cm: sepolicy: Create central place for QC-specific policy
* We have a number of policy items due to changes in our BSPs or for
other things which interact with the QC sepolicy. Add a place
for us to store this stuff so we don't need to copy it around to
every device.
Change-Id: I155ca202694501d42b42e2bd703d74049d547df0
diff --git a/sepolicy/qcom/bootanim.te b/sepolicy/qcom/bootanim.te
new file mode 100644
index 0000000..9987b46
--- /dev/null
+++ b/sepolicy/qcom/bootanim.te
@@ -0,0 +1,3 @@
+allow bootanim mpctl_socket:dir search;
+unix_socket_connect(bootanim, mpctl, perfd)
+unix_socket_send(bootanim, mpctl, perfd)
diff --git a/sepolicy/qcom/perfd.te b/sepolicy/qcom/perfd.te
new file mode 100644
index 0000000..2c9e4ff
--- /dev/null
+++ b/sepolicy/qcom/perfd.te
@@ -0,0 +1,6 @@
+allow perfd sysfs_devices_system_iosched:file rw_file_perms;
+unix_socket_connect(perfd, thermal, thermal-engine)
+
+# read mediaserver status
+allow perfd mediaserver:file { read open };
+
diff --git a/sepolicy/qcom/sepolicy.mk b/sepolicy/qcom/sepolicy.mk
new file mode 100644
index 0000000..1214054
--- /dev/null
+++ b/sepolicy/qcom/sepolicy.mk
@@ -0,0 +1,2 @@
+BOARD_SEPOLICY_DIRS += \
+ vendor/cm/sepolicy/qcom
diff --git a/sepolicy/qcom/system_server.te b/sepolicy/qcom/system_server.te
new file mode 100644
index 0000000..362bd4f
--- /dev/null
+++ b/sepolicy/qcom/system_server.te
@@ -0,0 +1,6 @@
+# LiveDisplay access to color calibration
+allow system_server pps_socket:sock_file rw_file_perms;
+allow system_server mm-pp-daemon:unix_stream_socket connectto;
+
+# Time services
+allow system_server time_daemon:unix_stream_socket connectto;