[ALPS04760762] power: remove high risk policy

[Detail]
Remove procfs and sysfs root permission

MTK-Commit-Id: 1af6e86e9f71ef919ec46a7eda2f2901a5c63a80

Change-Id: I3ddea266511017eba1b51d7879be3a5a81b497e6
CR-Id: ALPS04760762
Feature: [Module]PowerHAL

non_plat/file.te

@@ -392,4 +392,15 @@ type mtee_trusty_file, fs_type, sysfs_type;
 
 # Date : 2019/08/29
 # Purpose: Allow rild access proc/aed/reboot-reason
-type proc_aed_reboot_reason, fs_type, proc_type;
+type proc_aed_reboot_reason, fs_type, proc_type;
+
+# Date : 2019/09/05
+# Purpose: Allow powerhal to control kernel resources
+type proc_ppm, fs_type, proc_type;
+type proc_cpufreq, fs_type, proc_type;
+type proc_hps, fs_type, proc_type;
+type proc_cm_mgr, fs_type, proc_type;
+type proc_ca_drv, fs_type, proc_type;
+type sysfs_ged, fs_type, sysfs_type;
+type sysfs_fbt_cpu, fs_type, sysfs_type;
+type sysfs_fbt_fteh, fs_type, sysfs_type;

non_plat/genfs_contexts

@@ -225,4 +225,15 @@ genfscon sysfs /devices/platform/trusty u:object_r:mtee_trusty_file:s0
 
 # Date : 2019/08/29
 # Purpose: allow rild to access /proc/aed/reboot-reason
-genfscon proc /aed/reboot-reason u:object_r:proc_aed_reboot_reason:s0
+genfscon proc /aed/reboot-reason u:object_r:proc_aed_reboot_reason:s0
+
+# 2019/09/05
+# Purpose: Allow powerhal to control kernel resources
+genfscon proc /ppm u:object_r:proc_ppm:s0
+genfscon proc /cpufreq u:object_r:proc_cpufreq:s0
+genfscon proc /hps u:object_r:proc_hps:s0
+genfscon proc /cm_mgr u:object_r:proc_cm_mgr:s0
+genfscon proc /ca_drv u:object_r:proc_ca_drv:s0
+genfscon sysfs /module/ged u:object_r:sysfs_ged:s0
+genfscon sysfs /module/fbt_cpu u:object_r:sysfs_fbt_cpu:s0
+genfscon sysfs /module/fbt_fteh u:object_r:sysfs_fbt_fteh:s0

non_plat/mtk_hal_power.te

@@ -18,10 +18,6 @@ allow hal_power_client mtk_hal_power_hwservice:hwservice_manager find;
 hal_server_domain(mtk_hal_power, hal_power);
 hal_server_domain(mtk_hal_power, hal_wifi);
 
-# proc fs
-allow mtk_hal_power proc:dir r_dir_perms;
-allow mtk_hal_power proc:file rw_file_perms;
-
 # sysfs
 allow mtk_hal_power sysfs_devices_system_cpu:file rw_file_perms;
 
@@ -62,7 +58,6 @@ allow mtk_hal_power mtk_hal_camera:file r_file_perms;
 # Operation: SQC
 # Purpose : Allow powerHAL to access thermal
 allow mtk_hal_power proc_thermal:dir r_dir_perms;
-allow mtk_hal_power sysfs:file rw_file_perms;
 allow mtk_hal_power debugfs_fpsgo:dir r_dir_perms;
 allow mtk_hal_power debugfs_fpsgo:file rw_file_perms;
 
@@ -147,3 +142,20 @@ allowxperm mtk_hal_power self:udp_socket ioctl priv_sock_ioctls;
 # Purpose : MTK power hal interface permission
 set_prop(mtk_hal_power, mtk_powerhal_prop)
 
+# Date : 2019/09/05
+# Operation: SQC
+# Purpose : Add procfs, sysfs policy
+allow mtk_hal_power proc_ppm:dir r_dir_perms;
+allow mtk_hal_power proc_ppm:file rw_file_perms;
+allow mtk_hal_power proc_cpufreq:dir r_dir_perms;
+allow mtk_hal_power proc_cpufreq:file rw_file_perms;
+allow mtk_hal_power proc_hps:dir r_dir_perms;
+allow mtk_hal_power proc_hps:file rw_file_perms;
+allow mtk_hal_power proc_cm_mgr:dir r_dir_perms;
+allow mtk_hal_power proc_cm_mgr:file rw_file_perms;
+allow mtk_hal_power sysfs_ged:dir r_dir_perms;
+allow mtk_hal_power sysfs_ged:file rw_file_perms;
+allow mtk_hal_power sysfs_fbt_cpu:dir r_dir_perms;
+allow mtk_hal_power sysfs_fbt_cpu:file rw_file_perms;
+allow mtk_hal_power sysfs_fbt_fteh:dir r_dir_perms;
+allow mtk_hal_power sysfs_fbt_fteh:file rw_file_perms;