Denial fixes for clark, osprey, surnia, and g3-common

Signed-off-by: Tad <tad@spotco.us>

Scripts/LineageOS-17.1/Patch.sh

@@ -315,11 +315,18 @@ fi;
 if enterAndClear "device/motorola/clark"; then
 echo "recovery_only('" >> sepolicy/recovery.te; #304224: Allow recovery to unzip and chmod modem firmware
 echo "  allow firmware_file labeledfs:filesystem associate;" >> sepolicy/recovery.te;
-echo "  allow recovery firmware_file:dir search;" >> sepolicy/recovery.te;
-echo "  allow recovery firmware_file:file { open write };" >> sepolicy/recovery.te;
+echo "  allow recovery firmware_file:dir rw_dir_perms;" >> sepolicy/recovery.te;
+echo "  allow recovery firmware_file:file create_file_perms;" >> sepolicy/recovery.te;
+echo "')" >> sepolicy/recovery.te;
+fi;
+
+if enterAndClear "device/motorola/msm8916-common"; then
+rm sepolicy/recovery.te;
+echo "recovery_only('" >> sepolicy/recovery.te; #304224: Allow recovery to unzip and chmod modem firmware
+echo "  allow firmware_file labeledfs:filesystem associate;" >> sepolicy/recovery.te;
+echo "  allow recovery firmware_file:dir rw_dir_perms;" >> sepolicy/recovery.te;
+echo "  allow recovery firmware_file:file create_file_perms;" >> sepolicy/recovery.te;
 echo "')" >> sepolicy/recovery.te;
-#sed -i '2isetenforce 0' releasetools/extract_firmware.sh;
-#echo "setenforce 1" >> releasetools/extract_firmware.sh;
 fi;
 
 if enterAndClear "device/oneplus/avicii"; then

Scripts/LineageOS-18.1/Patch.sh

@@ -370,6 +370,7 @@ echo "allow hwaddrs self:capability { fowner };" >> sepolicy/hwaddrs.te;
 echo "allow hwaddrs block_device:lnk_file { open };" >> sepolicy/hwaddrs.te;
 echo "allow hwaddrs misc_block_device:blk_file { open read };" >> sepolicy/hwaddrs.te;
 sed -i '1itypeattribute wcnss_service misc_block_device_exception;' sepolicy/wcnss_service.te;
+echo "/sys/devices/qpnp-rtc-[a-f0-9]+/rtc/rtc0(/.*)? u:object_r:sysfs_rtc:s0" >> sepolicy/file_contexts; #https://gitlab.com/LineageOS/issues/android/-/issues/3889
 fi;
 
 if enterAndClear "device/lge/mako"; then