[ALPS03890927] battery: fix sepolicy violation

[Detail]
1. fix data between core and vendor violator
2. remove fuelgauged_static.te
3. remove fg daemon access nvram sepolicy
4. add label for battery

MTK-Commit-Id: 1443b78b112739594e0633526c6966e4871bd125

Change-Id: I931a18bfb8ac963e71311ceace8a28b4a495e881
Signed-off-by: Timo Liao <timo.liao@mediatek.com>
CR-Id: ALPS03890927
Feature: Fuel Gauge

non_plat/file.te

@@ -251,8 +251,11 @@ type sysfs_boot, fs_type, sysfs_type;
 # consys Log folder
 type consyslog_data_file, file_type, data_file_type;
 
-
 # Date : WK1817
 # Purpose : for meta to get com port type and uart port info
 type sysfs_comport_type, fs_type, sysfs_type;
 type sysfs_uart_info, fs_type, sysfs_type;
+
+# Date : WK1817
+# Purpose : for fuelgauged access
+type battery_node, fs_type, sysfs_type;

non_plat/file_contexts

@@ -479,6 +479,7 @@
 /sys/devices/virtual/BOOT/BOOT/boot/boot_mode(/.*)? u:object_r:sysfs_boot:s0
 /sys/bus/platform/drivers/meta_com_type_info/meta_com_type_info(/.*)? u:object_r:sysfs_comport_type:s0
 /sys/bus/platform/drivers/meta_uart_port_info/meta_uart_port_info(/.*)? u:object_r:sysfs_uart_info:s0
+/sys/devices/platform/battery(/.*)? u:object_r:battery_node:s0
 
 #############################
 # debugfs files

non_plat/fuelgauged.te

@@ -51,18 +51,18 @@ allow fuelgauged self:netlink_route_socket { bind create getattr write nlmsg_rea
 # Data : WK16.21
 # Operation : New Feature
 # Purpose : For fg daemon can access /data/FG folder
-file_type_auto_trans(fuelgauged, system_data_file, fuelgauged_file);
+#file_type_auto_trans(fuelgauged, system_data_file, fuelgauged_file);
-allow fuelgauged fuelgauged_file:file rw_file_perms;
+#allow fuelgauged fuelgauged_file:file rw_file_perms;
-typeattribute fuelgauged data_between_core_and_vendor_violators;
+#typeattribute fuelgauged data_between_core_and_vendor_violators;
-allow fuelgauged system_data_file:dir rw_dir_perms;
+#allow fuelgauged system_data_file:dir rw_dir_perms;
 
 # Data : WK16.21
 # Operation : New Feature
 # Purpose : For fg daemon can do nvram r/w to save car_tune_value
-allow fuelgauged nvdata_file:dir rw_dir_perms;
+#allow fuelgauged nvdata_file:dir rw_dir_perms;
-allow fuelgauged nvdata_file:file {rw_file_perms create_file_perms};
+#allow fuelgauged nvdata_file:file {rw_file_perms create_file_perms};
-allow fuelgauged nvram_data_file:lnk_file rw_file_perms;
+#allow fuelgauged nvram_data_file:lnk_file rw_file_perms;
-allow fuelgauged nvdata_file:lnk_file rw_file_perms;
+#allow fuelgauged nvdata_file:lnk_file rw_file_perms;
 
 # Data : WK16.39
 #allow fuelgauged self:capability { chown fsetid dac_override };
@@ -70,9 +70,9 @@ allow fuelgauged nvdata_file:lnk_file rw_file_perms;
 # Data : W16.43
 # Operation : New Feature
 # Purpose : Change from /data to /cache
-allow fuelgauged cache_file:file {rw_file_perms create_file_perms};
+#allow fuelgauged cache_file:file {rw_file_perms create_file_perms};
-allow fuelgauged cache_file:dir {rw_dir_perms create_dir_perms};
+#allow fuelgauged cache_file:dir {rw_dir_perms create_dir_perms};
-allow fuelgauged sysfs:file {rw_file_perms create_file_perms};
+#allow fuelgauged sysfs:file {rw_file_perms create_file_perms};
 
 # Date: W17.22
 # Operation : New Feature
@@ -82,8 +82,11 @@ allow fuelgauged kernel:system module_request;
 # Date: W18.03
 # Operation : change fuelgagued access from cache to nvcfg
 # Purpose : add fuelgauged to nvcfg read write permit
-#allow fuelgauged nvcfg_file:dir getattr;
-#allow fuelgauged nvcfg_file:dir {rw_dir_perms create_dir_perms};
-#allow fuelgauged nvcfg_file:file {rw_dir_perms create_dir_perms};
 allow fuelgauged nvcfg_file:dir { search write open read add_name create getattr};
 allow fuelgauged nvcfg_file:file { read write getattr open create };
+
+# Date: W18.17
+# Operation : add label for /sys/devices/platform/battery(/.*)
+# Purpose : add fuelgauged could access
+allow fuelgauged battery_node:file { read open };
+

non_plat/fuelgauged_nvram.te

@@ -25,10 +25,10 @@ init_daemon_domain(fuelgauged_nvram)
 # Data : WK16.21
 # Operation : New Feature
 # Purpose : For fg daemon can access /data/FG folder
-file_type_auto_trans(fuelgauged_nvram, system_data_file, fuelgauged_nvram_file);
+#file_type_auto_trans(fuelgauged_nvram, system_data_file, fuelgauged_nvram_file);
-allow fuelgauged_nvram fuelgauged_nvram_file:file rw_file_perms;
+#allow fuelgauged_nvram fuelgauged_nvram_file:file rw_file_perms;
-typeattribute fuelgauged_nvram data_between_core_and_vendor_violators;
+#typeattribute fuelgauged_nvram data_between_core_and_vendor_violators;
-allow fuelgauged_nvram system_data_file:dir rw_dir_perms;
+#allow fuelgauged_nvram system_data_file:dir rw_dir_perms;
 
