WIP: sepolicy: Workaround for Android 11 support

Change-Id: Ie71efafebea2b9e428bc77285818ac255daac994

sepolicy/file_contexts

@@ -15,18 +15,18 @@
 /dev/msm_vpe_standalone                                                           u:object_r:video_device:s0
 /dev/smd2                                                                         u:object_r:hci_attach_dev:s0
 /dev/smd3                                                                         u:object_r:hci_attach_dev:s0
-/dev/smd([0-9])+                                                                  u:object_r:smd_device:s0
+#/dev/smd([0-9])+                                                                  u:object_r:smd_device:s0
 /dev/smdcntl[0-7]                                                                 u:object_r:radio_device:s0
 /dev/socket/tad                                                                   u:object_r:tad_socket:s0
 /dev/socket/wifihal(/.*)?                                                         u:object_r:wifihal_socket:s0
 /dev/stune(/.*)?                                                                  u:object_r:cgroup:s0
 
 # /system
 /system/bin/hci_qcomm_init                                                        u:object_r:hci_attach_exec:s0
-/system/bin/irsc_util                                                             u:object_r:irsc_util_exec:s0
-/system/bin/netmgrd                                                               u:object_r:netmgrd_exec:s0
-/system/bin/qmuxd                                                                 u:object_r:qmuxd_exec:s0
-/system/bin/rmt_storage                                                           u:object_r:rmt_storage_exec:s0
+#/system/bin/irsc_util                                                             u:object_r:irsc_util_exec:s0
+#/system/bin/netmgrd                                                               u:object_r:netmgrd_exec:s0
+#/system/bin/qmuxd                                                                 u:object_r:qmuxd_exec:s0
+#/system/bin/rmt_storage                                                           u:object_r:rmt_storage_exec:s0
 /system/bin/secchand                                                              u:object_r:secchand_exec:s0
 /system/bin/ta_qmi_service                                                        u:object_r:ta_qmi_service_exec:s0
 /system/bin/updatemiscta                                                          u:object_r:updatemiscta_exec:s0
@@ -73,10 +73,10 @@
 /sys/devices/i2c-10/10-0047/sequencer([1-3])+_run_mode                            u:object_r:sysfs_leds:s0
 /sys/devices/i2c-10/10-0047/sequencer_load                                        u:object_r:sysfs_leds:s0
 /sys/devices/i2c-10/10-0053(/.*)?                                                 u:object_r:sysfs_camera_torch:s0
-/sys/devices/i2c-12/12-0019/pollrate_ms                                           u:object_r:sysfs_sensors:s0
-/sys/devices/i2c-12/12-0019/power/autosuspend_delay_ms                            u:object_r:sysfs_sensors:s0
-/sys/devices/i2c-12/12-006b/pollrate_ms                                           u:object_r:sysfs_sensors:s0
-/sys/devices/i2c-12/12-006b/range                                                 u:object_r:sysfs_sensors:s0
+#/sys/devices/i2c-12/12-0019/pollrate_ms                                           u:object_r:sysfs_sensors:s0
+#/sys/devices/i2c-12/12-0019/power/autosuspend_delay_ms                            u:object_r:sysfs_sensors:s0
+#/sys/devices/i2c-12/12-006b/pollrate_ms                                           u:object_r:sysfs_sensors:s0
+#/sys/devices/i2c-12/12-006b/range                                                 u:object_r:sysfs_sensors:s0
 /sys/devices/i2c-12/12-0054(/.*)?                                                 u:object_r:sysfs_proximity_sensor:s0
 /sys/devices/i2c-.*/name                                                          u:object_r:sysfs_i2c_name:s0
 /sys/devices/i2c-.*/.*-.*/name                                                    u:object_r:sysfs_i2c_name:s0
@@ -100,18 +100,18 @@
 /sys/devices/platform/msm_sharedmem/uio(/.*)?                                     u:object_r:sysfs_rmtfs:s0
 /sys/devices/platform/msmgpio/gpio(/.*)?                                          u:object_r:sysfs_gpio:s0
 /sys/devices/platform/wcnss_wlan.0/serial_number                                  u:object_r:sysfs_mac_serial:s0
-/sys/devices/platform/wcnss_wlan.0/wcnss_mac_addr                                 u:object_r:sysfs_mac_address:s0
+#/sys/devices/platform/wcnss_wlan.0/wcnss_mac_addr                                 u:object_r:sysfs_mac_address:s0
 /sys/devices/system/soc/soc0/hw_platform                                          u:object_r:sysfs_system_soc:s0
 /sys/devices/system/soc/soc0/id                                                   u:object_r:sysfs_system_soc:s0
-/sys/devices/virtual/graphics/fb([0-3])+/format_3d                                u:object_r:sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/msm_fb_fps_level                         u:object_r:sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/video_mode                               u:object_r:sysfs_graphics:s0
+#/sys/devices/virtual/graphics/fb([0-3])+/format_3d                                u:object_r:sysfs_graphics:s0
+#/sys/devices/virtual/graphics/fb([0-3])+/msm_fb_fps_level                         u:object_r:sysfs_graphics:s0
+#/sys/devices/virtual/graphics/fb([0-3])+/video_mode                               u:object_r:sysfs_graphics:s0
 /sys/devices/virtual/input                                                        u:object_r:sysfs_input_devices:s0
-/sys/devices/virtual/input/input[0-9]+/interval                                   u:object_r:sysfs_sensors:s0
+#/sys/devices/virtual/input/input[0-9]+/interval                                   u:object_r:sysfs_sensors:s0
 /sys/devices/virtual/input/input[0-9]+/name                                       u:object_r:sysfs_input_devices:s0
-/sys/devices/virtual/input/input[0-9]+/registers                                  u:object_r:sysfs_sensors:s0
+#/sys/devices/virtual/input/input[0-9]+/registers                                  u:object_r:sysfs_sensors:s0
 /sys/devices/virtual/timed_output/vibrator/level                                  u:object_r:sysfs_vibrator:s0
-/sys/module/cpu_boost/parameters(/.*)?                                            u:object_r:sysfs_cpu_boost:s0
+#/sys/module/cpu_boost/parameters(/.*)?                                            u:object_r:sysfs_cpu_boost:s0
 /sys/module/hci_smd/parameters/hcismd_set                                         u:object_r:sysfs_bluetooth_control:s0
 /sys/module/msm_thermal/core_control/enabled                                      u:object_r:sysfs_thermal_control:s0
 /sys/module/msm_thermal/parameters/enabled                                        u:object_r:sysfs_thermal_control:s0

