kona-common : update selinux 2

Change-Id: I808eaff869d3f4641cf303c2f93446a00c7b8cef

9 files changed, 13 insertions, 11 deletions

diff --git a/selinux/debuggerd.te b/selinux/debuggerd.te
index f60e6e3..1a03fb4 100644
--- a/selinux/debuggerd.te
+++ b/selinux/debuggerd.te
@@ -1 +1,2 @@
 allow debuggerd log_device:chr_file { read open };
+allow debuggerd log_device:dir search;
diff --git a/selinux/dex2oat.te b/selinux/dex2oat.te
index 52e724a..73bde71 100644
--- a/selinux/dex2oat.te
+++ b/selinux/dex2oat.te
@@ -1,2 +1,3 @@
 allow dex2oat kernel:system module_request;
 allow dex2oat log_device:chr_file { write open };
+allow dex2oat log_device:dir search;
diff --git a/selinux/init.te b/selinux/init.te
index 62841da..aac9a68 100644
--- a/selinux/init.te
+++ b/selinux/init.te
@@ -4,9 +4,4 @@ allow init init:tcp_socket { read write create };
 allow init port:tcp_socket name_connect;
 allow init self:tcp_socket { read write getopt connect };
 allow init kernel:system syslog_read;
-allow init kernel:system module_request;
-allow init log_device:chr_file write;
-allow init property_socket:sock_file write;
-allow init ril_device:chr_file write;
-allow init sdcardd_exec:file { read execute open getattr execute_no_trans };
 allow init system_file:file execute_no_trans;
diff --git a/selinux/platform_app.te b/selinux/platform_app.te
index 717139a..815dfd0 100644
--- a/selinux/platform_app.te
+++ b/selinux/platform_app.te
@@ -1 +1,3 @@
 allow platform_app log_device:chr_file write;
+allow platform_app kernel:system module_request;
+allow platform_app log_device:dir search;
diff --git a/selinux/shell.te b/selinux/shell.te
deleted file mode 100644
index aff526f..0000000
--- a/selinux/shell.te
+++ /dev/null
@@ -1,3 +0,0 @@
-# allow shell dalvikcache_data_file:file write;
-allow shell kernel:system module_request;
-
diff --git a/selinux/system_app.te b/selinux/system_app.te
index 8422942..ef29468 100644
--- a/selinux/system_app.te
+++ b/selinux/system_app.te
@@ -1,2 +1,6 @@
 allow system_app log_device:chr_file write;
+<<<<<<< HEAD
 allow system_app sysfs:file write;
+=======
+# allow system_app sysfs:file write;
+>>>>>>> c4949ef... kona-common : update selinux 2
diff --git a/selinux/system_server.te b/selinux/system_server.te
index f1456dc..c8fa3e4 100644
--- a/selinux/system_server.te
+++ b/selinux/system_server.te
@@ -1,5 +1,5 @@
 allow system_server efs_file:dir search;
 # allow system_server default_prop:property_service set;
-allow system_server dex2oat_exec:file { read execute open execute_no_trans };
-allow system_server log_device:chr_file { write open };
+allow system_server dex2oat_exec:file execute;
+allow system_server log_device:dir search;
 allow system_server system_file:file execmod;
diff --git a/selinux/untrusted_app.te b/selinux/untrusted_app.te
index b4f8b51..369e87a 100644
--- a/selinux/untrusted_app.te
+++ b/selinux/untrusted_app.te
@@ -1,4 +1,4 @@
 allow untrusted_app unlabeled:file getattr;
 allow untrusted_app efs_file:dir getattr;
 allow untrusted_app kernel:system module_request;
-allow untrusted_app log_device:chr_file { write open };
+allow untrusted_app log_device:dir search;
diff --git a/selinux/wpa.te b/selinux/wpa.te
index 09bbb8f..27e1c1a 100644
--- a/selinux/wpa.te
+++ b/selinux/wpa.te
@@ -1 +1,3 @@
 allow wpa log_device:chr_file { write open };
+allow wpa log_device:dir search;
+