sepolicy: cleanup & indentation

* sepolicy: fix denials around cam/bt/net * sepolicy: some sdcardfs and mnld/agpsd * sepolicy: remove irtx device * sepolicy: remove hotknot remnants * sepolicy: remove mdlogger/eemcs policies * sepolicy: thunderquake vib rules * sepolicy: gps fix
2017-04-18 18:33:00 +02:00 · 2017-04-18 18:33:00 +02:00 · 36eada2987
parent 69960f230d
commit 36eada2987
33 changed files with 462 additions and 441 deletions
--- a/rootdir/ueventd.mt6735.rc
+++ b/rootdir/ueventd.mt6735.rc
@ -136,8 +136,6 @@ subsystem adf
 /sys/kernel/ccci          modem_info   0644   radio       radio
 /sys/kernel/ccci          md1_postfix  0644   radio       radio
 /sys/kernel/ccci          md2_postfix  0644   radio       radio
-/dev/eemcs*               0660   radio      radio
-/dev/emd*                 0660   radio      radio
 /dev/ccci_pcm_rx          0660   audio      audio
 /dev/ccci_pcm_tx          0660   audio      audio
 /dev/ccci_aud             0660   audio      audio
--- a/sepolicy/audioserver.te
+++ b/sepolicy/audioserver.te
@ -1,10 +1,16 @@
 # audioserver - audio services
 allow audioserver audiohal_prop:file r_file_perms;
+
+allow audioserver ccci_device:chr_file { read write open ioctl };
+
 allow audioserver nvram_data_file:file { read write open getattr setattr create };
 allow audioserver nvram_data_file:dir { write add_name };
-allow audioserver ccci_device:chr_file { read write open ioctl };
+
+allow audioserver platformblk_device:dir search;
+
 allow audioserver sysfs:file { read open };
 allow audioserver rootfs:lnk_file { getattr };
+
 allow audioserver property_socket:sock_file { write };
 allow audioserver init:unix_stream_socket { connectto };

--- a/sepolicy/bluetooth.te
+++ b/sepolicy/bluetooth.te
@ -1,5 +1,4 @@
 # bluetooth
-
 allow bluetooth bt_int_adp_socket:sock_file write;
 allow bluetooth mediaserver:unix_dgram_socket sendto;
 allow bluetooth init:unix_dgram_socket sendto;
@ -17,3 +16,6 @@ allow bluetooth nvdata_file:file rw_file_perms;
 allow bluetooth persist_bt_prop:file { getattr open read };
 allow bluetooth stpbt_device:chr_file { open read write };
 allow bluetooth wmt_prop:file { getattr open read };
+
+# bt prop
+allow bluetooth bt_prop:file { getattr open read };
--- a/sepolicy/bootanim.te
+++ b/sepolicy/bootanim.te
@ -0,0 +1,23 @@
+# Bootanim.te
+
+allow bootanim self:netlink_socket { read bind create write};
+#allow bootanim proc_secmem:file { read open};
+
+allow bootanim mediaserver:binder call;
+allow bootanim mediaserver:binder transfer;
+
+allow bootanim terservice:binder call;
+allow bootanim property_socket:sock_file write;
+allow bootanim init:unix_stream_socket connectto;
+allow bootanim custom_file:dir search;
+allow bootanim custom_file:file open;
+allow bootanim custom_file:file read;
+allow bootanim bootani_prop:property_service set;
+
+allow bootanim debug_prop:property_service set;
+
+allow bootanim mediaserver_service:service_manager find;
+
+# Nougat
+allow bootanim terservice_service:service_manager find;
+allow bootanim rootfs:lnk_file { getattr };
--- a/sepolicy/cameraserver.te
+++ b/sepolicy/cameraserver.te
@ -1,13 +1,29 @@
 # Mtk fix
-allow cameraserver camera_isp_device:chr_file { ioctl open read write };
 allow cameraserver devmap_device:chr_file { ioctl open read };
-allow cameraserver kd_camera_hw_device:chr_file { ioctl open read write };
-allow cameraserver proc:file { open read };
-allow cameraserver sysfs:file { open read };
-allow cameraserver CAM_CAL_DRV_device:chr_file { ioctl open read write };
-allow cameraserver kd_camera_flashlight_device:chr_file { ioctl open read write };
+
+allow cameraserver mediatek_prop:file { getattr open read };
+
 allow cameraserver nvdata_file:dir search;
 allow cameraserver nvdata_file:file { getattr open read };
+
 allow cameraserver platformblk_device:blk_file { open read write };
-allow cameraserver proc:file ioctl;
+allow cameraserver proc:file { ioctl open read };
 allow cameraserver proc_meminfo:file { getattr open read };
+
+allow cameraserver serial_number_prop:file { getattr open read };
+allow cameraserver sysfs:file getattr;
+
+# Flashlight
+allow cameraserver kd_camera_hw_device:chr_file { ioctl open read write };
+allow cameraserver kd_camera_flashlight_device:chr_file { ioctl open read write };
+
+# Camera
+allow cameraserver BU64245_device:chr_file { ioctl open read write };
+allow cameraserver camera_isp_device:chr_file { ioctl open read write };
+
+allow cameraserver CAM_CAL_DRV_device:chr_file { ioctl open read write };
+allow cameraserver mtk_smi_device:chr_file { ioctl open read };
+allow cameraserver sysfs:file { getattr open read write };
+
+# Nougat
+allow cameraserver rootfs:lnk_file { getattr };
--- a/sepolicy/ccci_mdinit.te
+++ b/sepolicy/ccci_mdinit.te
@ -10,13 +10,6 @@ wakelock_use(ccci_mdinit)
 allow ccci_mdinit ctl_ccci_fsd_prop:property_service set;
 allow ccci_mdinit ctl_gsm0710muxd_prop:property_service set;

-#=============allow ccci_mdinit to start emcsmdlogger==============
-allow ccci_mdinit ctl_mdlogger_prop:property_service set;
-
-#unix_socket_connect(ccci_mdinit, property, init)
-#allow ccci_mdinit ctl_mdlogger_prop:property_service set;
-allow ccci_mdinit { ctl_mdlogger_prop ctl_emdlogger1_prop ctl_emdlogger2_prop ctl_dualmdlogger_prop }:property_service set;
-
 #allow ccci_mdinit ctl_gsm0710muxd_prop:property_service set;
 allow ccci_mdinit { ctl_gsm0710muxd_prop ctl_gsm0710muxd-s_prop ctl_gsm0710muxd-d_prop ctl_gsm0710muxdmd2_prop}:property_service set;

--- a/sepolicy/debuggerd.te
+++ b/sepolicy/debuggerd.te
@ -0,0 +1,2 @@
+# Mtk fix
+allow debuggerd self:capability sys_resource;
--- a/sepolicy/device.te
+++ b/sepolicy/device.te
@ -114,7 +114,6 @@ type platformblk_device, dev_type;
 type RT_Monitor_device, dev_type;
 type kick_powerkey_device, dev_type;
 type mnld_device, dev_type;
-type hotknot_device, dev_type;
 type md32_device, dev_type;
 type etb_device, dev_type;
 type MT_pmic_adc_cali_device, dev_type;
@ -123,7 +122,6 @@ type MT_pmic_cali_device,dev_type;
 type barometer_device,dev_type;
 type otp_device, dev_type;
 type icusb_device, dev_type;
-type irtx_device, dev_type;
 type pmic_ftm_device, dev_type;
 type shf_device, dev_type;
 type keyblock_device, dev_type;
--- a/sepolicy/dnsmasq.te
+++ b/sepolicy/dnsmasq.te
@ -1,3 +1,4 @@
 # dnsmasq
-
 allow dnsmasq netd:file read;
+
+allow dnsmasq unlabeled:file { getattr open read };
--- a/sepolicy/factory.te
+++ b/sepolicy/factory.te
@ -51,6 +51,8 @@ allow factory self:tcp_socket { setopt read bind create accept write connect lis
 allow factory self:udp_socket { create ioctl };
 allow factory stpbt_device:chr_file { read write open };
 allow factory sysfs:file write;
+allow factory sysfs_gps_file:dir r_dir_perms;
+allow factory sysfs_gps_file:file rw_file_perms;
 allow factory sysfs_wake_lock:file { read write open };
 allow factory system_data_file:dir { write remove_name add_name };
 allow factory system_data_file:sock_file { write create setattr };
@ -85,7 +87,6 @@ allow factory pmic_ftm_device:chr_file { read write ioctl open};
 allow factory powerctl_prop:property_service set;
 allow factory ttyGS_device:chr_file { read write open ioctl};
 allow factory ttyMT_device:chr_file { read write open ioctl};
-allow factory irtx_device:chr_file { read write ioctl open };
 allow factory devpts:chr_file { read write getattr ioctl };
 allow factory vfat:dir search;
 allow factory hrm_device:chr_file { read ioctl open };
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@ -123,5 +123,11 @@ type iso9660, fs_type;
 # data_tmpfs_log
 type data_tmpfs_log_file, file_type, data_file_type;

