Sync QCOM sepolicy rules

1. init_qti_chg_policy sysfs_wakeup:dir read
    denied { read } for comm="find" name="wakeup8" dev="sysfs" ino=55134
    scontext=u:r:init_qti_chg_policy:s0 tcontext=u:object_r:sysfs_wakeup:s0
    tclass=dir permissive=0
   init_qti_chg_policy sysfs_iio_devices:dir search
    denied { search } for comm="cat" name="devices" dev="sysfs" ino=42746
    scontext=u:r:init_qti_chg_policy:s0
    tcontext=u:object_r:sysfs_iio_devices:s0 tclass=dir permissive=0
2. cnd default_android_hwservice:hwservice_manager find
    denied  { find } for
    interface=vendor.qti.hardware.mwqemadapter::IMwqemAdapter
    sid=u:r:cnd:s0 pid=1224 scontext=u:r:cnd:s0
    tcontext=u:object_r:default_android_hwservice:s0
    tclass=hwservice_manager permissive=0
3. rild default_android_hwservice:hwservice_manager find
    denied  { find } for
    interface=vendor.qti.hardware.radio.internal.deviceinfo::IDeviceInfo
    sid=u:r:rild:s0 pid=1424 scontext=u:r:rild:s0
    tcontext=u:object_r:default_android_hwservice:s0
    tclass=hwservice_manager permissive=0
4. sensors sensors_vendor_data_file:dir search
    denied { search } for name="sensors" dev="dm-6" ino=262
    scontext=u:r:sensors:s0
    tcontext=u:object_r:sensors_vendor_data_file:s0 tclass=dir
    permissive=0
5. qtelephony default_android_hwservice:hwservice_manager find
    denied  { find } for
    interface=vendor.qti.hardware.radio.internal.deviceinfo::IDeviceInfo
    sid=u:r:qtelephony:s0:c32,c257,c512,c768 pid=4377
    scontext=u:r:qtelephony:s0:c32,c257,c512,c768
    tcontext=u:object_r:default_android_hwservice:s0
    tclass=hwservice_manager permissive=0
6. hvdcp
    denied { write } for name="kmsg" dev="tmpfs" ino=26341 scontext=u:r:hvdcp:s0
    tcontext=u:object_r:kmsg_device:s0 tclass=chr_file permissive=0

Bug: 188064567
Change-Id: Ib5e59796a56d6cb39fa1d482599d93903431ab2a

8 files changed, 17 insertions, 1 deletions

diff --git a/vendor/google/genfs_contexts b/vendor/google/genfs_contexts
index 0670681..f2173b2 100644
--- a/vendor/google/genfs_contexts
+++ b/vendor/google/genfs_contexts
@@ -52,6 +52,8 @@ genfscon sysfs /devices/platform/soc/a8c000.i2c/i2c-2/2-0010/iio:device2
 u:object_r:sysfs_power_stats:s0
 
 # Not used by PowerStatsHal
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:vadc@3100/iio:device0
+u:object_r:sysfs_power_stats_ignore:s0
 genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-04/c440000.qcom,spmi:qcom,pm6150l@4:vadc@3100/iio:device1
 u:object_r:sysfs_power_stats_ignore:s0
 
diff --git a/vendor/google/init_qti_chg_policy.te b/vendor/google/init_qti_chg_policy.te
index 44815ce..924d3d1 100644
--- a/vendor/google/init_qti_chg_policy.te
+++ b/vendor/google/init_qti_chg_policy.te
@@ -7,5 +7,12 @@ allow init_qti_chg_policy vendor_toolbox_exec:file rx_file_perms;
 allow init_qti_chg_policy sysfs_batteryinfo:file create_file_perms;
 allow init_qti_chg_policy sysfs_batteryinfo:dir r_dir_perms;
 allow init_qti_chg_policy sysfs_contaminant:file create_file_perms;
+allow init_qti_chg_policy sysfs_wakeup:dir r_dir_perms;
+allow init_qti_chg_policy sysfs_wakeup:file getattr;
+allow init_qti_chg_policy sysfs_iio_devices:dir search;
+allow init_qti_chg_policy sysfs_power_stats_ignore:dir search;
+allow init_qti_chg_policy sysfs_power_stats_ignore:file r_file_perms;
+allow init_qti_chg_policy sysfs_power_stats:dir search;
+allow init_qti_chg_policy sysfs_power_stats:file r_file_perms;
 
