Snap for 8564071 from 05a1b76da9b95260b0fc9583b6ad797016836fef to mainline-sdkext-release

Change-Id: Ib69aec2d57986eaa43bf6931802e96474c366f30
author: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> 2022-05-10 06:53:06 +0000
committer: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> 2022-05-10 06:53:06 +0000
commit: bb0385357e291ee497821c6916d6c350ef7613b3 (patch)
tree: 8368e24c77e5cc642648107fd1737a78b2c010be /vendor/qcom/common
parent: 216fcd65c7be58344bacd7b6a3c9c6d72e724c32 (diff)
parent: 05a1b76da9b95260b0fc9583b6ad797016836fef (diff)
download: sunfish-sepolicy-bb0385357e291ee497821c6916d6c350ef7613b3.tar.gz
31 files changed, 199 insertions, 120 deletions
diff --git a/vendor/qcom/common/cameraserver.te b/vendor/qcom/common/cameraserver.te
index 92aacf7..dfd4524 100644
--- a/vendor/qcom/common/cameraserver.te
+++ b/vendor/qcom/common/cameraserver.te
@@ -6,3 +6,5 @@ get_prop(cameraserver, vendor_display_prop)
 # are not essential, and access denial to it won't break any gralloc mapper
 # functionality.
 dontaudit cameraserver gpu_device:chr_file rw_file_perms;
+
+dontaudit cameraserver sysfs_msm_subsys:dir search;
diff --git a/vendor/qcom/common/cnd.te b/vendor/qcom/common/cnd.te
index 333ac60..30acc21 100644
--- a/vendor/qcom/common/cnd.te
+++ b/vendor/qcom/common/cnd.te
@@ -20,6 +20,7 @@ allow cnd cnd_data_file:dir rw_dir_perms;
 wakelock_use(cnd)
 # To register cnd to hwbinder
 add_hwservice(cnd, hal_datafactory_hwservice)
+add_hwservice(cnd, hal_mwqemadapter_hwservice)
 userdebug_or_eng(`
   allow cnd diag_device:chr_file rw_file_perms;
 ')
@@ -42,3 +43,5 @@ allow cnd self:{
     netlink_generic_socket
     qipcrtr_socket
 } create_socket_perms_no_ioctl;
+
+dontaudit cnd wifi_hal_prop:file r_file_perms;
diff --git a/vendor/qcom/common/con_monitor.te b/vendor/qcom/common/con_monitor.te
index 64d0257..860c16e 100644
--- a/vendor/qcom/common/con_monitor.te
+++ b/vendor/qcom/common/con_monitor.te
@@ -1,10 +1,9 @@
 # ConnectivityMonitor app
-type con_monitor_app, domain;
+type con_monitor_app, domain, coredomain;
 
 app_domain(con_monitor_app)
 
 set_prop(con_monitor_app, radio_prop)
-set_prop(con_monitor_app, vendor_radio_prop)
 allow con_monitor_app app_api_service:service_manager find;
 allow con_monitor_app audioserver_service:service_manager find;
 allow con_monitor_app radio_service:service_manager find;
diff --git a/vendor/qcom/common/file.te b/vendor/qcom/common/file.te
index 33bb82e..23073eb 100644
--- a/vendor/qcom/common/file.te
+++ b/vendor/qcom/common/file.te
@@ -131,8 +131,6 @@ type sysfs_sectouch, sysfs_type, fs_type;
 type vendor_tui_data_file, file_type, data_file_type;
 type vendor_bt_data_file, file_type, data_file_type;
 type sysfs_jpeg, fs_type, sysfs_type;
-type ramdump_vendor_data_file, file_type, data_file_type, mlstrustedobject;
-type ramdump_vendor_mnt_file, file_type, data_file_type, mlstrustedobject;
 type sysfs_npu, fs_type, sysfs_type;
 type vendor_ramdump_data_file, file_type, data_file_type;
 type vendor_mdmhelperdata_data_file, file_type, data_file_type;
diff --git a/vendor/qcom/common/file_contexts b/vendor/qcom/common/file_contexts
index 907d5b9..a360e5a 100644
--- a/vendor/qcom/common/file_contexts
+++ b/vendor/qcom/common/file_contexts
@@ -52,7 +52,7 @@
 /(vendor|system/vendor)/bin/ssr_diag            u:object_r:vendor_ssr_diag_exec:s0
 /(vendor|system/vendor)/bin/hw/qcrild           u:object_r:rild_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.drm@[0-9]+\.[0-9]+-service\.clearkey    u:object_r:hal_drm_clearkey_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@[0-9]+\.[0-9]+-service\.widevine    u:object_r:hal_drm_widevine_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.drm(@[0-9]+\.[0-9]+)?-service\.widevine    u:object_r:hal_drm_widevine_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.gnss@.*-service-qti u:object_r:hal_gnss_qti_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.qti\.gnss@.*-service u:object_r:hal_gnss_qti_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.0-service-qti  u:object_r:hal_bluetooth_default_exec:s0
@@ -67,6 +67,8 @@
 /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@3\.0-service-qti u:object_r:hal_keymaster_qti_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.0-service-qti u:object_r:hal_keymaster_qti_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.0-strongbox-service-qti u:object_r:hal_keymaster_qti_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.1-service-qti u:object_r:hal_keymaster_qti_exec:s0
+/(vendor|system/vendor)/bin/init\.qti\.keymaster\.sh u:object_r:init-qti-keymaster-sh_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.gatekeeper@1\.0-service-qti u:object_r:hal_gatekeeper_qti_exec:s0
 /(vendor|system/vendor)/bin/imsrcsd             u:object_r:hal_rcsservice_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.qteeconnector@1\.0-service u:object_r:hal_qteeconnector_qti_exec:s0
@@ -113,12 +115,6 @@
 /mnt/vendor/persist/audio(/.*)?                                                u:object_r:persist_audio_file:s0
 
