gs-common: sepolicy: Import missing rules from BP2A

Change-Id: I70ebc8a2bce09d2590c24fc919b2804cef256568

audio/sepolicy/aidl/hal_sensors_default.te

@@ -0,0 +1,3 @@
+# Allow access to audio HAL.
+binder_call(hal_sensors_default, hal_audio_default)
+allow hal_sensors_default hal_audio_ext_service:service_manager find;

gps/pixel/sepolicy/hal_gnss_pixel.te

@@ -17,6 +17,10 @@ get_prop(hal_gnss_pixel, vendor_gps_prop)
 binder_call(hal_gnss_pixel, hal_contexthub_default)
 allow hal_gnss_pixel hal_contexthub_service:service_manager find;
 
+# Allow binder to fwk stats.
+binder_call(hal_gnss_pixel, fwk_stats_service)
+allow hal_gnss_pixel fwk_stats_service:service_manager find;
+
 # Allow connect to gnss service
 allow hal_gnss_pixel vendor_gps_file:dir create_dir_perms;
 allow hal_gnss_pixel vendor_gps_file:fifo_file create_file_perms;

gril/aidl/2.0/sepolicy/hal_aidl_radio_ext.te

@@ -30,4 +30,5 @@ allow hal_aidl_radio_ext sysfs_leds:dir search;
 allow hal_aidl_radio_ext sysfs_leds:file rw_file_perms;
 
 # legacy/zuma/vendor
+allow hal_aidl_radio_ext sysfs_display:dir search;
 allow hal_aidl_radio_ext sysfs_display:file rw_file_perms;

modem/dump_modemlog/sepolicy/dump_modem.te

@@ -10,3 +10,5 @@ allow dump_modem vendor_rfsd_log_file:file r_file_perms;
 allow dump_modem vendor_toolbox_exec:file execute_no_trans;
 allow dump_modem sysfs_dump_modem:file r_file_perms;
 allow dump_modem logbuffer_device:chr_file r_file_perms;
+allow dump_modem radio_vendor_data_file:dir r_dir_perms;
+allow dump_modem radio_vendor_data_file:file r_file_perms;

modem/modem_svc_sit/sepolicy/modem_svc_sit.te

@@ -1,2 +1,3 @@
 # Modem SVC will register the default instance of the AIDL ISharedModemPlatform hal.
 hal_server_domain(modem_svc_sit, hal_shared_modem_platform)
+binder_call(hal_shared_modem_platform_server, hal_shared_modem_platform_client)

nfc/nfc.mk

@@ -0,0 +1 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/nfc/sepolicy

nfc/sepolicy/file.te

@@ -0,0 +1 @@
+type vendor_nfc_vendor_data_file, file_type, data_file_type;

nfc/sepolicy/file_contexts

@@ -0,0 +1 @@
+/data/vendor/nfc(/.*)?                                                      u:object_r:vendor_nfc_vendor_data_file:s0

nfc/sepolicy/hal_nfc_default.te

@@ -0,0 +1,2 @@
+allow hal_nfc_default vendor_nfc_vendor_data_file:dir create_dir_perms;
+allow hal_nfc_default vendor_nfc_vendor_data_file:file create_file_perms;

nfc/sepolicy/nfc.te

@@ -0,0 +1 @@
+allow nfc vendor_nfc_vendor_data_file:dir search;

performance/sepolicy/hal_power_default.te

@@ -1,3 +1,5 @@
+hal_client_domain(hal_power_default, hal_thermal)
+
 # allow power hal to access pa kill knobs
 allow hal_power_default sysfs_pakills:file rw_file_perms;
 allow hal_power_default sysfs_pakills:dir r_dir_perms;

wireless_charger/sepolicy/hal_wireless_charger.te

@@ -7,6 +7,7 @@ allow hal_wireless_charger sysfs_batteryinfo:file rw_file_perms;
 allow hal_wireless_charger self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
 allow hal_wireless_charger sysfs_wlc:file rw_file_perms;
 
+set_prop(hal_wireless_charger, vendor_wlcservice_prop)
 
 binder_call(hal_wireless_charger, servicemanager)
 add_service(hal_wireless_charger, hal_wireless_charger_service)

wireless_charger/sepolicy/property_contexts

@@ -1,2 +1,3 @@
 vendor.wlcservice.test.authentication       u:object_r:vendor_wlcservice_prop:s0 exact bool
 vendor.wlcservice.fwupdate.tx               u:object_r:vendor_wlcservice_prop:s0 exact enum 0 1 2 3
+vendor.wlcservice.start                     u:object_r:vendor_wlcservice_prop:s0 exact bool