11 files changed, 26 insertions, 16 deletions

diff --git a/vendor/google/fastbootd.te b/vendor/google/fastbootd.te
index 996a114..9b54250 100644
--- a/vendor/google/fastbootd.te
+++ b/vendor/google/fastbootd.te
@@ -6,4 +6,5 @@ recovery_only(`
   allow fastbootd modem_block_device:blk_file getattr;
   allow fastbootd sysfs_scsi_devices_0000:dir r_dir_perms;
   allow fastbootd sg_device:chr_file rw_file_perms;
+  allow fastbootd citadel_device:chr_file rw_file_perms;
 ')
diff --git a/vendor/google/file.te b/vendor/google/file.te
index 20982b0..4172554 100644
--- a/vendor/google/file.te
+++ b/vendor/google/file.te
@@ -34,6 +34,7 @@ type hal_neuralnetworks_darwinn_hal_camera_data_file, file_type, data_file_type;
 type sysfs_knowles_info, fs_type, sysfs_type;
 type sysfs_fingerprint, sysfs_type, fs_type;
 type per_boot_file, file_type, data_file_type, core_data_file_type;
+type proc_sched_lib_mask_cpuinfo, proc_type, fs_type;
 
 # Dumpstates bootloader logs
 type proc_bldrlog, fs_type, proc_type;
diff --git a/vendor/google/genfs_contexts b/vendor/google/genfs_contexts
index a1866b7..85caf53 100644
--- a/vendor/google/genfs_contexts
+++ b/vendor/google/genfs_contexts
@@ -40,6 +40,8 @@ genfscon proc /sys/kernel/sched_upmigrate
 genfscon proc /sys/kernel/sched_downmigrate                                     u:object_r:proc_sched_updown_migrate:s0
 genfscon proc /sys/kernel/sched_upmigrate_boosted                               u:object_r:proc_sched_updown_migrate:s0
 genfscon proc /sys/kernel/sched_downmigrate_boosted                             u:object_r:proc_sched_updown_migrate:s0
+genfscon proc /sys/kernel/sched_lib_name                                        u:object_r:proc_sched_lib_mask_cpuinfo:s0
+genfscon proc /sys/kernel/sched_lib_mask_force                                  u:object_r:proc_sched_lib_mask_cpuinfo:s0
 
 # PowerStatsHal
 genfscon sysfs /power/system_sleep/stats           u:object_r:sysfs_power_stats:s0
diff --git a/vendor/google/hal_power_stats_default.te b/vendor/google/hal_power_stats_default.te
index b328b2c..aec48e9 100644
--- a/vendor/google/hal_power_stats_default.te
+++ b/vendor/google/hal_power_stats_default.te
@@ -3,6 +3,7 @@ get_prop(hal_power_stats_default, wifi_hal_prop) # Needed to detect wifi on/off
 r_dir_file(hal_power_stats_default, sysfs_iio_devices) # Needed to traverse odpm files
 r_dir_file(hal_power_stats_default, sysfs_power_stats) # Needed to traverse platform low power stats
 r_dir_file(hal_power_stats_default, sysfs_msm_subsys) # Needed to traverse subsystem low power stats
+r_dir_file(hal_power_stats_default, sysfs_leds) # Needed to track display stats
 
 # The following folders are incidentally accessed by hal_power_stats_default and are not needed.
 dontaudit hal_power_stats_default sysfs_power_stats_ignore:dir r_dir_perms;
diff --git a/vendor/google/hal_sensors_default.te b/vendor/google/hal_sensors_default.te
index bb194bb..57dd450 100644
--- a/vendor/google/hal_sensors_default.te
+++ b/vendor/google/hal_sensors_default.te
@@ -15,3 +15,7 @@ allow hal_sensors_default sysfs_leds:file r_file_perms;
 # For Suez metrics collection
 allow hal_sensors_default fwk_stats_hwservice:hwservice_manager find;
 binder_call(hal_sensors_default, system_server);
+
+# Allow Suez nanoapp clients to connect to CHRE.
+allow hal_sensors_default chre_socket:sock_file write;
+allow hal_sensors_default chre:unix_stream_socket connectto;
diff --git a/vendor/google/hal_wifi_ext.te b/vendor/google/hal_wifi_ext.te
index 1be706b..55ea19e 100644
--- a/vendor/google/hal_wifi_ext.te
+++ b/vendor/google/hal_wifi_ext.te
@@ -27,7 +27,7 @@ r_dir_file(hal_wifi_ext, proc_wifi_dbg)
 # Allow wifi_ext to report callbacks to gril-service app
 binder_call(hal_wifi_ext, grilservice_app)
 
-allow hal_wifi_ext wlan_device:chr_file w_file_perms;
+allow hal_wifi_ext wlan_device:chr_file rw_file_perms;
 
 userdebug_or_eng(`
 # debugfs entries are only needed in user-debug or eng builds
diff --git a/vendor/google/modem_svc.te b/vendor/google/modem_svc.te
index a48c70a..5f8cefa 100644
--- a/vendor/google/modem_svc.te
+++ b/vendor/google/modem_svc.te
@@ -12,11 +12,9 @@ get_prop(modem_svc, radio_control_prop)
 get_prop(modem_svc, vendor_build_type_prop)
 
