sync codebase

Bug: 162370942 Test: build pass Change-Id: Ib6042e79d74dedae3b07c91769958f58e439f62b Merged-In: I4c2275e155bd71793d554e5d44d7833d4c4ab9da
author: Adam Shih <adamshih@google.com> 2021-07-05 09:50:03 +0800
committer: Adam Shih <adamshih@google.com> 2021-07-13 08:29:57 +0800
commit: 375055f0abc5963af2cc581ee0fbd3eb155f8c51 (patch)
tree: 5f6f8104f541f30070828832b991ad359461c63a /vendor/qcom/common
parent: c8e6b9e74b9280d6a3bdec49637101200dce6b60 (diff)
download: sunfish-sepolicy-375055f0abc5963af2cc581ee0fbd3eb155f8c51.tar.gz
18 files changed, 68 insertions, 16 deletions
diff --git a/vendor/qcom/common/cnd.te b/vendor/qcom/common/cnd.te
index 473de1b..30acc21 100644
--- a/vendor/qcom/common/cnd.te
+++ b/vendor/qcom/common/cnd.te
@@ -20,6 +20,7 @@ allow cnd cnd_data_file:dir rw_dir_perms;
 wakelock_use(cnd)
 # To register cnd to hwbinder
 add_hwservice(cnd, hal_datafactory_hwservice)
+add_hwservice(cnd, hal_mwqemadapter_hwservice)
 userdebug_or_eng(`
   allow cnd diag_device:chr_file rw_file_perms;
 ')
diff --git a/vendor/qcom/common/file.te b/vendor/qcom/common/file.te
index 33bb82e..23073eb 100644
--- a/vendor/qcom/common/file.te
+++ b/vendor/qcom/common/file.te
@@ -131,8 +131,6 @@ type sysfs_sectouch, sysfs_type, fs_type;
 type vendor_tui_data_file, file_type, data_file_type;
 type vendor_bt_data_file, file_type, data_file_type;
 type sysfs_jpeg, fs_type, sysfs_type;
-type ramdump_vendor_data_file, file_type, data_file_type, mlstrustedobject;
-type ramdump_vendor_mnt_file, file_type, data_file_type, mlstrustedobject;
 type sysfs_npu, fs_type, sysfs_type;
 type vendor_ramdump_data_file, file_type, data_file_type;
 type vendor_mdmhelperdata_data_file, file_type, data_file_type;
diff --git a/vendor/qcom/common/file_contexts b/vendor/qcom/common/file_contexts
index 38d8a33..3ed0ebf 100644
--- a/vendor/qcom/common/file_contexts
+++ b/vendor/qcom/common/file_contexts
@@ -67,6 +67,8 @@
 /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@3\.0-service-qti u:object_r:hal_keymaster_qti_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.0-service-qti u:object_r:hal_keymaster_qti_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.0-strongbox-service-qti u:object_r:hal_keymaster_qti_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.1-service-qti u:object_r:hal_keymaster_qti_exec:s0
+/(vendor|system/vendor)/bin/init\.qti\.keymaster\.sh u:object_r:init-qti-keymaster-sh_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.gatekeeper@1\.0-service-qti u:object_r:hal_gatekeeper_qti_exec:s0
 /(vendor|system/vendor)/bin/imsrcsd             u:object_r:hal_rcsservice_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.qteeconnector@1\.0-service u:object_r:hal_qteeconnector_qti_exec:s0
@@ -113,12 +115,6 @@
 /mnt/vendor/persist/audio(/.*)?                                                u:object_r:persist_audio_file:s0
 
