From 8c32d206abd42978c0d6ab51e6d02f48031a2103 Mon Sep 17 00:00:00 2001
From: Mark Stevens <Mark.Stevens@buzztime.com>
Date: Fri, 27 Jan 2017 14:17:35 -0800
Subject: [PATCH] update to duco/rk 3128-6003-6.0

---
 app.te                                               |  0
 bootanim.te                                          |  4 ++++
 domain.te                                            |  0
 ...12\250\347\224\273\351\223\203\345\243\260.patch" | 12 ++++++++++++
 file.te                                              |  0
 file_contexts                                        |  0
 fsck.te                                              |  1 +
 healthd.te                                           |  1 +
 init.te                                              |  0
 toolbox.te                                           |  1 +
 wpa.te                                               |  2 ++
 11 files changed, 21 insertions(+)
 mode change 100644 => 100755 app.te
 mode change 100644 => 100755 domain.te
 create mode 100755 "external_sepolicy-6.0\345\274\200\345\205\263\346\234\272\345\212\250\347\224\273\351\223\203\345\243\260.patch"
 mode change 100644 => 100755 file.te
 mode change 100644 => 100755 file_contexts
 mode change 100644 => 100755 fsck.te
 mode change 100644 => 100755 healthd.te
 mode change 100644 => 100755 init.te
 mode change 100644 => 100755 toolbox.te
 mode change 100644 => 100755 wpa.te

diff --git a/app.te b/app.te
old mode 100644
new mode 100755
diff --git a/bootanim.te b/bootanim.te
index dd1e57a..c0b943c 100644
--- a/bootanim.te
+++ b/bootanim.te
@@ -17,3 +17,7 @@ allow bootanim audio_device:dir r_dir_perms;
 allow bootanim audio_device:chr_file rw_file_perms;
 
 allow bootanim surfaceflinger_service:service_manager find;
+
+allow bootanim mediaserver_service:service_manager find;
+
+allow bootanim system_data_file:file r_file_perms;
diff --git a/domain.te b/domain.te
old mode 100644
new mode 100755
diff --git "a/external_sepolicy-6.0\345\274\200\345\205\263\346\234\272\345\212\250\347\224\273\351\223\203\345\243\260.patch" "b/external_sepolicy-6.0\345\274\200\345\205\263\346\234\272\345\212\250\347\224\273\351\223\203\345\243\260.patch"
new file mode 100755
index 0000000..2485c15
--- /dev/null
+++ "b/external_sepolicy-6.0\345\274\200\345\205\263\346\234\272\345\212\250\347\224\273\351\223\203\345\243\260.patch"
@@ -0,0 +1,12 @@
+diff --git a/bootanim.te b/bootanim.te
+index dd1e57a..c0b943c 100644
+--- a/bootanim.te
++++ b/bootanim.te
+@@ -17,3 +17,7 @@ allow bootanim audio_device:dir r_dir_perms;
+ allow bootanim audio_device:chr_file rw_file_perms;
+ 
+ allow bootanim surfaceflinger_service:service_manager find;
++
++allow bootanim mediaserver_service:service_manager find;
++
++allow bootanim system_data_file:file r_file_perms;
diff --git a/file.te b/file.te
old mode 100644
new mode 100755
diff --git a/file_contexts b/file_contexts
old mode 100644
new mode 100755
diff --git a/fsck.te b/fsck.te
old mode 100644
new mode 100755
index 8c1aaf3..ffe835d
--- a/fsck.te
+++ b/fsck.te
@@ -20,6 +20,7 @@ allow fsck block_device:dir search;
 allow fsck userdata_block_device:blk_file rw_file_perms;
 allow fsck cache_block_device:blk_file rw_file_perms;
 allow fsck dm_device:blk_file rw_file_perms;
+allow fsck block_device:blk_file { getattr ioctl };
 
 ###
 ### neverallow rules
diff --git a/healthd.te b/healthd.te
old mode 100644
new mode 100755
index cd5429b..8dd3763
--- a/healthd.te
+++ b/healthd.te
@@ -37,6 +37,7 @@ allow healthd proc_sysrq:file rw_file_perms;
 allow healthd self:capability sys_boot;
 
 allow healthd healthd_service:service_manager { add find };
+allow healthd system_data_file:file { open read };
 
 # Healthd needs to tell init to continue the boot
 # process when running in charger mode.
diff --git a/init.te b/init.te
old mode 100644
new mode 100755
diff --git a/toolbox.te b/toolbox.te
old mode 100644
new mode 100755
index 4341102..1a32a00
--- a/toolbox.te
+++ b/toolbox.te
@@ -19,6 +19,7 @@ allow toolbox devpts:chr_file { read write getattr ioctl };
 # device/<vendor>/<product>/sepolicy/file_contexts file.
 allow toolbox block_device:dir search;
 allow toolbox swap_block_device:blk_file rw_file_perms;
+allow toolbox nvm_block_device:blk_file { open read write getattr };
 
 # Only allow entry from init via the toolbox binary.
 neverallow { domain -init } toolbox:process transition;
diff --git a/wpa.te b/wpa.te
old mode 100644
new mode 100755
index d6fae63..c2e025a
--- a/wpa.te
+++ b/wpa.te
@@ -14,6 +14,8 @@ allow wpa self:netlink_socket create_socket_perms;
 allow wpa self:packet_socket create_socket_perms;
 allow wpa wifi_data_file:dir create_dir_perms;
 allow wpa wifi_data_file:file create_file_perms;
+allow wpa system_data_file:file { read };
+allow wpa radio_device:chr_file { open read };
 unix_socket_send(wpa, system_wpa, system_server)
 
 binder_use(wpa)
-- 
GitLab