 ###################################
-# ramdumpfs files
-#
-/mnt/vendor/ramdump(/.*)?                       u:object_r:ramdump_vendor_mnt_file:s0
-/ramdump(/.*)?                                  u:object_r:ramdump_vendor_mnt_file:s0
-
-###################################
 # adsp files
 #
 /(vendor|system/vendor)/dsp(/.*)?                                   u:object_r:adsprpcd_file:s0
@@ -144,12 +140,15 @@
 /vendor/lib(64)?/vendor\.qti\.hardware\.display\.mapperextensions@1\.1\.so   u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/hw/android\.hardware\.graphics\.mapper@3\.0-impl-qti-display\.so   u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/vendor\.qti\.hardware\.display\.mapper@3\.0\.so   u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/hw/android\.hardware\.graphics\.mapper@4\.0-impl-qti-display\.so   u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/vendor\.qti\.hardware\.display\.mapper@4\.0\.so   u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/libqdMetaData\.so         u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/libgralloc\.qti\.so       u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/lib_aion_buffer\.so       u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/libqservice\.so           u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/libqdutils\.so            u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/libadreno_utils\.so       u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libgpudataproducer\.so    u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/libgsl\.so                u:object_r:same_process_hal_file:s0
 
 /vendor/lib(64)?/libEGL_adreno\.so         u:object_r:same_process_hal_file:s0
@@ -179,6 +178,10 @@
 # libGLESv2_adreno depends on this
 /vendor/lib(64)?/libllvm-glnext\.so         u:object_r:same_process_hal_file:s0
 
+# Game profiling library
+/vendor/lib(64)?/libadreno_app_profiles\.so    u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/vendor\.qti\.qspmhal@1\.0\.so u:object_r:same_process_hal_file:s0
+
 # libOpenCL-pixel and its dependencies
 /vendor/lib(64)?/libOpenCL-pixel\.so        u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/libOpenCL\.so              u:object_r:same_process_hal_file:s0
@@ -243,6 +246,7 @@
 /dev/msm_.*                                     u:object_r:audio_device:s0
 /dev/ramdump_.*                                 u:object_r:ramdump_device:s0
 /dev/at_.*                                      u:object_r:at_device:s0
+/dev/qce                                        u:object_r:qce_device:s0
 
 # dev socket nodes
 /dev/socket/ipacm_log_file                      u:object_r:ipacm_socket:s0
@@ -262,7 +266,6 @@
 /data/vendor/modem_fdr(/.*)?           u:object_r:modem_fdr_file:s0
 /data/vendor/mediadrm(/.*)?            u:object_r:mediadrm_vendor_data_file:s0
 /data/vendor/nnhal(/.*)?               u:object_r:hal_neuralnetworks_data_file:s0
-/data/vendor/ramdump(/.*)?             u:object_r:ramdump_vendor_data_file:s0
 /data/vendor/ssrdump(/.*)?             u:object_r:ramdump_vendor_data_file:s0
 /data/vendor/ssrlog(/.*)?              u:object_r:ssr_log_file:s0
 /data/vendor/camera(/.*)?              u:object_r:camera_vendor_data_file:s0
diff --git a/vendor/qcom/common/genfs_contexts b/vendor/qcom/common/genfs_contexts
index 8afbb14..d8158ec 100644
--- a/vendor/qcom/common/genfs_contexts
+++ b/vendor/qcom/common/genfs_contexts
@@ -26,3 +26,5 @@ genfscon sysfs /devices/platform/soc/soc:qcom,ipa_fws@1e08000
 genfscon sysfs /devices/virtual/xt_hardidletimer/timers                                                                                u:object_r:sysfs_data:s0
 genfscon sysfs /devices/virtual/xt_idletimer/timers                                                                                    u:object_r:sysfs_data:s0
 genfscon sysfs /module/subsystem_restart/parameters/enable_ramdumps                                                                    u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/virtual/fastrpc/adsprpc-smd/wakeup                                                                             u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/fastrpc/adsprpc-smd-secure/wakeup                                                                      u:object_r:sysfs_wakeup:s0
diff --git a/vendor/qcom/common/hal_drm_widevine.te b/vendor/qcom/common/hal_drm_widevine.te
index 4b52daf..2f8fbdd 100644
--- a/vendor/qcom/common/hal_drm_widevine.te
+++ b/vendor/qcom/common/hal_drm_widevine.te
@@ -10,4 +10,6 @@ allow hal_drm_widevine mediadrm_vendor_data_file:file create_file_perms;
 allow hal_drm_widevine hal_display_config_hwservice:hwservice_manager find;
 binder_call(hal_drm_widevine, hal_graphics_composer_default)
 
-allow hal_drm_widevine { appdomain -isolated_app }:fd use;
-\ No newline at end of file
+allow hal_drm_widevine { appdomain -isolated_app }:fd use;
+
+allow hal_drm_widevine qce_device:chr_file rw_file_perms;
diff --git a/vendor/qcom/common/hal_gnss_qti.te b/vendor/qcom/common/hal_gnss_qti.te
index c4481a7..80abd2e 100644
--- a/vendor/qcom/common/hal_gnss_qti.te
+++ b/vendor/qcom/common/hal_gnss_qti.te
@@ -24,5 +24,7 @@ allow hal_gnss_qti location:unix_dgram_socket sendto;
 
 allow hal_gnss_qti self:qipcrtr_socket create_socket_perms_no_ioctl;
 
