Merge "[ALPS04325589] AEE: remove unuse rules" into alps-trunk-q0.basic

Change-Id: Ia92a7b6be46762af09a64e2c7e92607a1c734858
MTK-Commit-Id: e98481807b7d50c68a8e5bd8926df0dcf4398017

non_plat/aee_aedv.te

@@ -391,8 +391,6 @@ allow aee_aedv sysfs_boot_mode:file r_file_perms;
 #userdebug_or_eng(`
 #  allow aee_aedv debugfs_tracing_debug:file { r_file_perms write };
 #')
-# Purpose: allow aee_aedv self to sys_ptrace/dac_read_search/dac_override
-#userdebug_or_eng(`allow aee_aedv self:capability { sys_ptrace dac_read_search dac_override };')
 
 #Purpose: Allow aee_aedv to read /sys/mtk_memcfg/slabtrace
 allow aee_aedv proc_slabtrace:file r_file_perms;

non_plat/dumpstate.te

@@ -114,8 +114,8 @@ allow dumpstate debugfs_rcu:file r_file_perms;
 # Purpose: Allow dumpstate to read /proc/msdc_debug
 allow dumpstate proc_msdc_debug:file r_file_perms;
 
-# Purpose: Allow dumpstate to read /proc/pidmap
+# Purpose: Allow dumpstate to r/w /proc/pidmap
-allow dumpstate proc_pidmap:file r_file_perms;
+allow dumpstate proc_pidmap:file rw_file_perms;
 
 # Purpose: Allow dumpstate to read /sys/power/vcorefs/vcore_debug
 allow dumpstate sysfs_vcore_debug:file r_file_perms;
@@ -128,3 +128,6 @@ allow dumpstate proc_slabtrace:file r_file_perms;
 
 #Purpose: Allow dumpstate to read /proc/mtk_cmdq_debug/status
 allow dumpstate proc_cmdq_debug:file r_file_perms;
+
+#Purpose: Allow dumpstate to read /proc/cpuhvfs/dbg_repo
+allow dumpstate proc_dbg_repo:file r_file_perms;

non_plat/file.te

@@ -70,6 +70,7 @@ type proc_pidmap, fs_type, proc_type;
 type proc_kpageflags, fs_type, proc_type;
 type proc_slabtrace, fs_type, proc_type;
 type proc_cmdq_debug, fs_type, proc_type;
+type proc_dbg_repo, fs_type, proc_type;
 type sysfs_therm, fs_type, sysfs_type;
 type sysfs_fps, fs_type, sysfs_type;
 type sysfs_ccci, fs_type, sysfs_type;

non_plat/genfs_contexts

@@ -37,6 +37,7 @@ genfscon proc /pidmap u:object_r:proc_pidmap:s0
 genfscon proc /kpageflags u:object_r:proc_kpageflags:s0
 genfscon proc /mtk_memcfg/slabtrace u:object_r:proc_slabtrace:s0
 genfscon proc /mtk_cmdq_debug/status u:object_r:proc_cmdq_debug:s0
+genfscon proc /cpuhvfs/dbg_repo u:object_r:proc_dbg_repo:s0
 
 
 genfscon iso9660 / u:object_r:iso9660:s0

plat_private/aee_aed.te

@@ -110,12 +110,7 @@ allow aee_aed sysfs_vibrator:file w_file_perms;
 # Purpose : make aee_aed can get specific process NE info
 allow aee_aed domain:dir r_dir_perms;
 allow aee_aed domain:{ file lnk_file } r_file_perms;
-#allow aee_aed {
+
-#  domain
-#  -logd
-#  -keystore
-#  -init
-#}:process ptrace;
 allow aee_aed dalvikcache_data_file:dir r_dir_perms;
 #allow aee_aed zygote_exec:file r_file_perms;
 #allow aee_aed init_exec:file r_file_perms;
@@ -135,10 +130,5 @@ allow aee_aed self:capability { sys_nice chown fowner kill };
 # Purpose: Allow aee_aed to write /sys/kernel/debug/tracing/snapshot
 userdebug_or_eng(`allow aee_aed debugfs_tracing_debug:file { write open };')
 
-# Purpose: Allow aee_aed self to sys_ptrace/dac_override/dac_read_search
-#userdebug_or_eng(`
-#  allow aee_aed self:capability { sys_ptrace dac_override dac_read_search };
-#')
-
 # Purpose: Allow aee_aed to read/write /sys/kernel/debug/tracing/tracing_on
 #userdebug_or_eng(` allow aee_aed debugfs_tracing:file { r_file_perms write };')

plat_private/aee_core_forwarder.te

@@ -92,3 +92,9 @@ allow aee_core_forwarder media_rw_data_file:file { create open write };
 #           scontext=u:r:aee_core_forwarder:s0 tcontext=u:r:aee_core_forwarder:s0
 #           tclass=capability permissive=0
 allow aee_core_forwarder self:capability sys_nice;
+
+# Purpose : allow aee_core_forwarder to access hwservicemanager_prop
+get_prop(aee_core_forwarder, hwservicemanager_prop)
+
+# Purpose : allow aee_core_forwarder to connect aee_aed socket
+allow aee_core_forwarder aee_aed:unix_stream_socket connectto;