From 89139a1116a4eccd434317b708571bcfc2a23f6c Mon Sep 17 00:00:00 2001
From: mcgi5sr2 <mcgi5sr2@gmail.com>
Date: Tue, 8 Sep 2015 19:05:37 +0100
Subject: i9300 Grouper GPS blobs SElinux update

Change-Id: I3dbb887bd1356a3198a4b4da5aadf95b64920e55
---
 rootdir/init.target.rc    |  3 +++
 selinux/bluetooth.te      |  2 ++
 selinux/file.te           |  2 +-
 selinux/file_contexts     |  6 +++---
 selinux/gpsd.te           |  1 +
 selinux/mediaserver.te    |  4 ++--
 selinux/nfc.te            |  2 +-
 selinux/sysinit.te        |  7 ++++---
 selinux/system_server.te  | 12 ++++++++++++
 selinux/ueventd.te        |  4 ++--
 selinux/wpa_supplicant.te |  1 +
 11 files changed, 32 insertions(+), 12 deletions(-)

diff --git a/rootdir/init.target.rc b/rootdir/init.target.rc
index f75fdb6..e8c2e42 100644
--- a/rootdir/init.target.rc
+++ b/rootdir/init.target.rc
@@ -43,6 +43,9 @@ service cpboot-daemon /sbin/cbd -d
     chmod 0664 /sys/class/sec/gps/GPS_PWR_EN/value
     chown gps system /dev/ttySAC1
     chmod 0660 /dev/ttySAC1
+    restorecon /sys/class/sec/gps/export
+    restorecon /sys/class/sec/gps/GPS_PWR_EN/value
+    restorecon /sys/class/sec/gps/GPS_PWR_EN/direction
 
 # Start GPS daemon
 service gps-daemon /system/bin/glgps -c /system/etc/gps.xml
diff --git a/selinux/bluetooth.te b/selinux/bluetooth.te
index 76e62ea..9d11918 100644
--- a/selinux/bluetooth.te
+++ b/selinux/bluetooth.te
@@ -1,4 +1,6 @@
 allow bluetooth bluetooth_efs_file:dir search;
 allow bluetooth bluetooth_efs_file:file read;
+allow bluetooth firmware_exynos:dir { open read search };
+allow bluetooth firmware_exynos:file { open read };
 allow bluetooth sysfs:file write;
 allow bluetooth efs_device_file:dir search;
diff --git a/selinux/file.te b/selinux/file.te
index 15e8eff..c686d2f 100644
--- a/selinux/file.te
+++ b/selinux/file.te
@@ -1,5 +1,5 @@
 type firmware_mfc, file_type;
-type firmware_camera, file_type;
+type firmware_exynos, file_type;
 
 type sensors_data_file, file_type, data_file_type;
 type sysfs_display, fs_type, sysfs_type;
diff --git a/selinux/file_contexts b/selinux/file_contexts
index 42b5fe4..35e4e99 100644
--- a/selinux/file_contexts
+++ b/selinux/file_contexts
@@ -28,7 +28,7 @@
 
 # GPS
 /dev/ttySAC1                            u:object_r:gps_device:s0
-/system/bin/gpsd                        u:object_r:gpsd_exec:s0
+/system/bin/glgps                       u:object_r:gpsd_exec:s0
 
 # Sensors
 /dev/akm8975                            u:object_r:sensors_device:s0
@@ -39,9 +39,9 @@
 /efs/wifi/.mac.info                     u:object_r:wifi_data_file:s0
 
 # Firmwares
-/system/vendor/firmware(/.*)?           u:object_r:firmware_camera:s0
+/system/vendor/firmware(/.*)?           u:object_r:firmware_exynos:s0
 /system/vendor/firmware/mfc_fw.bin      u:object_r:firmware_mfc:s0
-/data/cfw(/.*)?                         u:object_r:firmware_camera:s0
+/data/cfw(/.*)?                         u:object_r:firmware_exynos:s0
 