+allow hal_gnss_qti location_data_file:dir r_dir_perms;
+
 # Allow Gnss HAL to get updates from health hal
 hal_client_domain(hal_gnss_qti, hal_health)
diff --git a/vendor/qcom/common/hal_neuralnetworks.te b/vendor/qcom/common/hal_neuralnetworks.te
index 1d20204..6ccdd39 100644
--- a/vendor/qcom/common/hal_neuralnetworks.te
+++ b/vendor/qcom/common/hal_neuralnetworks.te
@@ -17,3 +17,6 @@ r_dir_file(hal_neuralnetworks_default, sysfs_soc)
 r_dir_file(hal_neuralnetworks_default, adsprpcd_file)
 
 dontaudit hal_neuralnetworks_default vendor_display_prop:file read;
+
+# b/159570217 suppress warning related to zeroth.debuglog.logmask
+dontaudit hal_neuralnetworks_default default_prop:file { open read };
diff --git a/vendor/qcom/common/hal_rcsservice.te b/vendor/qcom/common/hal_rcsservice.te
index 9acd706..0c95f16 100644
--- a/vendor/qcom/common/hal_rcsservice.te
+++ b/vendor/qcom/common/hal_rcsservice.te
@@ -11,6 +11,8 @@ hwbinder_use(hal_rcsservice)
 # add IUceSerive and IService to Hidl interface
 add_hwservice(hal_rcsservice, hal_imsrcsd_hwservice)
 add_hwservice(hal_rcsservice, hal_imscallinfo_hwservice)
+# add imsfactory to HIDl interface
+add_hwservice(hal_rcsservice, hal_imsfactory_hwservice)
 