sepolicy/flags_health_check.te

@@ -1,119 +0,0 @@
-get_prop(flags_health_check, alarm_boot_prop)
-get_prop(flags_health_check, alarm_handled_prop)
-get_prop(flags_health_check, alarm_instance_prop)
-get_prop(flags_health_check, apexd_prop)
-get_prop(flags_health_check, bg_boot_complete_prop)
-get_prop(flags_health_check, bg_daemon_prop)
-get_prop(flags_health_check, bluetooth_prop)
-get_prop(flags_health_check, boot_animation_prop)
-get_prop(flags_health_check, boot_mode_prop)
-get_prop(flags_health_check, bootloader_boot_reason_prop)
-get_prop(flags_health_check, boottime_prop)
-get_prop(flags_health_check, bpf_progs_loaded_prop)
-get_prop(flags_health_check, bservice_prop)
-get_prop(flags_health_check, camera_prop)
-get_prop(flags_health_check, coresight_prop)
-get_prop(flags_health_check, crash_prop)
-get_prop(flags_health_check, ctl_adbd_prop)
-get_prop(flags_health_check, ctl_bootanim_prop)
-get_prop(flags_health_check, ctl_bugreport_prop)
-get_prop(flags_health_check, ctl_console_prop)
-get_prop(flags_health_check, ctl_default_prop)
-get_prop(flags_health_check, ctl_dumpstate_prop)
-get_prop(flags_health_check, ctl_fuse_prop)
-get_prop(flags_health_check, ctl_gsid_prop)
-get_prop(flags_health_check, ctl_hbtp_prop)
-get_prop(flags_health_check, ctl_interface_restart_prop)
-get_prop(flags_health_check, ctl_interface_start_prop)
-get_prop(flags_health_check, ctl_interface_stop_prop)
-get_prop(flags_health_check, ctl_LKCore_prop)
-get_prop(flags_health_check, ctl_mdnsd_prop)
-get_prop(flags_health_check, ctl_netmgrd_prop)
-get_prop(flags_health_check, ctl_port-bridge_prop)
-get_prop(flags_health_check, ctl_qmuxd_prop)
-get_prop(flags_health_check, ctl_restart_prop)
-get_prop(flags_health_check, ctl_rildaemon_prop)
-get_prop(flags_health_check, ctl_sigstop_prop)
-get_prop(flags_health_check, ctl_start_prop)
-get_prop(flags_health_check, ctl_stop_prop)
-get_prop(flags_health_check, ctl_thermal-engine_prop)
-get_prop(flags_health_check, ctl_vendor_imsrcsservice_prop)
-get_prop(flags_health_check, ctl_vendor_wigigsvc_prop)
-get_prop(flags_health_check, device_logging_prop)
-get_prop(flags_health_check, diag_mdlog_prop)
-get_prop(flags_health_check, dolby_prop)
-get_prop(flags_health_check, dumpstate_options_prop)
-get_prop(flags_health_check, dynamic_system_prop)
-get_prop(flags_health_check, firstboot_prop)
-get_prop(flags_health_check, fm_prop)
-get_prop(flags_health_check, freq_prop)
-get_prop(flags_health_check, fst_prop)
-get_prop(flags_health_check, gamed_prop)
-get_prop(flags_health_check, graphics_vulkan_prop)
-get_prop(flags_health_check, gsid_prop)
-get_prop(flags_health_check, heapprofd_enabled_prop)
-get_prop(flags_health_check, hwservicemanager_prop)
-get_prop(flags_health_check, hwui_prop)
-get_prop(flags_health_check, ipacm_prop)
-get_prop(flags_health_check, ipacm-diag_prop)
-get_prop(flags_health_check, ipacm)
-get_prop(flags_health_check, last_boot_reason_prop)
