sepolicy: inital commit for seperation of generic to qva
restructuring dir sturcture.
adding support of upcomming target.
Change-Id: I6b23e7c0c8bed79146b29c681c7ef1f5311e1234
diff --git a/Android.mk b/Android.mk
index 3bd324c..1885a8e 100644
--- a/Android.mk
+++ b/Android.mk
@@ -4,20 +4,24 @@
BOARD_SEPOLICY_DIRS := \
$(BOARD_SEPOLICY_DIRS) \
$(LOCAL_PATH) \
- $(LOCAL_PATH)/vendor/common \
- $(LOCAL_PATH)/vendor/$(TARGET_BOARD_PLATFORM) \
- $(LOCAL_PATH)/vendor/common/sysmonapp
+ $(LOCAL_PATH)/qva/vendor/common/sysmonapp \
+ $(LOCAL_PATH)/generic/vendor/common \
+ $(LOCAL_PATH)/generic/vendor/$(TARGET_BOARD_PLATFORM) \
+ $(LOCAL_PATH)/qva/vendor/$(TARGET_BOARD_PLATFORM) \
+ $(LOCAL_PATH)/qva/vendor/common
BOARD_PLAT_PUBLIC_SEPOLICY_DIR := \
$(BOARD_PLAT_PUBLIC_SEPOLICY_DIR) \
- $(LOCAL_PATH)/public
+ $(LOCAL_PATH)/generic/public \
+ $(LOCAL_PATH)/qva/public
BOARD_PLAT_PRIVATE_SEPOLICY_DIR := \
$(BOARD_PLAT_PRIVATE_SEPOLICY_DIR) \
- $(LOCAL_PATH)/private
+ $(LOCAL_PATH)/generic/private \
+ $(LOCAL_PATH)/qva/private
ifneq (,$(filter userdebug eng, $(TARGET_BUILD_VARIANT)))
-BOARD_SEPOLICY_DIRS += $(LOCAL_PATH)/vendor/test
+BOARD_SEPOLICY_DIRS += $(LOCAL_PATH)/genric/vendor/test
endif
endif
diff --git a/private/qtelephony.te b/generic/private/dataservice_app.te
similarity index 69%
copy from private/qtelephony.te
copy to generic/private/dataservice_app.te
index 0a172f9..77319ab 100644
--- a/private/qtelephony.te
+++ b/generic/private/dataservice_app.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2017-2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,28 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
+typeattribute dataservice_app coredomain;
+app_domain(dataservice_app)
+net_domain(dataservice_app)
-app_domain(qtelephony)
+add_service(dataservice_app, cne_service)
+add_service(dataservice_app, uce_service)
+allow dataservice_app {
+ app_api_service
+ system_api_service
+ audioserver_service
+ radio_service
+}:service_manager find;
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
+allow dataservice_app radio_data_file:dir create_dir_perms;
+allow dataservice_app radio_data_file:{ file lnk_file } create_file_perms;
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+hwbinder_use(dataservice_app)
+
diff --git a/private/file.te b/generic/private/file.te
similarity index 100%
rename from private/file.te
rename to generic/private/file.te
diff --git a/private/qtelephony.te b/generic/private/file_contexts
similarity index 73%
copy from private/qtelephony.te
copy to generic/private/file_contexts
index 0a172f9..8885fc7 100644
--- a/private/qtelephony.te
+++ b/generic/private/file_contexts
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,13 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+/data/misc/elabel(/.*)? u:object_r:elabel_data_file:s0
+/data/misc/seemp(/.*)? u:object_r:seemp_data_file:s0
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
-
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+/system/etc/init\.qcom\.testscripts\.sh u:object_r:qti-testscripts_exec:s0
diff --git a/private/platform_app.te b/generic/private/platform_app.te
similarity index 100%
rename from private/platform_app.te
rename to generic/private/platform_app.te
diff --git a/private/qtelephony.te b/generic/private/qtelephony.te
similarity index 93%
rename from private/qtelephony.te
rename to generic/private/qtelephony.te
index 0a172f9..2147337 100644
--- a/private/qtelephony.te
+++ b/generic/private/qtelephony.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2017-2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -25,7 +25,7 @@
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
+# qti telephony apps, such as AtFwd and FastDormancy
typeattribute qtelephony coredomain;
app_domain(qtelephony)
diff --git a/private/qti-testscripts.te b/generic/private/qti-testscripts.te
similarity index 100%
rename from private/qti-testscripts.te
rename to generic/private/qti-testscripts.te
diff --git a/private/qtelephony.te b/generic/private/radio.te
similarity index 73%
copy from private/qtelephony.te
copy to generic/private/radio.te
index 0a172f9..aa05af3 100644
--- a/private/qtelephony.te
+++ b/generic/private/radio.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,10 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
-
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+allow radio uce_service:service_manager find;
diff --git a/private/qtelephony.te b/generic/private/service.te
similarity index 73%
copy from private/qtelephony.te
copy to generic/private/service.te
index 0a172f9..6b81749 100644
--- a/private/qtelephony.te
+++ b/generic/private/service.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,11 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
-
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+type cne_service, service_manager_type;
+type uce_service, service_manager_type;
diff --git a/private/qtelephony.te b/generic/private/service_contexts
similarity index 73%
copy from private/qtelephony.te
copy to generic/private/service_contexts
index 0a172f9..5245bda 100644
--- a/private/qtelephony.te
+++ b/generic/private/service_contexts
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,12 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
-
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+qti.ims.ext u:object_r:radio_service:s0
+cneservice u:object_r:cne_service:s0
+uce u:object_r:uce_service:s0
diff --git a/private/qtelephony.te b/generic/public/dataservice_app.te
similarity index 73%
copy from private/qtelephony.te
copy to generic/public/dataservice_app.te
index 0a172f9..58e97cf 100644
--- a/private/qtelephony.te
+++ b/generic/public/dataservice_app.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,10 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
-
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+type dataservice_app, domain;
\ No newline at end of file
diff --git a/public/domain.te b/generic/public/domain.te
similarity index 100%
rename from public/domain.te
rename to generic/public/domain.te
diff --git a/private/qtelephony.te b/generic/public/file.te
similarity index 73%
copy from private/qtelephony.te
copy to generic/public/file.te
index 0a172f9..3884bee 100644
--- a/private/qtelephony.te
+++ b/generic/public/file.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,10 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
-
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+type elabel_data_file, file_type, data_file_type, core_data_file_type;
diff --git a/private/qtelephony.te b/generic/public/hwservice.te
similarity index 73%
copy from private/qtelephony.te
copy to generic/public/hwservice.te
index 0a172f9..b5855e1 100644
--- a/private/qtelephony.te
+++ b/generic/public/hwservice.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,10 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
-
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+type hal_atfwd_hwservice, coredomain_hwservice, hwservice_manager_type;
diff --git a/public/qti-testscripts.te b/generic/public/qti-testscripts.te
similarity index 100%
rename from public/qti-testscripts.te
rename to generic/public/qti-testscripts.te
diff --git a/private/qtelephony.te b/generic/vendor/common/adsprpcd.te
similarity index 68%
copy from private/qtelephony.te
copy to generic/vendor/common/adsprpcd.te
index 0a172f9..8481802 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/adsprpcd.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,24 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+type adsprpcd, domain;
+type adsprpcd_exec, exec_type, vendor_file_type, file_type;
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
+init_daemon_domain(adsprpcd)
-app_domain(qtelephony)
+allow adsprpcd ion_device:chr_file r_file_perms;
+allow adsprpcd qdsp_device:chr_file r_file_perms;
+allow adsprpcd xdsp_device:chr_file r_file_perms;
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
+allow adsprpcd system_file:dir r_dir_perms;
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+r_dir_file(adsprpcd, adsprpcd_file)
+allow adsprpcd persist_sensors_file:dir create_dir_perms;
+allow adsprpcd persist_sensors_file:file create_file_perms;
+allow adsprpcd mnt_vendor_file:dir r_dir_perms;
diff --git a/private/qtelephony.te b/generic/vendor/common/app.te
similarity index 73%
copy from private/qtelephony.te
copy to generic/vendor/common/app.te
index 0a172f9..5fb0ef8 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/app.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,11 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
-
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+# For the camera app
+get_prop(appdomain, vendor_camera_prop)
diff --git a/private/qtelephony.te b/generic/vendor/common/atfwd.te
similarity index 71%
copy from private/qtelephony.te
copy to generic/vendor/common/atfwd.te
index 0a172f9..9d03cad 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/atfwd.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,27 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+type atfwd, domain;
+type atfwd_exec, exec_type, vendor_file_type, file_type;
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
+init_daemon_domain(atfwd)
-app_domain(qtelephony)
+allow atfwd self:socket create_socket_perms;
+allowxperm atfwd self:socket ioctl msm_sock_ipc_ioctls;
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
+binder_call(atfwd, system_app);
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+r_dir_file(atfwd, sysfs_ssr);
+r_dir_file(atfwd, sysfs_esoc);
+r_dir_file(atfwd, sysfs_data);
+
+set_prop(atfwd, vendor_radio_prop)
+
+hwbinder_use(atfwd)
+get_prop(atfwd, hwservicemanager_prop)
diff --git a/vendor/common/attributes b/generic/vendor/common/attributes
similarity index 100%
rename from vendor/common/attributes
rename to generic/vendor/common/attributes
diff --git a/private/qtelephony.te b/generic/vendor/common/audioserver.te
similarity index 73%
copy from private/qtelephony.te
copy to generic/vendor/common/audioserver.te
index 0a172f9..493957c 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/audioserver.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,19 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+binder_call(audioserver, bootanim)
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
+allow audioserver sysfs_soc:file r_file_perms;
+allow audioserver sysfs_soc:dir search;
+# audio properties
+get_prop(audioserver, vendor_audio_prop)
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+userdebug_or_eng(`
+ diag_use(audioserver)
+')
diff --git a/private/qtelephony.te b/generic/vendor/common/bluetooth.te
similarity index 73%
copy from private/qtelephony.te
copy to generic/vendor/common/bluetooth.te
index 0a172f9..a11b096 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/bluetooth.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,11 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
-
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+# Allow access to net_admin ioctls
+allowxperm bluetooth self:udp_socket ioctl priv_sock_ioctls;
diff --git a/private/qtelephony.te b/generic/vendor/common/bootanim.te
similarity index 73%
copy from private/qtelephony.te
copy to generic/vendor/common/bootanim.te
index 0a172f9..05acecb 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/bootanim.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,16 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+allow bootanim hwservicemanager:binder call;
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
-
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+# TODO(b/62954877). On Android Wear, bootanim reads the time
+# during boot to display. It currently gets that time from a file
+# in /data/system. This should be moved. In the meantime, suppress
+# this denial on phones since this functionality is not used.
+dontaudit bootanim system_data_file:dir read;
diff --git a/private/qtelephony.te b/generic/vendor/common/cameraserver.te
similarity index 70%
copy from private/qtelephony.te
copy to generic/vendor/common/cameraserver.te
index 0a172f9..cb5ce69 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/cameraserver.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,21 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+allow cameraserver gpu_device:chr_file rw_file_perms;
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
+get_prop(cameraserver, vendor_camera_prop)
-app_domain(qtelephony)
+allow cameraserver sysfs_camera:file r_file_perms;
+allow cameraserver sysfs_camera:dir search;
+allow cameraserver system_file:dir r_dir_perms;
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
+allow cameraserver system_server:unix_stream_socket { read write };
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+# TODO (b/37688918) Verify that this is actually needed and not a violation of treble
+binder_call(cameraserver, mediacodec)
diff --git a/vendor/common/cdsprpcd.te b/generic/vendor/common/cdsprpcd.te
similarity index 100%
rename from vendor/common/cdsprpcd.te
rename to generic/vendor/common/cdsprpcd.te
diff --git a/private/qtelephony.te b/generic/vendor/common/chre.te
similarity index 68%
copy from private/qtelephony.te
copy to generic/vendor/common/chre.te
index 0a172f9..767833a 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/chre.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,22 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+# This daemon loads the Context Hub Runtime Environment (CHRE) dynamic modules
+# onto the SLPI using FastRPC, and exposes a sockets interface for clients on
+# the applications processor to interact CHRE
+type chre, domain;
+type chre_exec, exec_type, vendor_file_type, file_type;
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
+init_daemon_domain(chre)
+r_dir_file(chre, adsprpcd_file)
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+allow chre ion_device:chr_file r_file_perms;
+allow chre qdsp_device:chr_file r_file_perms;
+allow chre xdsp_device:chr_file r_file_perms;
+allow chre dsp_device:chr_file r_file_perms;
diff --git a/generic/vendor/common/cnd.te b/generic/vendor/common/cnd.te
new file mode 100644
index 0000000..77303fc
--- /dev/null
+++ b/generic/vendor/common/cnd.te
@@ -0,0 +1,88 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+type cnd, domain;
+type cnd_exec, exec_type, vendor_file_type, file_type;
+file_type_auto_trans(cnd, socket_device, cnd_socket);
+
+# cnd is started by init, type transit from init domain to cnd domain
+init_daemon_domain(cnd)
+
+#communicating with QTI wlan driver for WFC/ VTiWLAN quality
+allow cnd self:capability net_bind_service;
+unix_socket_send(cnd, wpa, hal_wifi_supplicant)
+allow cnd wpa_data_file:dir w_dir_perms;
+allow cnd wpa_data_file:sock_file create_file_perms;
+
+#allow processing of VoWifi indications from modem over QMI while dozing
+allow cnd self:capability2 block_suspend;
+
+allow cnd self:udp_socket create_socket_perms;
+allow cnd self:{
+ # Allow receiving NETLINK responses from WLAN driver.
+ netlink_socket
+ netlink_generic_socket
+} create_socket_perms_no_ioctl;
+
+allowxperm cnd self:udp_socket ioctl SIOCGIFMTU;
+
+allow cnd sysfs_timestamp_switch:file r_file_perms;
+allow cnd sysfs_data:file r_file_perms;
+r_dir_file(cnd, sysfs_soc)
+
+allow cnd proc_meminfo:file r_file_perms;
+
+set_prop(cnd, cnd_prop)
+
+allow cnd self:socket create_socket_perms;
+allowxperm cnd self:socket ioctl msm_sock_ipc_ioctls;
+
+# allow cnd to access cnd_data_file
+allow cnd cnd_data_file:file create_file_perms;
+allow cnd cnd_data_file:sock_file { unlink create setattr };
+allow cnd cnd_data_file:dir rw_dir_perms;
+
+# allow cnd to obtain wakelock
+wakelock_use(cnd)
+
+allow cnd ipa_vendor_data_file:dir r_dir_perms;
+allow cnd ipa_vendor_data_file:file r_file_perms;
+
+# To register cnd to hwbinder
+add_hwservice(cnd, hal_cne_hwservice)
+hwbinder_use(cnd)
+get_prop(cnd, hwservicemanager_prop)
+binder_call(cnd, dataservice_app)
+binder_call(cnd, ims)
+binder_call(cnd, location)
+
+
+
+#diag
+userdebug_or_eng(`
+ diag_use(cnd)
+ r_dir_file(cnd, sysfs_diag)
+')
diff --git a/private/qtelephony.te b/generic/vendor/common/dataservice_app.te
similarity index 73%
copy from private/qtelephony.te
copy to generic/vendor/common/dataservice_app.te
index 0a172f9..11af750 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/dataservice_app.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,20 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+get_prop(dataservice_app, cnd_prop)
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
+allow dataservice_app hal_imsrcsd_hwservice:hwservice_manager find;
+allow dataservice_app hal_cne_hwservice:hwservice_manager find;
-app_domain(qtelephony)
+allow dataservice_app sysfs_data:file r_file_perms;
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
+binder_call(dataservice_app, cnd)
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+# imsrcsd to bind with UceShimService.apk
+binder_call(dataservice_app, hal_rcsservice)
diff --git a/generic/vendor/common/device.te b/generic/vendor/common/device.te
new file mode 100644
index 0000000..b9aed39
--- /dev/null
+++ b/generic/vendor/common/device.te
@@ -0,0 +1,60 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+type ab_block_device, dev_type;
+type at_device, dev_type;
+type avtimer_device, dev_type;
+type bt_device, dev_type;
+type bu21150_device, dev_type;
+type citadel_device, dev_type;
+type custom_ab_block_device, dev_type;
+type diag_device, dev_type, mlstrustedobject;
+type dsp_device, dev_type;
+type xdsp_device, dev_type;
+type easel_device, dev_type;
+type hbtp_device, dev_type;
+type hvdcp_device, dev_type;
+type ipa_dev, dev_type;
+type latency_device, dev_type;
+type modem_block_device, dev_type;
+type modem_efs_partition_device, dev_type;
+type mdtp_device, dev_type;
+type persist_block_device, dev_type;
+type qsee_ipc_irq_spss_device, dev_type;
+type qdsp_device, dev_type, mlstrustedobject;
+type ramdump_device, dev_type;
+type rmnet_device, dev_type;
+type gpt_block_device, dev_type;
+type ramdump_block_device, dev_type;
+type rpmb_device, dev_type;
+type seemplog_device, dev_type;
+type sg_device, dev_type;
+type smd_device, dev_type;
+type spcom_device, dev_type;
+type ssd_block_device, dev_type;
+type ssr_device, dev_type;
+type wlan_device, dev_type;
+type xbl_block_device, dev_type;
diff --git a/generic/vendor/common/diag.te b/generic/vendor/common/diag.te
new file mode 100644
index 0000000..bb790bb
--- /dev/null
+++ b/generic/vendor/common/diag.te
@@ -0,0 +1,70 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+type diag, domain;
+type diag_exec, exec_type, vendor_file_type, file_type;
+userdebug_or_eng(`
+ domain_auto_trans(shell, diag_exec, diag)
+ #domain_auto_trans(adbd, diag_exec, diag)
+ allow diag {
+ diag_device
+ devpts
+ tty_device
+ # allow access to qseecom for drmdiagapp
+ tee_device
+ }:chr_file rw_file_perms;
+ allow diag {
+ shell
+ su
+ }:fd use;
+
+ allow diag {
+ cgroup
+ fuse
+ persist_drm_file
+ }:dir create_dir_perms;
+
+ allow diag port:tcp_socket name_connect;
+ allow diag self:capability { setuid net_raw sys_admin setgid };
+ allow diag self:capability2 syslog;
+ allow diag self:tcp_socket { create connect setopt};
+ wakelock_use(diag)
+ allow diag kernel:system syslog_mod;
+ # allow drmdiagapp access to drm related paths
+ allow diag mnt_vendor_file:dir r_dir_perms;
+ r_dir_file(diag, persist_data_file)
+ # Write to drm related pieces of persist partition
+ allow diag persist_drm_file:file create_file_perms;
+
+ # For DiagExample daemon
+ init_daemon_domain(diag)
+ net_domain(diag)
+
+ allow diag fuse:dir r_dir_perms;
+ allow diag fuse:file r_file_perms;
+ r_dir_file(diag, storage_file)
+ r_dir_file(diag, mnt_user_file)
+')
diff --git a/generic/vendor/common/domain.te b/generic/vendor/common/domain.te
new file mode 100644
index 0000000..f7f1445
--- /dev/null
+++ b/generic/vendor/common/domain.te
@@ -0,0 +1,52 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+userdebug_or_eng(`
+ allow domain diag_device:chr_file rw_file_perms;
+')
+
+# In order for /sys/kernel/debug/kgsl/proc/<pid>/mem
+# to be created for memory tracking, the domain of
+# the tracked process must have permission to search
+# in /sys/kernel/debug/kgsl
+allow domain debugfs_kgsl:dir search;
+
+allow domain debugfs_ion:dir search;
+
+allow domain vendor_gralloc_prop:file r_file_perms;
+
+r_dir_file({domain - isolated_app}, sysfs_soc);
+r_dir_file({domain - isolated_app}, sysfs_esoc);
+r_dir_file({domain - isolated_app}, sysfs_ssr);
+r_dir_file({domain - isolated_app}, sysfs_thermal);
+
+get_prop(domain, public_vendor_default_prop)
+
+dontaudit domain kernel:system module_request;
+
+# For compliance testing test suite reads vendor_security_path_level
+# Which is the public readable property “ ro.vendor.build.security_patch
+get_prop(domain, vendor_security_patch_level_prop)
diff --git a/private/qtelephony.te b/generic/vendor/common/drmserver.te
similarity index 73%
copy from private/qtelephony.te
copy to generic/vendor/common/drmserver.te
index 0a172f9..28a7883 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/drmserver.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,14 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#Address denial logs for drm server accessing firmware file
+#r_dir_file(drmserver, firmware_file)
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
-
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+#Address denial logs for drm server accessing qseecom driver
+allow drmserver tee_device:chr_file rw_file_perms;
diff --git a/vendor/common/file.te b/generic/vendor/common/file.te
similarity index 77%
rename from vendor/common/file.te
rename to generic/vendor/common/file.te
index c1ef569..ae7c60b 100644
--- a/vendor/common/file.te
+++ b/generic/vendor/common/file.te
@@ -1,3 +1,29 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
type sysfs_audio, fs_type, sysfs_type;
type sysfs_battery_supply, sysfs_type, fs_type;
type sysfs_bond0, fs_type, sysfs_type;
diff --git a/vendor/common/file_contexts b/generic/vendor/common/file_contexts
similarity index 94%
rename from vendor/common/file_contexts
rename to generic/vendor/common/file_contexts
index aa63cba..ef1ce84 100644
--- a/vendor/common/file_contexts
+++ b/generic/vendor/common/file_contexts
@@ -1,3 +1,29 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# dev nodes
/dev/btpower u:object_r:bt_device:s0
/dev/diag u:object_r:diag_device:s0
diff --git a/vendor/common/fsck.te b/generic/vendor/common/fsck.te
similarity index 100%
rename from vendor/common/fsck.te
rename to generic/vendor/common/fsck.te
diff --git a/vendor/common/genfs_contexts b/generic/vendor/common/genfs_contexts
similarity index 85%
rename from vendor/common/genfs_contexts
rename to generic/vendor/common/genfs_contexts
index 67fb4f6..2bac0e1 100644
--- a/vendor/common/genfs_contexts
+++ b/generic/vendor/common/genfs_contexts
@@ -1,3 +1,29 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
genfscon proc /debug/fwdump u:object_r:proc_wifi_dbg:s0
genfscon proc /debugdriver/driverdump u:object_r:proc_wifi_dbg:s0
genfscon proc /ath_pktlog/cld u:object_r:proc_wifi_dbg:s0
diff --git a/vendor/common/hal_atfwd.te b/generic/vendor/common/hal_atfwd.te
similarity index 100%
rename from vendor/common/hal_atfwd.te
rename to generic/vendor/common/hal_atfwd.te
diff --git a/generic/vendor/common/hal_audio_default.te b/generic/vendor/common/hal_audio_default.te
new file mode 100644
index 0000000..31ba88e
--- /dev/null
+++ b/generic/vendor/common/hal_audio_default.te
@@ -0,0 +1,62 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+r_dir_file(hal_audio_default, sysfs_soc)
+
+userdebug_or_eng(`
+ allow hal_audio diag_device:chr_file rw_file_perms;
+ allow hal_audio_default debugfs:dir r_dir_perms;
+')
+
+hal_client_domain(hal_audio_default, hal_perf)
+hal_client_domain(hal_audio_default, hal_power)
+
+# read-only permission to obtain the calibration data
+r_dir_file(hal_audio_default, persist_audio_file);
+allow hal_audio_default mnt_vendor_file:dir search;
+
+#Allow access to firmware
+allow hal_audio firmware_file:dir r_dir_perms;
+allow hal_audio firmware_file:file r_file_perms;
+
+# Allow hal_audio to read soundcard state under /proc/asound
+allow hal_audio proc_audiod:file r_file_perms;
+
+allow hal_audio_default vendor_audio_data_file:dir rw_dir_perms;
+allow hal_audio_default vendor_audio_data_file:file create_file_perms;
+
+# Allow hal_audio_default to read sysfs_thermal dir/files for speaker protection
+r_dir_file(hal_audio_default, sysfs_thermal)
+
+#Allow hal audio to use Binder IPC
+vndbinder_use(hal_audio)
+
+#allow acess to wcd_cpe
+allow hal_audio sysfs_audio:file rw_file_perms;
+allow hal_audio sysfs_audio:dir r_dir_perms ;
+
+# audio properties
+get_prop(hal_audio, vendor_audio_prop)
diff --git a/generic/vendor/common/hal_bluetooth_default.te b/generic/vendor/common/hal_bluetooth_default.te
new file mode 100644
index 0000000..f118a77
--- /dev/null
+++ b/generic/vendor/common/hal_bluetooth_default.te
@@ -0,0 +1,56 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+allow hal_bluetooth_default bt_device:chr_file rw_file_perms;
+
+allow hal_bluetooth_default wcnss_filter:unix_stream_socket connectto;
+
+# talk to system_server to set priority
+allow hal_bluetooth fwk_scheduler_hwservice:hwservice_manager find;
+allow hal_bluetooth system_server:binder call;
+
+# bluetooth properties
+set_prop(hal_bluetooth, vendor_bluetooth_prop)
+
+#For bluetooth firmware
+r_dir_file(hal_bluetooth_default, bt_firmware_file)
+
+allow hal_bluetooth_default persist_bluetooth_file:dir r_dir_perms;
+allow hal_bluetooth_default persist_bluetooth_file:file r_file_perms;
+
+userdebug_or_eng(`
+allow hal_bluetooth_default ramdump_vendor_data_file:file create_file_perms;
+allow hal_bluetooth_default ramdump_vendor_data_file:dir create_dir_perms;
+
+allow hal_bluetooth_default proc_sysrq:file rw_file_perms;
+
+allow hal_bluetooth_default debugfs_ipc:file rw_file_perms;
+allow hal_bluetooth_default debugfs_ipc:dir rw_dir_perms;
+allow hal_bluetooth_default vendor_bt_data_file:dir ra_dir_perms;
+allow hal_bluetooth_default vendor_bt_data_file:file create_file_perms;
+')
+
+r_dir_file(hal_bluetooth_default, mnt_vendor_file)
diff --git a/generic/vendor/common/hal_bootctl.te b/generic/vendor/common/hal_bootctl.te
new file mode 100644
index 0000000..1276a78
--- /dev/null
+++ b/generic/vendor/common/hal_bootctl.te
@@ -0,0 +1,63 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+# These are the permissions required to use the boot_control HAL implemented
+# here: hardware/qcom/bootctrl/boot_control.c
+
+# Getting and setting GPT attributes for the bootloader iterates over all the
+# partition names in the block_device directory /dev/block/.../by-name
+allow hal_bootctl block_device:dir r_dir_perms;
+
+# Edit the attributes stored in the GPT.
