From 2bcc02a461d87b50abca12bac8e400c3da4fa033 Mon Sep 17 00:00:00 2001
From: Daniel Hillenbrand <codeworkx@cyanogenmod.org>
Date: Sun, 11 Aug 2013 18:05:38 +0200
Subject: p51xx: refine sepolicies

Change-Id: I5e321acb556fa13a8d90c0ea7460272b841037f5
---
 rootdir/init.espresso10.rc | 15 +++++++++++++++
 selinux/file_contexts      |  5 -----
 selinux/pvrsrvinit.te      |  1 +
 selinux/rild.te            |  5 +----
 4 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/rootdir/init.espresso10.rc b/rootdir/init.espresso10.rc
index 0c1b0ce..900ec72 100755
--- a/rootdir/init.espresso10.rc
+++ b/rootdir/init.espresso10.rc
@@ -49,6 +49,21 @@ on fs
 
     mount debugfs /sys/kernel/debug /sys/kernel/debug
 
+# Restorecon
+    restorecon /efs/nv_data.bin
+    restorecon /efs/nv_data.bin.md5
+    restorecon /efs/.nv_core.bak
+    restorecon /efs/.nv_core.bak.md5
+    restorecon /efs/.nv_data.bak
+    restorecon /efs/.nv_data.bak.md5
+    restorecon /efs/.nv_state
+    restorecon /efs/bluetooth/bt_addr
+    restorecon /efs/FactoryApp/factorymode
+    restorecon /efs/FactoryApp/hw_ver
+    restorecon /efs/FactoryApp/keystr
+    restorecon /efs/FactoryApp/serial_no
+    restorecon /efs/imei/mps_code.dat
+
 # pvr module
     insmod /system/lib/modules/pvrsrvkm_sgx540_120.ko
 
diff --git a/selinux/file_contexts b/selinux/file_contexts
index 027c2de..a64887a 100644
--- a/selinux/file_contexts
+++ b/selinux/file_contexts
@@ -11,11 +11,6 @@
 
 /dev/block/mmcblk0p8                        u:object_r:efs_block_device:s0
 
-/efs/imei/mps_code.dat                      u:object_r:radio_data_file:s0
-/efs/nv_data.bin                            u:object_r:radio_data_file:s0
-/efs/nv_data.bin.md5                        u:object_r:radio_data_file:s0
-/efs/upgaddr                                u:object_r:efs_file:s0
-
 # Bluetooth
 /dev/ttyO1                                  u:object_r:hci_attach_dev:s0
 /efs/bluetooth/(/.*)?                       u:object_r:bluetooth_efs_file:s0
diff --git a/selinux/pvrsrvinit.te b/selinux/pvrsrvinit.te
index 1ef06ff..d35bac9 100644
--- a/selinux/pvrsrvinit.te
+++ b/selinux/pvrsrvinit.te
@@ -10,3 +10,4 @@ allow pvrsrvinit system_file:file x_file_perms;
 allow pvrsrvinit shell_exec:file rx_file_perms;
 allow pvrsrvinit pvrsrvinit_exec:file rx_file_perms;
 allow pvrsrvinit property_socket:sock_file write;
+allow pvrsrvinit init:unix_stream_socket connectto;
diff --git a/selinux/rild.te b/selinux/rild.te
index 5711ef0..40406e3 100644
--- a/selinux/rild.te
+++ b/selinux/rild.te
@@ -3,8 +3,5 @@ allow rild self:netlink_route_socket { write };
 allow rild self:netlink_kobject_uevent_socket { create bind read write };
 
 allow rild radio_device:chr_file rw_file_perms;
-
 allow rild efs_block_device:blk_file rw_file_perms;
-
-allow rild radio_data_file:file { read open write setattr };
-allow rild efs_file:file { read open write getattr };
+allow rild efs_file:file { read open write setattr };
-- 
cgit v1.1