 set_prop(init_qti_chg_policy, vendor_hvdcp_opti_prop)
diff --git a/vendor/qcom/common/cnd.te b/vendor/qcom/common/cnd.te
index 473de1b..30acc21 100644
--- a/vendor/qcom/common/cnd.te
+++ b/vendor/qcom/common/cnd.te
@@ -20,6 +20,7 @@ allow cnd cnd_data_file:dir rw_dir_perms;
 wakelock_use(cnd)
 # To register cnd to hwbinder
 add_hwservice(cnd, hal_datafactory_hwservice)
+add_hwservice(cnd, hal_mwqemadapter_hwservice)
 userdebug_or_eng(`
   allow cnd diag_device:chr_file rw_file_perms;
 ')
diff --git a/vendor/qcom/common/hvdcp.te b/vendor/qcom/common/hvdcp.te
index 7cdae50..9c1b7eb 100644
--- a/vendor/qcom/common/hvdcp.te
+++ b/vendor/qcom/common/hvdcp.te
@@ -7,7 +7,7 @@ allow hvdcp sysfs_batteryinfo:dir r_dir_perms;
 allow hvdcp qg_device:chr_file rw_file_perms;
 allow hvdcp self:capability2 wake_alarm;
 allow hvdcp self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
-allow hvdcp kmsg_device:chr_file r_file_perms;
+allow hvdcp kmsg_device:chr_file rw_file_perms;
 allow hvdcp mnt_vendor_file:dir r_dir_perms;
 allow hvdcp persist_file:dir search;
 allow hvdcp persist_hvdcp_file:dir search;
diff --git a/vendor/qcom/common/hwservice.te b/vendor/qcom/common/hwservice.te
index 11c8147..5f091a5 100644
--- a/vendor/qcom/common/hwservice.te
+++ b/vendor/qcom/common/hwservice.te
@@ -21,3 +21,4 @@ type hal_dataconnection_hwservice, hwservice_manager_type, vendor_hwservice_type
 type hal_cacert_hwservice, hwservice_manager_type, vendor_hwservice_type;
 type hal_capabilityconfigstore_qti_hwservice, hwservice_manager_type, vendor_hwservice_type;
 type hal_qseecom_hwservice, hwservice_manager_type, protected_hwservice, vendor_hwservice_type;
+type hal_mwqemadapter_hwservice, hwservice_manager_type, protected_hwservice;
diff --git a/vendor/qcom/common/hwservice_contexts b/vendor/qcom/common/hwservice_contexts
index 75e64a1..f275324 100644
--- a/vendor/qcom/common/hwservice_contexts
+++ b/vendor/qcom/common/hwservice_contexts
@@ -15,6 +15,7 @@ vendor.qti.hardware.qdutils_disp::IQdutilsDisp                          u:object
 vendor.qti.hardware.qteeconnector::IAppConnector                        u:object_r:hal_qteeconnector_hwservice:s0
 vendor.qti.hardware.qteeconnector::IGPAppConnector                      u:object_r:hal_qteeconnector_hwservice:s0
 vendor.qti.hardware.radio.am::IQcRilAudio                               u:object_r:hal_telephony_hwservice:s0
+vendor.qti.hardware.radio.internal.deviceinfo::IDeviceInfo              u:object_r:hal_telephony_hwservice:s0
 vendor.qti.hardware.radio.lpa::IUimLpa                                  u:object_r:hal_telephony_hwservice:s0
 vendor.qti.hardware.radio.qcrilhook::IQtiOemHook                        u:object_r:hal_telephony_hwservice:s0
 vendor.qti.hardware.radio.qtiradio::IQtiRadio                           u:object_r:hal_telephony_hwservice:s0
@@ -35,3 +36,4 @@ vendor.qti.hardware.capabilityconfigstore::ICapabilityConfigStore       u:object
 vendor.qti.hardware.display.allocator::IQtiAllocator                    u:object_r:hal_graphics_allocator_hwservice:s0
 vendor.qti.ims.callinfo::IService                                       u:object_r:hal_imscallinfo_hwservice:s0
 vendor.qti.hardware.qseecom::IQSEECom                                   u:object_r:hal_qseecom_hwservice:s0
+vendor.qti.hardware.mwqemadapter::IMwqemAdapter                         u:object_r:hal_mwqemadapter_hwservice:s0
diff --git a/vendor/qcom/common/seapp_contexts b/vendor/qcom/common/seapp_contexts
index 51fdd3d..6b2ff84 100644
--- a/vendor/qcom/common/seapp_contexts
+++ b/vendor/qcom/common/seapp_contexts
@@ -32,3 +32,4 @@ user=_app seinfo=platform name=com.qualcomm.qti.devicestatisticsservice domain=q
 
 # QtiTelephonyService app
 user=_app seinfo=platform name=com.qualcomm.qti.telephonyservice domain=qtelephony type=app_data_file levelFrom=all
+
diff --git a/vendor/qcom/common/sensors.te b/vendor/qcom/common/sensors.te
index 95737d0..a423192 100644
--- a/vendor/qcom/common/sensors.te
+++ b/vendor/qcom/common/sensors.te
@@ -12,5 +12,7 @@ allow sensors self:qipcrtr_socket create;
 allow sensors sensors_persist_file:dir rw_dir_perms;
 r_dir_file(sensors, sysfs_msm_subsys)
 allow sensors sysfs_ssr:file r_file_perms;
+allow sensors sensors_vendor_data_file:dir rw_dir_perms;
+allow sensors sensors_vendor_data_file:file create_file_perms;
 
 dontaudit sensors sysfs_esoc:dir r_dir_perms;