[ALPS04640303] SEPolicy: Fix app violation

[Detail]
There are some selinux violation for app in MTBF,
need to add some sepolicy for them.

[Solution]
1.Add sepolicy
2.Move sepolicy of untrusted_app_* to untrusted_app_*.te
3.Modify sepolicy

MTK-Commit-Id: 62b5c74c6d1d85acf0184fc18fca0b40c4a8e60c

Change-Id: Icac33ccc54b691ee0e4ab7088f77adb1c1a4a549
CR-Id: ALPS04640303
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK

non_plat/app.te

@@ -41,3 +41,8 @@ allow { appdomain -isolated_app } radio_data_file:file rw_file_perms;
 # Operation : Migration
 # Purpose : For app com.tencent.qqpimsecure
 allowxperm appdomain appdomain:fifo_file ioctl SNDCTL_TMR_START;
+
+# Date: 2019/06/17
+# Operation : Migration
+# Purpose : appdomain need get mtk_amslog_prop
+get_prop(appdomain, mtk_amslog_prop)

non_plat/platform_app.te

@@ -108,8 +108,3 @@ get_prop(platform_app, vendor_connsysfw_prop)
 # Purpose : JPEG need to use PQ via MMS HIDL
 allow platform_app mtk_hal_mms_hwservice:hwservice_manager find;
 allow platform_app mtk_hal_mms:binder call;
-
-# Date: 2019/06/14
-# Operation : Migration
-# Purpose : platform_app need get mtk_amslog_prop
-get_prop(platform_app, mtk_amslog_prop)

non_plat/system_app.te

@@ -37,6 +37,10 @@ allow system_app mtk_hal_mms:binder call;
 
 # Date: 2019/06/14
 # Operation : Migration
-# Purpose : system_app need get mtk_amslog_prop
-get_prop(system_app, mtk_amslog_prop)
+# Purpose : system_app need vendor_default_prop
 get_prop(system_app, vendor_default_prop)
+
+# Date: 2019/06/17
+# Operation : Migration
+# Purpose :allow system_app to read mtk_em_tel_log_prop
+get_prop(system_app, mtk_em_tel_log_prop)

non_plat/untrusted_app.te

@@ -10,19 +10,3 @@
 #					 from MTK kernel modules for thermal tests at OEM/ODM.
 allow untrusted_app proc_mtktz:dir search;
 allow untrusted_app proc_mtktz:file r_file_perms;
-
-# Date : 2017/08/01
-# Operation: SQC
-# Purpose : Allow Whatstemp, a MTK thermal logging tool, to log thermal related information
-# properly for thermal tests at OEM/ODM.
-allow untrusted_app_25 proc_mtktz:dir search;
-allow untrusted_app_25 proc_mtktz:file { getattr open read };
-allow untrusted_app_25 proc_thermal:dir search;
-allow untrusted_app_25 proc_thermal:file { getattr open read };
-
-allow untrusted_app_25 sysfs_fps:dir search;
-allow untrusted_app_25 sysfs_fps:file { getattr open read };
-allow untrusted_app_25 sysfs_batteryinfo:dir search;
-#allow untrusted_app_25 sysfs_batteryinfo:file { getattr open read };
-allow untrusted_app_25 sysfs_therm:dir { open read search };
-allow untrusted_app_25 sysfs_therm:file { getattr open read };

non_plat/untrusted_app_25.te

@@ -0,0 +1,19 @@
+# ==============================================
+# MTK Policy Rule
+# ==============================================
+
+# Date : 2017/08/01
+# Operation: SQC
+# Purpose : Allow Whatstemp, a MTK thermal logging tool, to log thermal related information
+# properly for thermal tests at OEM/ODM.
+allow untrusted_app_25 proc_mtktz:dir search;
+allow untrusted_app_25 proc_mtktz:file r_file_perms;
+allow untrusted_app_25 proc_thermal:dir search;
+allow untrusted_app_25 proc_thermal:file r_file_perms;
+
+allow untrusted_app_25 sysfs_fps:dir search;
+allow untrusted_app_25 sysfs_fps:file r_file_perms;
+allow untrusted_app_25 sysfs_batteryinfo:dir search;
+#allow untrusted_app_25 sysfs_batteryinfo:file { getattr open read };
+allow untrusted_app_25 sysfs_therm:dir r_dir_perms;
+allow untrusted_app_25 sysfs_therm:file r_file_perms;