 get_prop(hal_rcsservice, hwservicemanager_prop)
 set_prop(hal_rcsservice, qcom_ims_prop)
diff --git a/vendor/qcom/common/hvdcp.te b/vendor/qcom/common/hvdcp.te
index 7cdae50..9c1b7eb 100644
--- a/vendor/qcom/common/hvdcp.te
+++ b/vendor/qcom/common/hvdcp.te
@@ -7,7 +7,7 @@ allow hvdcp sysfs_batteryinfo:dir r_dir_perms;
 allow hvdcp qg_device:chr_file rw_file_perms;
 allow hvdcp self:capability2 wake_alarm;
 allow hvdcp self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
-allow hvdcp kmsg_device:chr_file r_file_perms;
+allow hvdcp kmsg_device:chr_file rw_file_perms;
 allow hvdcp mnt_vendor_file:dir r_dir_perms;
 allow hvdcp persist_file:dir search;
 allow hvdcp persist_hvdcp_file:dir search;
diff --git a/vendor/qcom/common/hwservice.te b/vendor/qcom/common/hwservice.te
index e681898..c17da13 100644
--- a/vendor/qcom/common/hwservice.te
+++ b/vendor/qcom/common/hwservice.te
@@ -1,24 +1,25 @@
-type hal_display_color_hwservice, hwservice_manager_type;
-type hal_iwlan_hwservice, hwservice_manager_type;
-type hal_display_config_hwservice, hwservice_manager_type;
-type hal_display_postproc_hwservice, hwservice_manager_type;
-type hal_dpmqmi_hwservice, hwservice_manager_type;
-type hal_imsrtp_hwservice, hwservice_manager_type;
-type hal_imscallinfo_hwservice, hwservice_manager_type;
-type hal_datafactory_hwservice, hwservice_manager_type;
-type hal_cne_hwservice, hwservice_manager_type;
-type hal_latency_hwservice, hwservice_manager_type;
-type hal_imsrcsd_hwservice, hwservice_manager_type;
-type hal_ipacm_hwservice, hwservice_manager_type;
-type hal_qteeconnector_hwservice, hwservice_manager_type;
-type hal_voiceprint_hwservice, hwservice_manager_type;
-type vendor_hal_factory_qti_hwservice, hwservice_manager_type;
-type hal_tui_comm_hwservice, hwservice_manager_type;
-type hal_qdutils_disp_hwservice, hwservice_manager_type;
-type hal_sensorscalibrate_qti_hwservice, hwservice_manager_type;
-type vnd_atcmdfwd_hwservice, hwservice_manager_type;
-type hal_dataconnection_hwservice, hwservice_manager_type;
-type hal_bluetooth_coexistence_hwservice, hwservice_manager_type;
-type hal_cacert_hwservice, hwservice_manager_type;
-type hal_capabilityconfigstore_qti_hwservice, hwservice_manager_type;
-type hal_qseecom_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_display_color_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_iwlan_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_display_config_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_display_postproc_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_dpmqmi_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_imsrtp_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_imscallinfo_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_datafactory_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_cne_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_latency_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_imsrcsd_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_ipacm_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_qteeconnector_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_voiceprint_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type vendor_hal_factory_qti_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_tui_comm_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_qdutils_disp_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_sensorscalibrate_qti_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type vnd_atcmdfwd_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_dataconnection_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_cacert_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_capabilityconfigstore_qti_hwservice, hwservice_manager_type, vendor_hwservice_type;
+type hal_qseecom_hwservice, hwservice_manager_type, protected_hwservice, vendor_hwservice_type;
+type hal_mwqemadapter_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_imsfactory_hwservice, hwservice_manager_type, protected_hwservice, vendor_hwservice_type;
diff --git a/vendor/qcom/common/hwservice_contexts b/vendor/qcom/common/hwservice_contexts
index 2aecfbc..d6d205b 100644
--- a/vendor/qcom/common/hwservice_contexts
+++ b/vendor/qcom/common/hwservice_contexts
@@ -11,12 +11,11 @@ vendor.display.color::IDisplayColor                                     u:object
 vendor.display.config::IDisplayConfig                                   u:object_r:hal_display_config_hwservice:s0
 vendor.display.postproc::IDisplayPostproc                               u:object_r:hal_display_postproc_hwservice:s0
 vendor.qti.hardware.display.mapper::IQtiMapper                          u:object_r:hal_graphics_mapper_hwservice:s0
-vendor.qti.hardware.bluetooth_sar::IBluetoothSar                        u:object_r:hal_bluetooth_coexistence_hwservice:s0
-vendor.qti.hardware.bt_channel_avoidance::IBTChannelAvoidance           u:object_r:hal_bluetooth_coexistence_hwservice:s0
 vendor.qti.hardware.qdutils_disp::IQdutilsDisp                          u:object_r:hal_qdutils_disp_hwservice:s0
 vendor.qti.hardware.qteeconnector::IAppConnector                        u:object_r:hal_qteeconnector_hwservice:s0
 vendor.qti.hardware.qteeconnector::IGPAppConnector                      u:object_r:hal_qteeconnector_hwservice:s0
 vendor.qti.hardware.radio.am::IQcRilAudio                               u:object_r:hal_telephony_hwservice:s0
+vendor.qti.hardware.radio.internal.deviceinfo::IDeviceInfo              u:object_r:hal_telephony_hwservice:s0
 vendor.qti.hardware.radio.lpa::IUimLpa                                  u:object_r:hal_telephony_hwservice:s0
 vendor.qti.hardware.radio.qcrilhook::IQtiOemHook                        u:object_r:hal_telephony_hwservice:s0
 vendor.qti.hardware.radio.qtiradio::IQtiRadio                           u:object_r:hal_telephony_hwservice:s0
@@ -29,6 +28,7 @@ vendor.qti.hardware.tui_comm::ITuiComm                                  u:object
 vendor.qti.hardware.radio.atcmdfwd::IAtCmdFwd                           u:object_r:vnd_atcmdfwd_hwservice:s0
 vendor.qti.hardware.data.latency::ILinkLatency                          u:object_r:hal_latency_hwservice:s0
 vendor.qti.data.factory::IFactory                                       u:object_r:hal_datafactory_hwservice:s0
+vendor.qti.ims.factory::IImsFactory                                     u:object_r:hal_imsfactory_hwservice:s0
 vendor.qti.imsrtpservice::IRTPService                                   u:object_r:hal_imsrtp_hwservice:s0
 vendor.qti.hardware.cacert::IService                                    u:object_r:hal_cacert_hwservice:s0
 hardware.google.media.c2::IConfigurable                                 u:object_r:hal_codec2_hwservice:s0
@@ -37,3 +37,6 @@ vendor.qti.hardware.capabilityconfigstore::ICapabilityConfigStore       u:object
 vendor.qti.hardware.display.allocator::IQtiAllocator                    u:object_r:hal_graphics_allocator_hwservice:s0
 vendor.qti.ims.callinfo::IService                                       u:object_r:hal_imscallinfo_hwservice:s0
 vendor.qti.hardware.qseecom::IQSEECom                                   u:object_r:hal_qseecom_hwservice:s0
+vendor.qti.hardware.mwqemadapter::IMwqemAdapter                         u:object_r:hal_mwqemadapter_hwservice:s0
+vendor.qti.hardware.bluetooth_sar::IBluetoothSar                        u:object_r:hal_bluetooth_coexistence_hwservice:s0
+vendor.qti.hardware.bt_channel_avoidance::IBTChannelAvoidance           u:object_r:hal_bluetooth_coexistence_hwservice:s0
diff --git a/vendor/qcom/common/init-qti-keymaster-sh.te b/vendor/qcom/common/init-qti-keymaster-sh.te
new file mode 100644
index 0000000..f5a6c31
--- /dev/null
+++ b/vendor/qcom/common/init-qti-keymaster-sh.te
@@ -0,0 +1,37 @@
+# Copyright (c) 2020, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#    * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type init-qti-keymaster-sh, domain;
+type init-qti-keymaster-sh_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(init-qti-keymaster-sh)
+
+# Set vendor.keymaster.strongbox.version to 40 or 41
+set_prop(init-qti-keymaster-sh, vendor_km_strongbox_version_prop);
+
+allow init-qti-keymaster-sh vendor_shell_exec:file rx_file_perms;
+allow init-qti-keymaster-sh vendor_toolbox_exec:file rx_file_perms;
diff --git a/vendor/qcom/common/mediacodec.te b/vendor/qcom/common/mediacodec.te
index 5ef6b8f..bec15f6 100644
--- a/vendor/qcom/common/mediacodec.te
+++ b/vendor/qcom/common/mediacodec.te
@@ -3,3 +3,5 @@ get_prop(mediacodec, ecoservice_prop)
 allow mediacodec hal_camera_default:binder call;
 