+# Gps
+type sysfs_gps_file, fs_type, sysfs_type;
+
 # Gestures
 type gesture_sysfs, sysfs_type, file_type;
+
+# Thunderquake vibrator
+type sysfs_vibrator, sysfs_type, file_type;
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@ -7,295 +7,301 @@
 #############################
 # Data files
 #
-/data/agps_supl(/.*)?    u:object_r:agpsd_data_file:s0
-/data/anr/SF_RTT(/.*)? u:object_r:sf_rtt_file:s0
-/data/@btmtk(/.*)?       u:object_r:bt_data_file:s0
-/data/ccci_cfg(/.*)? u:object_r:ccci_cfg_file:s0
-/data/dontpanic(/.*)? u:object_r:dontpanic_data_file:s0
-/data/extmdl(/.*)? u:object_r:mdlog_data_file:s0
-/data/http-proxy-cfg(/.*)? u:object_r:http_proxy_cfg_data_file:s0
-/data/log_temp(/.*)? u:object_r:logtemp_data_file:s0
-/data/lost\+found(/.*)? u:object_r:lost_found_data_file:s0
-/data/mdlog(/.*)? u:object_r:mdlog_data_file:s0
-/data/mdl(/.*)? u:object_r:mdlog_data_file:s0
-/data/mdl3(/.*)? u:object_r:mdlog_data_file:s0
-/data/mediaserver(/.*)? u:object_r:mediaserver_data_file:s0
-/data/misc/acdapi(/.*)? u:object_r:acdapi_data_file:s0
-/data/misc/akmd_set.txt u:object_r:akmd8963_access_file1:s0
-/data/misc/mblog(/.*)? u:object_r:logmisc_data_file:s0
-/data/misc/PDC.ini u:object_r:akmd8963_access_file2:s0
-/data/misc/ppp(/.*)? u:object_r:ppp_data_file:s0
-/data/misc/radvd(/.*)? u:object_r:radvd_data_file:s0 
-/data/misc/sensor.log		u:object_r:bmm050_sensor_log_file:s0
-/data/misc/sensor(/.*)?		u:object_r:sensor_data_file:s0
-/data/misc/wide-dhcpv6(/.*)? u:object_r:wide_dhcpv6_data_file:s0
-/data/misc/wpa_supplicant(/.*)? u:object_r:wpa_supplicant_data_file:s0
-/data/nvram(/.*)? u:object_r:nvram_data_file:s0
-/nvdata(/.*)? u:object_r:nvdata_file:s0
-/data/ipsec(./*)? u:object_r:wod_ipsec_conf_file:s0
-/data/ipsec/wo(./*)? u:object_r:wod_apn_conf_file:s0
-/data/data_tmpfs_log(/.*)? u:object_r:data_tmpfs_log_file:s0
-/data/tmp_mnt/data_tmpfs_log(/.*)? u:object_r:data_tmpfs_log_file:s0
+/data/agps_supl(/.*)?			u:object_r:agpsd_data_file:s0
+/data/anr/SF_RTT(/.*)?			u:object_r:sf_rtt_file:s0
+/data/@btmtk(/.*)?			u:object_r:bt_data_file:s0
+/data/ccci_cfg(/.*)?			u:object_r:ccci_cfg_file:s0
+/data/dontpanic(/.*)?			u:object_r:dontpanic_data_file:s0
+/data/extmdl(/.*)?			u:object_r:mdlog_data_file:s0
+/data/http-proxy-cfg(/.*)?		u:object_r:http_proxy_cfg_data_file:s0
+/data/log_temp(/.*)?			u:object_r:logtemp_data_file:s0
+/data/lost\+found(/.*)?			u:object_r:lost_found_data_file:s0
+/data/mdlog(/.*)?			u:object_r:mdlog_data_file:s0
+/data/mdl(/.*)?				u:object_r:mdlog_data_file:s0
+/data/mdl3(/.*)?			u:object_r:mdlog_data_file:s0
+/data/mediaserver(/.*)?			u:object_r:mediaserver_data_file:s0
+/data/misc/acdapi(/.*)?			u:object_r:acdapi_data_file:s0
+/data/misc/akmd_set.txt			u:object_r:akmd8963_access_file1:s0
+/data/misc/mblog(/.*)?			u:object_r:logmisc_data_file:s0
+/data/misc/PDC.ini			u:object_r:akmd8963_access_file2:s0
+/data/misc/ppp(/.*)?			u:object_r:ppp_data_file:s0
+/data/misc/radvd(/.*)?			u:object_r:radvd_data_file:s0
+/data/misc/sensor.log			u:object_r:bmm050_sensor_log_file:s0
+/data/misc/sensor(/.*)?			u:object_r:sensor_data_file:s0
+/data/misc/wide-dhcpv6(/.*)?		u:object_r:wide_dhcpv6_data_file:s0
+/data/misc/wpa_supplicant(/.*)?		u:object_r:wpa_supplicant_data_file:s0
+/data/nvram(/.*)?			u:object_r:nvram_data_file:s0
+/nvdata(/.*)?				u:object_r:nvdata_file:s0
+/data/ipsec(./*)?			u:object_r:wod_ipsec_conf_file:s0
+/data/ipsec/wo(./*)?			u:object_r:wod_apn_conf_file:s0
+/data/data_tmpfs_log(/.*)?		u:object_r:data_tmpfs_log_file:s0
+/data/tmp_mnt/data_tmpfs_log(/.*)?	u:object_r:data_tmpfs_log_file:s0

