From 3d06ccc559cbf17e311967b1ee535d532aa7e07d Mon Sep 17 00:00:00 2001
From: Max Bires <jbires@google.com>
Date: Mon, 24 Apr 2017 15:48:30 -0700
Subject: [PATCH] Adding allows to fix perfd and setup_wizard denials

denied { read write } for pid=1361 comm="Binder:1361_4" name="sdd4"
dev="tmpfs" ino=10187 scontext=u:r:system_server:s0
tcontext=u:object_r:block_device:s0 tclass=blk_file

denied { write } for pid=805 comm="perfd" name="scaling_min_freq"
dev="sysfs" ino=29879 scontext=u:r:perfd:s0
tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=file

Test: Startup wizard no longer crashes a few times before working
Change-Id: I85425e00d1b834d0775ec940befec4ecee514df7
---
 sepolicy/file_contexts | 2 ++
 sepolicy/mediacodec.te | 2 ++
 sepolicy/perfd.te      | 1 +
 3 files changed, 5 insertions(+)

diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 85a24e7a..89714bb6 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -81,6 +81,8 @@
 
 /dev/block/platform/soc/1da4000\.ufshc/by-name/misc            u:object_r:misc_block_device:s0
 
+/dev/block/platform/soc/1da4000\.ufshc/by-name/frp             u:object_r:frp_block_device:s0
+
 /dev/block/platform/soc/1da4000\.ufshc/by-name/fsc             u:object_r:modem_block_device:s0
 /dev/block/platform/soc/1da4000\.ufshc/by-name/fsg             u:object_r:modem_block_device:s0
 /dev/block/platform/soc/1da4000\.ufshc/by-name/modem_[ab]      u:object_r:modem_block_device:s0
diff --git a/sepolicy/mediacodec.te b/sepolicy/mediacodec.te
index c05e0812..ba2fd369 100644
--- a/sepolicy/mediacodec.te
+++ b/sepolicy/mediacodec.te
@@ -3,3 +3,5 @@ allow mediacodec perfd_socket:sock_file write;
 
 allow mediacodec sysfs_soc:file r_file_perms;
 allow mediacodec sysfs_soc:dir search;
+
+allow mediacodec system_file:dir r_dir_perms;
diff --git a/sepolicy/perfd.te b/sepolicy/perfd.te
index 10aca8c9..f5d82b7e 100644
--- a/sepolicy/perfd.te
+++ b/sepolicy/perfd.te
@@ -19,6 +19,7 @@ allow perfd proc:file rw_file_perms;
 allow perfd sysfs_soc:dir search;
 allow perfd sysfs_soc:file r_file_perms;
 allow perfd sysfs_msm_subsys:file w_file_perms;
+allow perfd sysfs_devices_system_cpu:file w_file_perms;
 
 allow perfd perfd_socket:sock_file write;