 get_prop(mediacodec, vendor_display_prop)
+
+dontaudit mediacodec sysfs_msm_subsys:dir search;
diff --git a/vendor/qcom/common/mediatranscoding.te b/vendor/qcom/common/mediatranscoding.te
new file mode 100644
index 0000000..ab3f09d
--- /dev/null
+++ b/vendor/qcom/common/mediatranscoding.te
@@ -0,0 +1,2 @@
+get_prop(domain, vendor_display_prop)
+
diff --git a/vendor/qcom/common/netmgrd.te b/vendor/qcom/common/netmgrd.te
index 238a61b..4d53e7c 100644
--- a/vendor/qcom/common/netmgrd.te
+++ b/vendor/qcom/common/netmgrd.te
@@ -69,5 +69,6 @@ allow netmgrd self:netlink_xfrm_socket create_socket_perms_no_ioctl;
 #Allow set persist.vendor.data.shsusr_load
 #Allow set persist.vendor.data.perf_ko_load
 #Allow set persist.vendor.data.qmipriod_load
+#Allow set persist.vendor.data.offload_ko_load
 set_prop(netmgrd, vendor_radio_prop)
 
diff --git a/vendor/qcom/common/pd_services.te b/vendor/qcom/common/pd_services.te
index 3f48cef..b504a16 100644
--- a/vendor/qcom/common/pd_services.te
+++ b/vendor/qcom/common/pd_services.te
@@ -6,7 +6,7 @@ init_daemon_domain(vendor_pd_mapper);
 allow vendor_pd_mapper self:qipcrtr_socket create_socket_perms_no_ioctl;
 
 userdebug_or_eng(`
-  allow vendor_pd_mapper kmsg_device:chr_file w_file_perms;
+  allow vendor_pd_mapper kmsg_device:chr_file rw_file_perms;
 ')
 
 dontaudit vendor_pd_mapper sysfs_esoc:dir search;
diff --git a/vendor/qcom/common/peripheral_manager.te b/vendor/qcom/common/peripheral_manager.te
index bd5f923..05e75bc 100644
--- a/vendor/qcom/common/peripheral_manager.te
+++ b/vendor/qcom/common/peripheral_manager.te
@@ -8,6 +8,7 @@ init_daemon_domain(vendor_per_mgr);
 vndbinder_use(vendor_per_mgr)
 binder_call(vendor_per_mgr, vendor_per_mgr)
 binder_call(vendor_per_mgr, wcnss_service)
+binder_call(vendor_per_mgr, rild)
 set_prop(vendor_per_mgr, vendor_per_mgr_state_prop)
 