-get_prop(flags_health_check, llkd_prop)
-get_prop(flags_health_check, location_prop)
-get_prop(flags_health_check, logpersistd_logging_prop)
-get_prop(flags_health_check, lowpan_prop)
-get_prop(flags_health_check, lpdumpd_prop)
-get_prop(flags_health_check, mdm_helper_prop)
-get_prop(flags_health_check, mmc_prop)
-get_prop(flags_health_check, mmi_prop)
-get_prop(flags_health_check, mpdecision_prop)
-get_prop(flags_health_check, msm_irqbalance_prop)
-get_prop(flags_health_check, msm_irqbl_sdm630_prop)
-get_prop(flags_health_check, net_dns_prop)
-get_prop(flags_health_check, netd_prop)
-get_prop(flags_health_check, netd_stable_secret_prop)
-get_prop(flags_health_check, nfc_nq_prop)
-get_prop(flags_health_check, nnapi_ext_deny_product_prop)
-get_prop(flags_health_check, opengles_prop)
-get_prop(flags_health_check, overlay_prop)
-get_prop(flags_health_check, per_mgr_state_prop)
-get_prop(flags_health_check, perfd_prop)
-get_prop(flags_health_check, persistent_properties_ready_prop)
-get_prop(flags_health_check, postprocessing_prop)
-get_prop(flags_health_check, ppd_prop)
-get_prop(flags_health_check, qcom_ims_prop)
-get_prop(flags_health_check, qdma_prop)
-get_prop(flags_health_check, qemu_gles_prop)
-get_prop(flags_health_check, qti_prop)
-get_prop(flags_health_check, reschedule_service_prop)
-get_prop(flags_health_check, rmnet_mux_prop)
-get_prop(flags_health_check, safemode_prop)
-get_prop(flags_health_check, scr_enabled_prop)
-get_prop(flags_health_check, sdm_idle_time_prop)
-get_prop(flags_health_check, sensors_prop)
-get_prop(flags_health_check, serialno_prop)
-get_prop(flags_health_check, spcomlib_prop)
-get_prop(flags_health_check, sys_usb_configfs_prop)
-get_prop(flags_health_check, sys_usb_controller_prop)
-get_prop(flags_health_check, sys_usb_tethering_prop)
-get_prop(flags_health_check, system_boot_reason_prop)
-get_prop(flags_health_check, system_lmk_prop)
-get_prop(flags_health_check, system_trace_prop)
-get_prop(flags_health_check, test_boot_reason_prop)
-get_prop(flags_health_check, theme_prop)
-get_prop(flags_health_check, time_prop)
-get_prop(flags_health_check, traced_enabled_prop)
-get_prop(flags_health_check, traced_lazy_prop)
-get_prop(flags_health_check, uicc_prop)
-get_prop(flags_health_check, updatemiscta_prop)
-get_prop(flags_health_check, usf_prop)
-get_prop(flags_health_check, vendor_mpctl_prop)
-get_prop(flags_health_check, vendor_rild_libpath_prop)
-get_prop(flags_health_check, vendor_system_prop)
-get_prop(flags_health_check, vendor_wifi_prop)
-get_prop(flags_health_check, vendor_wifi_version)
-get_prop(flags_health_check, vm_bms_prop)
-get_prop(flags_health_check, wifi_prop)
-get_prop(flags_health_check, wififtmd_prop)
-get_prop(flags_health_check, wigig_prop)
-get_prop(flags_health_check, xlat_prop)

sepolicy/fm_dl.te

@@ -5,13 +5,13 @@ init_daemon_domain(fm_dl)
 
 get_prop(fm_dl, bluetooth_prop)
 
