
+allow mm-qcamerad camera_data_file:dir search;
+
+allow mm-qcamerad vendor_data_file:dir r_dir_perms;
+allow mm-qcamerad vendor_data_file:file rw_file_perms;
+
+vndbinder_use(mm-qcamerad);
+get_prop(mm-qcamerad, moto_boot_prop);

sepolicy/vendor/surfaceflinger.te

@@ -0,0 +1,2 @@
+dontaudit surfaceflinger firmware_file:dir search;
+