 allow vendor_per_mgr self:qipcrtr_socket create_socket_perms_no_ioctl;
diff --git a/vendor/qcom/common/property.te b/vendor/qcom/common/property.te
index e088dad..81b3b55 100644
--- a/vendor/qcom/common/property.te
+++ b/vendor/qcom/common/property.te
@@ -1,64 +1,64 @@
-type uicc_prop, property_type;
-type qcom_ims_prop, property_type;
-type ctl_vendor_netmgrd_prop, property_type;
-type ctl_vendor_port-bridge_prop, property_type;
-type ctl_qcrild_prop, property_type;
-type vendor_tee_listener_prop, property_type;
-type ctl_vendor_rild_prop, property_type;
-type ctl_LKCore_prop, property_type;
-type freq_prop, property_type;
-type vendor_dataqti_prop, property_type;
-type cnd_vendor_prop, property_type;
-type sensors_prop, property_type;
-type slpi_prop, property_type;
-type msm_irqbalance_prop, property_type;
-type msm_irqbl_sdm630_prop, property_type;
-type camera_prop, property_type;
-type spcomlib_prop, property_type;
-type vendor_display_prop, property_type;
-type scr_enabled_prop, property_type;
-type bg_boot_complete_prop, property_type;
-type opengles_prop, property_type;
-type mdm_helper_prop, property_type;
-type vendor_mpctl_prop, property_type;
-type vendor_iop_prop, property_type;
-type vendor_preobtain_prop, property_type;
-type vendor_am_prop, property_type;
-type vendor_gralloc_prop, property_type;
-type fm_prop, property_type;
-type chgdiabled_prop, property_type;
-type vendor_xlat_prop, property_type;
-type location_prop, property_type;
-type qemu_hw_mainkeys_prop, property_type;
-type vendor_usb_prop, property_type;
-type public_vendor_system_prop, property_type;
-type vendor_coresight_prop, property_type;
-type public_vendor_default_prop, property_type;
-type vendor_alarm_boot_prop, property_type;
-type dolby_prop, property_type;
-type hwui_prop, property_type;
-type graphics_vulkan_prop, property_type;
-type bservice_prop, property_type;
-type reschedule_service_prop, property_type;
-type vendor_boot_mode_prop, property_type;
-type nfc_nq_prop, property_type;
-type vendor_rild_libpath_prop, property_type;
-type vendor_per_mgr_state_prop, property_type;
-type vendor_system_prop, property_type;
-type vendor_bluetooth_prop, property_type;
-type ctl_vendor_imsrcsservice_prop, property_type;
-type vendor_time_service_prop, property_type;
-type vendor_radio_prop, property_type;
-type vendor_audio_prop, property_type;
-type vendor_ssr_prop, property_type;
-type vendor_pd_locater_dbg_prop, property_type;
-type vendor_qdcmss_prop, property_type;
-type vendor_softap_prop, property_type;
-type mm_parser_prop, property_type;
-type mm_video_prop, property_type;
-type ctl_vendor_rmt_storage_prop, property_type;
-type vendor_wifi_version, property_type;
-type vendor_cnss_diag_prop, property_type;
-type vendor_modem_diag_prop, property_type;
-type vendor_ramdump_prop, property_type;
-type vendor_hvdcp_opti_prop, property_type;
+vendor_internal_prop(uicc_prop)
+vendor_restricted_prop(qcom_ims_prop)
+vendor_internal_prop(ctl_vendor_netmgrd_prop)
+vendor_internal_prop(ctl_vendor_port-bridge_prop)
+vendor_internal_prop(ctl_qcrild_prop)
+vendor_internal_prop(vendor_tee_listener_prop)
+vendor_internal_prop(ctl_vendor_rild_prop)
+vendor_internal_prop(ctl_LKCore_prop)
+vendor_internal_prop(freq_prop)
+vendor_internal_prop(vendor_dataqti_prop)
+vendor_restricted_prop(cnd_vendor_prop)
+vendor_internal_prop(sensors_prop)
+vendor_internal_prop(slpi_prop)
+vendor_internal_prop(msm_irqbalance_prop)
+vendor_internal_prop(msm_irqbl_sdm630_prop)
+vendor_restricted_prop(camera_prop)
+vendor_internal_prop(spcomlib_prop)
+vendor_restricted_prop(vendor_display_prop)
+vendor_internal_prop(scr_enabled_prop)
+vendor_internal_prop(bg_boot_complete_prop)
+vendor_internal_prop(opengles_prop)
+vendor_internal_prop(mdm_helper_prop)
+vendor_internal_prop(vendor_mpctl_prop)
+vendor_internal_prop(vendor_iop_prop)
+vendor_internal_prop(vendor_preobtain_prop)
+vendor_internal_prop(vendor_am_prop)
+vendor_internal_prop(vendor_gralloc_prop)
+vendor_internal_prop(fm_prop)
+vendor_internal_prop(chgdiabled_prop)
+vendor_internal_prop(vendor_xlat_prop)
+vendor_internal_prop(location_prop)
+vendor_internal_prop(qemu_hw_mainkeys_prop)
+vendor_internal_prop(vendor_usb_prop)
+vendor_internal_prop(public_vendor_system_prop)
+vendor_internal_prop(vendor_coresight_prop)
+vendor_restricted_prop(public_vendor_default_prop)
+vendor_internal_prop(vendor_alarm_boot_prop)
+vendor_internal_prop(dolby_prop)
+vendor_internal_prop(hwui_prop)
+vendor_internal_prop(graphics_vulkan_prop)
+vendor_internal_prop(bservice_prop)
+vendor_internal_prop(reschedule_service_prop)
+vendor_internal_prop(vendor_boot_mode_prop)
+vendor_internal_prop(nfc_nq_prop)
+vendor_internal_prop(vendor_rild_libpath_prop)
+vendor_internal_prop(vendor_per_mgr_state_prop)
+vendor_internal_prop(vendor_system_prop)
+vendor_internal_prop(vendor_bluetooth_prop)
+vendor_internal_prop(ctl_vendor_imsrcsservice_prop)
+vendor_internal_prop(vendor_time_service_prop)
+vendor_restricted_prop(vendor_radio_prop)
+vendor_internal_prop(vendor_audio_prop)
+vendor_internal_prop(vendor_ssr_prop)
+vendor_internal_prop(vendor_pd_locater_dbg_prop)
+vendor_internal_prop(vendor_qdcmss_prop)
+vendor_internal_prop(vendor_softap_prop)
+vendor_internal_prop(mm_parser_prop)
+vendor_internal_prop(mm_video_prop)
+vendor_internal_prop(ctl_vendor_rmt_storage_prop)
+vendor_internal_prop(vendor_wifi_version)
+vendor_internal_prop(vendor_cnss_diag_prop)
+vendor_internal_prop(vendor_modem_diag_prop)
+vendor_restricted_prop(vendor_hvdcp_opti_prop)
+vendor_restricted_prop(vendor_km_strongbox_version_prop)
diff --git a/vendor/qcom/common/property_contexts b/vendor/qcom/common/property_contexts
index cf09828..eebfb81 100644
--- a/vendor/qcom/common/property_contexts
+++ b/vendor/qcom/common/property_contexts
@@ -1,5 +1,6 @@
 # vendor_audio_prop
 vendor.audio.snd_card.open.retries              u:object_r:vendor_audio_prop:s0
+vendor.audio.adm.buffering.ms                   u:object_r:vendor_audio_prop:s0
 
 vendor.audio.volume.listener.dump               u:object_r:vendor_audio_prop:s0
 vendor.audio.volume.headset.gain.depcal         u:object_r:vendor_audio_prop:s0
@@ -38,7 +39,6 @@ persist.vendor.bt.soc.scram_freqs               u:object_r:vendor_bluetooth_prop
 
 ro.vendor.audio.sdk.fluencetype                 u:object_r:vendor_audio_prop:s0
 ro.vendor.ril.                                  u:object_r:vendor_radio_prop:s0
-ro.boot.ramdump                                 u:object_r:vendor_ramdump_prop:s0
 
 # vendor display prop
 vendor.gralloc.disable_ahardware_buffer         u:object_r:vendor_display_prop:s0
@@ -50,7 +50,6 @@ vendor.debug.prerotation.disable                u:object_r:vendor_display_prop:s
 vendor.debug.egl.swapinterval                   u:object_r:vendor_display_prop:s0
 ro.vendor.graphics.memory                       u:object_r:vendor_display_prop:s0
 