 ###################################
-# ramdumpfs files
-#
-/mnt/vendor/ramdump(/.*)?                       u:object_r:ramdump_vendor_mnt_file:s0
-/ramdump(/.*)?                                  u:object_r:ramdump_vendor_mnt_file:s0
-
-###################################
 # adsp files
 #
 /(vendor|system/vendor)/dsp(/.*)?                                   u:object_r:adsprpcd_file:s0
@@ -144,6 +140,8 @@
 /vendor/lib(64)?/vendor\.qti\.hardware\.display\.mapperextensions@1\.1\.so   u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/hw/android\.hardware\.graphics\.mapper@3\.0-impl-qti-display\.so   u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/vendor\.qti\.hardware\.display\.mapper@3\.0\.so   u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/hw/android\.hardware\.graphics\.mapper@4\.0-impl-qti-display\.so   u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/vendor\.qti\.hardware\.display\.mapper@4\.0\.so   u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/libqdMetaData\.so         u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/libgralloc\.qti\.so       u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/lib_aion_buffer\.so       u:object_r:same_process_hal_file:s0
@@ -268,7 +266,6 @@
 /data/vendor/modem_fdr(/.*)?           u:object_r:modem_fdr_file:s0
 /data/vendor/mediadrm(/.*)?            u:object_r:mediadrm_vendor_data_file:s0
 /data/vendor/nnhal(/.*)?               u:object_r:hal_neuralnetworks_data_file:s0
-/data/vendor/ramdump(/.*)?             u:object_r:ramdump_vendor_data_file:s0
 /data/vendor/ssrdump(/.*)?             u:object_r:ramdump_vendor_data_file:s0
 /data/vendor/ssrlog(/.*)?              u:object_r:ssr_log_file:s0
 /data/vendor/camera(/.*)?              u:object_r:camera_vendor_data_file:s0
diff --git a/vendor/qcom/common/hal_gnss_qti.te b/vendor/qcom/common/hal_gnss_qti.te
index c4481a7..80abd2e 100644
--- a/vendor/qcom/common/hal_gnss_qti.te
+++ b/vendor/qcom/common/hal_gnss_qti.te
@@ -24,5 +24,7 @@ allow hal_gnss_qti location:unix_dgram_socket sendto;
 
 allow hal_gnss_qti self:qipcrtr_socket create_socket_perms_no_ioctl;
 
+allow hal_gnss_qti location_data_file:dir r_dir_perms;
+
 # Allow Gnss HAL to get updates from health hal
 hal_client_domain(hal_gnss_qti, hal_health)
diff --git a/vendor/qcom/common/hal_neuralnetworks.te b/vendor/qcom/common/hal_neuralnetworks.te
index 1d20204..6ccdd39 100644
--- a/vendor/qcom/common/hal_neuralnetworks.te
+++ b/vendor/qcom/common/hal_neuralnetworks.te
@@ -17,3 +17,6 @@ r_dir_file(hal_neuralnetworks_default, sysfs_soc)
 r_dir_file(hal_neuralnetworks_default, adsprpcd_file)
 
