From 395774144071f1f71dfa07764900ada7f9364799 Mon Sep 17 00:00:00 2001
From: ronaxdevil <pratabidya.007@gmail.com>
Date: Fri, 25 Oct 2019 18:22:45 +0530
Subject: [PATCH] sanders: update to sepolicy

Signed-off-by: ronaxdevil <pratabidya.007@gmail.com>
---
 sepolicy/vendor/cameraserver.te       | 2 +-
 sepolicy/vendor/fingerprintd.te       | 2 +-
 sepolicy/vendor/hal_camera_default.te | 8 ++++----
 sepolicy/vendor/init.te               | 6 +++---
 sepolicy/vendor/radio.te              | 2 +-
 sepolicy/vendor/system_server.te      | 2 +-
 6 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/sepolicy/vendor/cameraserver.te b/sepolicy/vendor/cameraserver.te
index 00d9c63..feb4596 100644
--- a/sepolicy/vendor/cameraserver.te
+++ b/sepolicy/vendor/cameraserver.te
@@ -25,7 +25,7 @@ allow cameraserver media_rw_data_file:file { create read write open };
 allow cameraserver cameraserver:process { execmem };
 
 ####
-allow cameraserver debug_prop:file { r_file_perms };
+#allow cameraserver debug_prop:file { r_file_perms };
 allow cameraserver debug_prop:property_service set;
 
 #######
diff --git a/sepolicy/vendor/fingerprintd.te b/sepolicy/vendor/fingerprintd.te
index 2790117..ac6cbc7 100644
--- a/sepolicy/vendor/fingerprintd.te
+++ b/sepolicy/vendor/fingerprintd.te
@@ -8,5 +8,5 @@ allow fingerprintd sysfs_mmi_fp:file rw_file_perms;
 allow fingerprintd system_data_file:sock_file unlink;
 allow fingerprintd sysfs_fpc:dir r_dir_perms;
 allow fingerprintd sysfs_fpc:file rw_file_perms;
-allow fingerprintd tee_device:chr_file { ioctl open read write };
+#allow fingerprintd tee_device:chr_file { ioctl open read write };
 allow fingerprintd uhid_device:chr_file rw_file_perms;
diff --git a/sepolicy/vendor/hal_camera_default.te b/sepolicy/vendor/hal_camera_default.te
index 94bb2ad..0753840 100644
--- a/sepolicy/vendor/hal_camera_default.te
+++ b/sepolicy/vendor/hal_camera_default.te
@@ -1,4 +1,4 @@
-allow hal_camera_default gpu_device:dir r_dir_perms;
-allow hal_camera_default gpu_device:file r_file_perms;
-allow hal_camera_default hal_configstore_ISurfaceFlingerConfigs:hwservice_manager find;
-allow hal_camera_default hal_configstore_default:binder call;
+#allow hal_camera_default gpu_device:dir r_dir_perms;
+#allow hal_camera_default gpu_device:file r_file_perms;
+#allow hal_camera_default hal_configstore_ISurfaceFlingerConfigs:hwservice_manager find;
+#allow hal_camera_default hal_configstore_default:binder call;
diff --git a/sepolicy/vendor/init.te b/sepolicy/vendor/init.te
index 17f5e1e..761edc6 100644
--- a/sepolicy/vendor/init.te
+++ b/sepolicy/vendor/init.te
@@ -12,7 +12,7 @@ allow init system_data_file:file lock;
 allow init audio_device:chr_file { write ioctl };
 allow init input_device:chr_file rw_file_perms;
 allow init sensors_device:chr_file { write ioctl };
-allow init tee_device:chr_file { write ioctl };
+#allow init tee_device:chr_file { write ioctl };
 
 allow init servicemanager:binder { transfer call };
 allow init system_server:binder { transfer call };
@@ -44,9 +44,9 @@ allow init self:netlink_route_socket { bind create getopt nlmsg_read read setopt
 
 allow init self:capability2 { block_suspend };
 
-allow init hal_sensors_hwservice:hwservice_manager find;
+#allow init hal_sensors_hwservice:hwservice_manager find;
 
-allow init { domain -lmkd -crash_dump }:process noatsecure;
+#allow init { domain -lmkd -crash_dump }:process noatsecure;
 
 #allow init hal_perf_hwservice:hwservice_manager find;
 allow init hidl_base_hwservice:hwservice_manager add;
diff --git a/sepolicy/vendor/radio.te b/sepolicy/vendor/radio.te
index 2616199..13cd2fa 100644
--- a/sepolicy/vendor/radio.te
+++ b/sepolicy/vendor/radio.te
@@ -1,3 +1,3 @@
 allow radio system_app_data_file:dir getattr;
 #allow radio qmuxd_socket:sock_file write;
-allow radio vendor_file:file { getattr open read };
+#allow radio vendor_file:file { getattr open read };
diff --git a/sepolicy/vendor/system_server.te b/sepolicy/vendor/system_server.te
index 541574e..cc76694 100644
--- a/sepolicy/vendor/system_server.te
+++ b/sepolicy/vendor/system_server.te
@@ -12,7 +12,7 @@ allow system_server init:unix_stream_socket write;
 
 allow system_server sensors_device:chr_file { ioctl open read };
 
-allow system_server vendor_file:file { getattr read };
+#allow system_server vendor_file:file { getattr read };
 
 allow system_server sysfs:file getattr;
 allow system_server thermal_service:service_manager find;