-set_prop(fm_dl, fm_prop)
+#set_prop(fm_dl, fm_prop)
 
 #============= fm_dl ==============
-allow fm_dl fm_data_file:dir ra_dir_perms;
-allow fm_dl fm_data_file:file create_file_perms;
-allow fm_dl fm_radio_device:chr_file r_file_perms;
+#allow fm_dl fm_data_file:dir ra_dir_perms;
+#allow fm_dl fm_data_file:file create_file_perms;
+#allow fm_dl fm_radio_device:chr_file r_file_perms;
 allow fm_dl shell_exec:file { entrypoint getattr read };
-allow fm_dl sysfs_fm:file w_file_perms;
+#allow fm_dl sysfs_fm:file w_file_perms;
 allow fm_dl system_file:file execute_no_trans;
 allow fm_dl toolbox_exec:file rx_file_perms;

sepolicy/hal_gnss_default.te

@@ -1,16 +1,16 @@
 vndbinder_use(hal_gnss_default)
 
 #============= hal_gnss_default ==============
-allow hal_gnss_default diag_device:chr_file { open read write };
-allow hal_gnss_default qmuxd:unix_stream_socket connectto;
-allow hal_gnss_default qmuxd_socket:dir { add_name search write };
-allow hal_gnss_default qmuxd_socket:sock_file { create setattr write };
+#allow hal_gnss_default diag_device:chr_file { open read write };
+#allow hal_gnss_default qmuxd:unix_stream_socket connectto;
+#allow hal_gnss_default qmuxd_socket:dir { add_name search write };
+#allow hal_gnss_default qmuxd_socket:sock_file { create setattr write };
 allow hal_gnss_default self:netlink_socket { bind create read write };
 allow hal_gnss_default self:socket rw_socket_perms_no_ioctl;
 allow hal_gnss_default self:socket { create ioctl };
-allow hal_gnss_default sysfs_sensors:file { getattr open read };
+#allow hal_gnss_default sysfs_sensors:file { getattr open read };
 allow hal_gnss_default sysfs_system_soc:file { getattr open read };
 allow hal_gnss_default system_data_file:dir { add_name create write };
 allow hal_gnss_default system_data_file:file { create getattr open read write };
-allowxperm hal_gnss_default self:socket ioctl msm_sock_ipc_ioctls;
+#allowxperm hal_gnss_default self:socket ioctl msm_sock_ipc_ioctls;
 dontaudit hal_gnss_default self:udp_socket create;

sepolicy/hal_sensors_default.te

@@ -9,7 +9,7 @@ allow hal_sensors_default sysfs_input_devices:dir { open read search };
 allow hal_sensors_default sysfs_input_devices:file { open read };
 allow hal_sensors_default sysfs_proximity_sensor:dir search;
 allow hal_sensors_default sysfs_proximity_sensor:file { open read write };
-allow hal_sensors_default sysfs_sensors:file { getattr open read write };
+#allow hal_sensors_default sysfs_sensors:file { getattr open read write };
 allow hal_sensors_default sysfs_system_soc:file { read };
 allow hal_sensors_default system_data_file:dir { add_name write };
 allow hal_sensors_default system_data_file:file { create getattr open read write };

sepolicy/init.te

@@ -2,26 +2,26 @@
 allow init camera_data_file:file getattr;
 allow init debugfs:dir mounton;
 allow init functionfs:dir mounton;
-allow init qti_debugfs:dir relabelfrom;
-allow init qti_debugfs:file relabelfrom;
+#allow init qti_debugfs:dir relabelfrom;
+#allow init qti_debugfs:file relabelfrom;
 allow init sysfs_batteryinfo:file { open setattr write };
 allow init sysfs_block_iosched:file write;
 allow init sysfs_bluetooth_control:file setattr;
 allow init sysfs_camera_torch:file setattr;
-allow init sysfs_cpu_boost:file { open setattr write };
+#allow init sysfs_cpu_boost:file { open setattr write };
 allow init sysfs_devices_system_cpu:file write;
 allow init sysfs_disk_polling:file { setattr write };
-allow init sysfs_fm:file setattr;
+#allow init sysfs_fm:file setattr;
 allow init sysfs_glove_mode:file { open setattr write };
 allow init sysfs_leds:file setattr;
 allow init sysfs_mhl:file setattr;
 allow init sysfs_power_control:file { open write };
 allow init sysfs_proximity_sensor:file setattr;
-allow init sysfs_sensors:file setattr;
-allow init sysfs_graphics:file setattr;
+#allow init sysfs_sensors:file setattr;
+#allow init sysfs_graphics:file setattr;
 allow init sysfs_thermal:file { open setattr write };
 allow init sysfs_thermal_control:file { open write };
 allow init sysfs_usb:file write;
 allow init sysfs_wcnss_ssr:file { open setattr write };
 allow init sysfs_wlan_fwpath:file setattr;
-allow init wlan_device:chr_file write;
+#allow init wlan_device:chr_file write;