 ##########################
 # Devices
 #
-/dev/aal_als(/.*)? u:object_r:aal_als_device:s0 
-/dev/accdet(/.*)? u:object_r:accdet_device:s0 
-/dev/als_ps(/.*)? u:object_r:als_ps_device:s0
-/dev/ampc0(/.*)? u:object_r:ampc0_device:s0
-/dev/android(/.*)? u:object_r:android_device:s0 
-/dev/barometer(/.*)? u:object_r:barometer_device:s0
-/dev/block/mmcblk[0-9a-z]* u:object_r:mmcblk_device:s0
-/dev/block/platform(/.*)? u:object_r:platformblk_device:s0
-/dev/block/vold(/.*)? u:object_r:voldblk_device:s0
-/dev/bmtpool(/.*)? u:object_r:bmtpool_device:s0 
-/dev/bootimg(/.*)? u:object_r:bootimg_device:s0 
-/dev/BOOT(/.*)? u:object_r:BOOT_device:s0 
-/dev/btif(/.*)? u:object_r:btif_device:s0 
-/dev/btn(/.*)? u:object_r:btn_device:s0
-/dev/cache(/.*)? u:object_r:cache_device:s0 
-/dev/CAM_CAL_DRV(/.*)? u:object_r:CAM_CAL_DRV_device:s0
-/dev/camera-fdvt(/.*)? u:object_r:camera_fdvt_device:s0
-/dev/camera-isp(/.*)? u:object_r:camera_isp_device:s0
-/dev/camera-pipemgr(/.*)? u:object_r:camera_pipemgr_device:s0
-/dev/camera-sysram(/.*)? u:object_r:camera_sysram_device:s0
-/dev/ccci_monitor     u:object_r:ccci_monitor_device:s0
-/dev/ccci.* u:object_r:ccci_device:s0
-/dev/cpu_dma_latency(/.*)? u:object_r:cpu_dma_latency_device:s0 
-/dev/devmap(/.*)? u:object_r:devmap_device:s0
-/dev/dummy_cam_cal(/.*)? u:object_r:dummy_cam_cal_device:s0 
-/dev/ebc(/.*)? u:object_r:ebc_device:s0
-/dev/ebr[0-9]+ u:object_r:ebr_device:s0
-/dev/etb        u:object_r:etb_device:s0
-/dev/expdb(/.*)? u:object_r:expdb_device:s0 
-/dev/fat(/.*)? u:object_r:fat_device:s0 
-/dev/gps(/.*)? u:object_r:gps_device:s0
-/dev/gsensor(/.*)? u:object_r:gsensor_device:s0
-/dev/gyroscope(/.*)? u:object_r:gyroscope_device:s0
-/dev/hdmitx(/.*)? u:object_r:graphics_device:s0
-/dev/hid-keyboard(/.*)? u:object_r:hid_keyboard_device:s0
-/dev/hotknot(/.*)? u:object_r:hotknot_device:s0
-/dev/hwmsensor(/.*)? u:object_r:hwmsensor_device:s0
-/dev/ion(/.*)? u:object_r:ion_device:s0
-/dev/kd_camera_flashlight(/.*)? u:object_r:kd_camera_flashlight_device:s0
-/dev/kd_camera_hw_bus2(/.*)? u:object_r:kd_camera_hw_bus2_device:s0
-/dev/kd_camera_hw(/.*)? u:object_r:kd_camera_hw_device:s0
-/dev/logo(/.*)? u:object_r:logo_device:s0 
-/dev/loop-control(/.*)? u:object_r:loop-control_device:s0 
-/dev/M4U_device(/.*)? u:object_r:M4U_device_device:s0
-/dev/m_acc_misc(/.*)? u:object_r:m_acc_misc_device:s0 
-/dev/mali.* u:object_r:gpu_device:s0
-/dev/MATV(/.*)? u:object_r:MATV_device:s0
-/dev/m_batch_misc(/.*)? u:object_r:m_batch_misc_device:s0 
-/dev/mbr(/.*)? u:object_r:mbr_device:s0 
-/dev/md32(/.*)? u:object_r:md32_device:s0
-/dev/met(/.*)? u:object_r:met_device:s0 
-/dev/misc-sd(/.*)? u:object_r:misc_sd_device:s0
-/dev/misc(/.*)? u:object_r:misc_device:s0 
-/dev/misc2(/.*)? u:object_r:misc2_device:s0 
-/dev/MJC(/.*)? u:object_r:MJC_device:s0
-/dev/m_mag_misc(/.*)? u:object_r:m_mag_misc_device:s0 
-/dev/msensor(/.*)? u:object_r:msensor_device:s0
-/dev/mtfreqhopping(/.*)? u:object_r:mtfreqhopping_device:s0 
-/dev/mtgpio(/.*)? u:object_r:mtgpio_device:s0
-/dev/mtk-adc-cali(/.*)? u:object_r:mtk-adc-cali_device:s0
-/dev/mtk_disp.* u:object_r:graphics_device:s0
-/dev/mtkfb_vsync(/.*)? u:object_r:graphics_device:s0
-/dev/mtkg2d(/.*)? u:object_r:mtkg2d_device:s0
-/dev/mtk_jpeg(/.*)? u:object_r:mtk_jpeg_device:s0
-/dev/mtk-kpd(/.*)? u:object_r:mtk_kpd_device:s0 
-/dev/mtk_sched(/.*)? u:object_r:mtk_sched_device:s0
-/dev/MTK_SMI(/.*)? u:object_r:mtk_smi_device:s0
-/dev/mtk_rrc(/.*)? u:object_r:mtk_rrc_device:s0
-/dev/mt-mdp(/.*)? u:object_r:mt_mdp_device:s0
-/dev/mt_otg_test(/.*)? u:object_r:mt_otg_test_device:s0
-/dev/MT_pmic_adc_cali        u:object_r:MT_pmic_adc_cali_device:s0
-/dev/MT_pmic_adc_cali(/.*)? u:object_r:MT_pmic_cali_device:s0 
-/dev/MT_pmic(/.*)? u:object_r:MT_pmic_device:s0 
-/dev/network.* u:object_r:network_device:s0 
-/dev/nvram(/.*)? u:object_r:nvram_device:s0 
-/dev/nxpspk(/.*)? u:object_r:smartpa_device:s0
-/dev/otp        u:object_r:otp_device:s0
-/dev/pmem_multimedia(/.*)? u:object_r:pmem_multimedia_device:s0
-/dev/pmt(/.*)? u:object_r:pmt_device:s0 
-/dev/preloader(/.*)? u:object_r:preloader_device:s0 
-/dev/pro_info(/.*)? u:object_r:pro_info_device:s0 
-/dev/protect_f(/.*)? u:object_r:protect_f_device:s0 
-/dev/protect_s(/.*)? u:object_r:protect_s_device:s0 
-/dev/psaux(/.*)? u:object_r:psaux_device:s0 
-/dev/ptmx(/.*)? u:object_r:ptmx_device:s0
-/dev/ptyp.* u:object_r:ptyp_device:s0 
-/dev/pvr_sync(/.*)? u:object_r:gpu_device:s0
-/dev/recovery(/.*)? u:object_r:recovery_device:s0 
-/dev/rfkill(/.*)? u:object_r:rfkill_device:s0
-/dev/rtc[0-9]+ u:object_r:rtc_device:s0 
-/dev/RT_Monitor(/.*)? u:object_r:RT_Monitor_device:s0 
-/dev/kick_powerkey(/.*)? u:object_r:kick_powerkey_device:s0 
-/dev/seccfg(/.*)? u:object_r:seccfg_device:s0 
-/dev/sec_ro(/.*)? u:object_r:sec_ro_device:s0 
-/dev/sec(/.*)? u:object_r:sec_device:s0
-/dev/tee1 u:object_r:tee_part_device:s0 
-/dev/tee2 u:object_r:tee_part_device:s0 
-/dev/sensor(/.*)? u:object_r:sensor_device:s0
-/dev/smartpa_i2c(/.*)? u:object_r:smartpa1_device:s0
-/dev/snapshot(/.*)? u:object_r:snapshot_device:s0 
-/dev/socket/adbd(/.*)? u:object_r:adbd_socket:s0
-/dev/socket/agpsd2(/.*)? u:object_r:agpsd_socket:s0
-/dev/socket/agpsd3(/.*)? u:object_r:agpsd_socket:s0 
-/dev/socket/agpsd(/.*)? u:object_r:agpsd_socket:s0
-/dev/socket/backuprestore(/.*)? u:object_r:backuprestore_socket:s0
-/dev/socket/bluetooth(/.*)? u:object_r:bluetooth_socket:s0
-/dev/socket/bt.a2dp.stream(/.*)? u:object_r:bt_a2dp_stream_socket:s0
-/dev/socket/bt.int.adp(/.*)? u:object_r:bt_int_adp_socket:s0
-/dev/socket/dbus_bluetooth(/.*)? u:object_r:dbus_bluetooth_socket:s0
-/dev/socket/dfo(/.*)? u:object_r:dfo_socket:s0
-/dev/socket/dnsproxyd(/.*)? u:object_r:dnsproxyd_socket:s0
-/dev/socket/dumpstate(/.*)? u:object_r:dumpstate_socket:s0
-/dev/socket/installd(/.*)? u:object_r:installd_socket:s0
-/dev/socket/mdnsd(/.*)? u:object_r:mdnsd_socket:s0
-/dev/socket/mdns(/.*)? u:object_r:mdns_socket:s0
-/dev/socket/mnld(/.*)? u:object_r:mnld_socket:s0
-/dev/socket/mtpd(/.*)? u:object_r:mtpd_socket:s0
-/dev/socket/netdiag(/.*)? u:object_r:netdiag_socket:s0
-/dev/socket/netd(/.*)? u:object_r:netd_socket:s0
-/dev/socket/racoon(/.*)? u:object_r:racoon_socket:s0
-/dev/socket/rild2-md2(/.*)? u:object_r:rild2_md2_socket:s0
-/dev/socket/rild2(/.*)? u:object_r:rild2_socket:s0
-/dev/socket/rild3(/.*)? u:object_r:rild3_socket:s0
-/dev/socket/rild4(/.*)? u:object_r:rild4_socket:s0
-/dev/socket/rild-ims(/.*)? u:object_r:rild_ims_socket:s0
-/dev/socket/rild-atci-md2(/.*)? u:object_r:rild_atci_md2_socket:s0
-/dev/socket/rild-atci(/.*)? u:object_r:rild_atci_socket:s0
-/dev/socket/rild-ctclient u:object_r:rild_ctclient_socket:s0
-/dev/socket/rild-debug-md2(/.*)? u:object_r:rild_debug_md2_socket:s0
-/dev/socket/rild-debug(/.*)? u:object_r:rild_debug_socket:s0
-/dev/socket/rild-md2(/.*)? u:object_r:rild_md2_socket:s0
-/dev/socket/rild-mtk-modem-md2(/.*)? u:object_r:rild_mtk_modem_md2_socket:s0
-/dev/socket/rild-mtk-modem(/.*)? u:object_r:rild_mtk_modem_socket:s0
-/dev/socket/rild-mtk-ut-2-md2(/.*)? u:object_r:rild_mtk_ut_2_md2_socket:s0
-/dev/socket/rild-mtk-ut-2(/.*)? u:object_r:rild_mtk_ut_2_socket:s0
-/dev/socket/rild-mtk-ut-md2(/.*)? u:object_r:rild_mtk_ut_md2_socket:s0
-/dev/socket/rild-mtk-ut(/.*)? u:object_r:rild_mtk_ut_socket:s0
-/dev/socket/rild-oem-md2(/.*)? u:object_r:rild_oem_md2_socket:s0
-/dev/socket/rild-oem(/.*)? u:object_r:rild_oem_socket:s0
-/dev/socket/rild(/.*)? u:object_r:rild_socket:s0
-/dev/socket/rild-via u:object_r:rild_via_socket:s0
-/dev/socket/rild-atci-c2k(/.*)? u:object_r:rild_atci_c2k_socket:s0
-/dev/socket/rpc u:object_r:rpc_socket:s0
-/dev/socket/soc_vt_stk(/.*)? u:object_r:soc_vt_stk_socket:s0
-/dev/socket/soc_vt_svc(/.*)? u:object_r:soc_vt_svc_socket:s0
-/dev/socket/soc_vt_tcv(/.*)? u:object_r:soc_vt_tcv_socket:s0
-/dev/socket/statusd u:object_r:statusd_socket:s0
-/dev/socket/sysctl(/.*)? u:object_r:sysctl_socket:s0
-/dev/socket/vold(/.*)? u:object_r:vold_socket:s0
-/dev/socket/wpa_wlan0(/.*)? u:object_r:wpa_wlan0_socket:s0
-/dev/socket/zygote(/.*)? u:object_r:zygote_socket:s0
-/dev/socket/wod_action(/.*)? u:object_r:wod_action_socket:s0
-/dev/socket/wod_sim(/.*)? u:object_r:wod_sim_socket:s0
-/dev/socket/wod_ipsec(/.*)? u:object_r:wod_ipsec_socket:s0
-/dev/stpbt(/.*)? u:object_r:stpbt_device:s0
-/dev/stpgps        u:object_r:mnld_device:s0
-/dev/stpgps(/.*)? u:object_r:stpgps_device:s0
-/dev/stpwmt(/.*)? u:object_r:stpwmt_device:s0
-/dev/sw_sync(/.*)? u:object_r:sw_sync_device:s0
-/dev/tgt(/.*)? u:object_r:tgt_device:s0 
-/dev/touch(/.*)? u:object_r:touch_device:s0 
-/dev/tpd_em_log(/.*)? u:object_r:tpd_em_log_device:s0 
-/dev/ttyC0         u:object_r:gsm0710muxd_device:s0
-/dev/ttyC1 u:object_r:mdlog_device:s0
-/dev/ttyC2         u:object_r:agps_device:s0
-/dev/ttyC3 u:object_r:icusb_device:s0
-/dev/ttyGS.* u:object_r:ttyGS_device:s0
-/dev/ttyMT.* u:object_r:ttyMT_device:s0
-/dev/ttyp.* u:object_r:ttyp_device:s0
-/dev/ttySDIO.* u:object_r:ttySDIO_device:s0
-/dev/ttyUSB0         u:object_r:tty_device:s0
-/dev/ttyUSB1         u:object_r:tty_device:s0
-/dev/ttyUSB2         u:object_r:tty_device:s0
-/dev/ttyUSB3         u:object_r:tty_device:s0
-/dev/ttyUSB4         u:object_r:tty_device:s0
-/dev/TV-out(/.*)? u:object_r:TV_out_device:s0
-/dev/uboot(/.*)? u:object_r:uboot_device:s0 
-/dev/uibc(/.*)? u:object_r:uibc_device:s0 
-/dev/uinput(/.*)? u:object_r:uinput_device:s0
-/dev/uio0(/.*)? u:object_r:uio0_device:s0
-/dev/usrdata(/.*)? u:object_r:usrdata_device:s0 
-/dev/Vcodec(/.*)? u:object_r:Vcodec_device:s0
-/dev/vmodem u:object_r:vmodem_device:s0
-/dev/vow(/.*)? u:object_r:vow_device:s0
-/dev/wmtdetect(/.*)? u:object_r:wmtdetect_device:s0
-/dev/wmtWifi(/.*)? u:object_r:wmtWifi_device:s0
-/dev/offloadservice(/.*)? u:object_r:offloadservice_device:s0
-/dev/irtx u:object_r:irtx_device:s0
+/dev/aal_als(/.*)?			u:object_r:aal_als_device:s0
+/dev/accdet(/.*)?			u:object_r:accdet_device:s0
+/dev/als_ps(/.*)?			u:object_r:als_ps_device:s0
+/dev/ampc0(/.*)?			u:object_r:ampc0_device:s0
+/dev/android(/.*)?			u:object_r:android_device:s0
+/dev/barometer(/.*)?			u:object_r:barometer_device:s0
+/dev/block/mmcblk[0-9a-z]*		u:object_r:mmcblk_device:s0
+/dev/block/platform(/.*)?		u:object_r:platformblk_device:s0
+/dev/block/vold(/.*)?			u:object_r:voldblk_device:s0
+/dev/bmtpool(/.*)?			u:object_r:bmtpool_device:s0
+/dev/bootimg(/.*)?			u:object_r:bootimg_device:s0
+/dev/BOOT(/.*)?				u:object_r:BOOT_device:s0
+/dev/btif(/.*)?				u:object_r:btif_device:s0
+/dev/btn(/.*)?				u:object_r:btn_device:s0
+/dev/cache(/.*)?			u:object_r:cache_device:s0
+/dev/CAM_CAL_DRV(/.*)?			u:object_r:CAM_CAL_DRV_device:s0
+/dev/camera-fdvt(/.*)?			u:object_r:camera_fdvt_device:s0
+/dev/camera-isp(/.*)?			u:object_r:camera_isp_device:s0
+/dev/camera-pipemgr(/.*)?		u:object_r:camera_pipemgr_device:s0
+/dev/camera-sysram(/.*)?		u:object_r:camera_sysram_device:s0
+/dev/ccci_monitor			u:object_r:ccci_monitor_device:s0
+/dev/ccci.*				u:object_r:ccci_device:s0
+/dev/cpu_dma_latency(/.*)?		u:object_r:cpu_dma_latency_device:s0
+/dev/devmap(/.*)?			u:object_r:devmap_device:s0
+/dev/dummy_cam_cal(/.*)?		u:object_r:dummy_cam_cal_device:s0
+/dev/ebc(/.*)?				u:object_r:ebc_device:s0
+/dev/ebr[0-9]+				u:object_r:ebr_device:s0
+/dev/etb				u:object_r:etb_device:s0
+/dev/expdb(/.*)?			u:object_r:expdb_device:s0
+/dev/fat(/.*)?				u:object_r:fat_device:s0
+/dev/gps(/.*)?				u:object_r:gps_device:s0
+/dev/gsensor(/.*)?			u:object_r:gsensor_device:s0
+/dev/gyroscope(/.*)?			u:object_r:gyroscope_device:s0
+/dev/hdmitx(/.*)?			u:object_r:graphics_device:s0
+/dev/hid-keyboard(/.*)?			u:object_r:hid_keyboard_device:s0
+/dev/hwmsensor(/.*)?			u:object_r:hwmsensor_device:s0
+/dev/ion(/.*)?				u:object_r:ion_device:s0
+/dev/kd_camera_flashlight(/.*)?		u:object_r:kd_camera_flashlight_device:s0
+/dev/kd_camera_hw_bus2(/.*)?		u:object_r:kd_camera_hw_bus2_device:s0
+/dev/kd_camera_hw(/.*)?			u:object_r:kd_camera_hw_device:s0
+/dev/logo(/.*)?				u:object_r:logo_device:s0
+/dev/loop-control(/.*)?			u:object_r:loop-control_device:s0
+/dev/M4U_device(/.*)?			u:object_r:M4U_device_device:s0
+/dev/m_acc_misc(/.*)?			u:object_r:m_acc_misc_device:s0
+/dev/mali.*				u:object_r:gpu_device:s0
+/dev/MATV(/.*)?				u:object_r:MATV_device:s0
+/dev/m_batch_misc(/.*)?			u:object_r:m_batch_misc_device:s0
+/dev/mbr(/.*)?				u:object_r:mbr_device:s0
+/dev/md32(/.*)?				u:object_r:md32_device:s0
+/dev/met(/.*)?				u:object_r:met_device:s0
+/dev/misc-sd(/.*)?			u:object_r:misc_sd_device:s0
+/dev/misc(/.*)?				u:object_r:misc_device:s0
+/dev/misc2(/.*)?			u:object_r:misc2_device:s0
+/dev/MJC(/.*)?				u:object_r:MJC_device:s0
+/dev/m_mag_misc(/.*)?			u:object_r:m_mag_misc_device:s0
+/dev/msensor(/.*)?			u:object_r:msensor_device:s0
+/dev/mtfreqhopping(/.*)?		u:object_r:mtfreqhopping_device:s0
+/dev/mtgpio(/.*)?			u:object_r:mtgpio_device:s0
+/dev/mtk-adc-cali(/.*)?			u:object_r:mtk-adc-cali_device:s0
+/dev/mtk_disp.*				u:object_r:graphics_device:s0
+/dev/mtkfb_vsync(/.*)?			u:object_r:graphics_device:s0
+/dev/mtkg2d(/.*)?			u:object_r:mtkg2d_device:s0
+/dev/mtk_jpeg(/.*)?			u:object_r:mtk_jpeg_device:s0
+/dev/mtk-kpd(/.*)?			u:object_r:mtk_kpd_device:s0
+/dev/mtk_sched(/.*)?			u:object_r:mtk_sched_device:s0
+/dev/MTK_SMI(/.*)?			u:object_r:mtk_smi_device:s0
+/dev/mtk_rrc(/.*)?			u:object_r:mtk_rrc_device:s0
+/dev/mt-mdp(/.*)?			u:object_r:mt_mdp_device:s0
+/dev/mt_otg_test(/.*)?			u:object_r:mt_otg_test_device:s0
+/dev/MT_pmic_adc_cali			u:object_r:MT_pmic_adc_cali_device:s0
+/dev/MT_pmic_adc_cali(/.*)?		u:object_r:MT_pmic_cali_device:s0
+/dev/MT_pmic(/.*)?			u:object_r:MT_pmic_device:s0
+/dev/network.*				u:object_r:network_device:s0
+/dev/nvram(/.*)?			u:object_r:nvram_device:s0
+/dev/nxpspk(/.*)?			u:object_r:smartpa_device:s0
+/dev/otp				u:object_r:otp_device:s0
+/dev/pmem_multimedia(/.*)?		u:object_r:pmem_multimedia_device:s0
+/dev/pmt(/.*)?				u:object_r:pmt_device:s0
+/dev/preloader(/.*)?			u:object_r:preloader_device:s0
+/dev/pro_info(/.*)?			u:object_r:pro_info_device:s0
+/dev/protect_f(/.*)?			u:object_r:protect_f_device:s0
+/dev/protect_s(/.*)?			u:object_r:protect_s_device:s0
+/dev/psaux(/.*)?			u:object_r:psaux_device:s0
+/dev/ptmx(/.*)?				u:object_r:ptmx_device:s0
+/dev/ptyp.*				u:object_r:ptyp_device:s0
+/dev/pvr_sync(/.*)?			u:object_r:gpu_device:s0
+/dev/recovery(/.*)?			u:object_r:recovery_device:s0
+/dev/rfkill(/.*)?			u:object_r:rfkill_device:s0
+/dev/rtc[0-9]+				u:object_r:rtc_device:s0
+/dev/RT_Monitor(/.*)?			u:object_r:RT_Monitor_device:s0
+/dev/kick_powerkey(/.*)?		u:object_r:kick_powerkey_device:s0
+/dev/seccfg(/.*)?			u:object_r:seccfg_device:s0
+/dev/sec_ro(/.*)?			u:object_r:sec_ro_device:s0
+/dev/sec(/.*)?				u:object_r:sec_device:s0
+/dev/tee1				u:object_r:tee_part_device:s0
+/dev/tee2				u:object_r:tee_part_device:s0
+/dev/sensor(/.*)?			u:object_r:sensor_device:s0
+/dev/smartpa_i2c(/.*)?			u:object_r:smartpa1_device:s0
+/dev/snapshot(/.*)?			u:object_r:snapshot_device:s0
+/dev/socket/adbd(/.*)?			u:object_r:adbd_socket:s0
+/dev/socket/agpsd2(/.*)?		u:object_r:agpsd_socket:s0
+/dev/socket/agpsd3(/.*)?		u:object_r:agpsd_socket:s0
+/dev/socket/agpsd(/.*)?			u:object_r:agpsd_socket:s0
+/dev/socket/backuprestore(/.*)?		u:object_r:backuprestore_socket:s0
+/dev/socket/bluetooth(/.*)?		u:object_r:bluetooth_socket:s0
+/dev/socket/bt.a2dp.stream(/.*)?	u:object_r:bt_a2dp_stream_socket:s0
+/dev/socket/bt.int.adp(/.*)?		u:object_r:bt_int_adp_socket:s0
+/dev/socket/dbus_bluetooth(/.*)?	u:object_r:dbus_bluetooth_socket:s0
+/dev/socket/dfo(/.*)?			u:object_r:dfo_socket:s0
+/dev/socket/dnsproxyd(/.*)?		u:object_r:dnsproxyd_socket:s0
+/dev/socket/dumpstate(/.*)?		u:object_r:dumpstate_socket:s0
+/dev/socket/installd(/.*)?		u:object_r:installd_socket:s0
+/dev/socket/mdnsd(/.*)?			u:object_r:mdnsd_socket:s0
+/dev/socket/mdns(/.*)?			u:object_r:mdns_socket:s0
+/dev/socket/mnld(/.*)?			u:object_r:mnld_socket:s0
+/dev/socket/mtpd(/.*)?			u:object_r:mtpd_socket:s0
+/dev/socket/netdiag(/.*)?		u:object_r:netdiag_socket:s0
+/dev/socket/netd(/.*)?			u:object_r:netd_socket:s0
+/dev/socket/racoon(/.*)?		u:object_r:racoon_socket:s0
+/dev/socket/rild2-md2(/.*)?		u:object_r:rild2_md2_socket:s0
+/dev/socket/rild2(/.*)?			u:object_r:rild2_socket:s0
+/dev/socket/rild3(/.*)?			u:object_r:rild3_socket:s0
+/dev/socket/rild4(/.*)?			u:object_r:rild4_socket:s0
+/dev/socket/rild-ims(/.*)?		u:object_r:rild_ims_socket:s0
+/dev/socket/rild-atci-md2(/.*)?		u:object_r:rild_atci_md2_socket:s0
+/dev/socket/rild-atci(/.*)?		u:object_r:rild_atci_socket:s0
+/dev/socket/rild-ctclient		u:object_r:rild_ctclient_socket:s0
+/dev/socket/rild-debug-md2(/.*)?	u:object_r:rild_debug_md2_socket:s0
+/dev/socket/rild-debug(/.*)?		u:object_r:rild_debug_socket:s0
+/dev/socket/rild-md2(/.*)?		u:object_r:rild_md2_socket:s0
+/dev/socket/rild-mtk-modem-md2(/.*)?	u:object_r:rild_mtk_modem_md2_socket:s0
+/dev/socket/rild-mtk-modem(/.*)?	u:object_r:rild_mtk_modem_socket:s0
+/dev/socket/rild-mtk-ut-2-md2(/.*)?	u:object_r:rild_mtk_ut_2_md2_socket:s0
+/dev/socket/rild-mtk-ut-2(/.*)?		u:object_r:rild_mtk_ut_2_socket:s0
+/dev/socket/rild-mtk-ut-md2(/.*)?	u:object_r:rild_mtk_ut_md2_socket:s0
+/dev/socket/rild-mtk-ut(/.*)?		u:object_r:rild_mtk_ut_socket:s0
+/dev/socket/rild-oem-md2(/.*)?		u:object_r:rild_oem_md2_socket:s0
+/dev/socket/rild-oem(/.*)?		u:object_r:rild_oem_socket:s0
+/dev/socket/rild(/.*)?			u:object_r:rild_socket:s0
+/dev/socket/rild-via			u:object_r:rild_via_socket:s0
+/dev/socket/rild-atci-c2k(/.*)?		u:object_r:rild_atci_c2k_socket:s0
+/dev/socket/rpc				u:object_r:rpc_socket:s0
+/dev/socket/soc_vt_stk(/.*)?		u:object_r:soc_vt_stk_socket:s0
+/dev/socket/soc_vt_svc(/.*)?		u:object_r:soc_vt_svc_socket:s0
+/dev/socket/soc_vt_tcv(/.*)?		u:object_r:soc_vt_tcv_socket:s0
+/dev/socket/statusd			u:object_r:statusd_socket:s0
+/dev/socket/sysctl(/.*)?		u:object_r:sysctl_socket:s0
+/dev/socket/vold(/.*)?			u:object_r:vold_socket:s0
+/dev/socket/wpa_wlan0(/.*)?		u:object_r:wpa_wlan0_socket:s0
+/dev/socket/zygote(/.*)?		u:object_r:zygote_socket:s0
+/dev/socket/wod_action(/.*)?		u:object_r:wod_action_socket:s0
+/dev/socket/wod_sim(/.*)?		u:object_r:wod_sim_socket:s0
+/dev/socket/wod_ipsec(/.*)?		u:object_r:wod_ipsec_socket:s0
+/dev/stpbt(/.*)?			u:object_r:stpbt_device:s0
+/dev/stpgps				u:object_r:mnld_device:s0
+/dev/stpgps(/.*)?			u:object_r:stpgps_device:s0
+/dev/stpwmt(/.*)?			u:object_r:stpwmt_device:s0
+/dev/sw_sync(/.*)?			u:object_r:sw_sync_device:s0
+/dev/tgt(/.*)?				u:object_r:tgt_device:s0
+/dev/touch(/.*)?			u:object_r:touch_device:s0
+/dev/tpd_em_log(/.*)?			u:object_r:tpd_em_log_device:s0
+/dev/ttyC0				u:object_r:gsm0710muxd_device:s0
+/dev/ttyC1				u:object_r:mdlog_device:s0
+/dev/ttyC2 				u:object_r:agps_device:s0
+/dev/ttyC3				u:object_r:icusb_device:s0
+/dev/ttyGS.*				u:object_r:ttyGS_device:s0
+/dev/ttyMT.*				u:object_r:ttyMT_device:s0
+/dev/ttyp.*				u:object_r:ttyp_device:s0
+/dev/ttySDIO.*				u:object_r:ttySDIO_device:s0
+/dev/ttyUSB0				u:object_r:tty_device:s0
+/dev/ttyUSB1				u:object_r:tty_device:s0
+/dev/ttyUSB2				u:object_r:tty_device:s0
+/dev/ttyUSB3				u:object_r:tty_device:s0
+/dev/ttyUSB4				u:object_r:tty_device:s0
+/dev/TV-out(/.*)?			u:object_r:TV_out_device:s0
+/dev/uboot(/.*)?			u:object_r:uboot_device:s0
+/dev/uibc(/.*)?				u:object_r:uibc_device:s0
+/dev/uinput(/.*)?			u:object_r:uinput_device:s0
+/dev/uio0(/.*)?				u:object_r:uio0_device:s0
+/dev/usrdata(/.*)?			u:object_r:usrdata_device:s0
+/dev/Vcodec(/.*)?			u:object_r:Vcodec_device:s0
+/dev/vmodem				u:object_r:vmodem_device:s0
+/dev/vow(/.*)?				u:object_r:vow_device:s0
+/dev/wmtdetect(/.*)?			u:object_r:wmtdetect_device:s0
+/dev/wmtWifi(/.*)?			u:object_r:wmtWifi_device:s0
+/dev/offloadservice(/.*)?		u:object_r:offloadservice_device:s0

