sm8550-common: sepolicy: Address more denials

Change-Id: Id833dcd57dc9d389ef57cc30b85897f9d98f3c56

sepolicy/vendor/file.te

@@ -30,6 +30,7 @@ type proc_bus_input, fs_type, proc_type;
 type vendor_sysfs_input, fs_type, sysfs_type;
 
 # Proc
+type proc_last_kmsg, fs_type, proc_type;
 type proc_simslot_count, fs_type, proc_type;
 
 # Qms

sepolicy/vendor/genfs_contexts

@@ -1,4 +1,5 @@
 # Proc
+genfscon proc "/last_kmsg"                                   u:object_r:proc_last_kmsg:s0
 genfscon proc "/simslot_count"                               u:object_r:proc_simslot_count:s0
 
 # Audio

sepolicy/vendor/network_stack.te

@@ -1,2 +1,2 @@
 # Allow network_stack to read proc_net file
-allow network_stack proc_net:file rw_file_perms;
+allow network_stack proc_net:file { read getattr open };

sepolicy/vendor/spdaemon.te

@@ -0,0 +1,2 @@
+# Allow vendor_spdaemon to find hal_system_suspend_service
+allow vendor_spdaemon hal_system_suspend_service:service_manager find;

sepolicy/vendor/system_server.te

@@ -0,0 +1,2 @@
+# Allow system_server process to read /proc/last_kmsg
+allow system_server proc_last_kmsg:file r_file_perms;

sepolicy/vendor/vendor_init.te

@@ -5,3 +5,6 @@ allow vendor_init cgroup:file rw_file_perms;
 allow vendor_init block_device:lnk_file setattr;
 
 allow vendor_init vendor_ssr_prop:property_service set;
+
+# Allow vendor_init to set vendor_thermal_prop properties
+allow vendor_init vendor_thermal_prop:property_service set;