 dontaudit hal_neuralnetworks_default vendor_display_prop:file read;
+
+# b/159570217 suppress warning related to zeroth.debuglog.logmask
+dontaudit hal_neuralnetworks_default default_prop:file { open read };
diff --git a/vendor/qcom/common/hvdcp.te b/vendor/qcom/common/hvdcp.te
index 7cdae50..9c1b7eb 100644
--- a/vendor/qcom/common/hvdcp.te
+++ b/vendor/qcom/common/hvdcp.te
@@ -7,7 +7,7 @@ allow hvdcp sysfs_batteryinfo:dir r_dir_perms;
 allow hvdcp qg_device:chr_file rw_file_perms;
 allow hvdcp self:capability2 wake_alarm;
 allow hvdcp self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
-allow hvdcp kmsg_device:chr_file r_file_perms;
+allow hvdcp kmsg_device:chr_file rw_file_perms;
 allow hvdcp mnt_vendor_file:dir r_dir_perms;
 allow hvdcp persist_file:dir search;
 allow hvdcp persist_hvdcp_file:dir search;
diff --git a/vendor/qcom/common/hwservice.te b/vendor/qcom/common/hwservice.te
index 39e009b..5f091a5 100644
--- a/vendor/qcom/common/hwservice.te
+++ b/vendor/qcom/common/hwservice.te
@@ -18,7 +18,7 @@ type hal_qdutils_disp_hwservice, hwservice_manager_type, vendor_hwservice_type;
 type hal_sensorscalibrate_qti_hwservice, hwservice_manager_type, vendor_hwservice_type;
 type vnd_atcmdfwd_hwservice, hwservice_manager_type, vendor_hwservice_type;
 type hal_dataconnection_hwservice, hwservice_manager_type, vendor_hwservice_type;
-type hal_bluetooth_coexistence_hwservice, hwservice_manager_type, vendor_hwservice_type;
 type hal_cacert_hwservice, hwservice_manager_type, vendor_hwservice_type;
 type hal_capabilityconfigstore_qti_hwservice, hwservice_manager_type, vendor_hwservice_type;
 type hal_qseecom_hwservice, hwservice_manager_type, protected_hwservice, vendor_hwservice_type;
+type hal_mwqemadapter_hwservice, hwservice_manager_type, protected_hwservice;
diff --git a/vendor/qcom/common/hwservice_contexts b/vendor/qcom/common/hwservice_contexts
index 2aecfbc..f275324 100644
--- a/vendor/qcom/common/hwservice_contexts
+++ b/vendor/qcom/common/hwservice_contexts
@@ -11,12 +11,11 @@ vendor.display.color::IDisplayColor                                     u:object
 vendor.display.config::IDisplayConfig                                   u:object_r:hal_display_config_hwservice:s0
 vendor.display.postproc::IDisplayPostproc                               u:object_r:hal_display_postproc_hwservice:s0
 vendor.qti.hardware.display.mapper::IQtiMapper                          u:object_r:hal_graphics_mapper_hwservice:s0
-vendor.qti.hardware.bluetooth_sar::IBluetoothSar                        u:object_r:hal_bluetooth_coexistence_hwservice:s0
-vendor.qti.hardware.bt_channel_avoidance::IBTChannelAvoidance           u:object_r:hal_bluetooth_coexistence_hwservice:s0
 vendor.qti.hardware.qdutils_disp::IQdutilsDisp                          u:object_r:hal_qdutils_disp_hwservice:s0
 vendor.qti.hardware.qteeconnector::IAppConnector                        u:object_r:hal_qteeconnector_hwservice:s0
 vendor.qti.hardware.qteeconnector::IGPAppConnector                      u:object_r:hal_qteeconnector_hwservice:s0
 vendor.qti.hardware.radio.am::IQcRilAudio                               u:object_r:hal_telephony_hwservice:s0
+vendor.qti.hardware.radio.internal.deviceinfo::IDeviceInfo              u:object_r:hal_telephony_hwservice:s0
 vendor.qti.hardware.radio.lpa::IUimLpa                                  u:object_r:hal_telephony_hwservice:s0
 vendor.qti.hardware.radio.qcrilhook::IQtiOemHook                        u:object_r:hal_telephony_hwservice:s0
 vendor.qti.hardware.radio.qtiradio::IQtiRadio                           u:object_r:hal_telephony_hwservice:s0
@@ -37,3 +36,4 @@ vendor.qti.hardware.capabilityconfigstore::ICapabilityConfigStore       u:object
 vendor.qti.hardware.display.allocator::IQtiAllocator                    u:object_r:hal_graphics_allocator_hwservice:s0
 vendor.qti.ims.callinfo::IService                                       u:object_r:hal_imscallinfo_hwservice:s0
 vendor.qti.hardware.qseecom::IQSEECom                                   u:object_r:hal_qseecom_hwservice:s0
+vendor.qti.hardware.mwqemadapter::IMwqemAdapter                         u:object_r:hal_mwqemadapter_hwservice:s0
diff --git a/vendor/qcom/common/init-qti-keymaster-sh.te b/vendor/qcom/common/init-qti-keymaster-sh.te
new file mode 100644
index 0000000..f5a6c31
--- /dev/null
+++ b/vendor/qcom/common/init-qti-keymaster-sh.te
@@ -0,0 +1,37 @@
+# Copyright (c) 2020, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#    * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type init-qti-keymaster-sh, domain;
+type init-qti-keymaster-sh_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(init-qti-keymaster-sh)
+
+# Set vendor.keymaster.strongbox.version to 40 or 41
+set_prop(init-qti-keymaster-sh, vendor_km_strongbox_version_prop);
+
+allow init-qti-keymaster-sh vendor_shell_exec:file rx_file_perms;
+allow init-qti-keymaster-sh vendor_toolbox_exec:file rx_file_perms;
diff --git a/vendor/qcom/common/mediatranscoding.te b/vendor/qcom/common/mediatranscoding.te
new file mode 100644
index 0000000..ab3f09d
--- /dev/null
+++ b/vendor/qcom/common/mediatranscoding.te
@@ -0,0 +1,2 @@
+get_prop(domain, vendor_display_prop)
+
diff --git a/vendor/qcom/common/netmgrd.te b/vendor/qcom/common/netmgrd.te
index 238a61b..4d53e7c 100644
--- a/vendor/qcom/common/netmgrd.te
+++ b/vendor/qcom/common/netmgrd.te
@@ -69,5 +69,6 @@ allow netmgrd self:netlink_xfrm_socket create_socket_perms_no_ioctl;
 #Allow set persist.vendor.data.shsusr_load
 #Allow set persist.vendor.data.perf_ko_load
 #Allow set persist.vendor.data.qmipriod_load
+#Allow set persist.vendor.data.offload_ko_load
 set_prop(netmgrd, vendor_radio_prop)
 