-/dev/xt_qtaguid(/.*)? u:object_r:xt_qtaguid_device:s0
-/dev/pmic_ftm(/.*)? u:object_r:pmic_ftm_device:s0
-/dev/shf                 u:object_r:shf_device:s0
-/protect_f(/.*)?         u:object_r:protect_f_data_file:s0
-/protect_s(/.*)?         u:object_r:protect_s_data_file:s0
-/protect_s/properties(/.*)?                                     u:object_r:persist_property_file:s0 
-/persist(/.*)?         u:object_r:persist_data_file:s0
-/dev/ttyACM0        u:object_r:ttyACM_device:s0
-/dev/hrm       u:object_r:hrm_device:s0
+/dev/xt_qtaguid(/.*)?			u:object_r:xt_qtaguid_device:s0
+/dev/pmic_ftm(/.*)?			u:object_r:pmic_ftm_device:s0
+/dev/shf				u:object_r:shf_device:s0
+/protect_f(/.*)?			u:object_r:protect_f_data_file:s0
+/protect_s(/.*)?			u:object_r:protect_s_data_file:s0
+/protect_s/properties(/.*)?		u:object_r:persist_property_file:s0
+/persist(/.*)?				u:object_r:persist_data_file:s0
+/dev/ttyACM0				u:object_r:ttyACM_device:s0
+/dev/hrm				u:object_r:hrm_device:s0

