From e51d722c373d57e268f44942f3dcc69afe278209 Mon Sep 17 00:00:00 2001
From: hmz007 <hmz007@gmail.com>
Date: Thu, 10 Apr 2025 14:56:51 +0800
Subject: [PATCH] rockchip: sepolicy: minor update to supress logging

Signed-off-by: hmz007 <hmz007@gmail.com>
---
 .../public/sepolicy-firmware/file_contexts    |  3 +++
 .../public/sepolicy-firmware/file_contexts    |  3 +++
 device/rockchip/common/init.connectivity.rc   |  2 --
 device/rockchip/common/rootdir/init.system.rc |  4 ++++
 .../common/sepolicy/private/odrefresh.te      |  2 ++
 .../common/sepolicy/vendor/bootanim.te        |  2 ++
 .../common/sepolicy/vendor/dumpstate.te       |  1 +
 .../common/sepolicy/vendor/file_contexts      |  7 +++++++
 .../sepolicy/vendor/hal_bluetooth_default.te  |  1 +
 .../sepolicy/vendor/hal_power_default.te      |  1 +
 .../common/sepolicy/vendor/rk_output_hal.te   |  3 +++
 .../common/sepolicy/vendor/surfaceflinger.te  |  2 ++
 .../common/sepolicy/vendor/usb_dongle.te      |  2 ++
 .../rockchip/common/sepolicy/vendor/vold.te   |  5 +++++
 .../rk356x/sepolicy_vendor/genfs_contexts     | 11 ++++++++++
 .../rk356x/sepolicy_vendor/rknn_server.te     |  1 -
 .../rk3588/sepolicy_vendor/genfs_contexts     |  7 +++++++
 .../libpq/pq_init/sepolicy/pq_init.te         | 20 +++++++++++++++++++
 .../gadget/sepolicy/hal_usb_gadget_default.te |  6 +++++-
 19 files changed, 79 insertions(+), 4 deletions(-)
 create mode 100644 device/rockchip/common/sepolicy/private/odrefresh.te

diff --git a/device/rockchip/common/gpu/bifrost/sepolicies/public/sepolicy-firmware/file_contexts b/device/rockchip/common/gpu/bifrost/sepolicies/public/sepolicy-firmware/file_contexts
index 030ab50f4da..dfacc346526 100644
--- a/device/rockchip/common/gpu/bifrost/sepolicies/public/sepolicy-firmware/file_contexts
+++ b/device/rockchip/common/gpu/bifrost/sepolicies/public/sepolicy-firmware/file_contexts
@@ -12,3 +12,6 @@
 
 # Mali firmware
 /sys/module/firmware_class/parameters/path u:object_r:sysfs_gpu_fwpath:s0
+
+# Mali config
+/sys/module/bifrost_kbase/parameters/large_page_conf u:object_r:sysfs_gpu:s0
diff --git a/device/rockchip/common/gpu/valhall/sepolicies/public/sepolicy-firmware/file_contexts b/device/rockchip/common/gpu/valhall/sepolicies/public/sepolicy-firmware/file_contexts
index 030ab50f4da..dfacc346526 100644
--- a/device/rockchip/common/gpu/valhall/sepolicies/public/sepolicy-firmware/file_contexts
+++ b/device/rockchip/common/gpu/valhall/sepolicies/public/sepolicy-firmware/file_contexts
@@ -12,3 +12,6 @@
 
 # Mali firmware
 /sys/module/firmware_class/parameters/path u:object_r:sysfs_gpu_fwpath:s0
+
+# Mali config
+/sys/module/bifrost_kbase/parameters/large_page_conf u:object_r:sysfs_gpu:s0
diff --git a/device/rockchip/common/init.connectivity.rc b/device/rockchip/common/init.connectivity.rc
index 22929957389..3c57a0907c6 100644
--- a/device/rockchip/common/init.connectivity.rc
+++ b/device/rockchip/common/init.connectivity.rc
@@ -54,8 +54,6 @@ on zygote-start
 #for nfc
     chmod 0660 /dev/bcm2079x
     chown nfc nfc /dev/bcm2079x
-    mkdir /data/nfc 0700 nfc nfc encryption=Require
-    mkdir /data/nfc/param 0700 nfc nfc encryption=Require
 
 on property:wlan.driver.status=ok
     chown wifi wifi /sys/module/bcmdhd/parameters/firmware_path
diff --git a/device/rockchip/common/rootdir/init.system.rc b/device/rockchip/common/rootdir/init.system.rc
