From a49507adc5d43cc5376874c695d55ae2bb26257b Mon Sep 17 00:00:00 2001
From: Jeffrey Vander Stoep <jeffv@google.com>
Date: Wed, 28 Feb 2018 23:35:19 +0000
Subject: [PATCH] Revert "Remove vendor_firmware_file type"

This reverts commit d96b55b88ab9e16b685cd0fff0bd11cce78a614c.

Reason for revert: b/74022074

Bug: 74022074
Change-Id: I84c5345c1a205257e088eccd01d3d93fd30a37c1
---
 sepolicy/vendor/bug_map       | 1 +
 sepolicy/vendor/file.te       | 2 ++
 sepolicy/vendor/file_contexts | 1 +
 sepolicy/vendor/kernel.te     | 7 ++++---
 4 files changed, 8 insertions(+), 3 deletions(-)
 create mode 100644 sepolicy/vendor/bug_map

diff --git a/sepolicy/vendor/bug_map b/sepolicy/vendor/bug_map
new file mode 100644
index 00000000..8e72b519
--- /dev/null
+++ b/sepolicy/vendor/bug_map
@@ -0,0 +1 @@
+surfaceflinger vendor_firmware_file dir 68213100
diff --git a/sepolicy/vendor/file.te b/sepolicy/vendor/file.te
index 3d916968..d954c007 100644
--- a/sepolicy/vendor/file.te
+++ b/sepolicy/vendor/file.te
@@ -71,6 +71,8 @@ type sensors_vendor_data_file, file_type, data_file_type;
 type audio_vendor_data_file, file_type, data_file_type;
 type mediadrm_vendor_data_file, file_type, data_file_type;
 
+type vendor_firmware_file, vendor_file_type, file_type;
+
 #data sysfs files
 type sysfs_data, fs_type, sysfs_type;
 
diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts
index e213942c..d9290d61 100644
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@@ -120,6 +120,7 @@
 /system/bin/move_widevine_data\.sh              u:object_r:move-widevine-data-sh_exec:s0
 
 # files in /vendor
+/vendor/firmware(/.*)?          u:object_r:vendor_firmware_file:s0
 /vendor/bin/hw/android\.hardware\.dumpstate@1\.0-service.wahoo      u:object_r:hal_dumpstate_impl_exec:s0
 /vendor/bin/hw/android\.hardware\.vr@1\.0-service.wahoo      u:object_r:hal_vr_default_exec:s0
 /vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service.wahoo u:object_r:hal_fingerprint_default_exec:s0
diff --git a/sepolicy/vendor/kernel.te b/sepolicy/vendor/kernel.te
index 758eb697..d2bf9c0f 100644
--- a/sepolicy/vendor/kernel.te
+++ b/sepolicy/vendor/kernel.te
@@ -3,10 +3,11 @@ userdebug_or_eng(`
   allow kernel self:socket create;
 ')
 
-dontaudit kernel kernel:system module_request;
+allow kernel vendor_firmware_file:dir search;
+allow kernel vendor_firmware_file:file r_file_perms;
+allow kernel vendor_firmware_file:lnk_file read;
 
-# Read FDs from /vendor/firmware
-allow kernel vendor_file:file r_file_perms;
+dontaudit kernel kernel:system module_request;
 
 allow kernel debugfs_ipc:dir search;
 allow kernel persist_file:dir search;