From 6f2be782fb3f424fe4d91b7072ee5d798204942f Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Thu, 7 Oct 2021 17:35:05 -0400
Subject: [PATCH] Ugly: mark `tkcore` as permissive. It requires accessing some
 props to boot

---
 sepolicy/mediatek.te | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/sepolicy/mediatek.te b/sepolicy/mediatek.te
index 1577411..24efe33 100644
--- a/sepolicy/mediatek.te
+++ b/sepolicy/mediatek.te
@@ -17,3 +17,10 @@ binder_call(hal_mms_server, {appdomain -isolated_app})
 
 type mtk_hal_mms_hwservice, hwservice_manager_type;
 allow { appdomain -isolated_app }  mtk_hal_mms_hwservice:hwservice_manager find;
+
+#denied { read } for comm="tkuinit" name="u:object_r:default_prop:s0" dev="tmpfs" ino=2029 scontext=u:r:tkcore:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=1
+#denied { open } for comm="tkuinit" path="/dev/__properties__/u:object_r:default_prop:s0" dev="tmpfs" ino=2029 scontext=u:r:tkcore:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=1
+#denied { getattr } for comm="tkuinit" path="/dev/__properties__/u:object_r:default_prop:s0" dev="tmpfs" ino=2029 scontext=u:r:tkcore:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=1
+
+type tkcore, domain;
+permissive tkcore;