index eef457a901f..3020e4b61c5 100644
--- a/device/rockchip/common/rootdir/init.system.rc
+++ b/device/rockchip/common/rootdir/init.system.rc
@@ -1,3 +1,7 @@
 on post-fs-data
     mkdir /data/misc/cfg_rockchip 0755 system system encryption=Require
     mkdir /data/vendor/rkalgo 0775 system system encryption=Require
+
+    # for nfc
+    mkdir /data/nfc 0700 nfc nfc encryption=Require
+    mkdir /data/nfc/param 0700 nfc nfc encryption=Require
diff --git a/device/rockchip/common/sepolicy/private/odrefresh.te b/device/rockchip/common/sepolicy/private/odrefresh.te
new file mode 100644
index 00000000000..2ac9bc61b24
--- /dev/null
+++ b/device/rockchip/common/sepolicy/private/odrefresh.te
@@ -0,0 +1,2 @@
+dontaudit odrefresh property_type:property_service *;
+dontaudit odrefresh property_type:file *;
diff --git a/device/rockchip/common/sepolicy/vendor/bootanim.te b/device/rockchip/common/sepolicy/vendor/bootanim.te
index 9abb938190b..eb4f0574426 100644
--- a/device/rockchip/common/sepolicy/vendor/bootanim.te
+++ b/device/rockchip/common/sepolicy/vendor/bootanim.te
@@ -7,3 +7,5 @@ dontaudit bootanim mnt_vendor_file:dir search;
 dontaudit bootanim system_data_file:dir read;
 dontaudit bootanim kernel:system module_request;
 rw_rockchip_graphic_device(bootanim)
+
+set_prop(bootanim, debug_prop)
diff --git a/device/rockchip/common/sepolicy/vendor/dumpstate.te b/device/rockchip/common/sepolicy/vendor/dumpstate.te
index 323eb7289c0..f4ef4c00dfd 100644
--- a/device/rockchip/common/sepolicy/vendor/dumpstate.te
+++ b/device/rockchip/common/sepolicy/vendor/dumpstate.te
@@ -1 +1,2 @@
 allow dumpstate sysfs_mmc:file r_file_perms;
+dontaudit dumpstate debugfs:file r_file_perms;
diff --git a/device/rockchip/common/sepolicy/vendor/file_contexts b/device/rockchip/common/sepolicy/vendor/file_contexts
index 7e2d17ef127..93108b886cf 100644
--- a/device/rockchip/common/sepolicy/vendor/file_contexts
+++ b/device/rockchip/common/sepolicy/vendor/file_contexts
@@ -201,6 +201,8 @@
 /sys/devices/platform/fec80000.i2c/i2c-6/6-0051/rtc/rtc0/time           u:object_r:sysfs_rtc:s0
 /sys/devices/platform/fec80000.i2c/i2c-6/6-0051/rtc/rtc0/wakealarm      u:object_r:sysfs_rtc:s0
 /sys/devices/platform/fec80000.i2c/i2c-6/6-0051/rtc/rtc0/wakeup.*       u:object_r:sysfs_wakeup:s0
+/sys/devices/platform/fec80000.i2c/i2c-6/6-0051/rtc/rtc0/alarmtimer.*   u:object_r:sysfs_wakeup:s0
+/sys/devices/platform/gpio-keys/wakeup/wakeup.*                         u:object_r:sysfs_wakeup:s0
 /sys/devices/platform/pinctrl/f.*/gpio.*/active_low                     u:object_r:sysfs_gpio:s0
 /sys/devices/platform/pinctrl/f.*/gpio.*/direction                      u:object_r:sysfs_gpio:s0
 /sys/devices/platform/pinctrl/f.*/gpio.*/edge                           u:object_r:sysfs_gpio:s0
@@ -208,6 +210,11 @@
 /sys/devices/platform/f.*/pwm/.*export  u:object_r:sysfs_pwm:s0
 /sys/devices/platform/f.*/pwm0/.*       u:object_r:sysfs_pwm:s0
 
+/sys/devices/platform/simple-vin/power_supply/simple-vin/wakeup.*       u:object_r:sysfs_wakeup:s0
+/sys/devices/virtual/power_supply/test_ac/wakeup.*                      u:object_r:sysfs_wakeup:s0
+/sys/devices/virtual/power_supply/test_battery/wakeup.*                 u:object_r:sysfs_wakeup:s0
+/sys/devices/virtual/power_supply/test_usb/wakeup.*                     u:object_r:sysfs_wakeup:s0
+
 #seekwave
 /dev/BTCMD           u:object_r:skwbt_device:s0