 #############################
 # sysfs files
 #
-/sys/bus/platform/drivers/msensor/daemon2 u:object_r:msensord_daemon2:s0
-/sys/bus/platform/drivers/msensor/daemon u:object_r:msensord_daemon:s0
+/sys/bus/platform/drivers/msensor/daemon2	u:object_r:msensord_daemon2:s0
+/sys/bus/platform/drivers/msensor/daemon	u:object_r:msensord_daemon:s0
 /sys/devices/platform/gsensor/driver(/.*)?	u:object_r:sysfs_gsensor_file:s0
 /sys/devices/platform/msensor/driver(/.*)?	u:object_r:sysfs_msensor_file:s0
-/sys/bus/platform/drivers/mtk-kpd(/.*)?	u:object_r:sysfs_keypad_file:s0
-/sys/power/vcorefs/pwr_ctrl -- u:object_r:sysfs_vcorefs_pwrctrl:s0
-/sys/kernel/ccci/boot u:object_r:sysfs_ccci:s0
+/sys/bus/platform/drivers/mtk-kpd(/.*)?		u:object_r:sysfs_keypad_file:s0
+/sys/power/vcorefs/pwr_ctrl --			u:object_r:sysfs_vcorefs_pwrctrl:s0
+/sys/kernel/ccci/boot				u:object_r:sysfs_ccci:s0


