From 6f35c7a779f98af767e0d10dfdb75b5bf0ee3c84 Mon Sep 17 00:00:00 2001
From: LuK1337 <priv.luk@gmail.com>
Date: Wed, 29 Jun 2022 13:19:10 +0200
Subject: [PATCH] sepolicy: qti: Introduce rw_dir_file() macro and use wherever
 possible

Change-Id: Iec8a7f18c75a994032792421172fea92e9595af6
---
 sepolicy/qti/vendor/hal_fingerprint_default.te        |  4 +---
 sepolicy/qti/vendor/hal_lineage_livedisplay_qti.te    |  3 +--
 sepolicy/qti/vendor/hal_lineage_powershare_default.te |  3 +--
 sepolicy/qti/vendor/hal_lineage_touch_default.te      |  3 +--
 sepolicy/qti/vendor/hal_power_default.te              |  3 +--
 sepolicy/qti/vendor/hal_sensors_default.te            | 11 +++--------
 sepolicy/qti/vendor/system_server.te                  |  3 +--
 sepolicy/qti/vendor/te_macros                         |  8 ++++++++
 sepolicy/qti/vendor/tri-state-key-calibrate.te        |  4 +---
 sepolicy/qti/vendor/vendor_rmt_storage.te             |  4 +---
 sepolicy/qti/vendor/vendor_sensors.te                 |  7 ++-----
 11 files changed, 21 insertions(+), 32 deletions(-)
 create mode 100644 sepolicy/qti/vendor/te_macros

diff --git a/sepolicy/qti/vendor/hal_fingerprint_default.te b/sepolicy/qti/vendor/hal_fingerprint_default.te
index 86fb627..71248ea 100644
--- a/sepolicy/qti/vendor/hal_fingerprint_default.te
+++ b/sepolicy/qti/vendor/hal_fingerprint_default.te
@@ -8,9 +8,7 @@ allow hal_fingerprint_default fingerprint_device:chr_file rw_file_perms;
 allow hal_fingerprint_default graphics_device:chr_file rw_file_perms;
 allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
 
-allow hal_fingerprint_default vendor_proc_display:dir r_dir_perms;
-allow hal_fingerprint_default vendor_proc_display:file rw_file_perms;
-
+rw_dir_file(hal_fingerprint_default, vendor_proc_display)
 r_dir_file(hal_fingerprint_default, vendor_proc_fingerprint)
 
 get_prop(hal_fingerprint_default, system_oplus_project_prop)
diff --git a/sepolicy/qti/vendor/hal_lineage_livedisplay_qti.te b/sepolicy/qti/vendor/hal_lineage_livedisplay_qti.te
index 41c981e..25e83e8 100644
--- a/sepolicy/qti/vendor/hal_lineage_livedisplay_qti.te
+++ b/sepolicy/qti/vendor/hal_lineage_livedisplay_qti.te
@@ -1,2 +1 @@
-allow hal_lineage_livedisplay_qti vendor_sysfs_graphics:dir r_dir_perms;
-allow hal_lineage_livedisplay_qti vendor_sysfs_graphics:file rw_file_perms;
+rw_dir_file(hal_lineage_livedisplay_qti, vendor_sysfs_graphics)
diff --git a/sepolicy/qti/vendor/hal_lineage_powershare_default.te b/sepolicy/qti/vendor/hal_lineage_powershare_default.te
index d88367e..4825ee5 100644
--- a/sepolicy/qti/vendor/hal_lineage_powershare_default.te
+++ b/sepolicy/qti/vendor/hal_lineage_powershare_default.te
@@ -1,2 +1 @@
-allow hal_lineage_powershare_default vendor_proc_wireless:dir r_dir_perms;
-allow hal_lineage_powershare_default vendor_proc_wireless:file rw_file_perms;
+rw_dir_file(hal_lineage_powershare_default, vendor_proc_wireless)
diff --git a/sepolicy/qti/vendor/hal_lineage_touch_default.te b/sepolicy/qti/vendor/hal_lineage_touch_default.te
index d889d51..c50ae01 100644
--- a/sepolicy/qti/vendor/hal_lineage_touch_default.te
+++ b/sepolicy/qti/vendor/hal_lineage_touch_default.te
@@ -1,2 +1 @@
-allow hal_lineage_touch_default vendor_proc_display:dir r_dir_perms;
-allow hal_lineage_touch_default vendor_proc_display:file rw_file_perms;
+rw_dir_file(hal_lineage_touch_default, vendor_proc_display)
diff --git a/sepolicy/qti/vendor/hal_power_default.te b/sepolicy/qti/vendor/hal_power_default.te
index b649025..7b181e5 100644
--- a/sepolicy/qti/vendor/hal_power_default.te
+++ b/sepolicy/qti/vendor/hal_power_default.te
@@ -1,2 +1 @@
-allow hal_power_default vendor_proc_display:dir r_dir_perms;
-allow hal_power_default vendor_proc_display:file rw_file_perms;
+rw_dir_file(hal_power_default, vendor_proc_display)
diff --git a/sepolicy/qti/vendor/hal_sensors_default.te b/sepolicy/qti/vendor/hal_sensors_default.te
index 87f4498..9f780f7 100644
--- a/sepolicy/qti/vendor/hal_sensors_default.te
+++ b/sepolicy/qti/vendor/hal_sensors_default.te
@@ -1,10 +1,5 @@
 allow hal_sensors_default ssc_interactive_device:chr_file rw_file_perms;
 