 /dev/BTDATA          u:object_r:skwbt_device:s0
diff --git a/device/rockchip/common/sepolicy/vendor/hal_bluetooth_default.te b/device/rockchip/common/sepolicy/vendor/hal_bluetooth_default.te
index d52290547c1..db8588a33f5 100644
--- a/device/rockchip/common/sepolicy/vendor/hal_bluetooth_default.te
+++ b/device/rockchip/common/sepolicy/vendor/hal_bluetooth_default.te
@@ -6,3 +6,4 @@ allow hal_bluetooth_default proc:file { open write };
 binder_call(hal_bluetooth_default, zygote)
 allow hal_bluetooth_default skwbt_device:chr_file { read write open ioctl };
 allow hal_bluetooth_default bluetooth_data_file:file { read };
+allow hal_bluetooth_btlinux sysfs:file write;
diff --git a/device/rockchip/common/sepolicy/vendor/hal_power_default.te b/device/rockchip/common/sepolicy/vendor/hal_power_default.te
index 0415b8d7043..092231f5b1f 100644
--- a/device/rockchip/common/sepolicy/vendor/hal_power_default.te
+++ b/device/rockchip/common/sepolicy/vendor/hal_power_default.te
@@ -12,3 +12,4 @@ dontaudit hal_power_default self:capability dac_override;
 
 get_prop(hal_power_default, vendor_boot_complete_prop)
 get_prop(hal_power_default, vendor_power_prop)
+get_prop(hal_power_default, vendor_sculptor_prop)
diff --git a/device/rockchip/common/sepolicy/vendor/rk_output_hal.te b/device/rockchip/common/sepolicy/vendor/rk_output_hal.te
index 7bd27e750f0..3e5e7c22782 100644
--- a/device/rockchip/common/sepolicy/vendor/rk_output_hal.te
+++ b/device/rockchip/common/sepolicy/vendor/rk_output_hal.te
@@ -18,6 +18,9 @@ allow rk_output_hal vendor_system_public_prop:property_service { set };
 allow rk_output_hal vendor_data_file:dir { read open write getattr create add_name remove_name };
 allow rk_output_hal vendor_data_file:file { read open write create getattr unlink };
 allow rk_output_hal vendor_tv_input_prop:property_service { set };
+allow rk_output_hal vendor_rkalgo_data_file:dir r_dir_perms;
+allow rk_output_hal vendor_rkalgo_data_file:file r_file_perms;
+
 binder_call(rk_output_hal,hwservicemanager)
 binder_call(rk_output_hal,system_server)
 get_prop(rk_output_hal,hwservicemanager_prop)
diff --git a/device/rockchip/common/sepolicy/vendor/surfaceflinger.te b/device/rockchip/common/sepolicy/vendor/surfaceflinger.te
index 76dca8e2cc7..77897b21286 100644
--- a/device/rockchip/common/sepolicy/vendor/surfaceflinger.te
+++ b/device/rockchip/common/sepolicy/vendor/surfaceflinger.te
@@ -13,3 +13,5 @@ allow surfaceflinger unlabeled:filesystem { getattr };
 # for video formate 10bit to 8bit by rga
 rw_rockchip_graphic_device(surfaceflinger)
 binder_call(surfaceflinger, zygote)
+
+set_prop(surfaceflinger, debug_prop)
diff --git a/device/rockchip/common/sepolicy/vendor/usb_dongle.te b/device/rockchip/common/sepolicy/vendor/usb_dongle.te
index b3598fe4766..6d91cf912b9 100644
--- a/device/rockchip/common/sepolicy/vendor/usb_dongle.te
+++ b/device/rockchip/common/sepolicy/vendor/usb_dongle.te
@@ -11,5 +11,7 @@ allow usb_dongle vendor_shell_exec:file execute_no_trans;
 allow usb_dongle self:netlink_kobject_uevent_socket { bind getopt };
 allow usb_dongle sysfs:dir { open read };
 allow usb_dongle sysfs:file { getattr open read };
+allow usb_dongle sysfs_net:dir { open read search };
+allow usb_dongle sysfs_net:file { getattr open read };
 allow usb_dongle usb_device:chr_file { ioctl open read write };
 allow usb_dongle usb_device:dir search;