-vendor.debug.ramdump.                           u:object_r:vendor_ramdump_prop:s0
 vendor.ims.                                     u:object_r:qcom_ims_prop:s0
 vendor.peripheral.                              u:object_r:vendor_per_mgr_state_prop:s0
 vendor.sys.listeners.registered                 u:object_r:vendor_tee_listener_prop:s0
@@ -65,6 +64,7 @@ vendor.debug.ssrdump                            u:object_r:vendor_ssr_prop:s0
 persist.vendor.sys.cnss.                        u:object_r:vendor_cnss_diag_prop:s0
 persist.vendor.sys.crash_rcu                    u:object_r:vendor_ramdump_prop:s0
 persist.vendor.sys.ssr.                         u:object_r:vendor_ssr_prop:s0
+vendor.sys.ssr.                                 u:object_r:vendor_ssr_prop:s0
 
 ctl.vendor.rmt_storage                          u:object_r:ctl_vendor_rmt_storage_prop:s0
 
@@ -85,3 +85,7 @@ persist.vendor.data.shs_ko_load                 u:object_r:vendor_radio_prop:s0
 persist.vendor.data.shsusr_load                 u:object_r:vendor_radio_prop:s0
 persist.vendor.data.perf_ko_load                u:object_r:vendor_radio_prop:s0
 persist.vendor.data.qmipriod_load               u:object_r:vendor_radio_prop:s0
+persist.vendor.data.offload_ko_load             u:object_r:vendor_radio_prop:s0
+
+#keymaster strongbox service
+vendor.keymaster.strongbox.version u:object_r:vendor_km_strongbox_version_prop:s0
diff --git a/vendor/qcom/common/qtelephony.te b/vendor/qcom/common/qtelephony.te
index 315b1a2..29ce45f 100644
--- a/vendor/qcom/common/qtelephony.te
+++ b/vendor/qcom/common/qtelephony.te
@@ -7,6 +7,7 @@ add_hwservice(qtelephony, vnd_atcmdfwd_hwservice)
 allow qtelephony app_api_service:service_manager find;
 
 allow qtelephony hal_imsrtp_hwservice:hwservice_manager find;
+allow qtelephony hal_telephony_service:service_manager find;
 allow qtelephony radio_service:service_manager find;
 allow qtelephony sysfs_diag:dir search;
 allow qtelephony sysfs_timestamp_switch:file r_file_perms;
diff --git a/vendor/qcom/common/qtidataservices_app.te b/vendor/qcom/common/qtidataservices_app.te
index f6a80fc..2869a54 100644
--- a/vendor/qcom/common/qtidataservices_app.te
+++ b/vendor/qcom/common/qtidataservices_app.te
@@ -18,6 +18,6 @@ allow qtidataservices_app sysfs_soc:file r_file_perms;
 allow qtidataservices_app sysfs_ssr:file r_file_perms;
 
 get_prop(qtidataservices_app, vendor_default_prop)
-set_prop(qtidataservices_app, exported_radio_prop)
+set_prop(qtidataservices_app, telephony_status_prop)
 
 binder_call(qtidataservices_app, cnd)
diff --git a/vendor/qcom/common/rfs_access.te b/vendor/qcom/common/rfs_access.te
index 97d138d..14cb6a7 100644
--- a/vendor/qcom/common/rfs_access.te
+++ b/vendor/qcom/common/rfs_access.te
@@ -17,3 +17,5 @@ allow rfs_access rfs_tombstone_data_file:file create_file_perms;
 allow rfs_access self:qipcrtr_socket create_socket_perms_no_ioctl;
 
 wakelock_use(rfs_access)
+
+dontaudit rfs_access self:capability { dac_override dac_read_search };
diff --git a/vendor/qcom/common/rmt_storage.te b/vendor/qcom/common/rmt_storage.te
index f094ba9..70d9bce 100644
--- a/vendor/qcom/common/rmt_storage.te
+++ b/vendor/qcom/common/rmt_storage.te
@@ -6,7 +6,7 @@ wakelock_use(rmt_storage)
 
 r_dir_file(rmt_storage, sysfs_uio)
 
-get_prop(rmt_storage, exported3_radio_prop)
+get_prop(rmt_storage, radio_control_prop)
 set_prop(rmt_storage, vendor_modem_prop)
 
 allow rmt_storage kmsg_device:chr_file w_file_perms;
diff --git a/vendor/qcom/common/seapp_contexts b/vendor/qcom/common/seapp_contexts
index cb5dedf..fbf0b3a 100644
--- a/vendor/qcom/common/seapp_contexts
+++ b/vendor/qcom/common/seapp_contexts
@@ -1,11 +1,9 @@
-#TODO(b/126137625): moving dataservice app from system to radio process
-user=radio seinfo=platform name=.dataservices domain=dataservice_app type=radio_data_file
-#user=system seinfo=platform name=.dataservices domain=dataservice_app type=system_app_data_file
+user=radio seinfo=platform name=.dataservices domain=dataservice_app type=radio_data_file levelFrom=user
 
 # Hardware Info Collection
-user=_app seinfo=platform name=com.google.android.hardwareinfo domain=hardware_info_app type=app_data_file levelFrom=user
+user=_app isPrivApp=true name=com.google.android.hardwareinfo domain=hardware_info_app type=app_data_file levelFrom=user
 