 # Data : WK16.21
 # Operation : New Feature
@@ -44,8 +44,8 @@ allow fuelgauged_nvram fuelgauged_file:file {rw_file_perms create_file_perms};
 # Data : W16.43
 # Operation : New Feature
 # Purpose : Change from /data to /cache
-allow fuelgauged_nvram cache_file:file {rw_file_perms create_file_perms};
+#allow fuelgauged_nvram cache_file:file {rw_file_perms create_file_perms};
-allow fuelgauged_nvram cache_file:dir {rw_dir_perms create_dir_perms};
+#allow fuelgauged_nvram cache_file:dir {rw_dir_perms create_dir_perms};
 #allow fuelgauged_nvram self:capability { dac_read_search dac_override chown };
 allow fuelgauged_nvram kmsg_device:chr_file { write open };
 allow fuelgauged_nvram self:capability fsetid;
@@ -58,7 +58,12 @@ allow fuelgauged_nvram MT_pmic_adc_cali_device:chr_file rw_file_perms;
 # Date: W18.03
 # Operation : change fuelgagued_nvram access from cache to nvcfg
 # Purpose : add fuelgauged to nvcfg read write permit
+# need add label 
 allow fuelgauged_nvram sysfs:file { read open };
 allow fuelgauged_nvram nvcfg_file:dir { search write open read add_name create getattr};
 allow fuelgauged_nvram nvcfg_file:file { read write getattr open create };
 
+# Date: W18.17
+# Operation : add label for /sys/devices/platform/battery(/.*)
+# Purpose : add fuelgauged could access
+allow fuelgauged_nvram battery_node:file { read open };

non_plat/fuelgauged_static.te

@@ -1,34 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/fuelgauged_static Executable File
-
-# ==============================================
-# Android Policy Rule
-# ==============================================
-
-# ==============================================
-# NSA Policy Rule
-# ==============================================
-
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-
-# Data : WK14.43
-# Operation : Migration
-# Purpose : For meta tool calibration
-allow fuelgauged_static mtk-adc-cali_device:chr_file rw_file_perms;
-
-# Data : WK14.43
-# Operation : Migration
-# Purpose : For fg.log can be printed with kernel log
-allow fuelgauged_static kmsg_device:chr_file w_file_perms;
-
-# Data : WK16.21
-# Operation : New Feature
-# Purpose : For fg daemon can do nvram r/w to save car_tune_value
-typeattribute fuelgauged_static data_between_core_and_vendor_violators;
-allow fuelgauged_static nvdata_file:dir rw_dir_perms;
-allow fuelgauged_static nvdata_file:file {rw_file_perms create_file_perms};
-allow fuelgauged_static nvram_data_file:lnk_file rw_file_perms;
-allow fuelgauged_static nvdata_file:lnk_file rw_file_perms;
-

plat_private/fuelgauged_static.te

@@ -1,50 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/fuelgauged_static Executable File
-
-# ==============================================
-# Type Declaration
-# ==============================================
-type fuelgauged_static_exec , exec_type, file_type;
-type fuelgauged_static_file, file_type, data_file_type, core_data_file_type;
-typeattribute fuelgauged_static coredomain;
-# ==============================================
-# Android Policy Rule
-# ==============================================
-
-# ==============================================
-# NSA Policy Rule
-# ==============================================
-
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-
-init_daemon_domain(fuelgauged_static)
-
-# Data : WK14.43
-# Operation : Migration
-# Purpose : Fuel Gauge daemon for access driver node
-allow fuelgauged_static input_device:dir rw_dir_perms;
-allow fuelgauged_static input_device:file r_file_perms;
-
-
-# Data : WK14.43
-# Operation : Migration
-# Purpose : For fg daemon can comminucate with kernel
-### TBD, neverallowxperm on line 177 of system/sepolicy/public/domain.te
-#allow fuelgauged_static fuelgauged_static:netlink_kobject_uevent_socket create_socket_perms;
-#allow fuelgauged_static fuelgauged_static:netlink_socket create_socket_perms;
-# Data : WK16.21
-# Operation : New Feature
-# Purpose : For fg daemon can access /data/FG folder
-file_type_auto_trans(fuelgauged_static, system_data_file, fuelgauged_static_file);
-allow fuelgauged_static fuelgauged_static_file:file rw_file_perms;
-allow fuelgauged_static system_data_file:dir rw_dir_perms;
-
-# Data : WK16.25
-# Operation : Migration
-# Purpose : For fg daemon can work in recovery mode
-allow fuelgauged_static rootfs:file entrypoint;
-
-# Data : WK16.39
-#allow fuelgauged_static self:capability { chown fsetid dac_override };

plat_public/fuelgauged_static.te

@@ -1,7 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/fuelgauged_static Executable File
-
-# ==============================================
-# Type Declaration
-# ==============================================
-type fuelgauged_static ,domain;