-#############################
-# System files
-#
-/system/bin/6620_launcher u:object_r:mtk_6620_launcher_exec:s0
-/system/bin/akmd09911 u:object_r:akmd09911_exec:s0
-/system/bin/ccci_fsd u:object_r:ccci_fsd_exec:s0
-/system/bin/ccci_mdinit u:object_r:ccci_mdinit_exec:s0
-/system/bin/em_svr u:object_r:em_svr_exec:s0
-/system/bin/factory u:object_r:factory_exec:s0
-/system/bin/fuelgauged u:object_r:fuelgauged_exec:s0
-/system/bin/gsm0710muxd u:object_r:gsm0710muxd_exec:s0
-/system/bin/meizupshelper u:object_r:meizupshelper_exec:s0
-/system/bin/meta_tst u:object_r:meta_tst_exec:s0
- 
-/system/bin/msensord u:object_r:msensord_exec:s0
-/system/bin/mtk_agpsd u:object_r:mtk_agpsd_exec:s0
-/system/bin/mtkrild u:object_r:mtkrild_exec:s0
-/system/bin/muxreport u:object_r:muxreport_exec:s0
-/system/bin/nvram_daemon u:object_r:nvram_daemon_exec:s0
-/system/bin/pq u:object_r:pq_exec:s0
-/system/bin/terservice u:object_r:terservice_exec:s0
-/system/bin/thermal_manager u:object_r:thermal_manager_exec:s0
-/system/bin/wifi2agps u:object_r:wifi2agps_exec:s0
-/system/bin/wmt_loader u:object_r:wmt_loader_exec:s0
-/system/etc/sensor(/.*)?	u:object_r:system_sensor_data_file:s0
-/system/xbin/mnld u:object_r:mnld_exec:s0
-/system/bin/md_ctrl u:object_r:md_ctrl_exec:s0
+## System files ##
+
+/system/bin/6620_launcher		u:object_r:mtk_6620_launcher_exec:s0
+/system/bin/wmt_loader			u:object_r:wmt_loader_exec:s0
+
+/system/bin/akmd09911			u:object_r:akmd09911_exec:s0
+/system/bin/msensord			u:object_r:msensord_exec:s0
+/system/etc/sensor(/.*)?		u:object_r:system_sensor_data_file:s0
+
+/system/bin/ccci_fsd			u:object_r:ccci_fsd_exec:s0
+/system/bin/ccci_mdinit			u:object_r:ccci_mdinit_exec:s0
+/system/bin/gsm0710muxd			u:object_r:gsm0710muxd_exec:s0
+/system/bin/md_ctrl			u:object_r:md_ctrl_exec:s0
+/system/bin/mtkrild			u:object_r:mtkrild_exec:s0
+/system/bin/muxreport			u:object_r:muxreport_exec:s0
+/system/bin/nvram_daemon		u:object_r:nvram_daemon_exec:s0
+/system/bin/terservice			u:object_r:terservice_exec:s0
+
+/system/bin/mtk_agpsd			u:object_r:mtk_agpsd_exec:s0
+/system/xbin/mnld			u:object_r:mnld_exec:s0
+/system/bin/wifi2agps			u:object_r:wifi2agps_exec:s0
+
+/system/bin/em_svr			u:object_r:em_svr_exec:s0
+/system/bin/pq				u:object_r:pq_exec:s0
+/system/bin/factory			u:object_r:factory_exec:s0
+/system/bin/meizupshelper		u:object_r:meizupshelper_exec:s0
+/system/bin/meta_tst			u:object_r:meta_tst_exec:s0
+/system/bin/thermal_manager		u:object_r:thermal_manager_exec:s0
+
+# Camera m2note
+/dev/BU64245(/.*)?			u:object_r:BU64245_device:s0
+
+# Charger
+/system/bin/fuelgauged			u:object_r:fuelgauged_exec:s0
+/system/bin/kpoc_charger		u:object_r:kpoc_charger_exec:s0
+
+# Gestures
+/sys/devices/platform/mx-gs/gesture_control	u:object_r:gesture_sysfs:s0
+
+# Gps
+/sys/devices/virtual/gpsdrv(/.*)?		u:object_r:sysfs_gps_file:s0
+
+# Live Display
+/sys/devices/platform/mtk_disp_mgr.0/rgb	u:object_r:livedisplay_sysfs:s0
+
+# Meizupshelper
+/sys/devices/virtual/meizu/ps/ps_calibration	u:object_r:meizu_ps_calibration_trigger:s0
+
+# Thunderquake vibrator
+/sys/kernel/thunderquake_engine/level            u:object_r:sysfs_vibrator:s0

 # Wallpaper file for smartbook
 /data/system/users/[0-9]+/smartbook_wallpaper	u:object_r:wallpaper_file:s0

-# Live Display
-/sys/devices/platform/mtk_disp_mgr.0/rgb u:object_r:livedisplay_sysfs:s0
-
-# Offline Charging
-/system/bin/kpoc_charger                                        u:object_r:kpoc_charger_exec:s0
-
-# zram
-/dev/block/zram0(/.*)? u:object_r:zram0_device:s0
-
-# Gestures
-/sys/devices/platform/mx-gs/gesture_control u:object_r:gesture_sysfs:s0
-
-# m2note
-/dev/BU64245(/.*)? u:object_r:BU64245_device:s0
-
-# Meizupshelper
-/sys/devices/virtual/meizu/ps/ps_calibration u:object_r:meizu_ps_calibration_trigger:s0
+# Zram
+/dev/block/zram0(/.*)?			u:object_r:zram0_device:s0
--- a/sepolicy/hostapd.te
+++ b/sepolicy/hostapd.te
@ -2,5 +2,8 @@
 allow hostapd system_wpa_socket:sock_file write;
 dontaudit hostapd kernel:system module_request;

+# Mtk
+allow hostapd unlabeled:file read;
+
 # Nougat
 allow hostapd wifi_data_file:sock_file write;
--- a/sepolicy/init.te
+++ b/sepolicy/init.te
@ -12,12 +12,11 @@ allow init platformblk_device:blk_file setattr;
 # Gestures
 allow init gesture_sysfs:file setattr;

-# LD_SHIM_LIBS
-allow init surfaceflinger:process noatsecure;
-
 # Mtk fix
 allow init tmpfs:lnk_file create;
 allow init wmtWifi_device:chr_file write;
+
+# Zram
 allow init zram0_device:blk_file write;

 # Nougat
--- a/sepolicy/kernel.te
+++ b/sepolicy/kernel.te
@ -1,13 +1,13 @@
 # kernel
+allow kernel	fuse:dir search;

-allow kernel fuse:dir search;
+allow kernel	block_device:blk_file { read write };
+allow kernel	loop_device:blk_file { read };

-allow kernel block_device:blk_file { read write };
-allow kernel loop_device:blk_file { read };
-
-allow kernel platformblk_device:blk_file { open read write };
+allow kernel	platformblk_device:blk_file { open read write };
+allow kernel	wifi_data_file:dir search;

 # Mtk fix
-allow kernel nvdata_file:dir search;
-allow kernel nvdata_file:file { open read };
-allow kernel self:capability dac_override;
+allow kernel	nvdata_file:dir search;
+allow kernel	nvdata_file:file { open read };
+allow kernel	self:capability dac_override;
--- a/sepolicy/mediacodec.te
+++ b/sepolicy/mediacodec.te
@ -1,3 +1,6 @@
 allow mediacodec proc:file { getattr ioctl open read };
 allow mediacodec proc_meminfo:file { getattr open read };
-allow mediacodec sysfs:file { open read };
+allow mediacodec sysfs:file { open read write };
+
+allow mediacodec Vcodec_device:chr_file { ioctl open read write };
+allow mediacodec mtk_smi_device:chr_file { ioctl open read };
--- a/sepolicy/mediadrmserver.te
+++ b/sepolicy/mediadrmserver.te
@ -0,0 +1,2 @@
+# Mtk sn
+allow mediadrmserver serial_number_prop:file { getattr open read };
--- a/sepolicy/meta_tst.te
+++ b/sepolicy/meta_tst.te
@ -90,5 +90,9 @@ allow meta_tst pro_info_device:chr_file { open read write ioctl };

 allow meta_tst ttySDIO_device:chr_file { read write ioctl open };

+# Gps
+allow meta_tst sysfs_gps_file:dir search;
+allow meta_tst sysfs_gps_file:file rw_file_perms;
+
 # m2note
 allow mediaserver BU64245_device:chr_file { read write ioctl open };
--- a/sepolicy/mnld.te
+++ b/sepolicy/mnld.te
@ -8,46 +8,72 @@ init_daemon_domain(mnld)
 net_domain(mnld)
 allow mnld agpsd_data_file:dir create_dir_perms;
 allow mnld agpsd_data_file:sock_file create_file_perms;
+
 allow mnld mtk_agpsd:unix_dgram_socket sendto;
+
 allow mnld sysfs:file rw_file_perms;
 allow mnld sysfs_wake_lock:file rw_file_perms;
+
 allow mnld nvram_data_file:dir create_dir_perms;
 allow mnld nvram_data_file:file create_file_perms;
 allow mnld nvram_data_file:lnk_file read;
+
+allow mnld nvram_device:chr_file{read write};
+allow mnld nvram_device:chr_file { ioctl open };
+
 allow mnld nvdata_file:dir create_dir_perms;
 allow mnld nvdata_file:file create_file_perms;
+
+allow mnld sysfs_gps_file:dir search;
+allow mnld sysfs_gps_file:file rw_file_perms;
+
 allow mnld mnld_data_file:dir rw_dir_perms;
 allow mnld mnld_data_file:sock_file create_file_perms;
 allow mnld mnld_device:chr_file rw_file_perms;
+allow mnld mnld_prop:property_service set;
+
 allow mnld gps_device:chr_file rw_file_perms;
 allow mnld init:unix_stream_socket connectto;
 allow mnld property_socket:sock_file rw_file_perms;
+
 allow mnld system_data_file:dir rw_dir_perms;
 allow mnld system_data_file:dir create_dir_perms;
-allow mnld system_server:unix_dgram_socket sendto;
 allow mnld system_data_file:sock_file create_file_perms;
-allow mnld platformblk_device:blk_file rw_file_perms;
+allow mnld system_server:unix_dgram_socket sendto;
+
 allow mnld block_device:dir search;
 allow mnld platformblk_device:dir search;
-allow mnld nvram_device:chr_file{read write};
-allow mnld mnld_prop:property_service set;
-allow mnld nvram_device:chr_file open;
+allow mnld platformblk_device:blk_file rw_file_perms;
+
 allow mnld init:udp_socket { read write };
 allow mnld mdlog_device:chr_file { read write };
 allow mnld self:capability { fsetid dac_override };
 allow mnld stpbt_device:chr_file { read write };
 allow mnld ttyGS_device:chr_file { read write };
+
 allow mnld fuse:dir search;
 allow mnld fuse:dir write;
 allow mnld fuse:dir add_name;
 allow mnld fuse:file create;
 allow mnld fuse:file rw_file_perms;
 allow mnld fuse:file create_file_perms;
-allow mnld nvram_device:chr_file ioctl;
 allow mnld fuse:dir { read remove_name create open };
+
 allow mnld tmpfs:lnk_file { read create open };
+allow mnld tmpfs:dir search;
+
 allow mnld platform_app:unix_stream_socket connectto;

