Sync SEPolicy with CM11
diff --git a/vendor/sepolicy/file_contexts b/vendor/sepolicy/file_contexts
index 65e21c9..78b3ee1 100644
--- a/vendor/sepolicy/file_contexts
+++ b/vendor/sepolicy/file_contexts
@@ -3,6 +3,6 @@
#############################
# performance-related sysfs files (CM)
/sys/kernel/mm/ksm(/.*)? -- u:object_r:sysfs_writable:s0
-/sys/devices/system/cpu.*/cpufreq(/.*)? -- u:object_r:sysfs_writable:s0
+/sys/devices/system/cpu.*/cpufreq(/.*)? -- u:object_r:sysfs_devices_system_cpu:s0
/sys/block/mmcblk0/queue/scheduler -- u:object_r:sysfs_writable:s0
diff --git a/vendor/sepolicy/sepolicy.mk b/vendor/sepolicy/sepolicy.mk
index 74dcaaf..49acdb3 100644
--- a/vendor/sepolicy/sepolicy.mk
+++ b/vendor/sepolicy/sepolicy.mk
@@ -11,7 +11,8 @@
file_contexts \
fs_use \
genfs_contexts \
- installd.te \
seapp_contexts \
+ installd.te \
+ ueventd.te \
vold.te \
mac_permissions.xml
diff --git a/vendor/sepolicy/ueventd.te b/vendor/sepolicy/ueventd.te
new file mode 100644
index 0000000..396e266
--- /dev/null
+++ b/vendor/sepolicy/ueventd.te
@@ -0,0 +1,13 @@
+# ueventd needs to relabel files that pop in and out of sysfs
+allow ueventd sysfs:file relabelfrom;
+
+# ueventd will set permissions on cpufreq nodes
+allow ueventd sysfs_devices_system_cpu:file setattr;
+
+# ueventd loads wifi firmware on a ton of devices
+allow ueventd wifi_data_file:dir r_dir_perms;
+allow ueventd wifi_data_file:file r_file_perms;
+
+# ueventd loads audio firmware on many devices
+allow ueventd audio_data_file:dir r_dir_perms;
+allow ueventd audio_data_file:file r_file_perms;
diff --git a/vendor/sepolicy/vold.te b/vendor/sepolicy/vold.te
index bed75e3..3082575 100644
--- a/vendor/sepolicy/vold.te
+++ b/vendor/sepolicy/vold.te
@@ -10,4 +10,4 @@
allow vold fuse_device:chr_file rw_file_perms;
# NTFS-3g wants to drop permission
-allow vold self:capability { setgid setuid };
+allow vold self:capability { setgid setuid };