diff --git a/vendor/qcom/common/property.te b/vendor/qcom/common/property.te
index d232ac6..81b3b55 100644
--- a/vendor/qcom/common/property.te
+++ b/vendor/qcom/common/property.te
@@ -60,5 +60,5 @@ vendor_internal_prop(ctl_vendor_rmt_storage_prop)
 vendor_internal_prop(vendor_wifi_version)
 vendor_internal_prop(vendor_cnss_diag_prop)
 vendor_internal_prop(vendor_modem_diag_prop)
-vendor_internal_prop(vendor_ramdump_prop)
 vendor_restricted_prop(vendor_hvdcp_opti_prop)
+vendor_restricted_prop(vendor_km_strongbox_version_prop)
diff --git a/vendor/qcom/common/property_contexts b/vendor/qcom/common/property_contexts
index 89f0779..eebfb81 100644
--- a/vendor/qcom/common/property_contexts
+++ b/vendor/qcom/common/property_contexts
@@ -39,7 +39,6 @@ persist.vendor.bt.soc.scram_freqs               u:object_r:vendor_bluetooth_prop
 
 ro.vendor.audio.sdk.fluencetype                 u:object_r:vendor_audio_prop:s0
 ro.vendor.ril.                                  u:object_r:vendor_radio_prop:s0
-ro.boot.ramdump                                 u:object_r:vendor_ramdump_prop:s0
 
 # vendor display prop
 vendor.gralloc.disable_ahardware_buffer         u:object_r:vendor_display_prop:s0
@@ -51,7 +50,6 @@ vendor.debug.prerotation.disable                u:object_r:vendor_display_prop:s
 vendor.debug.egl.swapinterval                   u:object_r:vendor_display_prop:s0
 ro.vendor.graphics.memory                       u:object_r:vendor_display_prop:s0
 
-vendor.debug.ramdump.                           u:object_r:vendor_ramdump_prop:s0
 vendor.ims.                                     u:object_r:qcom_ims_prop:s0
 vendor.peripheral.                              u:object_r:vendor_per_mgr_state_prop:s0
 vendor.sys.listeners.registered                 u:object_r:vendor_tee_listener_prop:s0
@@ -87,3 +85,7 @@ persist.vendor.data.shs_ko_load                 u:object_r:vendor_radio_prop:s0
 persist.vendor.data.shsusr_load                 u:object_r:vendor_radio_prop:s0
 persist.vendor.data.perf_ko_load                u:object_r:vendor_radio_prop:s0
 persist.vendor.data.qmipriod_load               u:object_r:vendor_radio_prop:s0
+persist.vendor.data.offload_ko_load             u:object_r:vendor_radio_prop:s0
+
+#keymaster strongbox service
+vendor.keymaster.strongbox.version u:object_r:vendor_km_strongbox_version_prop:s0
diff --git a/vendor/qcom/common/qtelephony.te b/vendor/qcom/common/qtelephony.te
index 315b1a2..29ce45f 100644
--- a/vendor/qcom/common/qtelephony.te
+++ b/vendor/qcom/common/qtelephony.te
@@ -7,6 +7,7 @@ add_hwservice(qtelephony, vnd_atcmdfwd_hwservice)
 allow qtelephony app_api_service:service_manager find;
 