+allow hal_bootctl gpt_block_device:blk_file rw_file_perms;
+allow hal_bootctl root_block_device:blk_file rw_file_perms;
+
+# Allow boot_control_hal to get attributes on all the A/B partitions.
+allow hal_bootctl boot_block_device:blk_file rw_file_perms;
+allow hal_bootctl ab_block_device:blk_file getattr;
+allow hal_bootctl xbl_block_device:blk_file getattr;
+allow hal_bootctl modem_block_device:blk_file getattr;
+allow hal_bootctl system_block_device:blk_file getattr;
+allow hal_bootctl custom_ab_block_device:blk_file getattr;
+allow hal_bootctl mdtp_device:blk_file getattr;
+allow hal_bootctl_server misc_block_device:blk_file rw_file_perms;
+
+# Access /dev/sgN devices (generic SCSI) to write the
+# A/B slot selection for the XBL partition. Allow also to issue a
+# UFS_IOCTL_QUERY ioctl.
+allow hal_bootctl sg_device:chr_file rw_file_perms;
+
+# The sys_rawio denial message is benign, and shows up due to a capability()
+# call made by the scsi driver to check for CAP_SYS_RAWIO. Not having this
+# does not result in a error
+dontaudit hal_bootctl self:capability sys_rawio;
+
+# Read the sysfs to lookup what /dev/sgN device
+# corresponds to the XBL partitions.
+allow hal_bootctl sysfs:dir r_dir_perms;
+
+# Write to the XBL devices.
+allow hal_bootctl xbl_block_device:blk_file rw_file_perms;
diff --git a/generic/vendor/common/hal_camera.te b/generic/vendor/common/hal_camera.te
new file mode 100644
index 0000000..eaaa5c7
--- /dev/null
+++ b/generic/vendor/common/hal_camera.te
@@ -0,0 +1,89 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+allow hal_camera self:capability sys_nice;
+
+# communicate with camera
+#allow hal_camera camera:unix_dgram_socket sendto;
+#allow hal_camera camera_data_file:sock_file write;
+#allow hal_camera camera_device:chr_file rw_file_perms;
+
+allow hal_camera gpu_device:chr_file rw_file_perms;
+
+# access to /dev/input/event{5,10}
+allow hal_camera input_device:dir r_dir_perms;
+allow hal_camera input_device:chr_file r_file_perms;
+
+set_prop(hal_camera, vendor_camera_prop)
+
+#allow hal_camera sysfs_enable_ps_sensor:file w_file_perms;
+r_dir_file(hal_camera, sysfs_type)
+# find libraries
+allow hal_camera system_file:dir r_dir_perms;
+
+allow hal_camera qdisplay_service:service_manager find;
+
+# talk to system_server
+
+allow hal_camera system_server:unix_stream_socket { read write };
+
+allow hal_camera self:socket { create ioctl read write };
+
+# allow hal_camera to call some socket ioctls
+allowxperm hal_camera self:socket ioctl { IPC_ROUTER_IOCTL_LOOKUP_SERVER IPC_ROUTER_IOCTL_BIND_CONTROL_PORT };
+
+# ignore spurious denial
+dontaudit hal_camera graphics_device:dir search;
+
+
+allow hal_camera vendor_camera_data_file:dir rw_dir_perms;
+allow hal_camera vendor_camera_data_file:file create_file_perms;
+
+userdebug_or_eng(`
+ allow hal_camera diag_device:chr_file rw_file_perms;
+')
+
+# access easel dev nodes
+allow hal_camera easel_device:chr_file { read write ioctl open };
+allow hal_camera sysfs_easel:file rw_file_perms;
+
+# access hexagon
+allow hal_camera qdsp_device:chr_file r_file_perms;
+allow hal_camera xdsp_device:chr_file r_file_perms;
+
+#needed for full_treble
+hal_client_domain(hal_camera_default, hal_graphics_composer)
+
+allow hal_camera_default hal_graphics_mapper_hwservice:hwservice_manager find;
+hal_client_domain(hal_camera_default, hal_perf)
+
+allow hal_camera_default sysfs_data:file read;
+allow hal_camera sysfs_data:file r_file_perms;
+
+allow hal_camera_default mnt_vendor_file:lnk_file r_file_perms;
+allow hal_camera_default mnt_vendor_file:dir r_dir_perms;
+
+r_dir_file(hal_camera_default, sysfs_graphics)
diff --git a/private/qtelephony.te b/generic/vendor/common/hal_camera_default.te
similarity index 73%
copy from private/qtelephony.te
copy to generic/vendor/common/hal_camera_default.te
index 0a172f9..4d09d4d 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/hal_camera_default.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,10 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
-
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+vndbinder_use(hal_camera_default);
diff --git a/vendor/common/hal_contexthub.te b/generic/vendor/common/hal_contexthub.te
similarity index 100%
rename from vendor/common/hal_contexthub.te
rename to generic/vendor/common/hal_contexthub.te
diff --git a/vendor/common/hal_display_color.te b/generic/vendor/common/hal_display_color.te
similarity index 100%
rename from vendor/common/hal_display_color.te
rename to generic/vendor/common/hal_display_color.te
diff --git a/private/qtelephony.te b/generic/vendor/common/hal_drm_default.te
similarity index 73%
copy from private/qtelephony.te
copy to generic/vendor/common/hal_drm_default.te
index 0a172f9..eb62746 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/hal_drm_default.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,10 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
-
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+allow hal_drm_default vndbinder_device:chr_file rw_file_perms;
diff --git a/vendor/common/hal_drm_widevine.te b/generic/vendor/common/hal_drm_widevine.te
similarity index 100%
rename from vendor/common/hal_drm_widevine.te
rename to generic/vendor/common/hal_drm_widevine.te
diff --git a/private/qtelephony.te b/generic/vendor/common/hal_gatekeeper_qti.te
similarity index 73%
copy from private/qtelephony.te
copy to generic/vendor/common/hal_gatekeeper_qti.te
index 0a172f9..6c57205 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/hal_gatekeeper_qti.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,18 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+type hal_gatekeeper_qti, domain;
+hal_server_domain(hal_gatekeeper_qti, hal_gatekeeper)
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
+type hal_gatekeeper_qti_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_gatekeeper_qti)
-app_domain(qtelephony)
+dontaudit hal_gatekeeper_qti firmware_file:dir search;
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+get_prop(hal_gatekeeper_qti, vendor_tee_listener_prop)
diff --git a/generic/vendor/common/hal_gnss_qti.te b/generic/vendor/common/hal_gnss_qti.te
new file mode 100644
index 0000000..8c659da
--- /dev/null
+++ b/generic/vendor/common/hal_gnss_qti.te
@@ -0,0 +1,76 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+type hal_gnss_qti, domain;
+hal_server_domain(hal_gnss_qti, hal_gnss)
+
+type hal_gnss_qti_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_gnss_qti)
+
+allow hal_gnss sysfs:dir r_dir_perms;
+allow hal_gnss sysfs_data:file r_file_perms;
+
+vndbinder_use(hal_gnss_qti)
+
+allow hal_gnss_qti sysfs_soc:dir r_dir_perms;
+allow hal_gnss_qti sysfs_soc:file r_file_perms;
+
+binder_call(hal_gnss_qti, vendor_per_mgr)
+allow hal_gnss_qti vendor_per_mgr_service:service_manager find;
+
+# /data/vendor/location
+allow hal_gnss_qti location_data_file:fifo_file { open read setattr write };
+allow hal_gnss_qti location_data_file:dir create_dir_perms;
+allow hal_gnss_qti location_data_file:file create_file_perms;
+
+# /dev/socket/location
+allow hal_gnss_qti location_socket:sock_file create_file_perms;
+allow hal_gnss_qti location_socket:dir rw_dir_perms;
+
+allow hal_gnss_qti location:unix_stream_socket connectto;
+allow hal_gnss_qti location:unix_dgram_socket sendto;
+
+allow hal_gnss_qti self:socket create_socket_perms;
+allowxperm hal_gnss_qti self:socket ioctl msm_sock_ipc_ioctls;
+
+unix_socket_connect(hal_gnss_qti, netmgrd, netmgrd)
+allow hal_gnss_qti netmgrd_socket:dir search;
+
+allow hal_gnss_qti self:netlink_generic_socket { bind create read };
+allow hal_gnss_qti self:netlink_route_socket { bind create nlmsg_read read write };
+
+# Most HALs are not allowed to use network sockets. QTI library
+# libqdi is used across multiple processes which are clients of
+# netmgrd including the GNSS HAL. libqdi first attempts to get the network
+# interface using an IOCTL on a UDP INET socket, which isn't allowed here.
+# If that fails, it falls back to using libc's if_nameindex() which requires
+# a netlink route socket, which HALs may use. Due to the initial
+# attempt to use a UDP socket, we still see a selinux denial,
+# but it is safe to ignore.
+# TODO (b/37730994) Remove udp_socket requirement from
+# libqdi and have all its clients use netlink route
+# sockets.
+dontaudit hal_gnss_qti self:udp_socket create;
diff --git a/generic/vendor/common/hal_graphics_composer_default.te b/generic/vendor/common/hal_graphics_composer_default.te
new file mode 100644
index 0000000..0be952b
--- /dev/null
+++ b/generic/vendor/common/hal_graphics_composer_default.te
@@ -0,0 +1,71 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+# Binder access (for display.qservice)
+vndbinder_use(hal_graphics_composer_default)
+hal_client_domain(hal_graphics_composer_default, hal_graphics_allocator);
+allow hal_graphics_composer_default qdisplay_service:service_manager { add find };
+
+allow hal_graphics_composer_default persist_display_file:dir search;
+allow hal_graphics_composer_default persist_display_file:file r_file_perms;
+
+allow hal_graphics_composer sysfs_graphics:dir r_dir_perms;
+allow hal_graphics_composer sysfs_graphics:file rw_file_perms;
+allow hal_graphics_composer_default mnt_vendor_file:dir search;
+
+allow hal_graphics_composer oemfs:dir r_dir_perms;
+
+allow hal_graphics_composer vendor_display_prop:file r_file_perms;
+
+allow hal_graphics_composer_default hal_graphics_mapper_hwservice:hwservice_manager find;
+
+r_dir_file(hal_graphics_composer_default, sysfs_leds)
+
+# TODO(b/37666508): Remove the following line upon resolution of the bug
+allow hal_graphics_composer_default video_device:chr_file rw_file_perms;
+allow hal_graphics_composer_default graphics_device:chr_file rw_file_perms;
+
+# HWC_UeventThread
+allow hal_graphics_composer_default self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
+
+# Rule for pps socket usage
+unix_socket_connect(hal_graphics_composer_default, pps, mm-pp-daemon)
+
+# Access /sys/devices/virtual/graphics/fb0
+r_dir_file(hal_graphics_composer_default, sysfs_type)
+
+allow hal_graphics_composer_default display_vendor_data_file:dir create_dir_perms;
+allow hal_graphics_composer_default display_vendor_data_file:file create_file_perms;
+
+userdebug_or_eng(`
+ allow hal_graphics_composer_default debugfs_mdp:dir r_dir_perms;
+ allow hal_graphics_composer_default debugfs_mdp:file r_file_perms;
+')
+
+# allow composer to register display config
+add_hwservice(hal_graphics_composer_server, hal_display_config_hwservice);
+# allow composer client to find display config service.