 # For bugreport collection
-userdebug_or_eng(`
-  allow modem_svc hal_dumpstate_impl:fd use;
-  allow modem_svc dumpstate:fd use;
-  allow modem_svc shell_data_file:file write;
-')
+allow modem_svc hal_dumpstate_impl:fd use;
+allow modem_svc dumpstate:fd use;
+allow modem_svc shell_data_file:file write;
 
 dontaudit modem_svc sysfs_msm_subsys:dir r_dir_perms;
 dontaudit modem_svc sysfs_esoc:dir r_dir_perms;
diff --git a/vendor/google/pixelstats_vendor.te b/vendor/google/pixelstats_vendor.te
index a2680f3..b490abb 100644
--- a/vendor/google/pixelstats_vendor.te
+++ b/vendor/google/pixelstats_vendor.te
@@ -16,7 +16,7 @@ binder_call(pixelstats_vendor, stats_service_server)
 
 allow pixelstats_vendor sysfs_scsi_devices_0000:file rw_file_perms;
 r_dir_file(pixelstats_vendor, sysfs_batteryinfo)
-allow pixelstats_vendor sysfs_batteryinfo:file w_file_perms;
+allow pixelstats_vendor sysfs_batteryinfo:file rw_file_perms;
 
 # UeventListener
 allow pixelstats_vendor self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
diff --git a/vendor/google/uv_exposure_reporter.te b/vendor/google/uv_exposure_reporter.te
index 1d9ae56..af7e0d6 100644
--- a/vendor/google/uv_exposure_reporter.te
+++ b/vendor/google/uv_exposure_reporter.te
@@ -1,13 +1,10 @@
 type uv_exposure_reporter, domain;
 
-userdebug_or_eng(`
-  app_domain(uv_exposure_reporter)
+app_domain(uv_exposure_reporter)
 
-  allow uv_exposure_reporter app_api_service:service_manager find;
-  allow uv_exposure_reporter fwk_stats_hwservice:hwservice_manager find;
-  allow uv_exposure_reporter sysfs_msm_subsys:dir search;
-  allow uv_exposure_reporter sysfs_msm_subsys:file r_file_perms;
-  binder_call(uv_exposure_reporter, gpuservice);
-  binder_call(uv_exposure_reporter, stats_service_server);
-')
+allow uv_exposure_reporter app_api_service:service_manager find;
+allow uv_exposure_reporter fwk_stats_hwservice:hwservice_manager find;
+allow uv_exposure_reporter sysfs_msm_subsys:dir search;
+allow uv_exposure_reporter sysfs_msm_subsys:file r_file_perms;
+binder_call(uv_exposure_reporter, stats_service_server);
 
diff --git a/vendor/google/vendor_init.te b/vendor/google/vendor_init.te
index 8672d3f..c7afffb 100644
--- a/vendor/google/vendor_init.te
+++ b/vendor/google/vendor_init.te
@@ -35,6 +35,7 @@ allow vendor_init proc_sched_energy_aware:file w_file_perms;
 allow vendor_init proc_sched_updown_migrate:file w_file_perms;
 allow vendor_init proc_swappiness:file w_file_perms;
 allow vendor_init proc_dirty:file w_file_perms;
+allow vendor_init proc_sched_lib_mask_cpuinfo:file w_file_perms;
 
 allow vendor_init self:global_capability2_class_set block_suspend;
 allow vendor_init sysfs_wake_lock:file rw_file_perms;
diff --git a/vendor/qcom/common/file_contexts b/vendor/qcom/common/file_contexts
index 907d5b9..7931a55 100644
--- a/vendor/qcom/common/file_contexts
+++ b/vendor/qcom/common/file_contexts
@@ -150,6 +150,7 @@
 /vendor/lib(64)?/libqservice\.so           u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/libqdutils\.so            u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/libadreno_utils\.so       u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libgpudataproducer\.so    u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/libgsl\.so                u:object_r:same_process_hal_file:s0
 
 /vendor/lib(64)?/libEGL_adreno\.so         u:object_r:same_process_hal_file:s0
@@ -179,6 +180,10 @@
 # libGLESv2_adreno depends on this
 /vendor/lib(64)?/libllvm-glnext\.so         u:object_r:same_process_hal_file:s0
 
+# Game profiling library
+/vendor/lib(64)?/libadreno_app_profiles\.so    u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/vendor\.qti\.qspmhal@1\.0\.so u:object_r:same_process_hal_file:s0
+
 # libOpenCL-pixel and its dependencies
 /vendor/lib(64)?/libOpenCL-pixel\.so        u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/libOpenCL\.so              u:object_r:same_process_hal_file:s0