sm8350-common: sepolicy: Rework batterysecret rules

Change-Id: I98b231406fa1a2910cbedd133b33554e7d1c9268

sepolicy/vendor/battery.te

@@ -1,41 +0,0 @@
-define(`battery_daemons', `{ batteryd batterysecret }')
-
-type batteryd, domain;
-type batteryd_exec, exec_type, vendor_file_type, file_type;
-type batterysecret, domain;
-type batterysecret_exec, exec_type, vendor_file_type, file_type;
-type persist_subsys_file, vendor_persist_type, file_type;
-
-init_daemon_domain(batteryd)
-init_daemon_domain(batterysecret)
-
-r_dir_file(battery_daemons, cgroup)
-r_dir_file(battery_daemons, mnt_vendor_file)
-r_dir_file(battery_daemons, persist_subsys_file)
-r_dir_file(battery_daemons, rootfs)
-r_dir_file(battery_daemons, vendor_sysfs_battery_supply)
-r_dir_file(battery_daemons, sysfs_batteryinfo)
-r_dir_file(battery_daemons, sysfs_type)
-r_dir_file(battery_daemons, vendor_sysfs_usb_supply)
-r_dir_file(battery_daemons, vendor_sysfs_usbpd_device)
-
-
-allow battery_daemons persist_subsys_file:dir w_dir_perms;
-allow battery_daemons rootfs:dir w_dir_perms;
-
-allow battery_daemons kmsg_device:chr_file rw_file_perms;
-allow battery_daemons persist_subsys_file:file w_file_perms;
-allow battery_daemons sysfs:file w_file_perms;
-allow battery_daemons vendor_sysfs_battery_supply:file w_file_perms;
-allow battery_daemons sysfs_usb:file w_file_perms;
-allow battery_daemons vendor_sysfs_usb_supply:file w_file_perms;
-allow battery_daemons vendor_sysfs_usbpd_device:file w_file_perms;
-
-allow battery_daemons self:global_capability_class_set sys_tty_config;
-allow battery_daemons self:global_capability_class_set sys_boot;
-
-allow battery_daemons self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
-
-allow battery_daemons self:capability { chown fsetid };
-
-wakelock_use(battery_daemons)

sepolicy/vendor/batterysecret.te

@@ -0,0 +1,18 @@
+define(`batterysecret_sysfs', `{
+  vendor_sysfs_battery_supply
+  vendor_sysfs_usb_c
+  vendor_sysfs_usb_supply
+  vendor_sysfs_usbpd_device
+}')
+
+type batterysecret, domain;
+type batterysecret_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(batterysecret)
+
+allow batterysecret batterysecret_sysfs:dir search;
+allow batterysecret batterysecret_sysfs:file rw_file_perms;
+allow batterysecret kmsg_device:chr_file { getattr w_file_perms };
+allow batterysecret self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
+
+wakelock_use(batterysecret)

sepolicy/vendor/file_contexts

@@ -4,9 +4,7 @@
 /dev/mius(.*)?                        u:object_r:sound_device:s0
 
 # Battery
-/vendor/bin/batteryd		u:object_r:batteryd_exec:s0
 /vendor/bin/batterysecret		u:object_r:batterysecret_exec:s0
-/mnt/vendor/persist/subsys(/.*)?                u:object_r:persist_subsys_file:s0
 
 # Camera
 /mnt/vendor/persist/camera(/.*)?   u:object_r:camera_persist_file:s0

sepolicy/vendor/genfs_contexts

@@ -7,6 +7,9 @@ genfscon sysfs /devices/platform/soc/soc:qcom,dsi-display-primary u:object_r:ven
 # Fingerprint
 genfscon sysfs /devices/platform/soc/soc:fingerprint_fpc u:object_r:vendor_sysfs_fingerprint:s0
 
+# USB
+genfscon sysfs /devices/platform/soc/soc:qcom,pmic_glink/soc:qcom,pmic_glink:qcom,ucsi/typec u:object_r:vendor_sysfs_usb_c:s0
+
 # Wakeup nodes
 genfscon sysfs /devices/platform/goodix_ts.0/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/17300000.qcom,lpass/subsys6/wakeup u:object_r:sysfs_wakeup:s0