 allow qtelephony hal_imsrtp_hwservice:hwservice_manager find;
+allow qtelephony hal_telephony_service:service_manager find;
 allow qtelephony radio_service:service_manager find;
 allow qtelephony sysfs_diag:dir search;
 allow qtelephony sysfs_timestamp_switch:file r_file_perms;
diff --git a/vendor/qcom/common/seapp_contexts b/vendor/qcom/common/seapp_contexts
index c34496a..6b2ff84 100644
--- a/vendor/qcom/common/seapp_contexts
+++ b/vendor/qcom/common/seapp_contexts
@@ -29,3 +29,7 @@ user=_app seinfo=platform name=org.codeaurora.ims isPrivApp=true domain=qtelepho
 
 #Add DeviceInfoHidlClient to vendor_qtelephony
 user=_app seinfo=platform name=com.qualcomm.qti.devicestatisticsservice domain=qtelephony type=app_data_file levelFrom=all
+
+# QtiTelephonyService app
+user=_app seinfo=platform name=com.qualcomm.qti.telephonyservice domain=qtelephony type=app_data_file levelFrom=all
+
diff --git a/vendor/qcom/common/sensors.te b/vendor/qcom/common/sensors.te
index 95737d0..a423192 100644
--- a/vendor/qcom/common/sensors.te
+++ b/vendor/qcom/common/sensors.te
@@ -12,5 +12,7 @@ allow sensors self:qipcrtr_socket create;
 allow sensors sensors_persist_file:dir rw_dir_perms;
 r_dir_file(sensors, sysfs_msm_subsys)
 allow sensors sysfs_ssr:file r_file_perms;
+allow sensors sensors_vendor_data_file:dir rw_dir_perms;
+allow sensors sensors_vendor_data_file:file create_file_perms;
 
 dontaudit sensors sysfs_esoc:dir r_dir_perms;
diff --git a/vendor/qcom/common/service.te b/vendor/qcom/common/service.te
index c2ea2f6..c3aa9f1 100644
--- a/vendor/qcom/common/service.te
+++ b/vendor/qcom/common/service.te
@@ -4,3 +4,4 @@ type imsrcs_service,              service_manager_type;
 type improve_touch_service,       service_manager_type;
 type gba_auth_service,            service_manager_type;
 type qtitetherservice_service,    service_manager_type;
+type hal_telephony_service, service_manager_type, vendor_service;
diff --git a/vendor/qcom/common/service_contexts b/vendor/qcom/common/service_contexts
new file mode 100644
index 0000000..405f768
--- /dev/null
+++ b/vendor/qcom/common/service_contexts
@@ -0,0 +1 @@
+vendor.qti.hardware.radio.ims.IImsRadio/default        u:object_r:hal_telephony_service:s0
author	Adam Shih <adamshih@google.com>	2021-07-05 09:50:03 +0800
committer	Adam Shih <adamshih@google.com>	2021-07-13 08:29:57 +0800
commit	375055f0abc5963af2cc581ee0fbd3eb155f8c51 (patch)
tree	5f6f8104f541f30070828832b991ad359461c63a /vendor/qcom/common
parent	c8e6b9e74b9280d6a3bdec49637101200dce6b60 (diff)
download	sunfish-sepolicy-375055f0abc5963af2cc581ee0fbd3eb155f8c51.tar.gz