sweet: sepolicy: fix neverallows

vendor_init.te:
set_prop -> get_prop because the init_service_status_prop is a system_restricted_prop which can only be written by /system (and not vendor_init)

property.te:
specify the property types to vendor_internal_prop because the default property_type is a system_internal_prop (it would trigger a neverallow because vendor accesses them)

mi_thermald.te:
just move the type definition to property.te

Signed-off-by: brvn0 <me@brvn0.de>

Author: brvn0

BoardConfig.mk

@@ -115,8 +115,6 @@ BOARD_VENDOR_SEPOLICY_DIRS += device/qcom/sepolicy_vndr/generic/vendor/msmsteppe
 BOARD_VENDOR_SEPOLICY_DIRS += device/qcom/sepolicy_vndr/qva/vendor/msmsteppe
 include device/qcom/sepolicy_vndr/SEPolicy.mk
 
-SELINUX_IGNORE_NEVERALLOWS := true
-
 # VINTF
 DEVICE_MANIFEST_FILE := $(DEVICE_PATH)/configs/vintf/manifest.xml
 DEVICE_FRAMEWORK_COMPATIBILITY_MATRIX_FILE := $(DEVICE_PATH)/configs/vintf/compatibility_matrix.xml

sepolicy/vendor/mi_thermald.te

@@ -1,7 +1,6 @@
 type mi_thermald, domain;
 type mi_thermald_exec, exec_type, vendor_file_type, file_type;
 
-type vendor_thermal_normal_prop, property_type;
 type thermal_data_file, data_file_type, file_type;
 
 init_daemon_domain(mi_thermald)

sepolicy/vendor/property.te

@@ -1,2 +1,5 @@
 # Power
-type vendor_power_prop, property_type;
+vendor_internal_prop(vendor_power_prop);
+
+# Thermal
+vendor_internal_prop(vendor_thermal_normal_prop);

sepolicy/vendor/vendor_init.te

@@ -1,3 +1,3 @@
 allow vendor_init persist_file:lnk_file read;
 set_prop(vendor_init, vendor_power_prop)
-set_prop(vendor_init, init_service_status_prop)
+get_prop(vendor_init, init_service_status_prop)