Make SELinux policies more 4.4 compatible

Change-Id: I8494f924f1d979fe88eae60ffc118cf34a90184c

6 files changed, 7 insertions, 7 deletions

diff --git a/selinux/device.te b/selinux/device.te
index cca8ee1..6de8078 100644
--- a/selinux/device.te
+++ b/selinux/device.te
@@ -1,3 +1,2 @@
-type mali_device, dev_type, mlstrustedobject;
 type rfkill_device, dev_type;
 type efs_block_device, dev_type;
diff --git a/selinux/domain.te b/selinux/domain.te
index 24e0951..ed8e129 100644
--- a/selinux/domain.te
+++ b/selinux/domain.te
@@ -1,6 +1,3 @@
-## /dev/mali, /dev/ump
-allow domain mali_device:chr_file rw_file_perms;
-
 ## /dev/rfkill for wpa_supp
 allow wpa rfkill_device:chr_file rw_file_perms;
 
diff --git a/selinux/drmserver.te b/selinux/drmserver.te
new file mode 100644
index 0000000..a456bbf
--- /dev/null
+++ b/selinux/drmserver.te
@@ -0,0 +1 @@
+allow drmserver sdcard_external:file open;
diff --git a/selinux/file_contexts b/selinux/file_contexts
index 3b9f7bc..3dc49e7 100644
--- a/selinux/file_contexts
+++ b/selinux/file_contexts
@@ -1,7 +1,7 @@
 # GFX
-/dev/mali                               u:object_r:mali_device:s0
-/dev/ump                                u:object_r:mali_device:s0
-/dev/fimg2d                             u:object_r:mali_device:s0
+/dev/mali                               u:object_r:graphics_device:s0
+/dev/ump                                u:object_r:graphics_device:s0
+/dev/fimg2d                             u:object_r:graphics_device:s0
 
 # RIL
 /dev/umts_boot0                         u:object_r:radio_device:s0
diff --git a/selinux/ueventd.te b/selinux/ueventd.te
new file mode 100644
index 0000000..95a5698
--- /dev/null
+++ b/selinux/ueventd.te
@@ -0,0 +1,2 @@
+allow ueventd sdcard_external:dir search;
+allow ueventd sdcard_external:file r_file_perms;
diff --git a/selinux/vold.te b/selinux/vold.te
new file mode 100644
index 0000000..d179865
--- /dev/null
+++ b/selinux/vold.te
@@ -0,0 +1 @@
+allow vold sdcard_external:file rw_file_perms;