i9300: M sepolicy bringup

GPS fixes taken from grouper:
https://github.com/CyanogenMod/android_device_asus_grouper/commit/9651b24fb481bf0fc1db3b1d700033cf66eb067e
and
https://github.com/CyanogenMod/android_device_asus_grouper/commit/f5592571d581478622f0fc3f86fbbddf20cf89c7

Change-Id: I7ec658691c65c3b6c087ee41ba69f2cb37ade525

1 files changed, 25 insertions, 0 deletions

diff --git a/selinux/cpboot-daemon.te b/selinux/cpboot-daemon.te
new file mode 100644
index 0000000..9974ff2
--- /dev/null
+++ b/selinux/cpboot-daemon.te
@@ -0,0 +1,25 @@
+type cpboot-daemon, domain;
+
+permissive cpboot-daemon;
+
+allow cpboot-daemon cgroup:dir { create add_name };
+allow cpboot-daemon device:dir { write remove_name add_name };
+allow cpboot-daemon efs_block_device:blk_file { read open };
+allow cpboot-daemon efs_device_file:dir search;
+allow cpboot-daemon efs_file:file { read write open };
+allow cpboot-daemon init:unix_stream_socket connectto;
+allow cpboot-daemon log_device:chr_file { write open };
+allow cpboot-daemon log_device:dir search;
+allow cpboot-daemon property_socket:sock_file write;
+allow cpboot-daemon radio_device:chr_file { read write ioctl open };
+allow cpboot-daemon radio_prop:property_service set;
+allow cpboot-daemon self:capability { setuid };
+allow cpboot-daemon sysfs_radio:file { read write open };
+allow cpboot-daemon usbfs:dir search;
+allow cpboot-daemon self:capability dac_override;
+allow cpboot-daemon cbd_device:chr_file create_file_perms;
+
+# FIX ME
+# allow cpboot-daemon usbfs:filesystem mount;
+# allow cpboot-daemon self:capability { mknod };
+