sweet: Commonize sepolicy

Change-Id: I8e62c0d704f2d5925b2eca13a3e5851542af8b04
Signed-off-by: donjohanliebert <donjohanliebert@gmail.com>

BoardConfig.mk

@@ -37,10 +37,6 @@ TARGET_VENDOR_PROP += $(DEVICE_PATH)/properties/vendor.prop
 # Screen density
 TARGET_SCREEN_DENSITY := 440
 
-# Sepolicy
-SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += $(DEVICE_PATH)/sepolicy/private
-BOARD_VENDOR_SEPOLICY_DIRS += $(DEVICE_PATH)/sepolicy/vendor
-
 # Vendor security patch level
 VENDOR_SECURITY_PATCH := 2023-11-01
 

sepolicy/private/property_contexts

@@ -1,4 +0,0 @@
-# Elliptic ultrasound proximity
-elliptic.ultrasound.multiple_mics. u:object_r:elliptic_ultrasound_prop:s0
-elliptic.ultrasound.               u:object_r:vendor_sensors_prop:s0
-invn.hal                           u:object_r:vendor_sensors_prop:s0

sepolicy/vendor/batterysecret.te

@@ -1,51 +0,0 @@
-type batterysecret, domain;
-type batterysecret_exec, exec_type, vendor_file_type, file_type;
-type persist_subsys_file, vendor_persist_type, file_type;
-
-init_daemon_domain(batterysecret)
-
-r_dir_file(batterysecret, cgroup)
-r_dir_file(batterysecret, mnt_vendor_file)
-r_dir_file(batterysecret, vendor_sysfs_battery_supply)
-r_dir_file(batterysecret, sysfs_batteryinfo)
-r_dir_file(batterysecret, sysfs_type)
-r_dir_file(batterysecret, vendor_sysfs_usb_supply)
-r_dir_file(batterysecret, vendor_sysfs_usbpd_device)
-
-allow batterysecret {
-    mnt_vendor_file
-    persist_subsys_file
-    rootfs
-}:dir rw_dir_perms;
-
-allow batterysecret {
-    persist_subsys_file
-    sysfs
-    vendor_sysfs_battery_supply
-    sysfs_usb
-    vendor_sysfs_usb_supply
-    vendor_sysfs_usbpd_device
-}:file w_file_perms;
-
-allow batterysecret kmsg_device:chr_file rw_file_perms;
-
-allow batterysecret self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
-
-allow batterysecret self:global_capability_class_set {
-    sys_tty_config
-    sys_boot
-};
-
-allow batterysecret self:capability {
-    chown
-    fsetid
-};
-
-allow batterysecret {
-    system_suspend_hwservice
-    hidl_manager_hwservice
-}:hwservice_manager find;
-
-binder_call(batterysecret, system_suspend_server)
-
-wakelock_use(batterysecret)

sepolicy/vendor/file_contexts

@@ -1,18 +0,0 @@
-# IR
-/dev/lirc[0-9]+                                                   u:object_r:lirc_device:s0
-/vendor/bin/hw/android\.hardware\.ir-service\.xiaomi              u:object_r:hal_ir_default_exec:s0
-
-# Proximity
-/dev/elliptic0                                                       u:object_r:vendor_elliptic_device:s0
-/sys/bus/iio/devices                                                 u:object_r:vendor_sysfs_iio:s0
-/sys/devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-04/c440000.qcom,spmi:qcom,pm6150l@4:vadc@3100/iio:device1(/.*)? u:object_r:vendor_sysfs_iio:s0
-/sys/devices/platform/us_prox.0/iio:device2(/.*)?                    u:object_r:vendor_sysfs_iio:s0
-
-# Battery secret
-/vendor/bin/batterysecret                                         u:object_r:batterysecret_exec:s0
-
-# Persist subsystem
-/mnt/vendor/persist/subsys(/.*)?                                  u:object_r:persist_subsys_file:s0
-
-# NFC
-/vendor/bin/hw/android\.hardware\.nfc-service\.nxp                u:object_r:hal_nfc_default_exec:s0

sepolicy/vendor/genfs_contexts

@@ -1,14 +0,0 @@
-# bq2597x charge pump
-genfscon sysfs /devices/platform/soc/a8c000.i2c/i2c-2/2-0051/power_supply/bq2597x-standalone u:object_r:vendor_sysfs_usb_supply:s0
-genfscon sysfs /devices/platform/soc/a8c000.i2c/i2c-2/2-0066/power_supply/bq2597x-standalone u:object_r:vendor_sysfs_usb_supply:s0
-
-# ds28e16 battery verify
-genfscon sysfs /devices/platform/soc/soc:maxim_ds28e16/power_supply/batt_verify u:object_r:vendor_sysfs_battery_supply:s0
-
-# Fingerprint
-genfscon sysfs /devices/platform/soc/soc:fingerprint_fpc/device_prepare         u:object_r:vendor_sysfs_fingerprint:s0
-genfscon sysfs /devices/platform/soc/soc:fingerprint_fpc/fingerdown_wait        u:object_r:vendor_sysfs_fingerprint:s0
-genfscon sysfs /devices/platform/soc/soc:fingerprint_fpc/irq                    u:object_r:vendor_sysfs_fingerprint:s0
-genfscon sysfs /devices/platform/soc/soc:fingerprint_fpc/power_cfg              u:object_r:vendor_sysfs_fingerprint:s0
-genfscon sysfs /devices/platform/soc/soc:fingerprint_fpc/request_vreg           u:object_r:vendor_sysfs_fingerprint:s0
-genfscon sysfs /devices/platform/soc/soc:fingerprint_fpc/wakeup_enable          u:object_r:vendor_sysfs_fingerprint:s0

sepolicy/vendor/hal_audio_default.te

@@ -1 +0,0 @@
-get_prop(hal_audio_default, elliptic_ultrasound_prop)

sepolicy/vendor/hal_fingerprint_default.te

@@ -1 +0,0 @@
-allow hal_fingerprint_default vendor_sysfs_fingerprint:file rw_file_perms;

sepolicy/vendor/hal_ir_default.te

@@ -1,3 +0,0 @@
-type lirc_device, dev_type;
-
-allow hal_ir_default lirc_device:chr_file rw_file_perms;

sepolicy/vendor/hal_sensors_default.te

@@ -1,7 +0,0 @@
-type vendor_sysfs_iio, fs_type, sysfs_type;
-type vendor_elliptic_device, dev_type;
-
-allow hal_sensors_default iio_device:chr_file rw_file_perms;
-allow hal_sensors_default vendor_elliptic_device:chr_file rw_file_perms;
-allow hal_sensors_default vendor_sysfs_iio:dir r_dir_perms;
-allow hal_sensors_default vendor_sysfs_iio:file rw_file_perms;

sepolicy/vendor/property.te

@@ -1,2 +0,0 @@
-# Ultrasound
-vendor_public_prop(elliptic_ultrasound_prop)

sepolicy/vendor/service_contexts

@@ -1,2 +0,0 @@
-# NFC
-vendor.nxp.nxpnfc_aidl.INxpNfc/default    u:object_r:hal_nfc_service:s0