diff --git a/device/rockchip/common/sepolicy/vendor/vold.te b/device/rockchip/common/sepolicy/vendor/vold.te
index a67213dcaa0..4298c73e1dc 100644
--- a/device/rockchip/common/sepolicy/vendor/vold.te
+++ b/device/rockchip/common/sepolicy/vendor/vold.te
@@ -19,3 +19,8 @@ allow vold vendor_incremental_module:system module_load;
 allowxperm vold vold_device:blk_file ioctl {
   BLKDISCARD BLKGETSIZE BLKROGET
 };
+
+#for mke2fs
+allowxperm vold dm_device:blk_file ioctl {
+  BLKPBSZGET BLKDISCARDZEROES BLKROGET
+};
diff --git a/device/rockchip/rk356x/sepolicy_vendor/genfs_contexts b/device/rockchip/rk356x/sepolicy_vendor/genfs_contexts
index 6c5525212e4..9908dd83c00 100644
--- a/device/rockchip/rk356x/sepolicy_vendor/genfs_contexts
+++ b/device/rockchip/rk356x/sepolicy_vendor/genfs_contexts
@@ -1,9 +1,15 @@
+
 genfscon sysfs /devices/platform/fdd40000.i2c/i2c-0/0-0020/rk805-pwrkey/wakeup  u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/fdd40000.i2c/i2c-0/0-0020/rk808-rtc/rtc/rtc0   u:object_r:sysfs_rtc:s0
 genfscon sysfs /devices/platform/fdd40000.i2c/i2c-0/0-0020/rk808-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup  u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/fdd40000.i2c/i2c-0/0-0020/rk808-rtc/rtc/rtc0/alarmtimer.0.auto/wakeup  u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/fdd40000.i2c/i2c-0/0-0020/rk808-rtc/wakeup     u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/fdd40000.i2c/i2c-0/0-0020/wakeup       u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/fe5e0000.i2c/i2c-5/5-0051/wakeup       u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/fe5e0000.i2c/i2c-5/5-0051/rtc/rtc0/alarmtimer.1.auto/wakeup    u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/fe5e0000.i2c/i2c-5/5-0051/rtc/rtc0/date        u:object_r:sysfs_rtc:s0
+genfscon sysfs /devices/platform/fe5e0000.i2c/i2c-5/5-0051/rtc/rtc0/time        u:object_r:sysfs_rtc:s0
+genfscon sysfs /devices/platform/fe5e0000.i2c/i2c-5/5-0051/rtc/rtc0/wakealarm   u:object_r:sysfs_rtc:s0
 genfscon sysfs /devices/platform/fdea0400.vdpu/wakeup   u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/fdeb0000.rk_rga/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/fded0000.jpegd/wakeup  u:object_r:sysfs_wakeup:s0
@@ -46,5 +52,10 @@ genfscon sysfs /devices/platform/fd840000.usb            u:object_r:sysfs_net:s0
 genfscon sysfs /devices/platform/fd8c0000.usb            u:object_r:sysfs_net:s0
 genfscon sysfs /devices/platform/fd880000.usb            u:object_r:sysfs_net:s0
 genfscon sysfs /devices/platform/fcc00000.usb            u:object_r:sysfs_net:s0
+genfscon sysfs /devices/platform/fcc00000.usb/usb_role   u:object_r:sysfs:s0
+genfscon sysfs /devices/platform/3c0000000.pcie          u:object_r:sysfs_net:s0
+genfscon sysfs /devices/platform/3c0000000.pcie/wakeup	 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/3c0400000.pcie          u:object_r:sysfs_net:s0
+genfscon sysfs /devices/platform/3c0400000.pcie/wakeup   u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/usbhost                 u:object_r:sysfs_net:s0
 genfscon sysfs /devices/platform/fe0a0000.hdmi/uevent   u:object_r:sysfs_extcon:s0
diff --git a/device/rockchip/rk356x/sepolicy_vendor/rknn_server.te b/device/rockchip/rk356x/sepolicy_vendor/rknn_server.te
index 8c504936f72..407523e036c 100644
--- a/device/rockchip/rk356x/sepolicy_vendor/rknn_server.te