sepolicy/macaddrsetup.te

@@ -10,4 +10,4 @@ allow macaddrsetup bluetooth_data_file:dir { add_name search write };
 allow macaddrsetup bluetooth_data_file:file { create getattr open setattr write };
 allow macaddrsetup self:capability { chown fowner fsetid };
 allow macaddrsetup sysfs_mac_serial:file { getattr open write };
-allow macaddrsetup sysfs_mac_address:file { getattr open write };
+#allow macaddrsetup sysfs_mac_address:file { getattr open write };

sepolicy/mediacodec.te

@@ -1 +0,0 @@
-get_prop(mediacodec, camera_prop)

sepolicy/mediaserver.te

@@ -1,7 +1,7 @@
 #============= mediaserver ==============
 allow mediaserver audio_device:chr_file { ioctl open read write };
-allow mediaserver camera_socket:dir { add_name search write };
-allow mediaserver camera_socket:file { create getattr open read write };
+#allow mediaserver camera_socket:dir { add_name search write };
+#allow mediaserver camera_socket:file { create getattr open read write };
 allow mediaserver sensorservice_service:service_manager find;
 allow mediaserver sysfs_als:file { getattr open read write };
 allow mediaserver sysfs_batteryinfo:dir search;

sepolicy/netmgrd.te

@@ -1,3 +1,3 @@
 #============= netmgrd ==============
-allow netmgrd diag_device:chr_file rw_file_perms;
-r_dir_file(netmgrd, net_data_file)
+#allow netmgrd diag_device:chr_file rw_file_perms;
+#r_dir_file(netmgrd, net_data_file)

sepolicy/property_contexts

@@ -1,4 +1,4 @@
 # property service keys
-camera.0.                                                                         u:object_r:camera_prop:s0
-camera.1.                                                                         u:object_r:camera_prop:s0
+#camera.0.                                                                         u:object_r:camera_prop:s0
+#camera.1.                                                                         u:object_r:camera_prop:s0
 persist.tareset.notfirstboot                                                      u:object_r:updatemiscta_prop:s0

sepolicy/qmuxd.te

@@ -1,5 +1,5 @@
 #============= qmuxd ==============
-allow qmuxd diag_device:chr_file rw_file_perms;
-allow qmuxd qmuxd_socket:dir w_dir_perms;
-allow qmuxd qmuxd_socket:sock_file create_file_perms;
-allow qmuxd radio_device:chr_file rw_file_perms;
+#allow qmuxd diag_device:chr_file rw_file_perms;
+#allow qmuxd qmuxd_socket:dir w_dir_perms;
+#allow qmuxd qmuxd_socket:sock_file create_file_perms;
+#allow qmuxd radio_device:chr_file rw_file_perms;

sepolicy/radio.te

@@ -1,4 +1,4 @@
-qmux_socket(radio)
+#qmux_socket(radio)
 
 #============= radio ==============
 allow radio sysfs_thermal:file { getattr open read };

sepolicy/rild.te

@@ -1,3 +1,3 @@
 #============= rild ==============
-allow rild diag_device:chr_file rw_file_perms;
+#allow rild diag_device:chr_file rw_file_perms;
 allow rild proc_cmdline:file { getattr open read };

sepolicy/rmt_storage.te

@@ -1,4 +1,4 @@
 #============= rmt_storage ==============
-allow rmt_storage modem_block_device:blk_file rw_file_perms;
-allow rmt_storage shared_log_device:chr_file rw_file_perms;
-r_dir_file(rmt_storage, sysfs_rmtfs)
+#allow rmt_storage modem_block_device:blk_file rw_file_perms;
+#allow rmt_storage shared_log_device:chr_file rw_file_perms;
+#r_dir_file(rmt_storage, sysfs_rmtfs)