-allow hal_sensors_default vendor_persist_engineer_file:dir r_dir_perms;
-allow hal_sensors_default vendor_persist_engineer_file:file rw_file_perms;
-
-allow hal_sensors_default vendor_sysfs_graphics:dir r_dir_perms;
-allow hal_sensors_default vendor_sysfs_graphics:file rw_file_perms;
-
-allow hal_sensors_default vendor_sysfs_sensor_fb:dir r_dir_perms;
-allow hal_sensors_default vendor_sysfs_sensor_fb:file rw_file_perms;
+rw_dir_file(hal_sensors_default, vendor_persist_engineer_file)
+rw_dir_file(hal_sensors_default, vendor_sysfs_graphics)
+rw_dir_file(hal_sensors_default, vendor_sysfs_sensor_fb)
diff --git a/sepolicy/qti/vendor/system_server.te b/sepolicy/qti/vendor/system_server.te
index b732131..77a84fc 100644
--- a/sepolicy/qti/vendor/system_server.te
+++ b/sepolicy/qti/vendor/system_server.te
@@ -1,2 +1 @@
-allow system_server vendor_proc_tri_state_key:dir r_dir_perms;
-allow system_server vendor_proc_tri_state_key:file rw_file_perms;
+rw_dir_file(system_server, vendor_proc_tri_state_key)
diff --git a/sepolicy/qti/vendor/te_macros b/sepolicy/qti/vendor/te_macros
new file mode 100644
index 0000000..9126445
--- /dev/null
+++ b/sepolicy/qti/vendor/te_macros
@@ -0,0 +1,8 @@
+#####################################
+# rw_dir_file(domain, type)
+# Allow the specified domain to read directories and rw files
+# and symbolic links of the specified type.
+define(`rw_dir_file', `
+allow $1 $2:dir r_dir_perms;
+allow $1 $2:{ file lnk_file } rw_file_perms;
+')
diff --git a/sepolicy/qti/vendor/tri-state-key-calibrate.te b/sepolicy/qti/vendor/tri-state-key-calibrate.te
index b518cc2..103e84d 100644
--- a/sepolicy/qti/vendor/tri-state-key-calibrate.te
+++ b/sepolicy/qti/vendor/tri-state-key-calibrate.te
@@ -5,9 +5,7 @@ init_daemon_domain(tri-state-key-calibrate)
 
 allow tri-state-key-calibrate vendor_toolbox_exec:file rx_file_perms;
 
-allow tri-state-key-calibrate vendor_proc_tri_state_key:dir r_dir_perms;
-allow tri-state-key-calibrate vendor_proc_tri_state_key:file w_file_perms;
-
 allow tri-state-key-calibrate mnt_vendor_file:dir search;
 
+rw_dir_file(tri-state-key-calibrate, vendor_proc_tri_state_key)
 r_dir_file(tri-state-key-calibrate, vendor_persist_engineer_file)
diff --git a/sepolicy/qti/vendor/vendor_rmt_storage.te b/sepolicy/qti/vendor/vendor_rmt_storage.te
index 5691799..b328774 100644
--- a/sepolicy/qti/vendor/vendor_rmt_storage.te
+++ b/sepolicy/qti/vendor/vendor_rmt_storage.te
@@ -1,6 +1,4 @@
-allow vendor_rmt_storage vendor_proc_engineer:dir r_dir_perms;
-allow vendor_rmt_storage vendor_proc_engineer:file rw_file_perms;
-
 allow vendor_rmt_storage vendor_reserve_partition:blk_file rw_file_perms;
 
+rw_dir_file(vendor_rmt_storage, vendor_proc_engineer)
 r_dir_file(vendor_rmt_storage, vendor_proc_oplus_version)
diff --git a/sepolicy/qti/vendor/vendor_sensors.te b/sepolicy/qti/vendor/vendor_sensors.te
index ab95b1d..41c4cc3 100644
--- a/sepolicy/qti/vendor/vendor_sensors.te
+++ b/sepolicy/qti/vendor/vendor_sensors.te
@@ -1,5 +1,2 @@
-allow vendor_sensors vendor_persist_engineer_file:dir r_dir_perms;
-allow vendor_sensors vendor_persist_engineer_file:file rw_file_perms;
-
-allow vendor_sensors vendor_sysfs_sensor_fb:dir r_dir_perms;
-allow vendor_sensors vendor_sysfs_sensor_fb:file rw_file_perms;
+rw_dir_file(vendor_sensors, vendor_persist_engineer_file)
+rw_dir_file(vendor_sensors,vendor_sysfs_sensor_fb)