+allow hal_graphics_composer_client hal_display_config_hwservice:hwservice_manager find;
diff --git a/vendor/common/hal_health.te b/generic/vendor/common/hal_health.te
similarity index 100%
rename from vendor/common/hal_health.te
rename to generic/vendor/common/hal_health.te
diff --git a/generic/vendor/common/hal_imsrtp.te b/generic/vendor/common/hal_imsrtp.te
new file mode 100644
index 0000000..f3a1af3
--- /dev/null
+++ b/generic/vendor/common/hal_imsrtp.te
@@ -0,0 +1,56 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#ims rtp service
+type hal_imsrtp, domain;
+type hal_imsrtp_exec, exec_type, vendor_file_type, file_type;
+
+# Started by init
+init_daemon_domain(hal_imsrtp)
+net_domain(hal_imsrtp)
+
+hwbinder_use(hal_imsrtp)
+get_prop(hal_imsrtp, hwservicemanager_prop)
+add_hwservice(hal_imsrtp, hal_imsrtp_hwservice)
+
+allow hal_imsrtp self:socket create_socket_perms;
+unix_socket_connect(hal_imsrtp, ims, ims)
+
+allow hal_imsrtp sysfs_timestamp_switch:file r_file_perms;
+
+# ioctlcmd=c302
+allowxperm hal_imsrtp self:socket ioctl msm_sock_ipc_ioctls;
+
+allow hal_imsrtp self:capability net_bind_service;
+
+allow hal_imsrtp sysfs_timestamp_switch:file r_file_perms;
+allow hal_imsrtp ion_device:chr_file r_file_perms;
+allow hal_imsrtp sysfs_data:file r_file_perms;
+r_dir_file(hal_imsrtp, sysfs_diag)
+r_dir_file(hal_imsrtp, sysfs_soc)
+
+get_prop(hal_imsrtp, ims_prop)
+binder_call(hal_imsrtp, radio)
diff --git a/private/qtelephony.te b/generic/vendor/common/hal_keymaster_qti.te
similarity index 73%
copy from private/qtelephony.te
copy to generic/vendor/common/hal_keymaster_qti.te
index 0a172f9..3aa9061 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/hal_keymaster_qti.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,18 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+type hal_keymaster_qti, domain;
+hal_server_domain(hal_keymaster_qti, hal_keymaster)
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
+type hal_keymaster_qti_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_keymaster_qti)
-app_domain(qtelephony)
+dontaudit hal_keymaster_qti firmware_file:dir search;
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+get_prop(hal_keymaster_qti, vendor_tee_listener_prop)
diff --git a/private/qtelephony.te b/generic/vendor/common/hal_light.te
similarity index 73%
copy from private/qtelephony.te
copy to generic/vendor/common/hal_light.te
index 0a172f9..c536c5e 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/hal_light.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,11 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
-
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+allow hal_light sysfs_graphics:dir search;
+allow hal_light sysfs_graphics:file rw_file_perms;
diff --git a/private/qtelephony.te b/generic/vendor/common/hal_memtrack_default.te
similarity index 73%
copy from private/qtelephony.te
copy to generic/vendor/common/hal_memtrack_default.te
index 0a172f9..b9dd0a6 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/hal_memtrack_default.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,10 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
-
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+allow hal_memtrack_default debugfs_kgsl:file r_file_perms;
diff --git a/vendor/common/hal_perf_default.te b/generic/vendor/common/hal_perf_default.te
similarity index 100%
rename from vendor/common/hal_perf_default.te
rename to generic/vendor/common/hal_perf_default.te
diff --git a/private/qtelephony.te b/generic/vendor/common/hal_power_default.te
similarity index 73%
copy from private/qtelephony.te
copy to generic/vendor/common/hal_power_default.te
index 0a172f9..c1bfd5f 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/hal_power_default.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,15 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+allow hal_power_default sysfs_soc:dir r_dir_perms;
+allow hal_power_default sysfs_soc:file r_file_perms;
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
+allow hal_power_default hbtp_kernel_sysfs:file rw_file_perms;
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+hal_client_domain(hal_power_default, hal_perf)
diff --git a/vendor/common/hal_qdutils_disp_qti.te b/generic/vendor/common/hal_qdutils_disp_qti.te
similarity index 100%
rename from vendor/common/hal_qdutils_disp_qti.te
rename to generic/vendor/common/hal_qdutils_disp_qti.te
diff --git a/generic/vendor/common/hal_rcsservice.te b/generic/vendor/common/hal_rcsservice.te
new file mode 100644
index 0000000..60aa70b
--- /dev/null
+++ b/generic/vendor/common/hal_rcsservice.te
@@ -0,0 +1,68 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+type hal_rcsservice, domain;
+type hal_rcsservice_exec, exec_type, vendor_file_type, file_type;
+
+# Started by init
+init_daemon_domain(hal_rcsservice)
+net_domain(hal_rcsservice)
+
+get_prop(hal_rcsservice, ims_prop)
+
+# To register imsrcsd to hwBinder
+hwbinder_use(hal_rcsservice)
+# add IUceSerive and IService to Hidl interface
+add_hwservice(hal_rcsservice, hal_imsrcsd_hwservice)
+add_hwservice(hal_rcsservice, hal_imscallinfo_hwservice)
+
+get_prop(hal_rcsservice, hwservicemanager_prop)
+
+allow hal_rcsservice sysfs_timestamp_switch:file r_file_perms;
+allow hal_rcsservice sysfs_data:file r_file_perms;
+r_dir_file(hal_rcsservice, sysfs_soc)
+
+#required for socket creation
+unix_socket_connect(hal_rcsservice, ims, ims)
+allow hal_rcsservice self:socket create_socket_perms;
+allowxperm hal_rcsservice self:socket ioctl msm_sock_ipc_ioctls ;
+
+# imsrcsd to bind with UceShimService.apk
+binder_call(hal_rcsservice, dataservice_app)
+
+# imsrcsd needs read/write access to devpts
+allow hal_rcsservice devpts:chr_file rw_file_perms;
+
+# allow imsrcsd capabilities
+wakelock_use(hal_rcsservice)
+allow hal_rcsservice self:capability net_bind_service;
+
+#diag
+userdebug_or_eng(`
+ diag_use(hal_rcsservice)
+')
+
+set_prop(hal_rcsservice, ctl_vendor_imsrcsservice_prop)
diff --git a/generic/vendor/common/hal_sensors_default.te b/generic/vendor/common/hal_sensors_default.te
new file mode 100644
index 0000000..08a3c19
--- /dev/null
+++ b/generic/vendor/common/hal_sensors_default.te
@@ -0,0 +1,52 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+# read factory calibration and sensor configuration data
+allow hal_sensors_default mnt_vendor_file:dir search;
+r_dir_file(hal_sensors_default, persist_sensors_file)
+
+# interact with the sensors low power island (SLPI) CPU
+allow hal_sensors_default self:socket { create ioctl read write };
+allowxperm hal_sensors_default self:socket ioctl msm_sock_ipc_ioctls;
+allow hal_sensors sysfs_soc:file r_file_perms;
+
+allow hal_sensors_default qdsp_device:chr_file r_file_perms;
+allow hal_sensors_default xdsp_device:chr_file r_file_perms;
+
+allow hal_sensors sysfs_data:file r_file_perms;
+allow hal_sensors sysfs_sensors:dir r_dir_perms;
+allow hal_sensors sysfs_sensors:file rw_file_perms;
+allow hal_sensors sysfs_sensors:lnk_file read;
+
+#following to set the ssr
+allow hal_sensors_default sysfs_slpi:dir search;
+allow hal_sensors_default sysfs_slpi:file w_file_perms;
+
+
+allow hal_sensors_default persist_sensors_file:dir rw_dir_perms;
+allow hal_sensors_default persist_sensors_file:file create_file_perms;
+allow hal_sensors_default mnt_vendor_file:dir rw_dir_perms;
+allow hal_sensors_default mnt_vendor_file:file create_file_perms;
diff --git a/vendor/common/hal_telephony.te b/generic/vendor/common/hal_telephony.te
similarity index 100%
rename from vendor/common/hal_telephony.te
rename to generic/vendor/common/hal_telephony.te
diff --git a/vendor/common/hal_tetheroffload_default.te b/generic/vendor/common/hal_tetheroffload_default.te
similarity index 100%
rename from vendor/common/hal_tetheroffload_default.te
rename to generic/vendor/common/hal_tetheroffload_default.te
diff --git a/private/qtelephony.te b/generic/vendor/common/hal_thermal_default.te
old mode 100644
new mode 100755
similarity index 73%
copy from private/qtelephony.te
copy to generic/vendor/common/hal_thermal_default.te
index 0a172f9..61f1bf0
--- a/private/qtelephony.te
+++ b/generic/vendor/common/hal_thermal_default.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,13 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
-
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+allow hal_thermal_default sysfs_thermal:dir { open read search };
+allow hal_thermal_default sysfs_thermal:file { getattr open read };
+allow hal_thermal_default sysfs_thermal:lnk_file read;
+allow hal_thermal_default proc_stat:file { getattr open read };
diff --git a/vendor/common/hal_tui_comm_qti.te b/generic/vendor/common/hal_tui_comm_qti.te
similarity index 100%
rename from vendor/common/hal_tui_comm_qti.te
rename to generic/vendor/common/hal_tui_comm_qti.te
diff --git a/vendor/common/hal_usb_default.te b/generic/vendor/common/hal_usb_default.te
similarity index 100%
rename from vendor/common/hal_usb_default.te
rename to generic/vendor/common/hal_usb_default.te
diff --git a/private/qtelephony.te b/generic/vendor/common/hal_vibrator_default.te
similarity index 73%
copy from private/qtelephony.te
copy to generic/vendor/common/hal_vibrator_default.te
index 0a172f9..859006f 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/hal_vibrator_default.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,15 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+r_dir_file(hal_vibrator_default, sysfs_leds)
+allow hal_vibrator_default sysfs_leds:file rw_file_perms;
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
-
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+# read-only permission to obtain the calibration data
+r_dir_file(hal_vibrator_default, persist_haptics_file)
+allow hal_vibrator_default mnt_vendor_file:dir search;
diff --git a/vendor/common/hal_wifi_default.te b/generic/vendor/common/hal_wifi_default.te
similarity index 100%
rename from vendor/common/hal_wifi_default.te
rename to generic/vendor/common/hal_wifi_default.te
diff --git a/vendor/common/hal_wifi_hostapd.te b/generic/vendor/common/hal_wifi_hostapd.te
similarity index 100%
rename from vendor/common/hal_wifi_hostapd.te
rename to generic/vendor/common/hal_wifi_hostapd.te
diff --git a/vendor/common/hal_wifi_supplicant.te b/generic/vendor/common/hal_wifi_supplicant.te
similarity index 100%
rename from vendor/common/hal_wifi_supplicant.te
rename to generic/vendor/common/hal_wifi_supplicant.te
diff --git a/generic/vendor/common/hbtp.te b/generic/vendor/common/hbtp.te
new file mode 100644
index 0000000..5e3f04c
--- /dev/null
+++ b/generic/vendor/common/hbtp.te
@@ -0,0 +1,81 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+# Policies for hbtp (host based touch processing)
+type hbtp, domain;
+type hbtp_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hbtp)
+hal_server_domain(hbtp, hal_hbtp)
+# Allow access for /dev/hbtp_input and /dev/jdi-bu21150
+allow hbtp { hbtp_device qdsp_device dsp_device bu21150_device xdsp_device }:chr_file rw_file_perms;
+
+allow hbtp hbtp_log_file:dir rw_dir_perms;
+allow hbtp hbtp_log_file:file create_file_perms;
+
+allow hbtp hbtp_cfg_file:dir r_dir_perms;
+allow hbtp hbtp_cfg_file:file r_file_perms;
+
+allow hbtp firmware_file:dir r_dir_perms;
+allow hbtp firmware_file:file r_file_perms;
+
+allow hbtp vendor_firmware_file:dir r_dir_perms;
+allow hbtp vendor_firmware_file:file r_file_perms;
+
+allow hbtp sysfs_usb_supply:file r_file_perms;
+allow hbtp sysfs_usb_supply:dir r_dir_perms;
+
+allow hbtp hbtp_kernel_sysfs:file rw_file_perms;
+
+allow hbtp sysfs_graphics:file r_file_perms;
+allow hbtp sysfs_graphics:dir r_dir_perms;
+
+allow hbtp sysfs_battery_supply:file r_file_perms;
+allow hbtp sysfs_battery_supply:dir r_dir_perms;
+
+allow hbtp ion_device:chr_file r_file_perms;
+
+allow hbtp self:netlink_kobject_uevent_socket { create read setopt bind };
+
+# Allow the service to access wakelock sysfs
+allow hbtp sysfs_wake_lock:file r_file_perms;
+
+# Allow the service to change to system from root
+allow hbtp self:capability { setgid setuid sys_nice };
+
+# Allow load touch driver as touchPD
+r_dir_file(hbtp, adsprpcd_file)
+
+# Allow the service to access wakelock capability
+wakelock_use(hbtp)
+
+# Allow hwbinder call from hal client to server and vice-versa
+binder_call(hal_hbtp_client, hal_hbtp_server)
+binder_call(hal_hbtp_server, hal_hbtp_client)
+
+# Allow hwservice related rules
+add_hwservice(hal_hbtp_server, hal_hbtp_hwservice)
+allow hal_hbtp_client hal_hbtp_hwservice:hwservice_manager find;
+hal_client_domain(hbtp, hal_allocator);
diff --git a/private/qtelephony.te b/generic/vendor/common/healthd.te
similarity index 73%
copy from private/qtelephony.te
copy to generic/vendor/common/healthd.te
index 0a172f9..54954dd 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/healthd.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,18 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+allow healthd self:capability2 wake_alarm;
+r_dir_file(healthd, sysfs_battery_supply)
+r_dir_file(healthd, sysfs_usb_supply)
+r_dir_file(healthd, sysfs_thermal);
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
-
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+allow healthd {
+ sysfs_battery_supply
+ sysfs_usb_supply
+}:file rw_file_perms;
diff --git a/generic/vendor/common/hvdcp.te b/generic/vendor/common/hvdcp.te
new file mode 100644
index 0000000..fae5e23
--- /dev/null
+++ b/generic/vendor/common/hvdcp.te
@@ -0,0 +1,67 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+# HVDVP quickcharge
+type hvdcp, domain;
+type hvdcp_exec, exec_type, vendor_file_type, file_type;
+
+# Make transition to its own HVDCP domain from init
+init_daemon_domain(hvdcp)
+
+# Add rules for access permissions
+allow hvdcp hvdcp_device:chr_file rw_file_perms;
+allow hvdcp {
+ sysfs_battery_supply
+ sysfs_usb_supply
+ sysfs_usbpd_device
+ sysfs_vadc_dev
+ sysfs_spmi_dev
+}:dir r_dir_perms;
+
+allow hvdcp {
+ sysfs_battery_supply
+ sysfs_usb_supply
+ sysfs_usbpd_device
+ sysfs_vadc_dev
+ sysfs_spmi_dev
+}:file rw_file_perms;
+
+allow hvdcp {
+ sysfs_battery_supply
+ sysfs_usb_supply
+ sysfs_vadc_dev
+ sysfs_spmi_dev
+}:lnk_file r_file_perms;
+
+allow hvdcp self:capability { setgid setuid };
+allow hvdcp self:capability2 wake_alarm;
+allow hvdcp kmsg_device:chr_file rw_file_perms;
+allow hvdcp cgroup:dir { create add_name };
+allow hvdcp self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
+allow hvdcp sysfs_battery_supply:file setattr;
+allow hvdcp sysfs_usb_supply:file setattr;
+allow hvdcp sysfs_usbpd_device:file setattr;
+wakelock_use(hvdcp)
diff --git a/private/qtelephony.te b/generic/vendor/common/hwservice.te
similarity index 60%
copy from private/qtelephony.te
copy to generic/vendor/common/hwservice.te
index 0a172f9..8ba7641 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/hwservice.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,23 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
-
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+type hal_cne_hwservice, hwservice_manager_type;
+type vnd_ims_radio_hwservice, hwservice_manager_type;
+type vnd_qcrilhook_hwservice, hwservice_manager_type;
+type hal_display_config_hwservice, hwservice_manager_type;
+type hal_imsrcsd_hwservice, hwservice_manager_type;
+type hal_imsrtp_hwservice, hwservice_manager_type;
+type hal_imscallinfo_hwservice, hwservice_manager_type;
+type hal_ipacm_hwservice, hwservice_manager_type;
+type hal_hbtp_hwservice, hwservice_manager_type;
+type hal_perf_hwservice, hwservice_manager_type, untrusted_app_visible_hwservice_violators;
+type hal_tui_comm_hwservice, hwservice_manager_type;
+type hal_qdutils_disp_hwservice, hwservice_manager_type;
+type hal_display_color_hwservice, hwservice_manager_type;
+type hal_display_postproc_hwservice, hwservice_manager_type;
diff --git a/vendor/common/hwservice_contexts b/generic/vendor/common/hwservice_contexts
similarity index 65%
rename from vendor/common/hwservice_contexts
rename to generic/vendor/common/hwservice_contexts
index 4ae00e9..2f0cc3d 100644
--- a/vendor/common/hwservice_contexts
+++ b/generic/vendor/common/hwservice_contexts
@@ -1,3 +1,29 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
com.qualcomm.qti.ant::IAntHci u:object_r:hal_bluetooth_hwservice:s0
com.qualcomm.qti.ims.radio::IImsRadio u:object_r:vnd_ims_radio_hwservice:s0
com.qualcomm.qti.qcril.qcrilhook::IQtiOemHook u:object_r:vnd_qcrilhook_hwservice:s0
diff --git a/generic/vendor/common/ims.te b/generic/vendor/common/ims.te
new file mode 100644
index 0000000..4af5cd1
--- /dev/null
+++ b/generic/vendor/common/ims.te
@@ -0,0 +1,65 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+type ims, domain;
+type ims_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(ims)
+net_domain(ims)
+
+get_prop(ims, hwservicemanager_prop)
+set_prop(ims, ims_prop)
+get_prop(ims, ims_prop)
+
+unix_socket_connect(ims, netmgrd, netmgrd)
+
+allow ims sysfs_soc:dir search;
+allow ims sysfs_soc:file r_file_perms;
+allow ims sysfs_timestamp_switch:file r_file_perms;
+allow ims sysfs_data:file r_file_perms;
+
+allow ims self:capability net_bind_service;
+
+allow ims ion_device:chr_file r_file_perms;
+
+unix_socket_connect(ims, cnd, cnd)
+
+allow ims self:socket create_socket_perms;
+allow ims ims_socket:sock_file write;
+allow ims self:netlink_generic_socket create_socket_perms_no_ioctl;
+allow ims netmgrd_socket:dir search;
+allow ims netmgrd_socket:sock_file w_file_perms;
+allowxperm ims self:socket ioctl msm_sock_ipc_ioctls;
+allowxperm ims self:udp_socket ioctl RMNET_IOCTL_EXTENDED;
+
+#diag
+userdebug_or_eng(`
+ diag_use(ims)
+')
+
+hwbinder_use(ims)
+allow ims hal_cne_hwservice:hwservice_manager find;
+binder_call(ims, cnd)
diff --git a/vendor/common/init-qcom-crashdata-sh.te b/generic/vendor/common/init-qcom-crashdata-sh.te
similarity index 100%
rename from vendor/common/init-qcom-crashdata-sh.te
rename to generic/vendor/common/init-qcom-crashdata-sh.te
diff --git a/vendor/common/init-qcom-sensors-sh.te b/generic/vendor/common/init-qcom-sensors-sh.te
similarity index 100%
rename from vendor/common/init-qcom-sensors-sh.te
rename to generic/vendor/common/init-qcom-sensors-sh.te
diff --git a/vendor/common/init-qti-ims-sh.te b/generic/vendor/common/init-qti-ims-sh.te
similarity index 100%
rename from vendor/common/init-qti-ims-sh.te
rename to generic/vendor/common/init-qti-ims-sh.te
diff --git a/generic/vendor/common/init.te b/generic/vendor/common/init.te
new file mode 100644
index 0000000..0d282fe
--- /dev/null
+++ b/generic/vendor/common/init.te
@@ -0,0 +1,76 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+allow init {
+ adsprpcd_file
+ cache_file
+ mnt_vendor_file
+ storage_file
+}:dir mounton;
+
+# symlink /sdcard to backing block
+allow init tmpfs:lnk_file create;
+
+allow init tty_device:chr_file rw_file_perms;
+
+allow init mnt_vendor_file:dir mounton;
+
+allow init ab_block_device:lnk_file relabelto;
+
+#Allow init to mount non-hlos partitions in A/B builds
+allow init { bt_firmware_file vendor_firmware_file firmware_file } :dir mounton;
+
+allow init { bt_firmware_file firmware_file }:filesystem { relabelfrom mount };
+allow { bt_firmware_file firmware_file }self:filesystem associate;
+
+dontaudit init kernel:system module_request;
+
+allow init sysfs_leds:lnk_file r_file_perms;
+
+allow init socket_device:sock_file create_file_perms;
+
+#Needed for restorecon. Init already has these permissions
+#for generic block devices, but is unable to access those
+#which have a custom lable added by us.
+allow init {
+ custom_ab_block_device
+ boot_block_device
+ xbl_block_device
+ ssd_block_device
+ modem_block_device
+ mdtp_device
+}:{ blk_file lnk_file } relabelto;
+
+#Allow /sys access to write zram disksize
+allow init sysfs_zram:dir r_dir_perms;
+allow init sysfs_zram:file r_file_perms;
+
+allow init sysfs_boot_adsp:file w_file_perms;
+# Search and write access for sysfs_graphics for backlight in recovery
+recovery_only(`
+allow init sysfs_graphics:file w_file_perms;
+allow init sysfs_graphics:dir search;
+')
diff --git a/vendor/common/init_shell.te b/generic/vendor/common/init_shell.te
similarity index 75%
rename from vendor/common/init_shell.te
rename to generic/vendor/common/init_shell.te
index c0dbaeb..316cfd9 100644
--- a/vendor/common/init_shell.te
+++ b/generic/vendor/common/init_shell.te
@@ -1,3 +1,29 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# Restricted domain for shell processes spawned by init.
# Normally these are shell commands or scripts invoked via sh
# from an init*.rc file. No service should ever run in this domain.
diff --git a/private/qtelephony.te b/generic/vendor/common/ioctl_defines
similarity index 69%
copy from private/qtelephony.te
copy to generic/vendor/common/ioctl_defines
index 0a172f9..be99d87 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/ioctl_defines
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,19 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+# socket ioctls
+define(`RMNET_IOCTL_EXTENDED', `0x000089FD')
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
-
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+# socket ioctls defined in the kernel in include/uapi/linux/msm_ipc.h
+define(`IPC_ROUTER_IOCTL_GET_VERSION', `0x0000c300')
+define(`IPC_ROUTER_IOCTL_GET_MTU', `0x0000c301')
+define(`IPC_ROUTER_IOCTL_LOOKUP_SERVER', `0x0000c302')
+define(`IPC_ROUTER_IOCTL_GET_CURR_PKT_SIZE', `0x0000c303')
+define(`IPC_ROUTER_IOCTL_BIND_CONTROL_PORT', `0x0000c304')
+define(`IPC_ROUTER_IOCTL_CONFIG_SEC_RULES', `0x0000c305')
diff --git a/private/qtelephony.te b/generic/vendor/common/ioctl_macros
similarity index 73%
copy from private/qtelephony.te
copy to generic/vendor/common/ioctl_macros
index 0a172f9..9a69291 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/ioctl_macros
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,17 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
-
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+define(`msm_sock_ipc_ioctls', `{
+IPC_ROUTER_IOCTL_GET_VERSION
+IPC_ROUTER_IOCTL_GET_MTU
+IPC_ROUTER_IOCTL_LOOKUP_SERVER
+IPC_ROUTER_IOCTL_GET_CURR_PKT_SIZE
+IPC_ROUTER_IOCTL_BIND_CONTROL_PORT
+IPC_ROUTER_IOCTL_CONFIG_SEC_RULES
+}')
diff --git a/generic/vendor/common/ipacm.te b/generic/vendor/common/ipacm.te
new file mode 100644
index 0000000..785da05
--- /dev/null
+++ b/generic/vendor/common/ipacm.te
@@ -0,0 +1,69 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+# General definitions
+type ipacm, domain;
+type ipacm-diag, domain;
+type ipacm_exec, exec_type, vendor_file_type, file_type;
+type ipacm-diag_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(ipacm)
+init_daemon_domain(ipacm-diag)
+
+# associate netdomain to use for accessing internet sockets
+net_domain(ipacm)
+
+hal_server_domain(ipacm, hal_tetheroffload)
+
+userdebug_or_eng(`
+ # Allow using the logging file between ipacm and ipacm-diag
+ unix_socket_send(ipacm, ipacm, ipacm-diag)
+')
+
+# Allow operations with /dev/ipa, /dev/wwan_ioctl and /dev/ipaNatTable
+allow hal_tetheroffload ipa_dev:chr_file rw_file_perms;
+
+# Allow UDP socket create and ioctl
+allow hal_tetheroffload self:udp_socket create_socket_perms;
+allowxperm ipacm self:udp_socket ioctl SIOCGIFNAME;
+
+# Allow receiving NETLINK messages
+allow hal_tetheroffload self:netlink_route_socket { nlmsg_read create_socket_perms_no_ioctl };
+
+
+# Allow receiving NETLINK messages
+allow hal_tetheroffload self:{
+ netlink_socket
+ # Allow querying the network stack via IOCTLs
+ netlink_generic_socket
+} create_socket_perms_no_ioctl;
+
+# Allow creating and modifying the PID file
+allow hal_tetheroffload ipa_vendor_data_file:dir w_dir_perms;
+allow hal_tetheroffload ipa_vendor_data_file:file create_file_perms;
+
+# To register ipacm to hwbinder
+#add_hwservice(ipacm, hal_ipacm_hwservice)
+#binder_call(ipacm, system_server)
diff --git a/private/qtelephony.te b/generic/vendor/common/irsc_util.te
similarity index 73%
copy from private/qtelephony.te
copy to generic/vendor/common/irsc_util.te
index 0a172f9..57936a3 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/irsc_util.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,16 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+type irsc_util, domain;
+type irsc_util_exec, exec_type, vendor_file_type, file_type;
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
+init_daemon_domain(irsc_util)
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+allow irsc_util self:socket create_socket_perms;
+allowxperm irsc_util self:socket ioctl msm_sock_ipc_ioctls;
diff --git a/private/qtelephony.te b/generic/vendor/common/kernel.te
similarity index 73%
copy from private/qtelephony.te
copy to generic/vendor/common/kernel.te
index 0a172f9..5d6b2f1 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/kernel.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,26 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+# for diag over socket
+userdebug_or_eng(`
+ allow kernel self:socket create;
+ allow kernel debugfs_wlan:dir search;
+ allow kernel debugfs_ipc:dir search;
+')
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
+# Access firmware_file
+r_dir_file(kernel, firmware_file)
-app_domain(qtelephony)
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
+# access vendor_firmware_file
+r_dir_file(kernel, vendor_firmware_file)
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+dontaudit kernel kernel:system module_request;
+
+allow kernel persist_file:dir search;
diff --git a/generic/vendor/common/location.te b/generic/vendor/common/location.te
new file mode 100644
index 0000000..1079470
--- /dev/null
+++ b/generic/vendor/common/location.te
@@ -0,0 +1,91 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+# loc_launcher service
+# which launches various other services supporting GPS & Wifi-RTT (LOWI) location
+type location, domain;
+type location_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(location)
+
+# STOPSHIP b/28340421
+# Temporarily grant this permission (for LOWI) and log its use.