+++ b/device/rockchip/rk356x/sepolicy_vendor/rknn_server.te
@@ -14,6 +14,5 @@ allow rknn_server gpu_device:chr_file { open getattr read write ioctl map};
 dontaudit rknn_server self:capability { sys_admin dac_override };
 set_prop(rknn_server, vendor_rknn_prop);
 get_prop(rknn_server, vendor_rknn_prop);
-get_prop(vendor-rknn-hal, vendor_rknn_prop);
 
 dontaudit rknn_server sysfs:file rw_file_perms;
diff --git a/device/rockchip/rk3588/sepolicy_vendor/genfs_contexts b/device/rockchip/rk3588/sepolicy_vendor/genfs_contexts
index b0c3024ea7d..a8456802de9 100644
--- a/device/rockchip/rk3588/sepolicy_vendor/genfs_contexts
+++ b/device/rockchip/rk3588/sepolicy_vendor/genfs_contexts
@@ -3,6 +3,7 @@ genfscon sysfs /devices/platform/fd5d0000.syscon/fd5d0000.syscon:usb2-phy@0/extc
 genfscon sysfs /devices/platform/fd5d8000.syscon/fd5d8000.syscon:usb2-phy@8000/extcon   u:object_r:sysfs_extcon:s0
 genfscon sysfs /devices/platform/fdb50000.vepu/wakeup   u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/fdb50400.vdpu/wakeup   u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/fdb51000.avsd-plus/wakeup     u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/fdb60000.rga/wakeup    u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/fdb70000.rga/wakeup    u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/fdb80000.rga/wakeup    u:object_r:sysfs_wakeup:s0
@@ -17,6 +18,7 @@ genfscon sysfs /devices/platform/fdbe0000.rkvenc-core/wakeup    u:object_r:sysfs
 genfscon sysfs /devices/platform/fdc30000.rkvdec-ccu/wakeup     u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/fdc38100.rkvdec-core/wakeup    u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/fdc48100.rkvdec-core/wakeup    u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/fdc70000.av1d/wakeup     u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/fde80000.hdmi/extcon     u:object_r:sysfs_extcon:s0
 genfscon sysfs /devices/platform/fdea0000.hdmi/extcon     u:object_r:sysfs_extcon:s0
 genfscon sysfs /devices/platform/fdee0000.hdmirx-controller/extcon     u:object_r:sysfs_extcon:s0
@@ -25,6 +27,7 @@ genfscon sysfs /devices/platform/fd5d4000.syscon/fd5d4000.syscon:usb2-phy@4000/e
 genfscon sysfs /devices/platform/fde50000.dp/extcon     u:object_r:sysfs_extcon:s0
 genfscon sysfs /devices/platform/fde60000.dp/extcon     u:object_r:sysfs_extcon:s0
 genfscon sysfs /devices/platform/fdec0000.edp/extcon    u:object_r:sysfs_extcon:s0
+genfscon sysfs /devices/platform/fe180000.pcie/wakeup   u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/fe190000.pcie/wakeup   u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/fe2e0000.mmc/mmc_host/mmc0     u:object_r:sysfs_mmc:s0
 genfscon sysfs /devices/platform/feaa0000.i2c/i2c-2/2-0051/rtc/rtc0     u:object_r:sysfs_rtc:s0
@@ -35,7 +38,10 @@ genfscon sysfs /devices/platform/feaa0000.i2c/i2c-2/2-0062/power_supply/cw2015-b
 genfscon sysfs /devices/platform/feaa0000.i2c/i2c-2/2-006b/power_supply/bq25700-charger u:object_r:sysfs_batteryinfo:s0