 # Nougat
 allow mnld wmt_prop:file r_file_perms;
 allow mnld rootfs:lnk_file { getattr };
+
+# Mtk
+allow mnld media_rw_data_file:dir { open read search };
+allow mnld mnt_user_file:dir search;
+allow mnld mnt_user_file:lnk_file read;
+allow mnld storage_file:dir search;
+allow mnld storage_file:lnk_file read;
+
+# SdcardFS
+allow mnld sdcardfs:dir search;
--- a/sepolicy/mtk_agpsd.te
+++ b/sepolicy/mtk_agpsd.te
@ -20,3 +20,11 @@ allow mtk_agpsd storage_file:lnk_file create_file_perms;
 allow mtk_agpsd mnt_user_file:dir create_dir_perms;
 allow mtk_agpsd mnt_user_file:lnk_file create_file_perms;
 allow mtk_agpsd rootfs:lnk_file { getattr };
+
+# Mtk
+allow mtk_agpsd media_rw_data_file:dir { open read search };
+allow mtk_agpsd storage_file:dir search;
+allow mtk_agpsd tmpfs:dir search;
+
+# SdcardFS
+allow mtk_agpsd sdcardfs:dir search;
--- a/sepolicy/mtkrild.te
+++ b/sepolicy/mtkrild.te
@ -73,6 +73,7 @@ allow mtkrild radio:fd use;
 allow mtkrild init:unix_stream_socket connectto;
 allow mtkrild property_socket:sock_file write;

+# Mtk sn
 allow mtkrild serial_number_prop:property_service set;

 # Nougat
--- a/sepolicy/priv_app.te
+++ b/sepolicy/priv_app.te
@ -1,2 +1,6 @@
 # Mtk fix
+allow priv_app device:dir { open read };
 allow priv_app unlabeled:file getattr;
+
+# Mtk sn
+allow priv_app serial_number_prop:file read;
--- a/sepolicy/property.te
+++ b/sepolicy/property.te
@ -10,14 +10,6 @@ type ctl_gsm0710muxd_prop, property_type;
 type ctl_gsm0710muxd-s_prop, property_type;
 type ctl_gsm0710muxd-d_prop, property_type;
 type ctl_gsm0710muxdmd2_prop, property_type;
-#=============allow ccci_mdinit to ctl. mdlogger==============
-type ctl_mdlogger_prop, property_type;
-type ctl_emdlogger1_prop, property_type;
-type ctl_emdlogger2_prop, property_type;
-type ctl_dualmdlogger_prop, property_type;
-#=============allow eemcs_mdinit to start mdlogger==========
-type ctl_eemcs_fmdl_prop, property_type;
-#type ctl_emdlogger5_prop, property_type;

 #=============allow mtkrild to set persist.ril property==============
 type persist_ril_prop, property_type;
@ -36,17 +28,6 @@ type media_wfd_prop, property_type;
 #=============allow netd to set mtk_wifi.*=========================
 type mtk_wifi_prop, property_type;

-#=============allow mdlogger==============
-type debug_mdlogger_prop, property_type;
-
-#=============allow AEE==============
-type persist_mtk_aee_prop, property_type;
-type persist_aee_prop, property_type;
-type debug_mtk_aee_prop, property_type;
-
-#=============allow aee_dumpstate==============
-type debug_bq_dump_prop, property_type;
-
 #=============allow ccci_mdinit to stop rild==============
 type ctl_ril-daemon-mtk_prop, property_type;
 type ctl_ril-daemon-s_prop, property_type;
@ -111,8 +92,6 @@ type persist_md_prop, property_type;
 #=============allow sensor==============
 type ctl_msensord_prop, property_type;
 type ctl_akmd09911_prop, property_type;
-type ctl_emcsmdlogger_prop, property_type;
-type ctl_eemcs_fsd_prop, property_type;
 #=============allow statusd==============
 type net_cdma_mdmstat, property_type;
 type cdma_prop, property_type;
--- a/sepolicy/property_contexts
+++ b/sepolicy/property_contexts
@ -6,15 +6,6 @@ ctl.gsm0710muxd-s u:object_r:ctl_gsm0710muxd-s_prop:s0
 ctl.gsm0710muxd-d u:object_r:ctl_gsm0710muxd-d_prop:s0
 ctl.gsm0710muxdmd2 u:object_r:ctl_gsm0710muxdmd2_prop:s0

-#=============allow ccci_mdinit to ctl. mdlogger==============
-ctl.mdlogger u:object_r:ctl_mdlogger_prop:s0
-ctl.emdlogger1       u:object_r:ctl_emdlogger1_prop:s0
-ctl.emdlogger2       u:object_r:ctl_emdlogger2_prop:s0
-ctl.dualmdlogger       u:object_r:ctl_dualmdlogger_prop:s0
-#=============allow eemcs_mdinit to start mdlogger==========
-ctl.eemcs_fmdl       u:object_r:ctl_eemcs_fmdl_prop:s0
-#ctl.emdlogger5       u:object_r:ctl_emdlogger5_prop:s0
-
 #=============allow mtkrild to set persist.ril property==============
 persist.ril u:object_r:persist_ril_prop:s0
 #=============allow terservice to set terservice property==============
@ -34,22 +25,6 @@ media.wfd. u:object_r:media_wfd_prop:s0
 #=============allow netd to set mtk_wifi.*========================
 mtk_wifi. u:object_r:mtk_wifi_prop:s0

-#=============allow mdlogger==============
-debug.mdlogger u:object_r:debug_mdlogger_prop:s0
-
-#=============allow AEE==============
-# persist.mtk.aee.mode && persist.mtk.aee.dal
-persist.mtk.aee u:object_r:persist_mtk_aee_prop:s0
-
-# persist.aee.core.dump && persist.aee.core.direct
-persist.aee u:object_r:persist_aee_prop:s0
-
-# debug.mtk.aee.db
-debug.mtk.aee u:object_r:debug_mtk_aee_prop:s0
-
-#=============allow AEE_Dumpstate==============
-debug.bq.dump u:object_r:debug_bq_dump_prop:s0
-
 #=============allow mux==============
 ril.mux.      u:object_r:gsm0710muxd_prop:s0

@ -113,8 +88,6 @@ persist.md    u:object_r:persist_md_prop:s0
 #=============allow sensor daemon==============
 ctl.msensord     u:object_r:ctl_msensord_prop:s0
 ctl.akmd09911     u:object_r:ctl_akmd09911_prop:s0
-ctl.emdlogger5       u:object_r:ctl_emcsmdlogger_prop:s0
-ctl.eemcs_fsd         u:object_r:ctl_eemcs_fsd_prop:s0
 #=============allow statusd==============
 net.cdma.mdmstat u:object_r:net_cdma_mdmstat:s0

--- a/sepolicy/service_contexts
+++ b/sepolicy/service_contexts
@ -3,7 +3,6 @@
 NvRAMAgent          u:object_r:nvram_agent_service:s0
 phoneEx             u:object_r:radio_service:s0
 DmAgent             u:object_r:dm_agent_binder_service:s0
-hotknot_service 	u:object_r:system_app_service:s0
 vie_command  		u:object_r:system_app_service:s0
 terservice          u:object_r:terservice_service:s0
 memory_dumper       u:object_r:mediaserver_service:s0
--- a/sepolicy/system_app.te
+++ b/sepolicy/system_app.te
@ -24,39 +24,6 @@ allow system_app proc_mtktz:dir search;
 allow system_app proc_mtktz:file  { read getattr open write };
 allow system_app proc_slogger:file { read getattr open write };

-# Date: 2014/09/02
-# Operation: BaseUT
-# Purpose: [HotKnot][HotKnot service will use hoknot device node]
-# Package: com.mediatek.hotknot.service
-allow system_app hotknot_device:chr_file { read write ioctl open };
-
-# Date: 2014/09/02
-# Operation: BaseUT
-# Purpose: [HotKnot][HotKnot service will use devmap_device device node]
-# Package: com.mediatek.hotknot.service
-allow system_app devmap_device:chr_file { read ioctl open };
-
-# Date: 2014/09/02
-# Operation: BaseUT
-# Purpose: [HotKnot][HotKnot service will use mtkfb device node]
-# Package: com.mediatek.hotknot.service
-allow system_app graphics_device:chr_file { read write ioctl open };
-allow system_app graphics_device:dir search;
-
-# Date: 2014/10/7
-# Operation: SQC
-# Purpose: [sysoper][sysoper will create folder /cache/recovery]
-# Package: com.mediatek.systemupdate.sysoper
-allow system_app cache_file:dir { write create add_name };
-allow system_app cache_file:file { write create open };
-
-# Date : 2014/10/08
-# Operation : BaseUT
-# Purpose : [op01 agps setting][mtk_agpsd establishes the local socket as agpsd for all A-GPS 
-#           application to do something with mtk_agpsd in system app]
-# Package: com.mediatek.op01.plugin
-unix_socket_connect(system_app, agpsd, mtk_agpsd);
-
 # Date : 2014/10/28
 # Operation: SQC
 # Purpose : ALPS01761930
@ -92,5 +59,8 @@ dontaudit system_app untrusted_app_tmpfs:file write;
 # Package: android.ui
 dontaudit system_app radio_data_file:dir search;