+allow location self:capability { net_admin };
+
+allow location self:capability { setgid setuid };
+
+hwbinder_use(location)
+get_prop(location, hwservicemanager_prop)
+allow location fwk_sensor_hwservice:hwservice_manager find;
+binder_call(location, system_server)
+allow location hal_wifi:unix_stream_socket { read write };
+
+# Enable standard network access (for XTRA download)
+net_domain(location)
+
+# And some additional network access
+allow location self:netlink_generic_socket create_socket_perms_no_ioctl;
+allow location self:netlink_socket create_socket_perms_no_ioctl;
+allowxperm location self:udp_socket ioctl { SIOCGIFINDEX SIOCGIFHWADDR SIOCIWFIRSTPRIV_05 };
+
+allow location sysfs_data:file r_file_perms;
+
+allow location self:socket create_socket_perms;
+# whitelist socket ioctl commands
+allowxperm location self:socket ioctl msm_sock_ipc_ioctls;
+
+dontaudit location kernel:system module_request;
+
+allow location proc_net:file r_file_perms;
+
+# execute /vendor/bin/lowi-server
+allow location location_exec:file rx_file_perms;
+
+# /data/vendor/location
+allow location location_data_file:dir create_dir_perms;
+allow location location_data_file:file create_file_perms;
+
+# /dev/socket/location
+allow location location_socket:sock_file create_file_perms;
+allow location location_socket:dir rw_dir_perms;
+
+allow location hal_gnss_qti:unix_dgram_socket sendto;
+
+# /data/vendor/wifi/wpa
+allow location wpa_data_file:dir rw_dir_perms;
+
+allow location wpa_data_file:sock_file create_file_perms;
+
+allow location hal_wifi_supplicant_default:unix_dgram_socket sendto;
+
+userdebug_or_eng(`
+ allow location diag_device:chr_file rw_file_perms;
+')
+
+allow location hal_cne_hwservice:hwservice_manager find;
+binder_call(location, cnd)
+
+get_prop(location, vendor_wifi_prop)
diff --git a/private/qtelephony.te b/generic/vendor/common/mediacodec.te
similarity index 73%
copy from private/qtelephony.te
copy to generic/vendor/common/mediacodec.te
index 0a172f9..4366aff 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/mediacodec.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,20 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+allow mediacodec sysfs_soc:file r_file_perms;
+allow mediacodec sysfs_soc:dir search;
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
+allow mediacodec system_file:dir r_dir_perms;
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+userdebug_or_eng(`
+ allow mediacodec dumpstate:fd use;
+')
+#Allow mediacodec to access vendor_media_data_file files
+allow mediacodec vendor_media_data_file:dir create_dir_perms;
+allow mediacodec vendor_media_data_file:file create_file_perms;
diff --git a/vendor/common/mm-pp-daemon.te b/generic/vendor/common/mm-pp-daemon.te
similarity index 100%
rename from vendor/common/mm-pp-daemon.te
rename to generic/vendor/common/mm-pp-daemon.te
diff --git a/private/qtelephony.te b/generic/vendor/common/msm_irqbalanced.te
similarity index 68%
copy from private/qtelephony.te
copy to generic/vendor/common/msm_irqbalanced.te
index 0a172f9..3c0c011 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/msm_irqbalanced.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,23 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+type msm_irqbalanced, domain;
+type msm_irqbalanced_exec, exec_type, vendor_file_type, file_type;
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
+init_daemon_domain(msm_irqbalanced)
-app_domain(qtelephony)
+allow msm_irqbalanced cgroup:dir { create add_name };
+allow msm_irqbalanced { proc sysfs_devices_system_cpu }:file w_file_perms;
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+# access smp_affinity
+allow msm_irqbalanced proc:file r_file_perms;
+allow msm_irqbalanced proc_interrupts:file r_file_perms;
+allow msm_irqbalanced proc_stat:file r_file_perms;
+# irq_blacklist_on
+allow msm_irqbalanced sysfs_irqbalance:file r_file_perms;
diff --git a/private/qtelephony.te b/generic/vendor/common/netd.te
similarity index 73%
copy from private/qtelephony.te
copy to generic/vendor/common/netd.te
index 0a172f9..72c8aca 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/netd.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,11 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
-
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+dontaudit netd kernel:system module_request;
+dontaudit netd self:capability sys_module;
diff --git a/generic/vendor/common/netmgrd.te b/generic/vendor/common/netmgrd.te
new file mode 100644
index 0000000..ee88a21
--- /dev/null
+++ b/generic/vendor/common/netmgrd.te
@@ -0,0 +1,85 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+type netmgrd, domain;
+type netmgrd_exec, exec_type, vendor_file_type, file_type;
+
+net_domain(netmgrd)
+init_daemon_domain(netmgrd)
+
+# communicate with netd
+unix_socket_connect(netmgrd, netd, netd)
+
+allow netmgrd netmgrd_socket:dir w_dir_perms;
+allow netmgrd netmgrd_socket:sock_file create_file_perms;
+allow netmgrd self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_write };
+allow netmgrd self:netlink_generic_socket create_socket_perms_no_ioctl;
+allow netmgrd self:netlink_route_socket nlmsg_write;
+allow netmgrd self:netlink_socket create_socket_perms_no_ioctl;
+allow netmgrd self:socket create_socket_perms;
+allowxperm netmgrd self:socket ioctl msm_sock_ipc_ioctls;
+allowxperm netmgrd self:udp_socket ioctl priv_sock_ioctls;
+
+allow netmgrd sysfs_net:dir r_dir_perms;
+allow netmgrd sysfs_net:file rw_file_perms;
+allow netmgrd sysfs_soc:dir search;
+allow netmgrd sysfs_soc:file r_file_perms;
+allow netmgrd sysfs_data:file r_file_perms;
+
+wakelock_use(netmgrd)
+
+#Allow netutils usage
+domain_auto_trans(netmgrd, netutils_wrapper_exec, netutils_wrapper)
+
+use_netutils(netmgrd)
+
+#Allow diag logging
+allow netmgrd sysfs_timestamp_switch:file { read open };
+userdebug_or_eng(`
+ r_dir_file(netmgrd, sysfs_diag)
+')
+
+#Ignore if device loading for private IOCTL failed
+dontaudit netmgrd kernel:system { module_request };
+
+allow netmgrd proc_net:file rw_file_perms;
+allow netmgrd netmgr_data_file:dir rw_dir_perms;
+allow netmgrd netmgr_data_file:file create_file_perms;
+allow netmgrd system_file:file execute_no_trans;
+allow netmgrd netmgr_recovery_data_file:file create_file_perms;
+allow netmgrd netmgr_recovery_data_file:dir rw_dir_perms;
+
+get_prop(netmgrd, hwservicemanager_prop)
+hwbinder_use(netmgrd)
+binder_call(netmgrd, netd)
+allow netmgrd system_net_netd_hwservice:hwservice_manager find;
+
+allow netmgrd self:capability { net_admin net_raw setgid setpcap setuid };
+
+allow netmgrd vendor_toolbox_exec:file rx_file_perms;
+
+dontaudit netmgrd kernel:system module_request;
+dontaudit netmgrd self:system module_request;
diff --git a/private/qtelephony.te b/generic/vendor/common/pd_services.te
similarity index 66%
copy from private/qtelephony.te
copy to generic/vendor/common/pd_services.te
index 0a172f9..5461588 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/pd_services.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,24 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+type vendor_pd_mapper, domain;
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
+type vendor_pd_mapper_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(vendor_pd_mapper);
-app_domain(qtelephony)
+allow vendor_pd_mapper self:capability { setgid setpcap setuid net_bind_service };
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
+allow vendor_pd_mapper firmware_file:dir r_dir_perms;
+allow vendor_pd_mapper firmware_file:file r_file_perms;
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+allow vendor_pd_mapper self:socket create_socket_perms;
+allowxperm vendor_pd_mapper self:socket ioctl IPC_ROUTER_IOCTL_BIND_CONTROL_PORT;
+
+allow vendor_pd_mapper sysfs_data:file r_file_perms;
+get_prop(vendor_pd_mapper, vendor_pd_locater_dbg_prop)
diff --git a/private/qtelephony.te b/generic/vendor/common/per_proxy.te
similarity index 73%
copy from private/qtelephony.te
copy to generic/vendor/common/per_proxy.te
index 0a172f9..365f601 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/per_proxy.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,21 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+# Policy for /system/bin/pm-proxy
+type vendor_per_proxy, domain;
+type vendor_per_proxy_exec, exec_type, vendor_file_type, file_type;
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
+init_daemon_domain(vendor_per_proxy)
-app_domain(qtelephony)
+allow vendor_per_proxy vendor_per_mgr_service:service_manager find;
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
+r_dir_file(vendor_per_proxy, sysfs_ssr)
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+vndbinder_use(vendor_per_proxy)
+binder_call(vendor_per_proxy, vendor_per_mgr)
diff --git a/generic/vendor/common/peripheral_manager.te b/generic/vendor/common/peripheral_manager.te
new file mode 100644
index 0000000..b034f92
--- /dev/null
+++ b/generic/vendor/common/peripheral_manager.te
@@ -0,0 +1,58 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+# Policy for pm-service and pm-proxy
+type vendor_per_mgr, domain;
+type vendor_per_mgr_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(vendor_per_mgr);
+
+add_service(vendor_per_mgr, vendor_per_mgr_service)
+
+vndbinder_use(vendor_per_mgr)
+binder_call(vendor_per_mgr, hal_gnss)
+binder_call(vendor_per_mgr, vendor_per_proxy)
+binder_call(vendor_per_mgr, wcnss_service)
+binder_call(vendor_per_mgr, rild)
+
+allow vendor_per_mgr self:capability net_bind_service;
+
+allow vendor_per_mgr firmware_file:file r_file_perms;
+allow vendor_per_mgr firmware_file:dir search;
+
+allow vendor_per_mgr self:socket create_socket_perms;
+allowxperm vendor_per_mgr self:socket ioctl msm_sock_ipc_ioctls;
+allow vendor_per_mgr ssr_device:chr_file { open read };
+
+# Needed by libmdmdetect to figure out the system configuration
+r_dir_file(vendor_per_mgr, sysfs_esoc)
+
+# Needed by libmdmdetect to get subsystem info and to check their states
+r_dir_file(vendor_per_mgr, sysfs_ssr)
+allow vendor_per_mgr sysfs_data:file r_file_perms;
+
+# Set the peripheral state property
+set_prop(vendor_per_mgr, vendor_per_mgr_state_prop);
diff --git a/private/qtelephony.te b/generic/vendor/common/platform_app.te
similarity index 73%
copy from private/qtelephony.te
copy to generic/vendor/common/platform_app.te
index 0a172f9..c8882e9 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/platform_app.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,11 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
-
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+#allow embms app to access vendor radio property
+get_prop(radio, vendor_radio_prop)
diff --git a/private/qtelephony.te b/generic/vendor/common/port-bridge.te
similarity index 70%
copy from private/qtelephony.te
copy to generic/vendor/common/port-bridge.te
index 0a172f9..4cb48ce 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/port-bridge.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,24 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+type port-bridge, domain;
+type port-bridge_exec, exec_type, vendor_file_type, file_type;
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
+init_daemon_domain(port-bridge)
-app_domain(qtelephony)
+#access ipa sysfs node
+allow port-bridge sysfs_data:file r_file_perms;
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
+allow port-bridge sysfs_soc:dir search;
+allow port-bridge sysfs_soc:file r_file_perms;
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+allow port-bridge at_device:chr_file rw_file_perms;
+
+allow port-bridge port_bridge_data_file:file create_file_perms;
+allow port-bridge port_bridge_data_file:dir w_dir_perms;
diff --git a/vendor/common/priv_app.te b/generic/vendor/common/priv_app.te
similarity index 100%
rename from vendor/common/priv_app.te
rename to generic/vendor/common/priv_app.te
diff --git a/generic/vendor/common/property.te b/generic/vendor/common/property.te
new file mode 100644
index 0000000..dd04907
--- /dev/null
+++ b/generic/vendor/common/property.te
@@ -0,0 +1,86 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+type ctl_netmgrd_prop, property_type;
+type ctl_port-bridge_prop, property_type;
+type ctl_qcrild_prop, property_type;
+type vendor_camera_prop, property_type;
+type cnd_prop, property_type;
+type crash_cnt_prop, property_type;
+type crash_detect_prop, property_type;
+type ims_prop, property_type;
+type ipacm_prop, property_type;
+type ipacm-diag_prop, property_type;
+type vendor_modem_diag_prop, property_type;
+type msm_irqbalance_prop, property_type;
+type vendor_per_mgr_state_prop, property_type;
+type vendor_dataqti_prop, property_type;
+type vendor_dataqdp_prop, property_type;
+type vendor_ramdump_prop, property_type;
+type sensors_prop, property_type;
+type vendor_tee_listener_prop, property_type;
+type vendor_display_prop, property_type;
+type vendor_usb_prop, property_type;
+type vendor_radio_prop, property_type;
+
+#Needed for ubwc support
+type vendor_gralloc_prop, property_type;
+
+type vendor_system_prop, property_type;
+
+#imsrcsservice
+type ctl_vendor_imsrcsservice_prop, property_type;
+
+#mpdecision
+type vendor_mpdecision_prop, property_type;
+
+# HBTP
+type ctl_vendor_hbtp_prop, property_type;
+
+# Bluetooth props
+type vendor_bluetooth_prop, property_type;
+
+# Audio props
+type vendor_audio_prop, property_type;
+
+#ss-restart
+type vendor_ssr_prop, property_type;
+
+#ss-services (PD)
+type vendor_pd_locater_dbg_prop, property_type;
+
+#rmt_storage
+type ctl_vendor_rmt_storage_prop, property_type;
+
+type vendor_gpu_prop, property_type;
+
+type public_vendor_default_prop, property_type;
+
+# alarm property
+type vendor_alarm_boot_prop, property_type;
+
+#wlan-vendor prop
+type vendor_wifi_prop, property_type;
diff --git a/vendor/common/property_contexts b/generic/vendor/common/property_contexts
similarity index 72%
rename from vendor/common/property_contexts
rename to generic/vendor/common/property_contexts
index 0f55db9..c6597ff 100644
--- a/vendor/common/property_contexts
+++ b/generic/vendor/common/property_contexts
@@ -1,3 +1,29 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
persist.vendor.service.bdroid. u:object_r:vendor_bluetooth_prop:s0
persist.vendor.bluetooth. u:object_r:vendor_bluetooth_prop:s0
vendor.wc_transport. u:object_r:vendor_bluetooth_prop:s0
diff --git a/private/qtelephony.te b/generic/vendor/common/qlogd.te
similarity index 71%
copy from private/qtelephony.te
copy to generic/vendor/common/qlogd.te
index 0a172f9..7e1b15e 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/qlogd.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,24 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+type qlogd, domain;
+type qlogd_exec, exec_type, vendor_file_type, file_type;
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
+userdebug_or_eng(`
+ # make transition from init to its domain
+ init_daemon_domain(qlogd)
-app_domain(qtelephony)
+ allow qlogd diag_device:chr_file rw_file_perms;
+ allow qlogd qlogd_exec:file rx_file_perms;
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
+ allow qlogd radio_vendor_data_file:file create_file_perms;
+ allow qlogd radio_vendor_data_file:dir create_dir_perms;
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+ set_prop(qlogd, vendor_modem_diag_prop)
+')
diff --git a/private/qtelephony.te b/generic/vendor/common/qti.te
similarity index 68%
copy from private/qtelephony.te
copy to generic/vendor/common/qti.te
index 0a172f9..4eb63c2 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/qti.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,30 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+type qti, domain;
+type qti_exec, exec_type, vendor_file_type, file_type;
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
+init_daemon_domain(qti)
+net_domain(qti)
-app_domain(qtelephony)
+allow qti sysfs_soc:dir search;
+allow qti sysfs_soc:file r_file_perms;
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
+allow qti smd_device:chr_file rw_file_perms;
+allow qti rmnet_device:chr_file rw_file_perms;
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+allow qti self:socket create_socket_perms;
+allowxperm qti self:socket ioctl msm_sock_ipc_ioctls;
+allow qti { vendor_shell_exec }:file rx_file_perms;
+
+#diag
+userdebug_or_eng(`
+ diag_use(qti)
+ allow qti sysfs_data:file r_file_perms;
+')
diff --git a/private/qtelephony.te b/generic/vendor/common/radio.te
similarity index 62%
copy from private/qtelephony.te
copy to generic/vendor/common/radio.te
index 0a172f9..545a83c 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/radio.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,37 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+get_prop(radio, ims_prop)
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
+allow radio vendor_file:lnk_file r_file_perms;
+allow radio vendor_framework_file:file r_file_perms;
+allow radio vendor_framework_file:dir search;
-app_domain(qtelephony)
+hwbinder_use(radio)
+allow radio vnd_ims_radio_hwservice:hwservice_manager find;
+allow radio vnd_qcrilhook_hwservice:hwservice_manager find;
+allow radio hal_imsrtp_hwservice:hwservice_manager find;
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
+add_service(radio, radio_service)
+allow radio {
+ mediaextractor_service
+ mediacodec_service
+}:service_manager find;
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+# IMS needs permission to use avtimer
+allow radio avtimer_device:chr_file r_file_perms;
+
+binder_call(radio, hal_imsrtp)
+
+#diag
+userdebug_or_eng(`
+ diag_use(radio)
+')
+
+get_prop(radio, vendor_radio_prop)
diff --git a/vendor/common/recovery.te b/generic/vendor/common/recovery.te
similarity index 100%
rename from vendor/common/recovery.te
rename to generic/vendor/common/recovery.te
diff --git a/generic/vendor/common/rfs_access.te b/generic/vendor/common/rfs_access.te
new file mode 100644
index 0000000..4f4bb52
--- /dev/null
+++ b/generic/vendor/common/rfs_access.te
@@ -0,0 +1,55 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+type rfs_access, domain;
+type rfs_access_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(rfs_access)
+
+#For tftp server
+allow rfs_access self:capability { chown setgid setpcap setuid net_bind_service };
+
+wakelock_use(rfs_access)
+
+type_transition rfs_access mnt_vendor_file:{ dir file } persist_rfs_file;
+type_transition rfs_access mnt_vendor_file:dir persist_rfs_shared_hlos_file "hlos_rfs";
+
+r_dir_file(rfs_access, firmware_file);
+
+allow rfs_access mnt_vendor_file:dir create_dir_perms;
+
+allow rfs_access persist_rfs_file:dir search;
+allow rfs_access persist_rfs_file:dir create_dir_perms;
+allow rfs_access persist_rfs_file:file create_file_perms;
+allow rfs_access persist_rfs_shared_hlos_file:dir create_dir_perms;
+allow rfs_access persist_rfs_shared_hlos_file:file create_file_perms;
+
+#For QMI sockets and IPCR Sockets
+allow rfs_access self:{ socket qipcrtr_socket } create_socket_perms_no_ioctl;
+
+allow rfs_access vendor_tombstone_data_file:dir create_dir_perms;
+allow rfs_access vendor_tombstone_data_file:file create_file_perms;
+
diff --git a/generic/vendor/common/rild.te b/generic/vendor/common/rild.te
new file mode 100644
index 0000000..09dc61f
--- /dev/null
+++ b/generic/vendor/common/rild.te
@@ -0,0 +1,59 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+binder_call(rild, vendor_per_mgr)
+
+vndbinder_use(rild)
+
+allow rild netmgrd_socket:dir search;
+unix_socket_connect(rild, netmgrd, netmgrd)
+
+allow rild vendor_file:file { execute_no_trans lock ioctl };
+
+allow rild vendor_per_mgr_service:service_manager find;
+
+add_hwservice(rild, vnd_ims_radio_hwservice)
+add_hwservice(rild, vnd_qcrilhook_hwservice)
+
+allow rild self:socket ioctl;
+allowxperm rild self:socket ioctl msm_sock_ipc_ioctls;
+allow rild time_daemon:unix_stream_socket connectto;
+
+allow rild radio_vendor_data_file:dir rw_dir_perms;
+allow rild radio_vendor_data_file:file create_file_perms;
+
+userdebug_or_eng(`
+ allow rild diag_device:chr_file rw_file_perms;
+ get_prop(rild, vendor_pd_locater_dbg_prop)
+')
+
+hal_server_domain(rild, hal_secure_element)
+
+get_prop(rild, exported3_radio_prop)
+get_prop(rild, vendor_dataqdp_prop)
+
+allow rild qmuxd_socket:dir w_dir_perms;
+allow rild qmuxd_socket:sock_file create_file_perms;
diff --git a/generic/vendor/common/rmt_storage.te b/generic/vendor/common/rmt_storage.te
new file mode 100644
index 0000000..6aeda0e
--- /dev/null
+++ b/generic/vendor/common/rmt_storage.te
@@ -0,0 +1,57 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+type rmt_storage, domain;
+type rmt_storage_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(rmt_storage)
+
+wakelock_use(rmt_storage)
+
+allow rmt_storage self:capability { net_bind_service setgid setpcap setuid };
+
+set_prop(rmt_storage, ctl_vendor_rmt_storage_prop)
+
+allow rmt_storage cgroup:dir create_dir_perms;
+allow rmt_storage uio_device:chr_file rw_file_perms;
+
+allow rmt_storage self:{ socket qipcrtr_socket } create_socket_perms;
+allowxperm rmt_storage self:{ socket qipcrtr_socket } ioctl msm_sock_ipc_ioctls;
+
+allow rmt_storage kmsg_device:chr_file w_file_perms;
+
+r_dir_file(rmt_storage, sysfs_uio)
+r_dir_file(rmt_storage, sysfs_uio_file)
+
+allow rmt_storage block_device:dir r_dir_perms;
+
+allow rmt_storage {
+ modem_efs_partition_device
+ ssd_block_device
+}:blk_file rw_file_perms;
+
+#sysfs_ssr
+r_dir_file(rmt_storage, sysfs_ssr)
diff --git a/private/qtelephony.te b/generic/vendor/common/seapp_contexts
similarity index 64%
copy from private/qtelephony.te
copy to generic/vendor/common/seapp_contexts
index 0a172f9..d6817d6 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/seapp_contexts
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,21 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#Add new domain for DataServices
+# Needed for CNEService , uceShimService and other connectivity services
+user=radio seinfo=platform name=.dataservices domain=dataservice_app type=radio_data_file
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
+# A fallback in case tango_core is missing something critical that untrusted_app provides
+user=_app seinfo=tango name=com.google.tango:app domain=untrusted_app type=app_data_file levelFrom=user
-app_domain(qtelephony)
+#Needed for time service apk
+user=_app seinfo=platform name=com.qualcomm.timeservice domain=timeservice_app type=app_data_file
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+# AtFwd app
+user=_app seinfo=platform name=com.qualcomm.telephony domain=qtelephony type=app_data_file levelFrom=all
diff --git a/generic/vendor/common/sensors.te b/generic/vendor/common/sensors.te
new file mode 100644
index 0000000..983b7ca
--- /dev/null
+++ b/generic/vendor/common/sensors.te
@@ -0,0 +1,62 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+# Policy for sensor daemon
+type sensors, domain;
+type sensors_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(sensors)
+
+allow sensors self:capability {
+ setuid
+ setgid
+ net_bind_service
+};
+
+allow sensors self:socket create_socket_perms;
+allowxperm sensors self:socket ioctl msm_sock_ipc_ioctls;
+
+allow sensors persist_sensors_file:dir rw_dir_perms;
+allow sensors persist_sensors_file:file create_file_perms;
+allow sensors mnt_vendor_file:dir r_dir_perms;
+
+allow sensors sensors_vendor_data_file:dir create_dir_perms;
+allow sensors sensors_vendor_data_file:file create_file_perms;
+
+allow sensors system_file:dir r_dir_perms;
+allow sensors sensors_device:chr_file rw_file_perms;
+
+allow sensors sysfs:dir r_dir_perms;
+allow sensors sysfs_soc:dir r_dir_perms;
+allow sensors sysfs_soc:file rw_file_perms;
+allow sensors sysfs_data:file r_file_perms;
+
+allow sensors ion_device:chr_file r_file_perms;
+allow sensors qdsp_device:chr_file r_file_perms;
+allow sensors xdsp_device:chr_file r_file_perms;
+
+# For reading dir/files on /dsp
+r_dir_file(sensors, adsprpcd_file)
diff --git a/private/qtelephony.te b/generic/vendor/common/service.te
similarity index 73%
copy from private/qtelephony.te
copy to generic/vendor/common/service.te
index 0a172f9..ddecb42 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/service.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,10 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
-
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+type imsuce_service, service_manager_type;
diff --git a/private/qtelephony.te b/generic/vendor/common/service_contexts
similarity index 73%
copy from private/qtelephony.te
copy to generic/vendor/common/service_contexts
index 0a172f9..860ef98 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/service_contexts
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,12 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
-
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+rcs u:object_r:radio_service:s0
