Try again

cat/sepolicy/asus.te

@@ -0,0 +1,5 @@
+allow cameraserver phhsu_exec:file rx_file_perms;
+
+type asus_motor_device, file_type;
+allow cameraserver asus_motor_device:chr_file { open read write ioctl };
+allowxperm cameraserver asus_motor_device:chr_file ioctl { 0x4d02 };

cat/sepolicy/board_properties.te

@@ -1,2 +1,4 @@
+type sysfs_board_properties, fs_type, sysfs_type;
+
 allow system_server sysfs_board_properties:dir search;
 allow system_server sysfs_board_properties:file r_file_perms;

cat/sepolicy/hal.te

@@ -1,4 +1,4 @@
-
+type hal_fingerprint_oppo_compat, domain;
 hal_client_domain(hal_fingerprint_oppo_compat, hal_fingerprint)
 hal_server_domain(hal_fingerprint_oppo_compat, hal_fingerprint)
 

cat/sepolicy/huawei.te

@@ -0,0 +1,17 @@
+allow ueventd proc:file r_file_perms;
+permissive ueventd;
+
+type teecd_data_file, file_type;
+type dmd_device, file_type;
+allow hal_fingerprint_server dmd_device:chr_file rw_file_perms;
+allow hal_fingerprint_server sysfs:file rw_file_perms;
+allow tee hal_fingerprint_default:process { getattr };
+allow tee teecd_data_file:dir { search read write create getattr add_name open };
+allow tee teecd_data_file:file { read write create getattr open };
+allow tee system_data_file:dir { getattr };
+
+type oeminfo_nvm, domain;
+type oeminfo_nvm_device, file_type;
+allowxperm oeminfo_nvm oeminfo_nvm_device:blk_file ioctl { 0x1260 };
+
+allow charger rootfs:file { ioctl read getattr lock map execute entrypoint open };

cat/sepolicy/lenovo.te

@@ -0,0 +1,4 @@
+type sysfs_tp, file_type;
+
+#Allow treble_app access to /sys/devices/virtual/touch/tp_dev/gesture_on
+allow system_app sysfs_tp:file rw_file_perms;

cat/sepolicy/mediatek.te

@@ -1,4 +1,5 @@
-type proc_ged, file_type;
+type hal_graphics_allocator_default, domain; 
+type proc_ged, file_type; 
 allowxperm domain proc_ged:file ioctl { 0x6700-0x67ff };
 
 allow init mnt_product_file:dir mounton;

cat/sepolicy/oppo.te

@@ -0,0 +1,6 @@
+type sysfs_usb_supply, file_type;
+
+allow system_app sysfs_usb_supply:file rw_file_perms;
+
+type hal_fingerprint_oplus, domain;
+allow hal_fingerprint_oplus vendor_default_prop:property_service set;

cat/sepolicy/qualcomm.te

@@ -0,0 +1,30 @@
+type bt_firmware_file, file_type;
+type rild, domain;
+
+#me.phh.treble.qti.audio is system-signed
+allow system_app hal_telephony_hwservice:hwservice_manager { find };
+allow { rild system_app } { rild system_app }:binder { call transfer };
+
+#Pixel 1
+type vnd_qcril_audio_hwservice, hwservice_manager_type;
+allow system_app vnd_qcril_audio_hwservice:hwservice_manager { find };
+
+#Pixel 2
+type vnd_qcrilhook_hwservice, hwservice_manager_type;
+allow system_app vnd_qcrilhook_hwservice:hwservice_manager { find };
+
+#OP6
+allow system_app hal_telephony_hwservice:hwservice_manager { find };
+
+# cf https://github.com/phhusson/treble_experimentations/issues/131
+# SELinux : avc:  denied  { add } for interface=android.hardware.tetheroffload.control::IOffloadControl pid=15220 scontext=u:r:ipacm:s0 tcontext=u:object_r:hal_tetheroffload_hwservice:s0 tclass=hwservice_manager permissive=0
+type ipacm, hwservice_manager_type;
+allow ipacm hal_tetheroffload_hwservice:hwservice_manager { add };
+
+type rpmb_device, file_type;
+allow tee rpmb_device:blk_file rw_file_perms;
+allowxperm tee rpmb_device:blk_file ioctl { 0xb300-0xbfff };
+
+attribute smcinvoke_device_29_0;
+type smcinvoke_device, dev_type;
+typeattribute smcinvoke_device smcinvoke_device_29_0;

cat/sepolicy/samsung.te

@@ -0,0 +1,4 @@
+type boot_prop, property_type;
+
+set_prop(system_server, boot_prop);
+

cat/sepolicy/treble_app.te

@@ -0,0 +1,44 @@
+allow system_app hal_wifi_hostapd_hwservice:hwservice_manager { add find };
+allow system_app hidl_base_hwservice:hwservice_manager { add };
+allow system_app wifi_data_file:dir create_dir_perms;
+allow system_app wifi_data_file:file create_file_perms;
+
+allow system_app sysfs_batteryinfo:file rw_file_perms;
+
+type vendor_camera_prop, property_type;
+set_prop(system_app, vendor_camera_prop);
+type camera_prop, property_type;
+set_prop(system_app, camera_prop);
+
+type hal_ext_fingerprint_hwservice, hwservice_manager_type;
+allow system_app hal_ext_fingerprint_hwservice:hwservice_manager { find };
+type hal_fingerprint_default, domain;
+allow system_app hal_fingerprint_default:binder { call };
+allow system_app sysfs_power:dir r_dir_perms;
+allow system_app sysfs_power:file rw_file_perms;
+allow system_app sysfs_power:lnk_file read;
+
+type default_hisi_hwservice, hwservice_manager_type;
+allow system_app default_hisi_hwservice:hwservice_manager { find };
+
+type hal_tp_default, domain;
+allow system_app hal_tp_default:binder { call };
+
+#cam2api
+allow system_app vendor_default_prop:property_service { set };
+
+set_prop(system_app, default_prop);
+set_prop(system_app, exported3_default_prop);
+
+type mtk_hal_rild_hwservice, hwservice_manager_type;
+allow system_app mtk_hal_rild_hwservice:hwservice_manager { find};
+
+type mtk_vilte_support_prop, property_type;
+allow system_app mtk_vilte_support_prop:property_service set;
+
+type hal_gesturewake_hwservice, hwservice_manager_type;
+type hal_gesturewake_default, domain;
+allow system_app hal_gesturewake_hwservice:hwservice_manager { find };
+allow system_app hal_gesturewake_default:binder { call transfer };
+allow hal_gesturewake_default system_app:binder { call transfer };
+