From ede22880e73d84d70b1cb55ea8b24201472c0cb3 Mon Sep 17 00:00:00 2001
From: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
Date: Wed, 22 Feb 2017 13:39:29 +0100
Subject: selinux: fix rild and wifi and remove cbd rules

Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
---
 selinux/cpboot-daemon.te | 25 -------------------------
 selinux/device.te        |  1 +
 selinux/file.te          |  1 -
 selinux/file_contexts    |  2 +-
 selinux/init.te          |  1 -
 selinux/rild.te          |  3 +++
 selinux/system_server.te |  4 ++++
 7 files changed, 9 insertions(+), 28 deletions(-)
 delete mode 100644 selinux/cpboot-daemon.te

diff --git a/selinux/cpboot-daemon.te b/selinux/cpboot-daemon.te
deleted file mode 100644
index 9974ff2..0000000
--- a/selinux/cpboot-daemon.te
+++ /dev/null
@@ -1,25 +0,0 @@
-type cpboot-daemon, domain;
-
-permissive cpboot-daemon;
-
-allow cpboot-daemon cgroup:dir { create add_name };
-allow cpboot-daemon device:dir { write remove_name add_name };
-allow cpboot-daemon efs_block_device:blk_file { read open };
-allow cpboot-daemon efs_device_file:dir search;
-allow cpboot-daemon efs_file:file { read write open };
-allow cpboot-daemon init:unix_stream_socket connectto;
-allow cpboot-daemon log_device:chr_file { write open };
-allow cpboot-daemon log_device:dir search;
-allow cpboot-daemon property_socket:sock_file write;
-allow cpboot-daemon radio_device:chr_file { read write ioctl open };
-allow cpboot-daemon radio_prop:property_service set;
-allow cpboot-daemon self:capability { setuid };
-allow cpboot-daemon sysfs_radio:file { read write open };
-allow cpboot-daemon usbfs:dir search;
-allow cpboot-daemon self:capability dac_override;
-allow cpboot-daemon cbd_device:chr_file create_file_perms;
-
-# FIX ME
-# allow cpboot-daemon usbfs:filesystem mount;
-# allow cpboot-daemon self:capability { mknod };
-
diff --git a/selinux/device.te b/selinux/device.te
index 854958d..5ab8206 100644
--- a/selinux/device.te
+++ b/selinux/device.te
@@ -2,3 +2,4 @@ type rfkill_device, dev_type;
 type efs_block_device, dev_type;
 type hpd_device, dev_type;
 type mfc_device, dev_type;
+type radio_block_device, dev_type;
diff --git a/selinux/file.te b/selinux/file.te
index 12b280a..f5edd1a 100644
--- a/selinux/file.te
+++ b/selinux/file.te
@@ -8,4 +8,3 @@ type efs_device_file, file_type;
 type radio_data, file_type;
 type sysfs_radio, fs_type, sysfs_type;
 type sysfs_sensor, fs_type, sysfs_type;
-type cbd_device, dev_type;
diff --git a/selinux/file_contexts b/selinux/file_contexts
index fc824b3..275f005 100644
--- a/selinux/file_contexts
+++ b/selinux/file_contexts
@@ -10,7 +10,6 @@
 /dev/umts_ipc0                          u:object_r:radio_device:s0
 /dev/umts_ramdump0                      u:object_r:radio_device:s0
 /dev/umts_rfs0                          u:object_r:radio_device:s0
-/dev/__cbd_msg_                         u:object_r:cbd_device:s0
 
 /efs                                    u:object_r:efs_device_file:s0
 /data/misc/radio(/.*)?                  u:object_r:radio_data:s0
@@ -23,6 +22,7 @@
 /dev/block/mmcblk0p12                   u:object_r:cache_block_device:s0
 /dev/block/mmcblk0p13                   u:object_r:system_block_device:s0
 /dev/block/mmcblk0p16                   u:object_r:userdata_block_device:s0
+/dev/block/mmcblk0p10                   u:object_r:radio_block_device:s0
 
 # Camera
 /data/ISP_CV                            u:object_r:camera_data_file:s0
diff --git a/selinux/init.te b/selinux/init.te
index c7393a9..bf85834 100644
--- a/selinux/init.te
+++ b/selinux/init.te
@@ -10,4 +10,3 @@ allow init sysfs_sensor:lnk_file { setattr read };
 allow init rild:process noatsecure;
 
 domain_trans(init, rootfs, gpsd)
-domain_trans(init, rootfs, cpboot-daemon)
diff --git a/selinux/rild.te b/selinux/rild.te
index 5da4924..9d42136 100644
--- a/selinux/rild.te
+++ b/selinux/rild.te
@@ -11,6 +11,7 @@ allow rild log_device:chr_file w_file_perms;
 allow rild system_file:file execmod;
 allow rild radio_data:file create_file_perms;
 allow rild radio_data:dir create_dir_perms;
+allow rild radio_block_device:blk_file r_file_perms;
 
 allow rild radio_device:chr_file rw_file_perms;
 allow rild efs_block_device:blk_file rw_file_perms;
@@ -18,3 +19,5 @@ allow rild efs_file:file { read open write setattr };
 
 allow rild efs_device_file:dir create_dir_perms;
 allow rild efs_device_file:file { setattr create create_file_perms };
+
+allow rild sysfs_radio:file { read write open };
diff --git a/selinux/system_server.te b/selinux/system_server.te
index 789d734..8a52ff2 100644
--- a/selinux/system_server.te
+++ b/selinux/system_server.te
@@ -24,6 +24,10 @@ allow system_server wifi_data_file:file { read open };
 
 allow system_server radio_data:dir r_dir_perms;
 
+# wifi firmware
+allow system_server firmware_exynos:dir { open read search };
+allow system_server firmware_exynos:file { open read };
+
 allow system_server gpsd:binder transfer;
 type_transition system_server system_data_file:fifo_file gps_data_file ".gps.interface.pipe.to_jni";
 
-- 
cgit v1.2.3