dragonboard: sepolicy: Add sepolicy rules to fix problems seen adb remount overlays am: a58e74ea06 am: 2372d29d25 am: dc2dc122dc am: e49a40f4f1

Original change: https://android-review.googlesource.com/c/device/linaro/dragonboard/+/2063214

Change-Id: Idb117492bc1f58d27452a9a80cbc3e7121b835e7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

3 files changed, 8 insertions, 1 deletions

diff --git a/sepolicy/kernel.te b/sepolicy/kernel.te
index 3fad122..176d6f6 100644
--- a/sepolicy/kernel.te
+++ b/sepolicy/kernel.te
@@ -2,6 +2,10 @@
 allow kernel device:chr_file { create setattr };
 allow kernel device:dir { add_name create write };
 allow kernel self:capability mknod;
-allow kernel vendor_file:file { open read };
+allow kernel vendor_file:file { open read getattr};
+allow kernel vendor_file:dir read;
 allow kernel self:system module_request;
 allow vendor_init kernel:system module_request;
+allow kernel sepolicy_file:file getattr;
+allow kernel system_bootstrap_lib_file:dir getattr;
+allow kernel system_bootstrap_lib_file:file getattr;
diff --git a/sepolicy/surfaceflinger.te b/sepolicy/surfaceflinger.te
index 17b66a8..9bffa3f 100644
--- a/sepolicy/surfaceflinger.te
+++ b/sepolicy/surfaceflinger.te
@@ -1 +1,2 @@
 gpu_access(surfaceflinger)
+allow surfaceflinger vendor_file:dir read;
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
index 80957cc..e801436 100644
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@@ -1 +1,3 @@
 gpu_access(system_server)
+allow system_server wifi_hal_prop:file {open read getattr map};
+allow system_server vendor_file:dir read;