klte-common: sepolicy updates

* Fixed denials for time daemon, mpdecision, vold, TSP and more
  Using audit2allow and audit.log I no longer see any errors
* Removed unnecessary lines from system_app due to changes in CMHW

Change-Id: I47a34074bf27a11c67ec54e57616347690cf6d3b

sepolicy/file_contexts

@@ -1,6 +1,7 @@
 
 # Bluetooth
 /dev/btlock                                             u:object_r:bluetooth_device:s0
+/dev/block/mmcblk0(.*)                                  u:object_r:mmc_block_device:s0
 /dev/rfkill                                             u:object_r:bluetooth_device:s0
 /efs/bluetooth(/.*)?                                    u:object_r:bluetooth_efs_file:s0
 
@@ -18,12 +19,16 @@
 # GPS
 /data/misc/gsiff_ctrl_q                                 u:object_r:location_data_file:s0
 
+# Mpdecision
+/data/system/default_values                             u:object_r:mpctl_data_file:s0
+
 # NFC
 /dev/bcm2079x                                           u:object_r:nfc_device:s0
 /dev/pn547                                              u:object_r:nfc_device:s0
 
 # SEC
 /sys/devices/virtual/sec/sec_key/hall_irq_ctrl          u:object_r:sysfs_sec:s0
+/sys/devices/virtual/sec/tsp(/.*)?                      u:object_r:sysfs_sec:s0
 
 # Sensors
 /dev/batch_io                                           u:object_r:sensors_device:s0
@@ -31,6 +36,12 @@
 /efs/gyro_cal_data                                      u:object_r:sensors_efs_file:s0
 /efs/prox_cal                                           u:object_r:sensors_efs_file:s0
 
+# Time
+/data/time/time.log                                     u:object_r:time_data_file:s0
+
 # WiFi
 /data/.wifiver.info                                     u:object_r:wifi_data_file:s0
 /efs/wifi(/.*)?                                         u:object_r:wifi_efs_file:s0
+
+# Vold
+/etc/blkid.tab                                          u:object_r:system_file:s0

sepolicy/init.te

@@ -0,0 +1 @@
+allow init kernel:system syslog_read;

sepolicy/mpdecision.te

@@ -0,0 +1,4 @@
+allow mpdecision socket_device:dir rw_dir_perms;
+allow mpdecision socket_device:sock_file { write create setattr };
+allow mpdecision thermal_socket:sock_file write;
+allow mpdecision thermal-engine:unix_stream_socket connectto;

sepolicy/rild.te

@@ -1,2 +1,3 @@
 allow rild proc_net:file { write };
 allow rild sysfs_sec:file { getattr open read write };
+allow rild zygote_exec:file execute;

sepolicy/system_app.te

@@ -1,3 +1 @@
 allow system_app shell_data_file:dir search;
-allow system_app sysfs_vibeamp:dir search;
-allow system_app sysfs_vibeamp:file { getattr open read write };

sepolicy/system_server.te

@@ -1,6 +1,8 @@
 allow system_server efs_file:dir search;
 allow system_server sensors_efs_file:file { open read };
-allow system_server sysfs_display:file rw_file_perms;
+allow system_server sysfs_display:file { getattr open read write };
+allow system_server sysfs_sec:dir search;
+allow system_server sysfs_sec:file { getattr open read write };
 allow system_server sysfs_vibeamp:dir search;
-allow system_server sysfs_vibeamp:file { open read write };
+allow system_server sysfs_vibeamp:file { getattr open read write };
 allow system_server time_daemon:unix_stream_socket connectto;

sepolicy/time_daemon.te

@@ -1,3 +1,6 @@
+allow time_daemon system_app:dir search;
+allow time_daemon system_app:file { read open };
 allow time_daemon system_server:dir search;
 allow time_daemon system_server:file { open read };
-allow time_daemon time_data_file:file { getattr append };
+allow time_daemon time_data_file:dir remove_name;
+allow time_daemon time_data_file:file { getattr append unlink };

sepolicy/ueventd.te

@@ -1,2 +1,3 @@
 allow ueventd sysfs_camera:file { open read write };
+allow ueventd sysfs_sec:file { open read write };
 allow ueventd sysfs_vibeamp:file { open read write };

sepolicy/vold.te

@@ -0,0 +1,2 @@
+allow vold efs_file:dir { getattr read };
+allow vold mmc_block_device:blk_file { open read write ioctl getattr };