kona : selinux update

Change-Id: I29e006b5bdb1a72455e830a083d122aeae40b2f3

6 files changed, 13 insertions, 9 deletions

diff --git a/selinux/at_distributor.te b/selinux/at_distributor.te
index d099d16..16ad482 100644
--- a/selinux/at_distributor.te
+++ b/selinux/at_distributor.te
@@ -18,4 +18,5 @@ allow at_distributor efs_file:file { read open setattr };
 allow at_distributor self:capability { setuid fowner chown fsetid };
 allow at_distributor efs_file:dir search;
 allow at_distributor radio_data_file:dir { search add_name write };
-allow at_distributor efs_file:dir { search getattr };
\ No newline at end of file
+allow at_distributor efs_file:dir { search getattr };
+allow at_distributor radio_data_file:file setattr;
\ No newline at end of file
diff --git a/selinux/cpboot-daemon.te b/selinux/cpboot-daemon.te
index eab7ee6..26b877c 100644
--- a/selinux/cpboot-daemon.te
+++ b/selinux/cpboot-daemon.te
@@ -6,6 +6,8 @@ domain_trans(init, rootfs, cpboot-daemon)
 dontaudit cpboot-daemon usbfs:dir search;
 dontaudit cpboot-daemon usbfs:filesystem mount;
 dontaudit cpboot-daemon self:capability mknod;
+dontaudit cpboot-daemon device:chr_file { read write create unlink open };
+dontaudit cpboot-daemon device:dir { write add_name remove_name };
 
 allow cpboot-daemon cgroup:dir { create add_name };
 allow cpboot-daemon efs_file:file { read write open };
@@ -16,6 +18,4 @@ allow cpboot-daemon radio_prop:property_service set;
 allow cpboot-daemon self:capability { setuid dac_override };
 allow cpboot-daemon sysfs:file write;
 allow cpboot-daemon userdata_block_device:blk_file { read open };
-allow cpboot-daemon efs_file:dir search;
-allow cpboot-daemon efs_file:file { read write };
-allow cpboot-daemon device:dir { write };
\ No newline at end of file
+allow cpboot-daemon efs_file:dir search;
\ No newline at end of file
diff --git a/selinux/file_contexts b/selinux/file_contexts
index 2e11eea..8dc1eab 100644
--- a/selinux/file_contexts
+++ b/selinux/file_contexts
@@ -6,8 +6,8 @@
 /system/bin/orientationd	u:object_r:orientationd_exec:s0
 /system/bin/geomagneticd	u:object_r:geomagneticd_exec:s0
 
-/data/system/yas.cfg		u:object_r:gps_data_file:s0
-/data/system/yas-backup.cfg	u:object_r:gps_data_file:s0
+/efs/bluetooth(/.*)?		u:object_r:bluetooth_data_file:s0
+/data/system/yas(/.*)?		u:object_r:gps_data_file:s0
 /data/system/gps(/.*)?		u:object_r:gps_data_file:s0
 /data/misc/radio(/.*)?		u:object_r:radio_data_file:s0
 /data/.socket_stream		u:object_r:radio_data_file:s0
diff --git a/selinux/system_server.te b/selinux/system_server.te
index 1d1ba9f..8f30fdc 100644
--- a/selinux/system_server.te
+++ b/selinux/system_server.te
@@ -1,5 +1,6 @@
-allow system_server gps_data_file:fifo_file { write read open setattr };
+allow system_server gps_data_file:fifo_file { create write read open setattr };
 allow system_server self:capability sys_module;
 allow system_server efs_file:dir search;
-allow system_server gps_data_file:dir search;
-allow system_server efs_file:file { read write open };
\ No newline at end of file
+allow system_server efs_file:file { read write open };
+allow system_server gps_data_file:file setattr;
+allow system_server gps_data_file:dir { search write add_name };
\ No newline at end of file
diff --git a/selinux/untrusted_app.te b/selinux/untrusted_app.te
index ca9e731..2486863 100644
--- a/selinux/untrusted_app.te
+++ b/selinux/untrusted_app.te
@@ -1,5 +1,6 @@
 allow untrusted_app domain:dir { getattr search };
 allow untrusted_app domain:file { read open };
+allow untrusted_app storage_stub_file:dir getattr;
 # S-Pen detection
 allow untrusted_app input_device:dir { search write open read };
 allow untrusted_app input_device:chr_file { getattr write ioctl read open };
\ No newline at end of file
diff --git a/selinux/vold.te b/selinux/vold.te
new file mode 100644
index 0000000..1f59131
--- /dev/null
+++ b/selinux/vold.te
@@ -0,0 +1 @@
+allow vold efs_file:dir { ioctl open };
\ No newline at end of file