From 6272c879bfde7a3755113a88641e71abc12b1edc Mon Sep 17 00:00:00 2001
From: Huaiming Li <huaiming.li@mediatek.com>
Date: Sat, 18 Jan 2020 10:18:55 +0800
Subject: [PATCH] [ALPS04719663] fix some avc denied issue

update some sepolicy rules

MTK-Commit-Id: c1294d5ae7714677077e8d38c6c1624955816cdb

Change-Id: Id30499203b004677bf95b221195ef33749ec6a36
CR-Id: ALPS04719663
Feature: Android Exception Engine(AEE)
---
 non_plat/aee_aedv.te    | 14 +++++++++++++-
 non_plat/dumpstate.te   |  3 +++
 non_plat/file.te        |  3 +++
 non_plat/genfs_contexts |  2 ++
 4 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/non_plat/aee_aedv.te b/non_plat/aee_aedv.te
index 5998134..3f3b0ff 100644
--- a/non_plat/aee_aedv.te
+++ b/non_plat/aee_aedv.te
@@ -147,7 +147,7 @@ allow aee_aedv debugfs_wakeup_sources:file { read open };
 allow aee_aedv debugfs_dmlog_debug:file { read open };
 allow aee_aedv debugfs_page_owner_slim_debug:file { read open };
 allow aee_aedv debugfs_ion_mm_heap:dir search;
-allow aee_aedv debugfs_ion_mm_heap:file { read open };
+allow aee_aedv debugfs_ion_mm_heap:file r_file_perms;
 allow aee_aedv debugfs_ion_mm_heap:lnk_file read;
 allow aee_aedv debugfs_cpuhvfs:dir search;
 allow aee_aedv debugfs_cpuhvfs:file { read open };
@@ -423,3 +423,15 @@ allow aee_aedv connsyslog_data_vendor_file:dir r_dir_perms;
 
 # Purpose: Allow aee_aedv to read the /proc/*/exe of vendor process
 allow aee_aedv vendor_file_type:file r_file_perms;
+
+# Purpose: Allow aee_aedv to read /sys/kernel/debug/smi_mon
+allow aee_aedv debugfs_smi_mon:file r_file_perms;
+
+# Purpose: Allow aee_aedv to read /proc/isp_p2/isp_p2_kedump
+allow aee_aedv proc_isp_p2_kedump:file r_file_perms;
+
+# Purpose: Allow aee_aedv to read /sys/kernel/debug/vpu/vpu_memory
+allow aee_aedv debugfs_vpu_memory:file r_file_perms;
+
+# Purpose: Allow aee_aedv to read /proc/cpuhvfs/dbg_repo
+allow aee_aedv proc_dbg_repo:file r_file_perms;
diff --git a/non_plat/dumpstate.te b/non_plat/dumpstate.te
index a4941b6..4e23ee0 100644
--- a/non_plat/dumpstate.te
+++ b/non_plat/dumpstate.te
@@ -171,3 +171,6 @@ allow dumpstate debugfs_kmemleak:file r_file_perms;
 
 #Purpose: Allow dumpstate to read /sys/class/misc/adsp/adsp_last_log
 allow dumpstate sysfs_adsp:file r_file_perms;
+
+#Purpose: Allow dumpstate to read /sys/kernel/debug/smi_mon
+allow dumpstate debugfs_smi_mon:file r_file_perms;
diff --git a/non_plat/file.te b/non_plat/file.te
index e161d4f..c5c0d35 100644
--- a/non_plat/file.te
+++ b/non_plat/file.te
@@ -376,3 +376,6 @@ type netd_socket, file_type, coredomain_socket;
 # Date : WK19.27
 # Purpose: Android Migration for SVP
 type proc_m4u, fs_type, proc_type;
+
+# Date : 2019/08/15
+type debugfs_smi_mon, fs_type, debugfs_type;
diff --git a/non_plat/genfs_contexts b/non_plat/genfs_contexts
index ddb238d..1e49a9e 100644
--- a/non_plat/genfs_contexts
+++ b/non_plat/genfs_contexts
@@ -206,6 +206,8 @@ genfscon debugfs  /eara_thermal/enable u:object_r:debugfs_eara_thermal:s0
 # mtk EM power PMU register
 genfscon debugfs /rt-regmap u:object_r:debugfs_regmap:s0
 
+# 2019/08/15
+genfscon debugfs /smi_mon u:object_r:debugfs_smi_mon:s0
 
 genfscon iso9660 / u:object_r:iso9660:s0
 genfscon rawfs / u:object_r:rawfs:s0