+com.fingerprints.extension.IFingerprintNavigation u:object_r:fingerprint_service:s0
+com.qualcomm.qti.uceservice u:object_r:imsuce_service:s0
diff --git a/private/qtelephony.te b/generic/vendor/common/shell.te
similarity index 73%
copy from private/qtelephony.te
copy to generic/vendor/common/shell.te
index 0a172f9..0c5f011 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/shell.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,10 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
-
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
diff --git a/private/qtelephony.te b/generic/vendor/common/ssr_diag.te
similarity index 73%
copy from private/qtelephony.te
copy to generic/vendor/common/ssr_diag.te
index 0a172f9..347e5d2 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/ssr_diag.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,13 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+type vendor_ssr_diag, domain;
+type vendor_ssr_diag_exec, exec_type, vendor_file_type, file_type;
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
-
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+init_daemon_domain(vendor_ssr_diag);
diff --git a/private/qtelephony.te b/generic/vendor/common/ssr_setup.te
similarity index 67%
copy from private/qtelephony.te
copy to generic/vendor/common/ssr_setup.te
index 0a172f9..cc9a014 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/ssr_setup.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,26 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+type vendor_ssr_setup, domain;
+type vendor_ssr_setup_exec, exec_type, vendor_file_type, file_type;
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
+init_daemon_domain(vendor_ssr_setup);
-app_domain(qtelephony)
+# Required to discover esoc's
+r_dir_file(vendor_ssr_setup, sysfs_esoc)
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
+# Required to enable/disable ssr
+r_dir_file(vendor_ssr_setup, sysfs_ssr)
+allow vendor_ssr_setup sysfs_ssr:lnk_file w_file_perms;
+allow vendor_ssr_setup sysfs_ssr_toggle:file rw_file_perms;
+allow vendor_ssr_setup sysfs_ssr:file rw_file_perms;
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+allow vendor_ssr_setup sysfs_data:file r_file_perms;
+
+get_prop(vendor_ssr_setup, vendor_ssr_prop)
diff --git a/private/qtelephony.te b/generic/vendor/common/subsystem_ramdump.te
similarity index 61%
copy from private/qtelephony.te
copy to generic/vendor/common/subsystem_ramdump.te
index 0a172f9..94503b1 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/subsystem_ramdump.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,29 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+type vendor_subsystem_ramdump_exec, exec_type, vendor_file_type, file_type;
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
+userdebug_or_eng(`
+ type vendor_subsystem_ramdump, domain;
-app_domain(qtelephony)
+ init_daemon_domain(vendor_subsystem_ramdump);
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
+ allow vendor_subsystem_ramdump device:dir r_dir_perms;
+ allow vendor_subsystem_ramdump ramdump_device:chr_file r_file_perms;
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+ r_dir_file(vendor_subsystem_ramdump, sysfs_type);
+
+ allow vendor_subsystem_ramdump ramdump_vendor_data_file:dir rw_dir_perms;
+ allow vendor_subsystem_ramdump ramdump_vendor_data_file:file create_file_perms;
+
+ set_prop(vendor_subsystem_ramdump, vendor_ssr_prop);
+
+ allow vendor_subsystem_ramdump vendor_mdmhelperdata_data_file:dir r_dir_perms;
+ allow vendor_subsystem_ramdump vendor_mdmhelperdata_data_file:file r_file_perms;
+')
diff --git a/private/qtelephony.te b/generic/vendor/common/surfaceflinger.te
similarity index 73%
copy from private/qtelephony.te
copy to generic/vendor/common/surfaceflinger.te
index 0a172f9..85bebdb 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/surfaceflinger.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,23 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+dontaudit surfaceflinger firmware_file:dir search;
+dontaudit surfaceflinger kernel:system module_request;
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
+allow surfaceflinger sysfs_graphics:file rw_file_perms;
-app_domain(qtelephony)
+#diag
+userdebug_or_eng(`
+ diag_use(surfaceflinger)
+')
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+allow surfaceflinger {
+ vendor_gralloc_prop
+ vendor_display_prop
+}:file r_file_perms;
diff --git a/private/qtelephony.te b/generic/vendor/common/system_app.te
old mode 100644
new mode 100755
similarity index 73%
copy from private/qtelephony.te
copy to generic/vendor/common/system_app.te
index 0a172f9..8bbea8f
--- a/private/qtelephony.te
+++ b/generic/vendor/common/system_app.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,21 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+# read regulatory info
+allow system_app elabel_data_file:dir r_dir_perms;
+allow system_app elabel_data_file:file r_file_perms;
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
+# Allow hbtp hal Service to be found
+hal_client_domain(system_app, hal_hbtp)
-app_domain(qtelephony)
+#secureUI
+hal_client_domain(system_app, hal_qdutils_disp);
+hal_client_domain(system_app, hal_tui_comm);
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+get_prop(system_app, vendor_radio_prop)
diff --git a/private/qtelephony.te b/generic/vendor/common/system_server.te
similarity index 62%
copy from private/qtelephony.te
copy to generic/vendor/common/system_server.te
index 0a172f9..1c31fb7 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/system_server.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,29 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+allow system_server self:socket ioctl;
+allowxperm system_server self:socket ioctl msm_sock_ipc_ioctls;
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
+binder_call(system_server, hal_camera_default)
-app_domain(qtelephony)
+allow system_server persist_file:dir search;
+allow system_server persist_sensors_file:dir search;
+allow system_server persist_sensors_file:file r_file_perms;
+allow system_server wlan_device:chr_file rw_file_perms;
+allow system_server hal_audio_default:file w_file_perms;
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
+allow system_server sysfs_sensors:dir search;
+allow system_server sysfs_sensors:file rw_file_perms;
+binder_call(system_server, mm-pp-daemon)
+# allow access to low persistence mode sysfs node
+allow system_server sysfs_graphics:file rw_file_perms;
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+userdebug_or_eng(`
+ diag_use(system_server)
+')
diff --git a/generic/vendor/common/te_macros b/generic/vendor/common/te_macros
new file mode 100644
index 0000000..0506284
--- /dev/null
+++ b/generic/vendor/common/te_macros
@@ -0,0 +1,78 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+########################################
+## peripheral_manager
+## Allow clients to interact with peripheral
+## manager
+define(`use_vendor_per_mgr', `
+ vndbinder_use($1);
+ binder_call(vendor_per_mgr, $1);
+ binder_call($1, vendor_per_mgr);
+ allow $1 vendor_per_mgr_service:service_manager find;
+ get_prop($1, vendor_per_mgr_state_prop);
+')
+
+#####################################
+## use_netutils(clientdomain)
+## allow access to netutils from vendor
+define(`use_netutils', `
+ domain_auto_trans($1, netutils_wrapper_exec, netutils_wrapper)
+ allow netutils_wrapper $1:fd use;
+ allow netutils_wrapper $1:fifo_file { read write getattr };
+ allow netutils_wrapper $1:netlink_route_socket { read write };
+ allow netutils_wrapper $1:unix_stream_socket { read write };
+ allow netutils_wrapper $1:netlink_generic_socket { read write };
+ allow netutils_wrapper $1:netlink_xfrm_socket { read write };
+ allow netutils_wrapper $1:udp_socket { read write };
+ allow netutils_wrapper $1:tcp_socket { read write };
+')
+
+#####################################
+## hal_server_domain_bypass(domain, hal_type)
+## Allow a base set of permissions required for a domain to offer a
+## HAL implementation of the specified type over HwBinder without
+## halserverdomain attribute
+##
+## For example, default implementation of Foo HAL:
+## type hal_foo_default, domain;
+## hal_server_domain_bypass(hal_foo_default, hal_foo)
+##
+define(`hal_server_domain_bypass', `
+ hwbinder_use($1)
+ allow $1 system_file:dir r_dir_perms;
+ get_prop($1, hwservicemanager_prop)
+ typeattribute $1 $2_server;
+ typeattribute $1 $2;
+')
+
+#####################################
+## diag_use(clientdomain)
+## allow clientdomain to read/write to diag
+define(`diag_use', `
+ r_dir_file($1, sysfs_diag)
+ allow $1 diag_device:chr_file rw_file_perms;
+')
diff --git a/generic/vendor/common/tee.te b/generic/vendor/common/tee.te
new file mode 100644
index 0000000..89632d1
--- /dev/null
+++ b/generic/vendor/common/tee.te
@@ -0,0 +1,60 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+allow tee self:capability { chown setgid setuid sys_admin sys_rawio };
+
+allow tee device:dir r_dir_perms;
+
+set_prop(tee, vendor_tee_listener_prop)
+
+allow tee firmware_file:dir search;
+allow tee block_device:dir { getattr search };
+allow tee rpmb_device:blk_file rw_file_perms;
+allow tee ssd_block_device:blk_file rw_file_perms;
+allow tee sg_device:chr_file { rw_file_perms setattr };
+
+allow tee mnt_vendor_file:dir r_dir_perms;
+allow tee persist_drm_file:dir create_dir_perms;
+allow tee persist_drm_file:file create_file_perms;
+allow tee persist_data_file:dir create_dir_perms;
+allow tee persist_data_file:file create_file_perms;
+
+allow tee time_daemon:unix_stream_socket connectto;
+
+# Allow SFS to write to data partition
+allow tee data_tzstorage_file:dir create_dir_perms;
+allow tee data_tzstorage_file:file create_file_perms;
+
+#secureUI
+hal_client_domain(tee, hal_tui_comm);
+hal_client_domain(tee, hal_qdutils_disp);
+hal_client_domain(tee, hal_graphics_allocator);
+vndbinder_use(tee);
+allow tee qdisplay_service:service_manager find;
+hal_client_domain(tee, hal_graphics_composer);
+allow tee sysfs_sectouch:file rw_file_perms;
+allow tee vendor_tui_data_file:file rw_file_perms;
+allow tee vendor_tui_data_file:dir search;
diff --git a/generic/vendor/common/thermal-engine.te b/generic/vendor/common/thermal-engine.te
new file mode 100644
index 0000000..cb2ebdc
--- /dev/null
+++ b/generic/vendor/common/thermal-engine.te
@@ -0,0 +1,73 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+type thermal-engine, domain;
+type thermal-engine_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(thermal-engine)
+
+allow thermal-engine self:capability2 block_suspend;
+
+# to read /sys/devices
+allow thermal-engine sysfs:dir r_dir_perms;
+
+# This is required for thermal sysfs access
+r_dir_file(thermal-engine, sysfs_thermal)
+allow thermal-engine sysfs_thermal:file w_file_perms;
+
+# Allow to read and write cpufreq sysfs
+allow thermal-engine sysfs_devices_system_cpu:file rw_file_perms;
+
+# To search, read and write kgsl sysfs
+allow thermal-engine sysfs_kgsl:dir r_dir_perms;
+allow thermal-engine sysfs_kgsl:file rw_file_perms;
+allow thermal-engine sysfs_kgsl:lnk_file r_file_perms;
+
+allow thermal-engine sysfs_data:file r_file_perms;
+
+# This is required read and write battery power supply sysfs
+allow thermal-engine sysfs_battery_supply:dir r_dir_perms;
+allow thermal-engine sysfs_battery_supply:file rw_file_perms;
+allow thermal-engine sysfs_battery_supply:lnk_file r_file_perms;
+
+# This is required to read and write lcd-backlight sysfs
+allow thermal-engine sysfs_graphics:dir r_dir_perms;
+allow thermal-engine sysfs_graphics:file rw_file_perms;
+allow thermal-engine sysfs_graphics:lnk_file r_file_perms;
+
+r_dir_file(thermal-engine, sysfs_ssr);
+r_dir_file(thermal-engine, sysfs_leds)
+
+allow thermal-engine audio_device:chr_file rw_file_perms;
+
+allow thermal-engine self:socket create_socket_perms;
+allowxperm thermal-engine self:socket ioctl msm_sock_ipc_ioctls;
+
+# reboot/shutdown for thermal limits exceeded
+set_prop(thermal-engine, powerctl_prop)
+
+# netlink access
+allow thermal-engine self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
diff --git a/private/qtelephony.te b/generic/vendor/common/time_daemon.te
similarity index 61%
copy from private/qtelephony.te
copy to generic/vendor/common/time_daemon.te
index 0a172f9..3d0d6b1 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/time_daemon.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,33 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+type time_daemon, domain;
+type time_daemon_exec, exec_type, vendor_file_type, file_type;
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
+init_daemon_domain(time_daemon)
-app_domain(qtelephony)
+allow time_daemon self:capability { setgid setuid sys_time };
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
+allow time_daemon rtc_device:chr_file r_file_perms;
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+r_dir_file(time_daemon, sysfs_esoc);
+
+allow time_daemon sysfs_soc:dir search;
+allow time_daemon sysfs_soc:file r_file_perms;
+
+allow time_daemon persist_time_file:dir w_dir_perms;
+allow time_daemon persist_time_file:file create_file_perms;
+allow time_daemon persist_time_file:dir search;
+
+allow time_daemon mnt_vendor_file:dir search;
+
+allow time_daemon self:socket create_socket_perms;
+allowxperm time_daemon self:socket ioctl msm_sock_ipc_ioctls;
+
+allow time_daemon sysfs_data:file r_file_perms;
diff --git a/private/qtelephony.te b/generic/vendor/common/timeservice_app.te
similarity index 73%
copy from private/qtelephony.te
copy to generic/vendor/common/timeservice_app.te
index 0a172f9..768767e 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/timeservice_app.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,15 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+type timeservice_app, domain;
+app_domain(timeservice_app);
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
-
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+allow timeservice_app app_api_service:service_manager find;
+allow timeservice_app app_data_file:dir { search getattr };
+allow timeservice_app time_daemon:unix_stream_socket connectto;
diff --git a/vendor/common/tlocd.te b/generic/vendor/common/tlocd.te
similarity index 100%
rename from vendor/common/tlocd.te
rename to generic/vendor/common/tlocd.te
diff --git a/private/qtelephony.te b/generic/vendor/common/ueventd.te
similarity index 64%
copy from private/qtelephony.te
copy to generic/vendor/common/ueventd.te
index 0a172f9..f211ed4 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/ueventd.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,34 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+# For setting up various WIGIG files
+allow ueventd sysfs_bond0:file rw_file_perms;
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
+allow ueventd sysfs_usb_c:file w_file_perms;
-app_domain(qtelephony)
+allow ueventd {
+ { sysfs_type - usermodehelper }
+ sysfs_battery_supply
+ sysfs_data
+ sysfs_graphics
+ sysfs_kgsl
+ sysfs_leds
+ sysfs_net
+ sysfs_scsi_host
+ sysfs_soc
+ sysfs_thermal
+ sysfs_usbpd_device
+ sysfs_usb_supply
+}:file w_file_perms;
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+allow ueventd firmware_file:dir search;
+allow ueventd firmware_file:file r_file_perms;
+allow ueventd tmpfs:blk_file getattr;
+allow ueventd persist_file:dir search;
+allow ueventd persist_file:file r_file_perms;
diff --git a/vendor/common/update_engine.te b/generic/vendor/common/update_engine.te
similarity index 100%
rename from vendor/common/update_engine.te
rename to generic/vendor/common/update_engine.te
diff --git a/vendor/common/vendor_init.te b/generic/vendor/common/vendor_init.te
similarity index 100%
rename from vendor/common/vendor_init.te
rename to generic/vendor/common/vendor_init.te
diff --git a/private/qtelephony.te b/generic/vendor/common/vndservice.te
similarity index 73%
copy from private/qtelephony.te
copy to generic/vendor/common/vndservice.te
index 0a172f9..d03cfa7 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/vndservice.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,11 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
-
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+type qdisplay_service, vndservice_manager_type;
+type vendor_per_mgr_service, vndservice_manager_type;
diff --git a/private/qtelephony.te b/generic/vendor/common/vndservice_contexts
similarity index 73%
copy from private/qtelephony.te
copy to generic/vendor/common/vndservice_contexts
index 0a172f9..4b9491d 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/vndservice_contexts
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,11 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
-
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+display.qservice u:object_r:qdisplay_service:s0
+vendor.qcom.PeripheralManager u:object_r:vendor_per_mgr_service:s0
diff --git a/private/qtelephony.te b/generic/vendor/common/vold.te
similarity index 73%
copy from private/qtelephony.te
copy to generic/vendor/common/vold.te
index 0a172f9..f5537d5 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/vold.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,11 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+get_prop(vold, vendor_tee_listener_prop)
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
-
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
diff --git a/private/qtelephony.te b/generic/vendor/common/wcnss_filter.te
similarity index 67%
copy from private/qtelephony.te
copy to generic/vendor/common/wcnss_filter.te
index 0a172f9..3c68f2c 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/common/wcnss_filter.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,25 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+type wcnss_filter, domain;
+type wcnss_filter_exec, exec_type, vendor_file_type, file_type;
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
+init_daemon_domain(wcnss_filter)
-app_domain(qtelephony)
+allow wcnss_filter hci_attach_dev:chr_file rw_file_perms;
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
+userdebug_or_eng(`
+ allow wcnss_filter diag_device:chr_file rw_file_perms;
+ allow wcnss_filter ramdump_vendor_data_file:dir create_dir_perms;
+ allow wcnss_filter ramdump_vendor_data_file:file create_file_perms;
+ r_dir_file(wcnss_filter, debugfs_ipc)
+')
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+# allow wcnss to set threads to RT priority
+allow wcnss_filter self:capability sys_nice;
diff --git a/generic/vendor/common/wcnss_service.te b/generic/vendor/common/wcnss_service.te
new file mode 100644
index 0000000..a85721e
--- /dev/null
+++ b/generic/vendor/common/wcnss_service.te
@@ -0,0 +1,74 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+type wcnss_service, domain;
+type wcnss_service_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(wcnss_service)
+net_domain(wcnss_service)
+
+vndbinder_use(wcnss_service)
+binder_call(wcnss_service, vendor_per_mgr)
+
+allow wcnss_service vendor_per_mgr_service:service_manager find;
+
+allow wcnss_service vendor_shell_exec:file rx_file_perms;
+allow wcnss_service vendor_toolbox_exec:file rx_file_perms;
+
+allow wcnss_service proc_net:file w_file_perms;
+
+allow wcnss_service self:socket create_socket_perms;
+allowxperm wcnss_service self:socket ioctl msm_sock_ipc_ioctls;
+allowxperm wcnss_service self:udp_socket ioctl { SIOCIWFIRSTPRIV_05 SIOCSIFFLAGS };
+
+allow wcnss_service self:netlink_generic_socket create_socket_perms_no_ioctl;
+allow wcnss_service self:netlink_socket create_socket_perms_no_ioctl;
+
+allow wcnss_service firmware_file:dir r_dir_perms;
+allow wcnss_service firmware_file:file r_file_perms;
+
+allow wcnss_service sysfs_soc:dir search;
+allow wcnss_service sysfs_soc:file r_file_perms;
+
+allow wcnss_service wpa_data_file:dir create_dir_perms;
+allow wcnss_service wpa_data_file:file create_file_perms;
+
+allow wcnss_service proc_net:file getattr;
+
+allow wcnss_service sysfs_data:file r_file_perms;
+# pkt logging for cnss_diag
+userdebug_or_eng(`
+ r_dir_file(wcnss_service, proc_wifi_dbg)
+')
+
+userdebug_or_eng(`
+allow wcnss_service wifi_vendor_log_data_file:dir create_dir_perms;
+allow wcnss_service wifi_vendor_log_data_file:file create_file_perms;
+# This is needed for ptt_socket_app to write logs file collected to sdcard
+r_dir_file(wcnss_service, storage_file)
+r_dir_file(wcnss_service, mnt_user_file)
+')
+
diff --git a/vendor/msm8996/device.te b/generic/vendor/msm8996/device.te
similarity index 100%
rename from vendor/msm8996/device.te
rename to generic/vendor/msm8996/device.te
diff --git a/vendor/msm8996/file_contexts b/generic/vendor/msm8996/file_contexts
similarity index 100%
rename from vendor/msm8996/file_contexts
rename to generic/vendor/msm8996/file_contexts
diff --git a/vendor/msm8996/hal_audiocontrol_qti.te b/generic/vendor/msm8996/hal_audiocontrol_qti.te
similarity index 100%
rename from vendor/msm8996/hal_audiocontrol_qti.te
rename to generic/vendor/msm8996/hal_audiocontrol_qti.te
diff --git a/vendor/msm8996/hal_automotive_vehicle_qti.te b/generic/vendor/msm8996/hal_automotive_vehicle_qti.te
similarity index 100%
rename from vendor/msm8996/hal_automotive_vehicle_qti.te
rename to generic/vendor/msm8996/hal_automotive_vehicle_qti.te
diff --git a/vendor/msm8996/init-qti-fbe-sh.te b/generic/vendor/msm8996/init-qti-fbe-sh.te
similarity index 100%
rename from vendor/msm8996/init-qti-fbe-sh.te
rename to generic/vendor/msm8996/init-qti-fbe-sh.te
diff --git a/private/qtelephony.te b/generic/vendor/msmnile/device.te
similarity index 73%
copy from private/qtelephony.te
copy to generic/vendor/msmnile/device.te
index 0a172f9..91f19d2 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/msmnile/device.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,20 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
-
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+type sysfs_usb_controller, sysfs_type, fs_type;
+#type sysfs_qdss_dev;
+type uefi_block_device, dev_type;
+type ssd_device, dev_type;
+#logdump partition
+type logdump_partition, dev_type;
+type mba_debug_dev, dev_type;
+type dip_device, dev_type;
+type efs_boot_dev, dev_type;
+type rawdump_block_device, dev_type;
diff --git a/private/qtelephony.te b/generic/vendor/msmnile/file.te
similarity index 73%
copy from private/qtelephony.te
copy to generic/vendor/msmnile/file.te
index 0a172f9..ebc63fe 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/msmnile/file.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,11 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
-
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+type sysfs_qdss_dev, sysfs_type, fs_type;
diff --git a/generic/vendor/msmnile/file_contexts b/generic/vendor/msmnile/file_contexts
new file mode 100644
index 0000000..944f5ee
--- /dev/null
+++ b/generic/vendor/msmnile/file_contexts
@@ -0,0 +1,158 @@
+# Copyright (c) 2016-2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+###################################
+# Dev block nodes
+
+# UFS Devices
+/dev/block/platform/soc/1d84000.ufshc/by-name/system u:object_r:system_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/metadata u:object_r:metadata_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/userdata u:object_r:userdata_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/boot u:object_r:boot_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/logdump u:object_r:logdump_partition:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/fsc u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/fsg u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/modemst1 u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/modemst2 u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/ssd u:object_r:ssd_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/misc u:object_r:misc_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/rpm u:object_r:rpmb_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/msadp u:object_r:mba_debug_dev:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/recovery u:object_r:recovery_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/cache u:object_r:cache_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/frp u:object_r:frp_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/mdtp u:object_r:mdtp_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/dip u:object_r:dip_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/mdm1m9kefs1 u:object_r:efs_boot_dev:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/mdm1m9kefs2 u:object_r:efs_boot_dev:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/mdm1m9kefs3 u:object_r:efs_boot_dev:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/mdmddr u:object_r:efs_boot_dev:s0
+
+#rawdump partition
+/dev/block/platform/soc/1d84000.ufshc/by-name/rawdump u:object_r:rawdump_block_device:s0
+
+# A/B partitions.