 # Vibrator
 /dev/tspdrv                             u:object_r:input_device:s0
diff --git a/selinux/gpsd.te b/selinux/gpsd.te
index 5c7e39c..d58665e 100644
--- a/selinux/gpsd.te
+++ b/selinux/gpsd.te
@@ -1,3 +1,4 @@
+allow gpsd self:process execmem;
 allow gpsd rild:unix_stream_socket connectto;
 allow gpsd system_data_file:fifo_file { create read write setattr open };
 allow gpsd servicemanager:binder call;
diff --git a/selinux/mediaserver.te b/selinux/mediaserver.te
index 6145b7c..43f5b21 100644
--- a/selinux/mediaserver.te
+++ b/selinux/mediaserver.te
@@ -1,5 +1,5 @@
-allow mediaserver { firmware_camera }:file r_file_perms;
-allow mediaserver firmware_camera:dir r_dir_perms;
+allow mediaserver { firmware_exynos }:file r_file_perms;
+allow mediaserver firmware_exynos:dir r_dir_perms;
 allow mediaserver camera_data_file:file rw_file_perms;
 allow mediaserver mfc_device:chr_file rw_file_perms;
 
diff --git a/selinux/nfc.te b/selinux/nfc.te
index b8d1d44..6a6e324 100644
--- a/selinux/nfc.te
+++ b/selinux/nfc.te
@@ -1 +1 @@
-allow nfc firmware_camera:dir search;
+allow nfc firmware_exynos:dir search;
diff --git a/selinux/sysinit.te b/selinux/sysinit.te
index 55e9dc5..0436ffe 100644
--- a/selinux/sysinit.te
+++ b/selinux/sysinit.te
@@ -1,6 +1,7 @@
-allow sysinit firmware_camera:dir { read search open getattr };
+allow sysinit firmware_exynos:dir { read search open getattr };
 allow sysinit userinit_exec:file { getattr execute execute_no_trans read open };
-allow sysinit firmware_camera:dir { read search open getattr write remove_name add_name };
-allow sysinit firmware_camera:file { read open write getattr setattr create unlink };
+allow sysinit firmware_exynos:dir { read search open getattr write remove_name add_name };
+allow sysinit firmware_exynos:file { read open write getattr setattr create unlink };
 allow sysinit sysinit:capability { dac_override chown fowner fsetid };
 allow sysinit unlabeled:dir { search };
+allow sysinit surfaceflinger_exec:file { getattr };
diff --git a/selinux/system_server.te b/selinux/system_server.te
index e42bdd0..a6b65ce 100644
--- a/selinux/system_server.te
+++ b/selinux/system_server.te
@@ -7,6 +7,7 @@ allow system_server sysfs:file { read open write };
 allow system_server self:capability { sys_module };
 
 allow system_server efs_file:dir search;
+allow system_server efs_file:file read;
 allow system_server efs_device_file:dir search;
 allow system_server uhid_device:chr_file { read ioctl write open };
 
@@ -16,3 +17,14 @@ allow system_server wifi_data_file:file { read open };
 allow system_server default_prop:property_service set;
 
 allow system_server gpsd:binder transfer;
+type_transition system_server system_data_file:fifo_file gps_data_file ".gps.interface.pipe.to_jni";
+
+# Access .gps.interface.pipe.to_gpsd.
+allow system_server gps_data_file:dir search;
+allow system_server gps_data_file:fifo_file { write setattr rw_file_perms };
+
+# Access /data/sensors/gps* socket
+allow system_server gps_data_file:sock_file create_file_perms;
+allow system_server gps_data_file:dir rw_dir_perms;
+allow system_server gps_data_file:file rw_file_perms;
+
diff --git a/selinux/ueventd.te b/selinux/ueventd.te
index 1d993e4..8044d34 100644
--- a/selinux/ueventd.te
+++ b/selinux/ueventd.te
@@ -1,4 +1,4 @@
 # Firmwares
 allow ueventd { firmware_mfc }:file r_file_perms;
-allow ueventd { firmware_camera }:dir search;
-allow ueventd { firmware_camera }:file { read getattr open };
+allow ueventd { firmware_exynos }:dir search;
+allow ueventd { firmware_exynos }:file { read getattr open };
diff --git a/selinux/wpa_supplicant.te b/selinux/wpa_supplicant.te
index 6e221e3..c7568f3 100644
--- a/selinux/wpa_supplicant.te
+++ b/selinux/wpa_supplicant.te
@@ -7,4 +7,5 @@ allow wpa wpa_socket:unix_dgram_socket { read write };
 allow wpa_socket system_app:unix_dgram_socket sendto;
 
 allow wpa_socket wifi_data_file:sock_file unlink;
+
 allow wpa rfkill_device:chr_file rw_file_perms;
-- 
cgit v1.1