+# Mtk Agps
+unix_socket_connect(system_app, agpsd, mtk_agpsd);
+
 # Gestures
 allow system_app gesture_sysfs:file rw_file_perms;
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@ -1,10 +1,8 @@
 # system_server

-# Date : WK15.02
 # Operation : 120Hz Feature SQC
 # Purpose : for 120Hz Smart Switch
 allow system_server mtk_rrc_device:chr_file { read write ioctl open };
-# Date : WK14.31
 # Operation : Migration 
 # Purpose : for bring up
 allow system_server hwmsensor_device:chr_file { read ioctl open };
@ -12,31 +10,26 @@ allow system_server m_batch_misc_device:chr_file { read ioctl open };
 allow system_server proc:file write;
 allow system_server touch_device:chr_file { read ioctl open };

-# Date : WK14.32
 # Operation : Migration 
 # Purpose : for wifi p2p functionality
 allow system_server dhcp_data_file:dir { read write remove_name search getattr };
 allow system_server dhcp_data_file:file { read open unlink getattr };

-# Date : WK14.33
 # Operation : Migration 
 # Purpose : for wifi functionality
 allow system_server wpa_wlan0_socket:sock_file write;
 allow system_server hostapd:unix_dgram_socket sendto;
 allow hostapd system_server:unix_dgram_socket sendto;

-# Date : WK14.34
 # Operation : Migration 
 # Purpose : for WFD functionality
 allow system_server media_wfd_prop:property_service set;

-# Date : WK14.34
 # Operation : Migration 
 # Purpose : for idling on homescreen
 allow system_server dontpanic_data_file:dir search;
 allow system_server mnld:unix_dgram_socket sendto;

-# Date : WK14.34
 # Operation : Migration 
 # Purpose : for debug
 allow system_server debuggerd:fd use;
@ -45,54 +38,44 @@ allow system_server mnld_data_file:sock_file rw_file_perms;
 allow system_server mnld_data_file:dir create_file_perms;
 allow system_server mnld_data_file:dir rw_dir_perms;

-# Date : WK14.37
 # Operation : Migration 
 # Purpose : for idling on homescreen
 allow system_server touch_device:chr_file write;

-# Date : WK14.37
 # Operation : Migration 
 # Purpose : for relabeling files in /data/anr/ created at bootup
 allow system_server anr_data_file:file relabelto;

-# Date : WK14.38
 # Operation : Migration 
 # Purpose : for debug
 allow system_server debuggerd:binder call;

-# Date : WK14.39
 # Operation : Migration 
 # Purpose : for operate HDMI device
 allow system_server graphics_device:chr_file { read ioctl open };

-# Date: wk14.40
 # Operation : SQC 
 # Purpose : [ALPS01756200] wwop boot up fail
 allow system_server custom_file:dir { read search open getattr};
 allow system_server custom_file:file { read open getattr};

-# Date: WK14.41
 # Operation : Migration
 # Purpose : boost surfaceflinger to RT
 allow system_server surfaceflinger:process setsched;

-# Date: WK14.41
 # Operation : Migration
 # Purpose : [ALPS01760531] for bring up after auto-merge
 allow system_server zygote:binder impersonate;

-# Date: WK14.41
 # Operation : Migration
 # Purpose : for system_server operate /dev/RT_Monitor when enable hang detect
 allow system_server RT_Monitor_device:chr_file { read ioctl open };

-# Date: WK14.42
 # Operation : Migration
 # Purpose : for system_server to start bootanim
 allow system_server ctl_bootanim_prop:property_service set;


-# Date : WK14.42
 # Operation : SQC
 # Purpose :  ALPS01763317
 # After connected to DHCPv6 enabled 6to4 IPv6 AP, 
@ -102,58 +85,45 @@ allow system_server proc_net:file write;
 allow system_server wide_dhcpv6_data_file:dir search;
 allow system_server wide_dhcpv6_data_file:file { read getattr open };

-# Date: WK14.43
 # Operation : Migration
 # Purpose : for bring up
 allow system_server anr_data_file:dir relabelfrom;
 allow system_server sf_rtt_file:dir relabelto;

-# Date: WK14.44
 # Operation : Migration
 # Purpose : for debug
 allow system_server sf_rtt_file:dir r_dir_perms;

-# Date: WK14.44
 # Operation : Migration
 # Purpose : for mtk gps epos library useage
 allow system_server devmap_device:chr_file r_file_perms;

-allow system_server irtx_device:chr_file { read write ioctl open };
-
-# Date: WK14.46
 # Operation : Migration
 # Purpose : for sensorhubservice
 allow system_server shf_device:chr_file rw_file_perms;

-# Date: W14.46
-# Operation : Migration
-# Purpose : for GpsLocationProvider.java to check ESUPL status
-allow system_server agpsd_data_file:dir search;
-
-# Date: WK14.46
 # Operation : Migration
 # Purpose : for saveLocale to set SystemProperties
 allow system_server save_locale_prop:property_service set;

-# Date: WK14.47
 # Operation : MTBF
 # Purpose : for debug
 allow system_server sf_rtt_file:file r_file_perms;

-# Date: WK14.47
 # Operation : MTBF
 # Purpose : for native process backtrace dump
 allow system_server exec_type:file r_file_perms;

-# Date: WK14.48
 # Operation : SQC
 # Purpose : for querying zygote socket
 allow system_server zygote:unix_stream_socket { getopt getattr };

-# Date: WK15.05
 # Purpose : for kill-switch should only grant to access frp partition, to be fix
 allow system_server platformblk_device:dir search;

+# Agps
+allow system_server agpsd_data_file:dir search;
+
 # Persist
 allow system_server protect_s_data_file:dir r_dir_perms;

@ -165,3 +135,12 @@ allow system_server debugfs:file { read open };
 allow system_server unlabeled:file unlink;
 allow system_server wmt_prop:file { read open getattr };
 allow system_server wifi_data_file:sock_file { unlink };
+
+# Sensor
+allow system_server akmd8963_access_file1:file { getattr open read setattr write };
+
+# Mtk sn
+allow system_server serial_number_prop:file read;
+
+# Thunderquake vibrator
+allow system_server sysfs_vibrator:file rw_file_perms;
--- a/sepolicy/ueventd.te
+++ b/sepolicy/ueventd.te
@ -1,3 +1,3 @@
 # ueventd
-
 allow ueventd sysfs:file setattr;
+allow ueventd sysfs_gps_file:file w_file_perms;
--- a/sepolicy/uncrypt.te
+++ b/sepolicy/uncrypt.te
@ -1,2 +1,2 @@
 # Mtk fix
-allow uncrypt kmsg_device:chr_file { open write };
+allow uncrypt			kmsg_device:chr_file { open write };
--- a/sepolicy/untrusted_app.te
+++ b/sepolicy/untrusted_app.te
@ -1,13 +1,13 @@
 # untrusted_app

-allow untrusted_app dalvikcache_data_file:lnk_file read;
+allow untrusted_app		dalvikcache_data_file:lnk_file read;

 # CTS issue
-allow untrusted_app proc_lk_env:file getattr;
-allow untrusted_app proc_sysrq:file getattr;
-allow untrusted_app fuse:file execute;
-allow untrusted_app protect_f_data_file:dir getattr;
-allow untrusted_app protect_s_data_file:dir getattr;
+allow untrusted_app		proc_lk_env:file getattr;
+allow untrusted_app		proc_sysrq:file getattr;
+allow untrusted_app		fuse:file execute;
+allow untrusted_app		protect_f_data_file:dir getattr;
+allow untrusted_app		protect_s_data_file:dir getattr;

 # Mtk fix
-allow untrusted_app unlabeled:file { getattr open read };
+allow untrusted_app		unlabeled:file { getattr open read };
--- a/sepolicy/vold.te
+++ b/sepolicy/vold.te
@ -51,11 +51,10 @@ allow vold system_data_file:dir { relabelfrom relabelto setattr };
 allow vold system_data_file:file { relabelto };

 allow vold platform_app:process ptrace;
+allow vold platform_app:fd use;

 allow vold misc_device:chr_file read;

-allow vold platform_app:fd use;
-
 allow vold block_device:file create;

 # zram
--- a/sepolicy/wpa.te
+++ b/sepolicy/wpa.te
@ -0,0 +1,18 @@
+# ==============================================
+# MTK Policy Rule
+# ============
+
+allow wpa rild_oem_socket:sock_file write;
+allow wpa rild_oem_md2_socket:sock_file write;
+allow wpa mtkrild:unix_stream_socket connectto;
+# if low memory occured, and system try to free more memory, wpa_suppliant may meet a violation like:
+# avc:  denied  { use } for  pid=4063 comm="wpa_supplicant" 
+# path=2F6465762F6173686D656D2F4469736361726461626C654D656D6F72794173686D656D416C6C6F6361746F72202864656C6574656429 
+# dev="tmpfs" ino=46425 scontext=u:r:wpa:s0 tcontext=u:r:platform_app:s0 tclass=fd permissive=0
+# this is a issue caused by low memory, so we should add this rule below
+allow wpa platform_app:fd use;
+allow wpa platform_app_tmpfs:file write;
+
+# Nougat
+allow wpa wifi_data_file:sock_file { create setattr unlink };
+
--- a/sepolicy/zygote.te
+++ b/sepolicy/zygote.te
@ -1,2 +1,4 @@
+allow zygote serial_number_prop:file { getattr open read };
+
 # Mtk fix
 allow zygote self:capability sys_nice;