+/dev/block/platform/soc/1d84000.ufshc/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/aop_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/apdp_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/bluetooth_[ab] u:object_r:modem_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/boot_[ab] u:object_r:boot_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/cmnlib_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/cmnlib64_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/devcfg_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/dsp_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/hyp_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/keymaster_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/mdtp_[ab] u:object_r:mdtp_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/mdtpsecapp_[ab] u:object_r:mdtp_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/modem_[ab] u:object_r:modem_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/msadp_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/persist u:object_r:persist_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/pmic_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/qupfw_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/rpm_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/system_[ab] u:object_r:system_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/tz_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/vendor_[ab] u:object_r:system_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/xbl_[ab] u:object_r:xbl_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/uefisecapp_[ab] u:object_r:uefi_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/xbl_config_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/imagefv_[ab] u:object_r:custom_ab_block_device:s0
+
+# Block device holding the GPT, where the A/B attributes are stored.
+/dev/block/platform/soc/1d84000.ufshc/sd[ade] u:object_r:gpt_block_device:s0
+
+# Block devices for the drive that holds the xbl_a and xbl_b partitions.
+/dev/block/platform/soc/1d84000.ufshc/sd[bc] u:object_r:xbl_block_device:s0
+
+##################################
+# non-hlos mount points
+/firmware u:object_r:firmware_file:s0
+/bt_firmware u:object_r:bt_firmware_file:s0
+
+# SD card bootup
+
+/dev/block/platform/soc/8804000.sdhci/by-name/system u:object_r:system_block_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/userdata u:object_r:userdata_block_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/boot u:object_r:boot_block_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/logdump u:object_r:logdump_partition:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/fsc u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/fsg u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/modemst1 u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/modemst2 u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/ssd u:object_r:ssd_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/misc u:object_r:misc_block_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/rpm u:object_r:rpmb_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/msadp u:object_r:mba_debug_dev:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/recovery u:object_r:recovery_block_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/cache u:object_r:cache_block_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/frp u:object_r:frp_block_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/mdtp u:object_r:mdtp_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/dip u:object_r:dip_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/rawdump u:object_r:rawdump_block_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/aop_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/apdp_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/bluetooth_[ab] u:object_r:modem_block_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/boot_[ab] u:object_r:boot_block_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/cmnlib_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/cmnlib64_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/devcfg_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/dsp_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/hyp_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/keymaster_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/mdtp_[ab] u:object_r:mdtp_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/mdtpsecapp_[ab] u:object_r:mdtp_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/modem_[ab] u:object_r:modem_block_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/msadp_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/persist u:object_r:persist_block_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/pmic_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/qupfw_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/rpm_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/system_[ab] u:object_r:system_block_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/tz_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/vendor_[ab] u:object_r:system_block_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/xbl_[ab] u:object_r:xbl_block_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/xbl_config_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/mmcblk0 u:object_r:gpt_block_device:s0
+/dev/block/platform/soc/8804000.sdhci/sd[bc] u:object_r:xbl_block_device:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/mdm1m9kefs1 u:object_r:efs_boot_dev:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/mdm1m9kefs2 u:object_r:efs_boot_dev:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/mdm1m9kefs3 u:object_r:efs_boot_dev:s0
+/dev/block/platform/soc/8804000.sdhci/by-name/mdmddr u:object_r:efs_boot_dev:s0
+
+# Same process file
+/vendor/lib(64)?/hw/gralloc\.msmnile\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/hw/vulkan\.msmnile\.so u:object_r:same_process_hal_file:s0
+
+/(vendor|system/vendor)/bin/sscrpcd u:object_r:sensors_exec:s0
+
+#TBD
+#/(vendor|system/vendor)/bin/hw/vendor.qti.hardware.automotive.vehicle@1.0-service u:object_r:hal_automotive_vehicle_qti_exec:s0
diff --git a/generic/vendor/msmnile/genfs_contexts b/generic/vendor/msmnile/genfs_contexts
new file mode 100644
index 0000000..0b47b9f
--- /dev/null
+++ b/generic/vendor/msmnile/genfs_contexts
@@ -0,0 +1,80 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/battery u:object_r:sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/dc u:object_r:sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/main u:object_r:sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/pc_port u:object_r:sysfs_usb_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/usb u:object_r:sysfs_usb_supply:s0
+genfscon sysfs /devices/platform/soc/890000.i2c/i2c-0/0-000c/890000.i2c:qcom,smb1355@c:qcom,smb1355-charger@1000/power_supply/parallel u:object_r:sysfs_usb_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-05/c440000.qcom,spmi:qcom,pm8150l@5:qcom,leds@d000/leds/red u:object_r:sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-05/c440000.qcom,spmi:qcom,pm8150l@5:qcom,leds@d000/leds/green u:object_r:sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-05/c440000.qcom,spmi:qcom,pm8150l@5:qcom,leds@d000/leds/blue u:object_r:sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-03/c440000.qcom,spmi:qcom,pm8150b@3:qcom,leds@d000/leds/hr_led1 u:object_r:sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-03/c440000.qcom,spmi:qcom,pm8150b@3:qcom,leds@d000/leds/hr_led2 u:object_r:sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,cpu-cpu-llcc-bw/devfreq u:object_r:sysfs_devfreq:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,cpu-llcc-ddr-bw/devfreq u:object_r:sysfs_devfreq:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,cpu0-cpu-l3-lat/devfreq u:object_r:sysfs_devfreq:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,cdsp-cdsp-l3-lat/devfreq u:object_r:sysfs_devfreq:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,cpu0-cpu-llcc-lat/devfreq u:object_r:sysfs_devfreq:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,cpu0-llcc-ddr-lat/devfreq u:object_r:sysfs_devfreq:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,cpu4-cpu-ddr-latfloor/devfreq u:object_r:sysfs_devfreq:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,cpu4-cpu-l3-lat/devfreq u:object_r:sysfs_devfreq:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,cpu4-cpu-llcc-lat/devfreq u:object_r:sysfs_devfreq:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,cpu4-llcc-ddr-lat/devfreq u:object_r:sysfs_devfreq:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,npu-npu-ddr-bw/devfreq u:object_r:sysfs_devfreq:s0
+genfscon sysfs /devices/platform/soc/a600000.ssusb/a600000.dwc3/udc/a600000.dwc3 u:object_r:sysfs_usb_controller:s0
+
+#qdss sysfs-node
+genfscon sysfs /devices/platform/soc/6047000.tmc/coresight-tmc-etf u:object_r:sysfs_qdss_dev:s0
+genfscon sysfs /devices/platform/soc/6048000.tmc/coresight-tmc-etr u:object_r:sysfs_qdss_dev:s0
+genfscon sysfs /devices/platform/soc/6002000.stm/coresight-stm u:object_r:sysfs_qdss_dev:s0
+genfscon sysfs /devices/platform/soc/91866f0.hwevent/coresight-hwevent u:object_r:sysfs_qdss_dev:s0
+genfscon sysfs /devices/platform/soc/6b0e000.csr/coresight-swao-csr u:object_r:sysfs_qdss_dev:s0
+
+#fps sysfs-node
+genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/sde-crtc-0/measured_fps u:object_r:sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/sde-crtc-1/measured_fps u:object_r:sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/sde-crtc-2/measured_fps u:object_r:sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/sde-crtc-0/fps_periodicity_ms u:object_r:sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/sde-crtc-1/fps_periodicity_ms u:object_r:sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/sde-crtc-2/fps_periodicity_ms u:object_r:sysfs_graphics:s0
+
+# subsys nodes
+genfscon sysfs /devices/platform/soc/4080000.qcom,mss/subsys0/name u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/platform/soc/17300000.qcom,lpass/subsys1/name u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/platform/soc/5c00000.qcom,ssc/subsys2/name u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/platform/soc/188101c.qcom,spss/subsys3/name u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/platform/soc/9800000.qcom,npu/subsys4/name u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/platform/soc/8300000.qcom,turing/subsys5/name u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/platform/soc/aae0000.qcom,venus/subsys6/name u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,ipa_fws/subsys7/name u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,kgsl-hyp/subsys8/name u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,wil6210/subsys9/name u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,mdm3/subsys9/name u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/platform/soc/soc:bt_qca6174/extldo u:object_r:sysfs_bluetooth_writable:s0
+genfscon sysfs /devices/platform/soc/soc:bt_qca6174/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0
diff --git a/private/qtelephony.te b/generic/vendor/msmnile/update_engine_common.te
similarity index 77%
copy from private/qtelephony.te
copy to generic/vendor/msmnile/update_engine_common.te
index 0a172f9..c17e60a 100644
--- a/private/qtelephony.te
+++ b/generic/vendor/msmnile/update_engine_common.te
@@ -18,21 +18,20 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
+# Allow update_engine and update_engine_sideload (recovery) read/write on the
+# device-specific partitions it should update.
+allow update_engine_common {
+ custom_ab_block_device
+ xbl_block_device
+ uefi_block_device
+ ssd_device
+ modem_block_device
+}:blk_file rw_file_perms;
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
diff --git a/vendor/sdm710/file_contexts b/generic/vendor/sdm710/file_contexts
similarity index 100%
rename from vendor/sdm710/file_contexts
rename to generic/vendor/sdm710/file_contexts
diff --git a/vendor/sdm710/genfs_contexts b/generic/vendor/sdm710/genfs_contexts
similarity index 100%
rename from vendor/sdm710/genfs_contexts
rename to generic/vendor/sdm710/genfs_contexts
diff --git a/vendor/sdm710/init-qti-fbe-sh.te b/generic/vendor/sdm710/init-qti-fbe-sh.te
similarity index 100%
rename from vendor/sdm710/init-qti-fbe-sh.te
rename to generic/vendor/sdm710/init-qti-fbe-sh.te
diff --git a/vendor/sdm710/init_shell.te b/generic/vendor/sdm710/init_shell.te
similarity index 100%
rename from vendor/sdm710/init_shell.te
rename to generic/vendor/sdm710/init_shell.te
diff --git a/vendor/sdm710/update_engine_common.te b/generic/vendor/sdm710/update_engine_common.te
similarity index 100%
rename from vendor/sdm710/update_engine_common.te
rename to generic/vendor/sdm710/update_engine_common.te
diff --git a/vendor/sdm845/file_contexts b/generic/vendor/sdm845/file_contexts
similarity index 100%
rename from vendor/sdm845/file_contexts
rename to generic/vendor/sdm845/file_contexts
diff --git a/vendor/sdm845/genfs_contexts b/generic/vendor/sdm845/genfs_contexts
similarity index 100%
rename from vendor/sdm845/genfs_contexts
rename to generic/vendor/sdm845/genfs_contexts
diff --git a/vendor/sdm845/hal_neuralnetworks.te b/generic/vendor/sdm845/hal_neuralnetworks.te
similarity index 100%
rename from vendor/sdm845/hal_neuralnetworks.te
rename to generic/vendor/sdm845/hal_neuralnetworks.te
diff --git a/vendor/sdm845/hdcp_srm.te b/generic/vendor/sdm845/hdcp_srm.te
similarity index 100%
rename from vendor/sdm845/hdcp_srm.te
rename to generic/vendor/sdm845/hdcp_srm.te
diff --git a/vendor/sdm845/init-qti-fbe-sh.te b/generic/vendor/sdm845/init-qti-fbe-sh.te
similarity index 100%
rename from vendor/sdm845/init-qti-fbe-sh.te
rename to generic/vendor/sdm845/init-qti-fbe-sh.te
diff --git a/vendor/sdm845/init_shell.te b/generic/vendor/sdm845/init_shell.te
similarity index 100%
rename from vendor/sdm845/init_shell.te
rename to generic/vendor/sdm845/init_shell.te
diff --git a/vendor/sdm845/update_engine_common.te b/generic/vendor/sdm845/update_engine_common.te
similarity index 100%
rename from vendor/sdm845/update_engine_common.te
rename to generic/vendor/sdm845/update_engine_common.te
diff --git a/vendor/test/diag_test.te b/generic/vendor/test/diag_test.te
similarity index 100%
rename from vendor/test/diag_test.te
rename to generic/vendor/test/diag_test.te
diff --git a/vendor/test/domain.te b/generic/vendor/test/domain.te
similarity index 100%
rename from vendor/test/domain.te
rename to generic/vendor/test/domain.te
diff --git a/vendor/test/energyawareness.te b/generic/vendor/test/energyawareness.te
similarity index 100%
rename from vendor/test/energyawareness.te
rename to generic/vendor/test/energyawareness.te
diff --git a/vendor/test/fidotest.te b/generic/vendor/test/fidotest.te
similarity index 100%
rename from vendor/test/fidotest.te
rename to generic/vendor/test/fidotest.te
diff --git a/vendor/test/file.te b/generic/vendor/test/file.te
similarity index 100%
rename from vendor/test/file.te
rename to generic/vendor/test/file.te
diff --git a/vendor/test/file_contexts b/generic/vendor/test/file_contexts
similarity index 100%
rename from vendor/test/file_contexts
rename to generic/vendor/test/file_contexts
diff --git a/vendor/test/genfs_contexts b/generic/vendor/test/genfs_contexts
similarity index 100%
rename from vendor/test/genfs_contexts
rename to generic/vendor/test/genfs_contexts
diff --git a/vendor/test/init_shell.te b/generic/vendor/test/init_shell.te
similarity index 100%
rename from vendor/test/init_shell.te
rename to generic/vendor/test/init_shell.te
diff --git a/vendor/test/pdt_app.te b/generic/vendor/test/pdt_app.te
similarity index 100%
rename from vendor/test/pdt_app.te
rename to generic/vendor/test/pdt_app.te
diff --git a/vendor/test/qmi_ping.te b/generic/vendor/test/qmi_ping.te
similarity index 100%
rename from vendor/test/qmi_ping.te
rename to generic/vendor/test/qmi_ping.te
diff --git a/vendor/test/qmi_test_service.te b/generic/vendor/test/qmi_test_service.te
similarity index 100%
rename from vendor/test/qmi_test_service.te
rename to generic/vendor/test/qmi_test_service.te
diff --git a/vendor/test/qseeproxysample.te b/generic/vendor/test/qseeproxysample.te
similarity index 100%
rename from vendor/test/qseeproxysample.te
rename to generic/vendor/test/qseeproxysample.te
diff --git a/vendor/test/seapp_contexts b/generic/vendor/test/seapp_contexts
similarity index 100%
rename from vendor/test/seapp_contexts
rename to generic/vendor/test/seapp_contexts
diff --git a/vendor/test/sectest.te b/generic/vendor/test/sectest.te
similarity index 100%
rename from vendor/test/sectest.te
rename to generic/vendor/test/sectest.te
diff --git a/vendor/test/sensors_test.te b/generic/vendor/test/sensors_test.te
similarity index 100%
rename from vendor/test/sensors_test.te
rename to generic/vendor/test/sensors_test.te
diff --git a/vendor/test/service.te b/generic/vendor/test/service.te
similarity index 100%
rename from vendor/test/service.te
rename to generic/vendor/test/service.te
diff --git a/vendor/test/service_contexts b/generic/vendor/test/service_contexts
similarity index 100%
rename from vendor/test/service_contexts
rename to generic/vendor/test/service_contexts
diff --git a/vendor/test/smd_test.te b/generic/vendor/test/smd_test.te
similarity index 100%
rename from vendor/test/smd_test.te
rename to generic/vendor/test/smd_test.te
diff --git a/vendor/test/system_app.te b/generic/vendor/test/system_app.te
similarity index 100%
rename from vendor/test/system_app.te
rename to generic/vendor/test/system_app.te
diff --git a/vendor/test/usta_app.te b/generic/vendor/test/usta_app.te
similarity index 100%
rename from vendor/test/usta_app.te
rename to generic/vendor/test/usta_app.te
diff --git a/vendor/test/vendor-qti-testscripts.te b/generic/vendor/test/vendor-qti-testscripts.te
similarity index 100%
rename from vendor/test/vendor-qti-testscripts.te
rename to generic/vendor/test/vendor-qti-testscripts.te
diff --git a/private/dataservice_app.te b/private/dataservice_app.te
deleted file mode 100644
index 64ccbdc..0000000
--- a/private/dataservice_app.te
+++ /dev/null
@@ -1,18 +0,0 @@
-typeattribute dataservice_app coredomain;
-app_domain(dataservice_app)
-net_domain(dataservice_app)
-
-add_service(dataservice_app, cne_service)
-add_service(dataservice_app, uce_service)
-allow dataservice_app {
- app_api_service
- system_api_service
- audioserver_service
- radio_service
-}:service_manager find;
-
-allow dataservice_app radio_data_file:dir create_dir_perms;
-allow dataservice_app radio_data_file:{ file lnk_file } create_file_perms;
-
-hwbinder_use(dataservice_app)
-
diff --git a/private/file_contexts b/private/file_contexts
deleted file mode 100644
index 9b0641f..0000000
--- a/private/file_contexts
+++ /dev/null
@@ -1,4 +0,0 @@
-/data/misc/elabel(/.*)? u:object_r:elabel_data_file:s0
-/data/misc/seemp(/.*)? u:object_r:seemp_data_file:s0
-
-/system/etc/init\.qcom\.testscripts\.sh u:object_r:qti-testscripts_exec:s0
diff --git a/private/radio.te b/private/radio.te
deleted file mode 100644
index 9e50522..0000000
--- a/private/radio.te
+++ /dev/null
@@ -1 +0,0 @@
-allow radio uce_service:service_manager find;
diff --git a/private/service.te b/private/service.te
deleted file mode 100644
index d658123..0000000
--- a/private/service.te
+++ /dev/null
@@ -1,2 +0,0 @@
-type cne_service, service_manager_type;
-type uce_service, service_manager_type;
diff --git a/private/service_contexts b/private/service_contexts
deleted file mode 100644
index 3e53f9a..0000000
--- a/private/service_contexts
+++ /dev/null
@@ -1,3 +0,0 @@
-qti.ims.ext u:object_r:radio_service:s0
-cneservice u:object_r:cne_service:s0
-uce u:object_r:uce_service:s0
diff --git a/public/dataservice_app.te b/public/dataservice_app.te
deleted file mode 100644
index 8c8d82f..0000000
--- a/public/dataservice_app.te
+++ /dev/null
@@ -1 +0,0 @@
-type dataservice_app, domain;
\ No newline at end of file
diff --git a/public/file.te b/public/file.te
deleted file mode 100644
index 091d295..0000000
--- a/public/file.te
+++ /dev/null
@@ -1 +0,0 @@
-type elabel_data_file, file_type, data_file_type, core_data_file_type;
diff --git a/public/hwservice.te b/public/hwservice.te
deleted file mode 100644
index 0751bc4..0000000
--- a/public/hwservice.te
+++ /dev/null
@@ -1 +0,0 @@
-type hal_atfwd_hwservice, coredomain_hwservice, hwservice_manager_type;
diff --git a/private/qtelephony.te b/qva/vendor/common/sysmonapp/keys.conf
similarity index 73%
copy from private/qtelephony.te
copy to qva/vendor/common/sysmonapp/keys.conf
index 0a172f9..bed3bca 100644
--- a/private/qtelephony.te
+++ b/qva/vendor/common/sysmonapp/keys.conf
@@ -1,4 +1,4 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -18,21 +18,11 @@
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-# Qualcomm telephony apps, such as AtFwd and FastDormancy
-typeattribute qtelephony coredomain;
-
-app_domain(qtelephony)
-
-hwbinder_use(qtelephony);
-get_prop(qtelephony, hwservicemanager_prop);
-add_hwservice(qtelephony, hal_atfwd_hwservice);
-
-allow qtelephony system_api_service:service_manager find;
-allow qtelephony app_api_service:service_manager find;
+[@SYSMONAPP]
+ALL : device/qcom/sepolicy/qva/vendor/common/sysmonapp/sysmonapp_app_cert.x509.pem
diff --git a/vendor/common/sysmonapp/mac_permissions.xml b/qva/vendor/common/sysmonapp/mac_permissions.xml
similarity index 100%
rename from vendor/common/sysmonapp/mac_permissions.xml
rename to qva/vendor/common/sysmonapp/mac_permissions.xml
diff --git a/vendor/common/sysmonapp/seapp_contexts b/qva/vendor/common/sysmonapp/seapp_contexts
similarity index 100%
rename from vendor/common/sysmonapp/seapp_contexts
rename to qva/vendor/common/sysmonapp/seapp_contexts
diff --git a/vendor/common/sysmonapp/sysmonapp_app.te b/qva/vendor/common/sysmonapp/sysmonapp_app.te
similarity index 100%
rename from vendor/common/sysmonapp/sysmonapp_app.te
rename to qva/vendor/common/sysmonapp/sysmonapp_app.te
diff --git a/vendor/common/sysmonapp/sysmonapp_app_cert.x509.pem b/qva/vendor/common/sysmonapp/sysmonapp_app_cert.x509.pem
similarity index 100%
rename from vendor/common/sysmonapp/sysmonapp_app_cert.x509.pem
rename to qva/vendor/common/sysmonapp/sysmonapp_app_cert.x509.pem
diff --git a/qva/vendor/msmnile/netmgrd.te b/qva/vendor/msmnile/netmgrd.te
new file mode 100644
index 0000000..5dce2ee
--- /dev/null
+++ b/qva/vendor/msmnile/netmgrd.te
@@ -0,0 +1,29 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# Allow netmgrd to set vendor properties
+set_prop(netmgrd, vendor_data_ko_prop)
diff --git a/qva/vendor/msmnile/property.te b/qva/vendor/msmnile/property.te
new file mode 100644
index 0000000..795ed19
--- /dev/null
+++ b/qva/vendor/msmnile/property.te
@@ -0,0 +1,28 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_data_ko_prop, property_type;
diff --git a/vendor/common/adsprpcd.te b/vendor/common/adsprpcd.te
deleted file mode 100644
index 53e3e19..0000000
--- a/vendor/common/adsprpcd.te
+++ /dev/null
@@ -1,15 +0,0 @@
-type adsprpcd, domain;
-type adsprpcd_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(adsprpcd)
-
-allow adsprpcd ion_device:chr_file r_file_perms;
-allow adsprpcd qdsp_device:chr_file r_file_perms;
-allow adsprpcd xdsp_device:chr_file r_file_perms;
-
-allow adsprpcd system_file:dir r_dir_perms;
-
-r_dir_file(adsprpcd, adsprpcd_file)
-allow adsprpcd persist_sensors_file:dir create_dir_perms;
-allow adsprpcd persist_sensors_file:file create_file_perms;
-allow adsprpcd mnt_vendor_file:dir r_dir_perms;
diff --git a/vendor/common/app.te b/vendor/common/app.te
deleted file mode 100644
index d45bd69..0000000
--- a/vendor/common/app.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# For the camera app
-get_prop(appdomain, vendor_camera_prop)
diff --git a/vendor/common/atfwd.te b/vendor/common/atfwd.te
deleted file mode 100644
index bfe235a..0000000
--- a/vendor/common/atfwd.te
+++ /dev/null
@@ -1,18 +0,0 @@
-type atfwd, domain;
-type atfwd_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(atfwd)
-
-allow atfwd self:socket create_socket_perms;
-allowxperm atfwd self:socket ioctl msm_sock_ipc_ioctls;
-
-binder_call(atfwd, system_app);
-
-r_dir_file(atfwd, sysfs_ssr);
-r_dir_file(atfwd, sysfs_esoc);
-r_dir_file(atfwd, sysfs_data);
-
-set_prop(atfwd, vendor_radio_prop)
-
-hwbinder_use(atfwd)
-get_prop(atfwd, hwservicemanager_prop)
diff --git a/vendor/common/audioserver.te b/vendor/common/audioserver.te
deleted file mode 100644
index 63ac5fc..0000000
--- a/vendor/common/audioserver.te
+++ /dev/null
@@ -1,10 +0,0 @@
-binder_call(audioserver, bootanim)
-
-allow audioserver sysfs_soc:file r_file_perms;
-allow audioserver sysfs_soc:dir search;
-# audio properties
-get_prop(audioserver, vendor_audio_prop)
-
-userdebug_or_eng(`
- diag_use(audioserver)
-')
diff --git a/vendor/common/bluetooth.te b/vendor/common/bluetooth.te
deleted file mode 100644
index a5dc055..0000000
--- a/vendor/common/bluetooth.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# Allow access to net_admin ioctls
-allowxperm bluetooth self:udp_socket ioctl priv_sock_ioctls;
diff --git a/vendor/common/bootanim.te b/vendor/common/bootanim.te
deleted file mode 100644
index 26930ea..0000000
--- a/vendor/common/bootanim.te
+++ /dev/null
@@ -1,7 +0,0 @@
-allow bootanim hwservicemanager:binder call;
-
-# TODO(b/62954877). On Android Wear, bootanim reads the time
-# during boot to display. It currently gets that time from a file
-# in /data/system. This should be moved. In the meantime, suppress
-# this denial on phones since this functionality is not used.