 genfscon sysfs /devices/platform/feaa0000.i2c/i2c-2/2-006b/power_supply/bq25700-charger/wakeup17        u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/feaa0000.i2c/i2c-2/2-006b/wakeup       u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/feb20000.spi/spi_master/spi2/spi2.0/rk805-pwrkey.1.auto/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/feb20000.spi/spi_master/spi2/spi2.0/rk805-pwrkey.2.auto/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/fec80000.i2c/i2c-6/6-0022/power_supply/tcpm-source-psy-6-0022  u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/fec80000.i2c/i2c-6/6-0022/power_supply/tcpm-source-psy-6-0022/wakeup5  u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/feca0000.i2c/i2c-8/8-0022/power_supply/tcpm-source-psy-8-0022  u:object_r:sysfs_batteryinfo:s0
 genfscon sysfs /devices/platform/feca0000.i2c/i2c-8/8-0022/power_supply/tcpm-source-psy-8-0022/wakeup24 u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/usbdrd3_0/fc000000.usb/wakeup  u:object_r:sysfs_wakeup:s0
@@ -47,3 +53,4 @@ genfscon sysfs /devices/platform/fdee0000.hdmirx-controller/uevent   u:object_r:
 genfscon sysfs /devices/platform/fe1b0000.ethernet/net   u:object_r:sysfs_net:s0
 genfscon sysfs /devices/platform/fe1c0000.ethernet/net   u:object_r:sysfs_net:s0
 genfscon sysfs /devices/platform/fe180000.pcie   u:object_r:sysfs_net:s0
+genfscon sysfs /devices/platform/fe190000.pcie   u:object_r:sysfs_net:s0
diff --git a/hardware/rockchip/libpq/pq_init/sepolicy/pq_init.te b/hardware/rockchip/libpq/pq_init/sepolicy/pq_init.te
index 4bfc7ef645d..d3bbd53a494 100644
--- a/hardware/rockchip/libpq/pq_init/sepolicy/pq_init.te
+++ b/hardware/rockchip/libpq/pq_init/sepolicy/pq_init.te
@@ -9,3 +9,23 @@ allow pq_init sysfs:file { read };
 allow pq_init sysfs_dev:file { read open };
 allow pq_init device:dir { search open read };
 allow pq_init gpu_device:chr_file { open read write getattr ioctl map };
+
+allow pq_init block_device:dir r_dir_perms;
+allow pq_init baseparameter_block_device:blk_file rw_file_perms;
+allow pq_init sysfs_nvmem:file { open read getattr };
+allow pq_init sysfs_gpu:file { open read getattr };
+
+allow pq_init vendor_rkalgo_data_file:dir rw_dir_perms;
+allow pq_init vendor_rkalgo_data_file:file { rw_file_perms create };
+dontaudit pq_init system_data_root_file:dir { add_name create write };
+dontaudit pq_init system_data_root_file:file rw_file_perms;
+
+dontaudit pq_init default_prop:file r_file_perms;
+dontaudit pq_init system_prop:file r_file_perms;
+dontaudit pq_init vendor_default_prop:property_service set;
+# set_prop(pq_init, vendor_default_prop)
+
+get_prop(pq_init, vendor_default_prop)
+get_prop(pq_init, vendor_tv_input_prop)
+set_prop(pq_init, vendor_tv_input_prop)
+get_prop(pq_init, vendor_system_public_prop)
diff --git a/hardware/rockchip/usb/gadget/sepolicy/hal_usb_gadget_default.te b/hardware/rockchip/usb/gadget/sepolicy/hal_usb_gadget_default.te
index 03884637bb4..4d31c670442 100644
--- a/hardware/rockchip/usb/gadget/sepolicy/hal_usb_gadget_default.te
+++ b/hardware/rockchip/usb/gadget/sepolicy/hal_usb_gadget_default.te
@@ -1,8 +1,12 @@
 allow hal_usb_gadget_default configfs:dir { create rmdir };
 allow hal_usb_gadget_default functionfs:dir { watch watch_reads };
-allow hal_usb_gadget_default sysfs:file r_file_perms;
+allow hal_usb_gadget_default sysfs:dir r_dir_perms;
+allow hal_usb_gadget_default sysfs:file rw_file_perms;
 allow hal_usb_gadget_default sysfs_udc:dir r_dir_perms;
 allow hal_usb_gadget_default sysfs_batteryinfo:dir r_dir_perms;
+allow hal_usb_gadget_default sysfs_net:dir r_dir_perms;
+
+dontaudit hal_usb_gadget_default system_prop:file r_file_perms;
 
 get_prop(hal_usb_gadget_default, vendor_usb_prop)
 get_prop(hal_usb_gadget_default, usb_control_prop)