-user=radio isPrivApp=true seinfo=platform name=com.google.RilConfigService domain=ril_config_service_app type=app_data_file
+user=radio isPrivApp=true seinfo=platform name=com.google.RilConfigService domain=ril_config_service_app type=app_data_file levelFrom=all
 
 user=_app seinfo=platform name=.qtidataservices domain=qtidataservices_app type=app_data_file levelFrom=all
 
@@ -15,7 +13,7 @@ user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymon
 user=_app seinfo=platform name=com.qualcomm.qti.services.secureui* domain=secure_ui_service_app levelFrom=all
 
 #Needed for time service apk
-user=_app seinfo=platform name=com.qualcomm.timeservice domain=timeservice_app type=app_data_file
+user=_app seinfo=platform name=com.qualcomm.timeservice domain=timeservice_app type=app_data_file levelFrom=all
 
 # Use a custom domain for GoogleCamera, to allow for Hexagon DSP / Easel access
 user=_app seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=all
@@ -31,3 +29,9 @@ user=_app seinfo=platform name=org.codeaurora.ims isPrivApp=true domain=qtelepho
 
 #Add DeviceInfoHidlClient to vendor_qtelephony
 user=_app seinfo=platform name=com.qualcomm.qti.devicestatisticsservice domain=qtelephony type=app_data_file levelFrom=all
+
+# QtiTelephonyService app
+user=_app seinfo=platform name=com.qualcomm.qti.telephonyservice domain=qtelephony type=app_data_file levelFrom=all
+
+#Add ExtTelephonyService to vendor_qtelephony
+user=_app seinfo=platform name=com.qti.phone domain=qtelephony type=app_data_file levelFrom=all
diff --git a/vendor/qcom/common/secure_ui_service_app.te b/vendor/qcom/common/secure_ui_service_app.te
index bcb3e97..f577653 100644
--- a/vendor/qcom/common/secure_ui_service_app.te
+++ b/vendor/qcom/common/secure_ui_service_app.te
@@ -5,8 +5,4 @@ binder_call(secure_ui_service_app, system_server)
 binder_call(secure_ui_service_app, hal_tui_comm_qti)
 
 allow secure_ui_service_app hal_tui_comm_hwservice:hwservice_manager find;
-allow secure_ui_service_app surfaceflinger_service:service_manager find;
-allow secure_ui_service_app telecom_service:service_manager find;
-allow secure_ui_service_app trust_service:service_manager find;
-allow secure_ui_service_app activity_service:service_manager find;
-allow secure_ui_service_app thermal_service:service_manager find;
+allow secure_ui_service_app app_api_service:service_manager find;
diff --git a/vendor/qcom/common/sensors.te b/vendor/qcom/common/sensors.te
index 95737d0..a423192 100644
--- a/vendor/qcom/common/sensors.te
+++ b/vendor/qcom/common/sensors.te
@@ -12,5 +12,7 @@ allow sensors self:qipcrtr_socket create;
 allow sensors sensors_persist_file:dir rw_dir_perms;
 r_dir_file(sensors, sysfs_msm_subsys)
 allow sensors sysfs_ssr:file r_file_perms;
+allow sensors sensors_vendor_data_file:dir rw_dir_perms;
+allow sensors sensors_vendor_data_file:file create_file_perms;
 
 dontaudit sensors sysfs_esoc:dir r_dir_perms;
diff --git a/vendor/qcom/common/service.te b/vendor/qcom/common/service.te
index c2ea2f6..cb00941 100644
--- a/vendor/qcom/common/service.te
+++ b/vendor/qcom/common/service.te
@@ -4,3 +4,4 @@ type imsrcs_service,              service_manager_type;
 type improve_touch_service,       service_manager_type;
 type gba_auth_service,            service_manager_type;
 type qtitetherservice_service,    service_manager_type;
+type hal_telephony_service,       service_manager_type, vendor_service, protected_service;
diff --git a/vendor/qcom/common/service_contexts b/vendor/qcom/common/service_contexts
new file mode 100644
index 0000000..c11263b
--- /dev/null
+++ b/vendor/qcom/common/service_contexts
@@ -0,0 +1,3 @@
+vendor.qti.hardware.radio.ims.IImsRadio/default        u:object_r:hal_telephony_service:s0
+vendor.qti.hardware.radio.ims.IImsRadio/imsradio0         u:object_r:hal_telephony_service:s0
+vendor.qti.hardware.radio.ims.IImsRadio/imsradio1         u:object_r:hal_telephony_service:s0
diff --git a/vendor/qcom/common/tee.te b/vendor/qcom/common/tee.te
index b28b1b7..d1e8cc1 100644
--- a/vendor/qcom/common/tee.te
+++ b/vendor/qcom/common/tee.te
@@ -31,3 +31,6 @@ allow tee hal_graphics_allocator_default:fd use;
 
 allow tee sysfs_wake_lock:file append;
 allow tee time_daemon:unix_stream_socket connectto;
+
+# allow tee access for secure UI to work
+allow tee graphics_device:chr_file rw_file_perms;
author	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	2022-05-10 06:53:06 +0000
committer	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	2022-05-10 06:53:06 +0000
commit	bb0385357e291ee497821c6916d6c350ef7613b3 (patch)
tree	8368e24c77e5cc642648107fd1737a78b2c010be /vendor/qcom/common
parent	216fcd65c7be58344bacd7b6a3c9c6d72e724c32 (diff)
parent	05a1b76da9b95260b0fc9583b6ad797016836fef (diff)
download	sunfish-sepolicy-bb0385357e291ee497821c6916d6c350ef7613b3.tar.gz