-dontaudit bootanim system_data_file:dir read;
diff --git a/vendor/common/cameraserver.te b/vendor/common/cameraserver.te
deleted file mode 100644
index 829e7e5..0000000
--- a/vendor/common/cameraserver.te
+++ /dev/null
@@ -1,12 +0,0 @@
-allow cameraserver gpu_device:chr_file rw_file_perms;
-
-get_prop(cameraserver, vendor_camera_prop)
-
-allow cameraserver sysfs_camera:file r_file_perms;
-allow cameraserver sysfs_camera:dir search;
-allow cameraserver system_file:dir r_dir_perms;
-
-allow cameraserver system_server:unix_stream_socket { read write };
-
-# TODO (b/37688918) Verify that this is actually needed and not a violation of treble
-binder_call(cameraserver, mediacodec)
diff --git a/vendor/common/chre.te b/vendor/common/chre.te
deleted file mode 100644
index 8da2de3..0000000
--- a/vendor/common/chre.te
+++ /dev/null
@@ -1,13 +0,0 @@
-# This daemon loads the Context Hub Runtime Environment (CHRE) dynamic modules
-# onto the SLPI using FastRPC, and exposes a sockets interface for clients on
-# the applications processor to interact CHRE
-type chre, domain;
-type chre_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(chre)
-r_dir_file(chre, adsprpcd_file)
-
-allow chre ion_device:chr_file r_file_perms;
-allow chre qdsp_device:chr_file r_file_perms;
-allow chre xdsp_device:chr_file r_file_perms;
-allow chre dsp_device:chr_file r_file_perms;
diff --git a/vendor/common/cnd.te b/vendor/common/cnd.te
deleted file mode 100644
index ad6bfd3..0000000
--- a/vendor/common/cnd.te
+++ /dev/null
@@ -1,62 +0,0 @@
-type cnd, domain;
-type cnd_exec, exec_type, vendor_file_type, file_type;
-file_type_auto_trans(cnd, socket_device, cnd_socket);
-
-# cnd is started by init, type transit from init domain to cnd domain
-init_daemon_domain(cnd)
-
-#communicating with QTI wlan driver for WFC/ VTiWLAN quality
-allow cnd self:capability net_bind_service;
-unix_socket_send(cnd, wpa, hal_wifi_supplicant)
-allow cnd wpa_data_file:dir w_dir_perms;
-allow cnd wpa_data_file:sock_file create_file_perms;
-
-#allow processing of VoWifi indications from modem over QMI while dozing
-allow cnd self:capability2 block_suspend;
-
-allow cnd self:udp_socket create_socket_perms;
-allow cnd self:{
- # Allow receiving NETLINK responses from WLAN driver.
- netlink_socket
- netlink_generic_socket
-} create_socket_perms_no_ioctl;
-
-allowxperm cnd self:udp_socket ioctl SIOCGIFMTU;
-
-allow cnd sysfs_timestamp_switch:file r_file_perms;
-allow cnd sysfs_data:file r_file_perms;
-r_dir_file(cnd, sysfs_soc)
-
-allow cnd proc_meminfo:file r_file_perms;
-
-set_prop(cnd, cnd_prop)
-
-allow cnd self:socket create_socket_perms;
-allowxperm cnd self:socket ioctl msm_sock_ipc_ioctls;
-
-# allow cnd to access cnd_data_file
-allow cnd cnd_data_file:file create_file_perms;
-allow cnd cnd_data_file:sock_file { unlink create setattr };
-allow cnd cnd_data_file:dir rw_dir_perms;
-
-# allow cnd to obtain wakelock
-wakelock_use(cnd)
-
-allow cnd ipa_vendor_data_file:dir r_dir_perms;
-allow cnd ipa_vendor_data_file:file r_file_perms;
-
-# To register cnd to hwbinder
-add_hwservice(cnd, hal_cne_hwservice)
-hwbinder_use(cnd)
-get_prop(cnd, hwservicemanager_prop)
-binder_call(cnd, dataservice_app)
-binder_call(cnd, ims)
-binder_call(cnd, location)
-
-
-
-#diag
-userdebug_or_eng(`
- diag_use(cnd)
- r_dir_file(cnd, sysfs_diag)
-')
diff --git a/vendor/common/dataservice_app.te b/vendor/common/dataservice_app.te
deleted file mode 100644
index 11a7894..0000000
--- a/vendor/common/dataservice_app.te
+++ /dev/null
@@ -1,11 +0,0 @@
-get_prop(dataservice_app, cnd_prop)
-
-allow dataservice_app hal_imsrcsd_hwservice:hwservice_manager find;
-allow dataservice_app hal_cne_hwservice:hwservice_manager find;
-
-allow dataservice_app sysfs_data:file r_file_perms;
-
-binder_call(dataservice_app, cnd)
-
-# imsrcsd to bind with UceShimService.apk
-binder_call(dataservice_app, hal_rcsservice)
diff --git a/vendor/common/device.te b/vendor/common/device.te
deleted file mode 100644
index c0493a8..0000000
--- a/vendor/common/device.te
+++ /dev/null
@@ -1,34 +0,0 @@
-type ab_block_device, dev_type;
-type at_device, dev_type;
-type avtimer_device, dev_type;
-type bt_device, dev_type;
-type bu21150_device, dev_type;
-type citadel_device, dev_type;
-type custom_ab_block_device, dev_type;
-type diag_device, dev_type, mlstrustedobject;
-type dsp_device, dev_type;
-type xdsp_device, dev_type;
-type easel_device, dev_type;
-type hbtp_device, dev_type;
-type hvdcp_device, dev_type;
-type ipa_dev, dev_type;
-type latency_device, dev_type;
-type modem_block_device, dev_type;
-type modem_efs_partition_device, dev_type;
-type mdtp_device, dev_type;
-type persist_block_device, dev_type;
-type qsee_ipc_irq_spss_device, dev_type;
-type qdsp_device, dev_type, mlstrustedobject;
-type ramdump_device, dev_type;
-type rmnet_device, dev_type;
-type gpt_block_device, dev_type;
-type ramdump_block_device, dev_type;
-type rpmb_device, dev_type;
-type seemplog_device, dev_type;
-type sg_device, dev_type;
-type smd_device, dev_type;
-type spcom_device, dev_type;
-type ssd_block_device, dev_type;
-type ssr_device, dev_type;
-type wlan_device, dev_type;
-type xbl_block_device, dev_type;
diff --git a/vendor/common/diag.te b/vendor/common/diag.te
deleted file mode 100644
index 72dfef6..0000000
--- a/vendor/common/diag.te
+++ /dev/null
@@ -1,44 +0,0 @@
-type diag, domain;
-type diag_exec, exec_type, vendor_file_type, file_type;
-userdebug_or_eng(`
- domain_auto_trans(shell, diag_exec, diag)
- #domain_auto_trans(adbd, diag_exec, diag)
- allow diag {
- diag_device
- devpts
- tty_device
- # allow access to qseecom for drmdiagapp
- tee_device
- }:chr_file rw_file_perms;
- allow diag {
- shell
- su
- }:fd use;
-
- allow diag {
- cgroup
- fuse
- persist_drm_file
- }:dir create_dir_perms;
-
- allow diag port:tcp_socket name_connect;
- allow diag self:capability { setuid net_raw sys_admin setgid };
- allow diag self:capability2 syslog;
- allow diag self:tcp_socket { create connect setopt};
- wakelock_use(diag)
- allow diag kernel:system syslog_mod;
- # allow drmdiagapp access to drm related paths
- allow diag mnt_vendor_file:dir r_dir_perms;
- r_dir_file(diag, persist_data_file)
- # Write to drm related pieces of persist partition
- allow diag persist_drm_file:file create_file_perms;
-
- # For DiagExample daemon
- init_daemon_domain(diag)
- net_domain(diag)
-
- allow diag fuse:dir r_dir_perms;
- allow diag fuse:file r_file_perms;
- r_dir_file(diag, storage_file)
- r_dir_file(diag, mnt_user_file)
-')
diff --git a/vendor/common/domain.te b/vendor/common/domain.te
deleted file mode 100644
index 43ad15a..0000000
--- a/vendor/common/domain.te
+++ /dev/null
@@ -1,26 +0,0 @@
-userdebug_or_eng(`
- allow domain diag_device:chr_file rw_file_perms;
-')
-
-# In order for /sys/kernel/debug/kgsl/proc/<pid>/mem
-# to be created for memory tracking, the domain of
-# the tracked process must have permission to search
-# in /sys/kernel/debug/kgsl
-allow domain debugfs_kgsl:dir search;
-
-allow domain debugfs_ion:dir search;
-
-allow domain vendor_gralloc_prop:file r_file_perms;
-
-r_dir_file({domain - isolated_app}, sysfs_soc);
-r_dir_file({domain - isolated_app}, sysfs_esoc);
-r_dir_file({domain - isolated_app}, sysfs_ssr);
-r_dir_file({domain - isolated_app}, sysfs_thermal);
-
-get_prop(domain, public_vendor_default_prop)
-
-dontaudit domain kernel:system module_request;
-
-# For compliance testing test suite reads vendor_security_path_level
-# Which is the public readable property “ ro.vendor.build.security_patch
-get_prop(domain, vendor_security_patch_level_prop)
diff --git a/vendor/common/drmserver.te b/vendor/common/drmserver.te
deleted file mode 100644
index 63b18f9..0000000
--- a/vendor/common/drmserver.te
+++ /dev/null
@@ -1,5 +0,0 @@
-#Address denial logs for drm server accessing firmware file
-#r_dir_file(drmserver, firmware_file)
-
-#Address denial logs for drm server accessing qseecom driver
-allow drmserver tee_device:chr_file rw_file_perms;
diff --git a/vendor/common/hal_audio_default.te b/vendor/common/hal_audio_default.te
deleted file mode 100644
index a586781..0000000
--- a/vendor/common/hal_audio_default.te
+++ /dev/null
@@ -1,36 +0,0 @@
-r_dir_file(hal_audio_default, sysfs_soc)
-
-userdebug_or_eng(`
- allow hal_audio diag_device:chr_file rw_file_perms;
- allow hal_audio_default debugfs:dir r_dir_perms;
-')
-
-hal_client_domain(hal_audio_default, hal_perf)
-hal_client_domain(hal_audio_default, hal_power)
-
-# read-only permission to obtain the calibration data
-r_dir_file(hal_audio_default, persist_audio_file);
-allow hal_audio_default mnt_vendor_file:dir search;
-
-#Allow access to firmware
-allow hal_audio firmware_file:dir r_dir_perms;
-allow hal_audio firmware_file:file r_file_perms;
-
-# Allow hal_audio to read soundcard state under /proc/asound
-allow hal_audio proc_audiod:file r_file_perms;
-
-allow hal_audio_default vendor_audio_data_file:dir rw_dir_perms;
-allow hal_audio_default vendor_audio_data_file:file create_file_perms;
-
-# Allow hal_audio_default to read sysfs_thermal dir/files for speaker protection
-r_dir_file(hal_audio_default, sysfs_thermal)
-
-#Allow hal audio to use Binder IPC
-vndbinder_use(hal_audio)
-
-#allow acess to wcd_cpe
-allow hal_audio sysfs_audio:file rw_file_perms;
-allow hal_audio sysfs_audio:dir r_dir_perms ;
-
-# audio properties
-get_prop(hal_audio, vendor_audio_prop)
diff --git a/vendor/common/hal_bluetooth_default.te b/vendor/common/hal_bluetooth_default.te
deleted file mode 100644
index b05572b..0000000
--- a/vendor/common/hal_bluetooth_default.te
+++ /dev/null
@@ -1,30 +0,0 @@
-allow hal_bluetooth_default bt_device:chr_file rw_file_perms;
-
-allow hal_bluetooth_default wcnss_filter:unix_stream_socket connectto;
-
-# talk to system_server to set priority
-allow hal_bluetooth fwk_scheduler_hwservice:hwservice_manager find;
-allow hal_bluetooth system_server:binder call;
-
-# bluetooth properties
-set_prop(hal_bluetooth, vendor_bluetooth_prop)
-
-#For bluetooth firmware
-r_dir_file(hal_bluetooth_default, bt_firmware_file)
-
-allow hal_bluetooth_default persist_bluetooth_file:dir r_dir_perms;
-allow hal_bluetooth_default persist_bluetooth_file:file r_file_perms;
-
-userdebug_or_eng(`
-allow hal_bluetooth_default ramdump_vendor_data_file:file create_file_perms;
-allow hal_bluetooth_default ramdump_vendor_data_file:dir create_dir_perms;
-
-allow hal_bluetooth_default proc_sysrq:file rw_file_perms;
-
-allow hal_bluetooth_default debugfs_ipc:file rw_file_perms;
-allow hal_bluetooth_default debugfs_ipc:dir rw_dir_perms;
-allow hal_bluetooth_default vendor_bt_data_file:dir ra_dir_perms;
-allow hal_bluetooth_default vendor_bt_data_file:file create_file_perms;
-')
-
-r_dir_file(hal_bluetooth_default, mnt_vendor_file)
diff --git a/vendor/common/hal_bootctl.te b/vendor/common/hal_bootctl.te
deleted file mode 100644
index 54a77a4..0000000
--- a/vendor/common/hal_bootctl.te
+++ /dev/null
@@ -1,37 +0,0 @@
-# These are the permissions required to use the boot_control HAL implemented
-# here: hardware/qcom/bootctrl/boot_control.c
-
-# Getting and setting GPT attributes for the bootloader iterates over all the
-# partition names in the block_device directory /dev/block/.../by-name
-allow hal_bootctl block_device:dir r_dir_perms;
-
-# Edit the attributes stored in the GPT.
-allow hal_bootctl gpt_block_device:blk_file rw_file_perms;
-allow hal_bootctl root_block_device:blk_file rw_file_perms;
-
-# Allow boot_control_hal to get attributes on all the A/B partitions.
-allow hal_bootctl boot_block_device:blk_file rw_file_perms;
-allow hal_bootctl ab_block_device:blk_file getattr;
-allow hal_bootctl xbl_block_device:blk_file getattr;
-allow hal_bootctl modem_block_device:blk_file getattr;
-allow hal_bootctl system_block_device:blk_file getattr;
-allow hal_bootctl custom_ab_block_device:blk_file getattr;
-allow hal_bootctl mdtp_device:blk_file getattr;
-allow hal_bootctl_server misc_block_device:blk_file rw_file_perms;
-
-# Access /dev/sgN devices (generic SCSI) to write the
-# A/B slot selection for the XBL partition. Allow also to issue a
-# UFS_IOCTL_QUERY ioctl.
-allow hal_bootctl sg_device:chr_file rw_file_perms;
-
-# The sys_rawio denial message is benign, and shows up due to a capability()
-# call made by the scsi driver to check for CAP_SYS_RAWIO. Not having this
-# does not result in a error
-dontaudit hal_bootctl self:capability sys_rawio;
-
-# Read the sysfs to lookup what /dev/sgN device
-# corresponds to the XBL partitions.
-allow hal_bootctl sysfs:dir r_dir_perms;
-
-# Write to the XBL devices.
-allow hal_bootctl xbl_block_device:blk_file rw_file_perms;
diff --git a/vendor/common/hal_camera.te b/vendor/common/hal_camera.te
deleted file mode 100644
index 4d8479c..0000000
--- a/vendor/common/hal_camera.te
+++ /dev/null
@@ -1,63 +0,0 @@
-allow hal_camera self:capability sys_nice;
-
-# communicate with camera
-#allow hal_camera camera:unix_dgram_socket sendto;
-#allow hal_camera camera_data_file:sock_file write;
-#allow hal_camera camera_device:chr_file rw_file_perms;
-
-allow hal_camera gpu_device:chr_file rw_file_perms;
-
-# access to /dev/input/event{5,10}
-allow hal_camera input_device:dir r_dir_perms;
-allow hal_camera input_device:chr_file r_file_perms;
-
-set_prop(hal_camera, vendor_camera_prop)
-
-#allow hal_camera sysfs_enable_ps_sensor:file w_file_perms;
-r_dir_file(hal_camera, sysfs_type)
-# find libraries
-allow hal_camera system_file:dir r_dir_perms;
-
-allow hal_camera qdisplay_service:service_manager find;
-
-# talk to system_server
-
-allow hal_camera system_server:unix_stream_socket { read write };
-
-allow hal_camera self:socket { create ioctl read write };
-
-# allow hal_camera to call some socket ioctls
-allowxperm hal_camera self:socket ioctl { IPC_ROUTER_IOCTL_LOOKUP_SERVER IPC_ROUTER_IOCTL_BIND_CONTROL_PORT };
-
-# ignore spurious denial
-dontaudit hal_camera graphics_device:dir search;
-
-
-allow hal_camera vendor_camera_data_file:dir rw_dir_perms;
-allow hal_camera vendor_camera_data_file:file create_file_perms;
-
-userdebug_or_eng(`
- allow hal_camera diag_device:chr_file rw_file_perms;
-')
-
-# access easel dev nodes
-allow hal_camera easel_device:chr_file { read write ioctl open };
-allow hal_camera sysfs_easel:file rw_file_perms;
-
-# access hexagon
-allow hal_camera qdsp_device:chr_file r_file_perms;
-allow hal_camera xdsp_device:chr_file r_file_perms;
-
-#needed for full_treble
-hal_client_domain(hal_camera_default, hal_graphics_composer)
-
-allow hal_camera_default hal_graphics_mapper_hwservice:hwservice_manager find;
-hal_client_domain(hal_camera_default, hal_perf)
-
-allow hal_camera_default sysfs_data:file read;
-allow hal_camera sysfs_data:file r_file_perms;
-
-allow hal_camera_default mnt_vendor_file:lnk_file r_file_perms;
-allow hal_camera_default mnt_vendor_file:dir r_dir_perms;
-
-r_dir_file(hal_camera_default, sysfs_graphics)
diff --git a/vendor/common/hal_camera_default.te b/vendor/common/hal_camera_default.te
deleted file mode 100644
index 343a337..0000000
--- a/vendor/common/hal_camera_default.te
+++ /dev/null
@@ -1 +0,0 @@
-vndbinder_use(hal_camera_default);
diff --git a/vendor/common/hal_drm_default.te b/vendor/common/hal_drm_default.te
deleted file mode 100644
index 3781f12..0000000
--- a/vendor/common/hal_drm_default.te
+++ /dev/null
@@ -1 +0,0 @@
-allow hal_drm_default vndbinder_device:chr_file rw_file_perms;
diff --git a/vendor/common/hal_gatekeeper_qti.te b/vendor/common/hal_gatekeeper_qti.te
deleted file mode 100644
index 8721efb..0000000
--- a/vendor/common/hal_gatekeeper_qti.te
+++ /dev/null
@@ -1,9 +0,0 @@
-type hal_gatekeeper_qti, domain;
-hal_server_domain(hal_gatekeeper_qti, hal_gatekeeper)
-
-type hal_gatekeeper_qti_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(hal_gatekeeper_qti)
-
-dontaudit hal_gatekeeper_qti firmware_file:dir search;
-
-get_prop(hal_gatekeeper_qti, vendor_tee_listener_prop)
diff --git a/vendor/common/hal_gnss_qti.te b/vendor/common/hal_gnss_qti.te
deleted file mode 100644
index 88c5b08..0000000
--- a/vendor/common/hal_gnss_qti.te
+++ /dev/null
@@ -1,50 +0,0 @@
-type hal_gnss_qti, domain;
-hal_server_domain(hal_gnss_qti, hal_gnss)
-
-type hal_gnss_qti_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(hal_gnss_qti)
-
-allow hal_gnss sysfs:dir r_dir_perms;
-allow hal_gnss sysfs_data:file r_file_perms;
-
-vndbinder_use(hal_gnss_qti)
-
-allow hal_gnss_qti sysfs_soc:dir r_dir_perms;
-allow hal_gnss_qti sysfs_soc:file r_file_perms;
-
-binder_call(hal_gnss_qti, vendor_per_mgr)
-allow hal_gnss_qti vendor_per_mgr_service:service_manager find;
-
-# /data/vendor/location
-allow hal_gnss_qti location_data_file:fifo_file { open read setattr write };
-allow hal_gnss_qti location_data_file:dir create_dir_perms;
-allow hal_gnss_qti location_data_file:file create_file_perms;
-
-# /dev/socket/location
-allow hal_gnss_qti location_socket:sock_file create_file_perms;
-allow hal_gnss_qti location_socket:dir rw_dir_perms;
-
-allow hal_gnss_qti location:unix_stream_socket connectto;
-allow hal_gnss_qti location:unix_dgram_socket sendto;
-
-allow hal_gnss_qti self:socket create_socket_perms;
-allowxperm hal_gnss_qti self:socket ioctl msm_sock_ipc_ioctls;
-
-unix_socket_connect(hal_gnss_qti, netmgrd, netmgrd)
-allow hal_gnss_qti netmgrd_socket:dir search;
-
-allow hal_gnss_qti self:netlink_generic_socket { bind create read };
-allow hal_gnss_qti self:netlink_route_socket { bind create nlmsg_read read write };
-
-# Most HALs are not allowed to use network sockets. Qcom library
-# libqdi is used across multiple processes which are clients of
-# netmgrd including the GNSS HAL. libqdi first attempts to get the network
-# interface using an IOCTL on a UDP INET socket, which isn't allowed here.
-# If that fails, it falls back to using libc's if_nameindex() which requires
-# a netlink route socket, which HALs may use. Due to the initial
-# attempt to use a UDP socket, we still see a selinux denial,
-# but it is safe to ignore.
-# TODO (b/37730994) Remove udp_socket requirement from
-# libqdi and have all its clients use netlink route
-# sockets.
-dontaudit hal_gnss_qti self:udp_socket create;
diff --git a/vendor/common/hal_graphics_composer_default.te b/vendor/common/hal_graphics_composer_default.te
deleted file mode 100644
index 458f78a..0000000
--- a/vendor/common/hal_graphics_composer_default.te
+++ /dev/null
@@ -1,45 +0,0 @@
-# Binder access (for display.qservice)
-vndbinder_use(hal_graphics_composer_default)
-hal_client_domain(hal_graphics_composer_default, hal_graphics_allocator);
-allow hal_graphics_composer_default qdisplay_service:service_manager { add find };
-
-allow hal_graphics_composer_default persist_display_file:dir search;
-allow hal_graphics_composer_default persist_display_file:file r_file_perms;
-
-allow hal_graphics_composer sysfs_graphics:dir r_dir_perms;
-allow hal_graphics_composer sysfs_graphics:file rw_file_perms;
-allow hal_graphics_composer_default mnt_vendor_file:dir search;
-
-allow hal_graphics_composer oemfs:dir r_dir_perms;
-
-allow hal_graphics_composer vendor_display_prop:file r_file_perms;
-
-allow hal_graphics_composer_default hal_graphics_mapper_hwservice:hwservice_manager find;
-
-r_dir_file(hal_graphics_composer_default, sysfs_leds)
-
-# TODO(b/37666508): Remove the following line upon resolution of the bug
-allow hal_graphics_composer_default video_device:chr_file rw_file_perms;
-allow hal_graphics_composer_default graphics_device:chr_file rw_file_perms;
-
-# HWC_UeventThread
-allow hal_graphics_composer_default self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
-
-# Rule for pps socket usage
-unix_socket_connect(hal_graphics_composer_default, pps, mm-pp-daemon)
-
-# Access /sys/devices/virtual/graphics/fb0
-r_dir_file(hal_graphics_composer_default, sysfs_type)
-
-allow hal_graphics_composer_default display_vendor_data_file:dir create_dir_perms;
-allow hal_graphics_composer_default display_vendor_data_file:file create_file_perms;
-
-userdebug_or_eng(`
- allow hal_graphics_composer_default debugfs_mdp:dir r_dir_perms;
- allow hal_graphics_composer_default debugfs_mdp:file r_file_perms;
-')
-
-# allow composer to register display config
-add_hwservice(hal_graphics_composer_server, hal_display_config_hwservice);
-# allow composer client to find display config service.
-allow hal_graphics_composer_client hal_display_config_hwservice:hwservice_manager find;
diff --git a/vendor/common/hal_imsrtp.te b/vendor/common/hal_imsrtp.te
deleted file mode 100644
index 956f879..0000000
--- a/vendor/common/hal_imsrtp.te
+++ /dev/null
@@ -1,30 +0,0 @@
-#ims rtp service
-type hal_imsrtp, domain;
-type hal_imsrtp_exec, exec_type, vendor_file_type, file_type;
-
-# Started by init
-init_daemon_domain(hal_imsrtp)
-net_domain(hal_imsrtp)
-
-hwbinder_use(hal_imsrtp)
-get_prop(hal_imsrtp, hwservicemanager_prop)
-add_hwservice(hal_imsrtp, hal_imsrtp_hwservice)
-
-allow hal_imsrtp self:socket create_socket_perms;
-unix_socket_connect(hal_imsrtp, ims, ims)
-
-allow hal_imsrtp sysfs_timestamp_switch:file r_file_perms;
-
-# ioctlcmd=c302
-allowxperm hal_imsrtp self:socket ioctl msm_sock_ipc_ioctls;
-
-allow hal_imsrtp self:capability net_bind_service;
-
-allow hal_imsrtp sysfs_timestamp_switch:file r_file_perms;
-allow hal_imsrtp ion_device:chr_file r_file_perms;
-allow hal_imsrtp sysfs_data:file r_file_perms;
-r_dir_file(hal_imsrtp, sysfs_diag)
-r_dir_file(hal_imsrtp, sysfs_soc)
-
-get_prop(hal_imsrtp, ims_prop)
-binder_call(hal_imsrtp, radio)
diff --git a/vendor/common/hal_keymaster_qti.te b/vendor/common/hal_keymaster_qti.te
deleted file mode 100644
index 09c5043..0000000
--- a/vendor/common/hal_keymaster_qti.te
+++ /dev/null
@@ -1,9 +0,0 @@
-type hal_keymaster_qti, domain;
-hal_server_domain(hal_keymaster_qti, hal_keymaster)
-
-type hal_keymaster_qti_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(hal_keymaster_qti)
-
-dontaudit hal_keymaster_qti firmware_file:dir search;
-
-get_prop(hal_keymaster_qti, vendor_tee_listener_prop)
diff --git a/vendor/common/hal_light.te b/vendor/common/hal_light.te
deleted file mode 100644
index 458c97e..0000000
--- a/vendor/common/hal_light.te
+++ /dev/null
@@ -1,2 +0,0 @@
-allow hal_light sysfs_graphics:dir search;
-allow hal_light sysfs_graphics:file rw_file_perms;
diff --git a/vendor/common/hal_memtrack_default.te b/vendor/common/hal_memtrack_default.te
deleted file mode 100644
index e53278f..0000000
--- a/vendor/common/hal_memtrack_default.te
+++ /dev/null
@@ -1 +0,0 @@
-allow hal_memtrack_default debugfs_kgsl:file r_file_perms;
diff --git a/vendor/common/hal_power_default.te b/vendor/common/hal_power_default.te
deleted file mode 100644
index 9f871f5..0000000
--- a/vendor/common/hal_power_default.te
+++ /dev/null
@@ -1,6 +0,0 @@
-allow hal_power_default sysfs_soc:dir r_dir_perms;
-allow hal_power_default sysfs_soc:file r_file_perms;
-
-allow hal_power_default hbtp_kernel_sysfs:file rw_file_perms;
-
-hal_client_domain(hal_power_default, hal_perf)
diff --git a/vendor/common/hal_rcsservice.te b/vendor/common/hal_rcsservice.te
deleted file mode 100644
index 0490981..0000000
--- a/vendor/common/hal_rcsservice.te
+++ /dev/null
@@ -1,42 +0,0 @@
-type hal_rcsservice, domain;
-type hal_rcsservice_exec, exec_type, vendor_file_type, file_type;
-
-# Started by init
-init_daemon_domain(hal_rcsservice)
-net_domain(hal_rcsservice)
-
-get_prop(hal_rcsservice, ims_prop)
-
-# To register imsrcsd to hwBinder
-hwbinder_use(hal_rcsservice)
-# add IUceSerive and IService to Hidl interface
-add_hwservice(hal_rcsservice, hal_imsrcsd_hwservice)
-add_hwservice(hal_rcsservice, hal_imscallinfo_hwservice)
-
-get_prop(hal_rcsservice, hwservicemanager_prop)
-
-allow hal_rcsservice sysfs_timestamp_switch:file r_file_perms;
-allow hal_rcsservice sysfs_data:file r_file_perms;
-r_dir_file(hal_rcsservice, sysfs_soc)
-
-#required for socket creation
-unix_socket_connect(hal_rcsservice, ims, ims)
-allow hal_rcsservice self:socket create_socket_perms;
-allowxperm hal_rcsservice self:socket ioctl msm_sock_ipc_ioctls ;
-
-# imsrcsd to bind with UceShimService.apk
-binder_call(hal_rcsservice, dataservice_app)
-
-# imsrcsd needs read/write access to devpts
-allow hal_rcsservice devpts:chr_file rw_file_perms;
-
-# allow imsrcsd capabilities
-wakelock_use(hal_rcsservice)
-allow hal_rcsservice self:capability net_bind_service;
-
-#diag
-userdebug_or_eng(`
- diag_use(hal_rcsservice)
-')
-
-set_prop(hal_rcsservice, ctl_vendor_imsrcsservice_prop)
diff --git a/vendor/common/hal_sensors_default.te b/vendor/common/hal_sensors_default.te
deleted file mode 100644
index 57f6ae9..0000000
--- a/vendor/common/hal_sensors_default.te
+++ /dev/null
@@ -1,26 +0,0 @@
-# read factory calibration and sensor configuration data
-allow hal_sensors_default mnt_vendor_file:dir search;
-r_dir_file(hal_sensors_default, persist_sensors_file)
-
-# interact with the sensors low power island (SLPI) CPU
-allow hal_sensors_default self:socket { create ioctl read write };
-allowxperm hal_sensors_default self:socket ioctl msm_sock_ipc_ioctls;
-allow hal_sensors sysfs_soc:file r_file_perms;
-
-allow hal_sensors_default qdsp_device:chr_file r_file_perms;
-allow hal_sensors_default xdsp_device:chr_file r_file_perms;
-
-allow hal_sensors sysfs_data:file r_file_perms;
-allow hal_sensors sysfs_sensors:dir r_dir_perms;
-allow hal_sensors sysfs_sensors:file rw_file_perms;
-allow hal_sensors sysfs_sensors:lnk_file read;
-
-#following to set the ssr
-allow hal_sensors_default sysfs_slpi:dir search;
-allow hal_sensors_default sysfs_slpi:file w_file_perms;
-
-
-allow hal_sensors_default persist_sensors_file:dir rw_dir_perms;
-allow hal_sensors_default persist_sensors_file:file create_file_perms;
-allow hal_sensors_default mnt_vendor_file:dir rw_dir_perms;
-allow hal_sensors_default mnt_vendor_file:file create_file_perms;
diff --git a/vendor/common/hal_thermal_default.te b/vendor/common/hal_thermal_default.te
deleted file mode 100755
index bafcb55..0000000
--- a/vendor/common/hal_thermal_default.te
+++ /dev/null
@@ -1,4 +0,0 @@
-allow hal_thermal_default sysfs_thermal:dir { open read search };
-allow hal_thermal_default sysfs_thermal:file { getattr open read };
-allow hal_thermal_default sysfs_thermal:lnk_file read;
-allow hal_thermal_default proc_stat:file { getattr open read };
diff --git a/vendor/common/hal_vibrator_default.te b/vendor/common/hal_vibrator_default.te
deleted file mode 100644
index 7981baf..0000000
--- a/vendor/common/hal_vibrator_default.te
+++ /dev/null
@@ -1,6 +0,0 @@
-r_dir_file(hal_vibrator_default, sysfs_leds)
-allow hal_vibrator_default sysfs_leds:file rw_file_perms;
-
-# read-only permission to obtain the calibration data
-r_dir_file(hal_vibrator_default, persist_haptics_file)
-allow hal_vibrator_default mnt_vendor_file:dir search;
diff --git a/vendor/common/hbtp.te b/vendor/common/hbtp.te
deleted file mode 100644
index b2d8862..0000000
--- a/vendor/common/hbtp.te
+++ /dev/null
@@ -1,55 +0,0 @@
-# Policies for hbtp (host based touch processing)
-type hbtp, domain;
-type hbtp_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(hbtp)
-hal_server_domain(hbtp, hal_hbtp)
-# Allow access for /dev/hbtp_input and /dev/jdi-bu21150
-allow hbtp { hbtp_device qdsp_device dsp_device bu21150_device xdsp_device }:chr_file rw_file_perms;
-
-allow hbtp hbtp_log_file:dir rw_dir_perms;
-allow hbtp hbtp_log_file:file create_file_perms;
-
-allow hbtp hbtp_cfg_file:dir r_dir_perms;
-allow hbtp hbtp_cfg_file:file r_file_perms;
-
-allow hbtp firmware_file:dir r_dir_perms;
-allow hbtp firmware_file:file r_file_perms;
-
-allow hbtp vendor_firmware_file:dir r_dir_perms;
-allow hbtp vendor_firmware_file:file r_file_perms;
-
-allow hbtp sysfs_usb_supply:file r_file_perms;
-allow hbtp sysfs_usb_supply:dir r_dir_perms;
-
-allow hbtp hbtp_kernel_sysfs:file rw_file_perms;
-
-allow hbtp sysfs_graphics:file r_file_perms;
-allow hbtp sysfs_graphics:dir r_dir_perms;
-
-allow hbtp sysfs_battery_supply:file r_file_perms;
-allow hbtp sysfs_battery_supply:dir r_dir_perms;
-
-allow hbtp ion_device:chr_file r_file_perms;
-
-allow hbtp self:netlink_kobject_uevent_socket { create read setopt bind };
-
-# Allow the service to access wakelock sysfs
-allow hbtp sysfs_wake_lock:file r_file_perms;
-
-# Allow the service to change to system from root
-allow hbtp self:capability { setgid setuid sys_nice };
-
-# Allow load touch driver as touchPD
-r_dir_file(hbtp, adsprpcd_file)
-
-# Allow the service to access wakelock capability
-wakelock_use(hbtp)
-
-# Allow hwbinder call from hal client to server and vice-versa
-binder_call(hal_hbtp_client, hal_hbtp_server)
-binder_call(hal_hbtp_server, hal_hbtp_client)
-
-# Allow hwservice related rules
-add_hwservice(hal_hbtp_server, hal_hbtp_hwservice)
-allow hal_hbtp_client hal_hbtp_hwservice:hwservice_manager find;
-hal_client_domain(hbtp, hal_allocator);
diff --git a/vendor/common/healthd.te b/vendor/common/healthd.te
deleted file mode 100644
index 7491ac2..0000000
--- a/vendor/common/healthd.te
+++ /dev/null
@@ -1,9 +0,0 @@
-allow healthd self:capability2 wake_alarm;
-r_dir_file(healthd, sysfs_battery_supply)
-r_dir_file(healthd, sysfs_usb_supply)
-r_dir_file(healthd, sysfs_thermal);
-
-allow healthd {
- sysfs_battery_supply
- sysfs_usb_supply
-}:file rw_file_perms;
diff --git a/vendor/common/hvdcp.te b/vendor/common/hvdcp.te
deleted file mode 100644
index a855b52..0000000
--- a/vendor/common/hvdcp.te
+++ /dev/null
@@ -1,41 +0,0 @@
-# HVDVP quickcharge
-type hvdcp, domain;
-type hvdcp_exec, exec_type, vendor_file_type, file_type;
-
-# Make transition to its own HVDCP domain from init
-init_daemon_domain(hvdcp)
-
-# Add rules for access permissions
-allow hvdcp hvdcp_device:chr_file rw_file_perms;
-allow hvdcp {
- sysfs_battery_supply
- sysfs_usb_supply
- sysfs_usbpd_device
- sysfs_vadc_dev
- sysfs_spmi_dev
-}:dir r_dir_perms;
-
-allow hvdcp {
- sysfs_battery_supply
- sysfs_usb_supply
- sysfs_usbpd_device
- sysfs_vadc_dev
- sysfs_spmi_dev
-}:file rw_file_perms;
-
-allow hvdcp {
- sysfs_battery_supply
- sysfs_usb_supply
- sysfs_vadc_dev
- sysfs_spmi_dev
-}:lnk_file r_file_perms;
-
-allow hvdcp self:capability { setgid setuid };
-allow hvdcp self:capability2 wake_alarm;
-allow hvdcp kmsg_device:chr_file rw_file_perms;
-allow hvdcp cgroup:dir { create add_name };
-allow hvdcp self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
-allow hvdcp sysfs_battery_supply:file setattr;
-allow hvdcp sysfs_usb_supply:file setattr;
-allow hvdcp sysfs_usbpd_device:file setattr;
-wakelock_use(hvdcp)
diff --git a/vendor/common/hwservice.te b/vendor/common/hwservice.te
deleted file mode 100644
index b7569eb..0000000
--- a/vendor/common/hwservice.te
+++ /dev/null
@@ -1,14 +0,0 @@
-type hal_cne_hwservice, hwservice_manager_type;
-type vnd_ims_radio_hwservice, hwservice_manager_type;
-type vnd_qcrilhook_hwservice, hwservice_manager_type;
-type hal_display_config_hwservice, hwservice_manager_type;
-type hal_imsrcsd_hwservice, hwservice_manager_type;
-type hal_imsrtp_hwservice, hwservice_manager_type;
-type hal_imscallinfo_hwservice, hwservice_manager_type;
-type hal_ipacm_hwservice, hwservice_manager_type;
-type hal_hbtp_hwservice, hwservice_manager_type;
-type hal_perf_hwservice, hwservice_manager_type, untrusted_app_visible_hwservice_violators;
-type hal_tui_comm_hwservice, hwservice_manager_type;
-type hal_qdutils_disp_hwservice, hwservice_manager_type;
-type hal_display_color_hwservice, hwservice_manager_type;
-type hal_display_postproc_hwservice, hwservice_manager_type;
diff --git a/vendor/common/ims.te b/vendor/common/ims.te
deleted file mode 100644
index 94e6f9a..0000000
--- a/vendor/common/ims.te
+++ /dev/null
@@ -1,39 +0,0 @@
-type ims, domain;
-type ims_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(ims)
-net_domain(ims)
-
-get_prop(ims, hwservicemanager_prop)
-set_prop(ims, ims_prop)
-get_prop(ims, ims_prop)
-
-unix_socket_connect(ims, netmgrd, netmgrd)
-
-allow ims sysfs_soc:dir search;
-allow ims sysfs_soc:file r_file_perms;
-allow ims sysfs_timestamp_switch:file r_file_perms;
-allow ims sysfs_data:file r_file_perms;
-
-allow ims self:capability net_bind_service;
-
-allow ims ion_device:chr_file r_file_perms;
-
-unix_socket_connect(ims, cnd, cnd)
-
-allow ims self:socket create_socket_perms;
-allow ims ims_socket:sock_file write;
-allow ims self:netlink_generic_socket create_socket_perms_no_ioctl;
-allow ims netmgrd_socket:dir search;
-allow ims netmgrd_socket:sock_file w_file_perms;
-allowxperm ims self:socket ioctl msm_sock_ipc_ioctls;
-allowxperm ims self:udp_socket ioctl RMNET_IOCTL_EXTENDED;
-
-#diag
-userdebug_or_eng(`
- diag_use(ims)
-')
-
-hwbinder_use(ims)
-allow ims hal_cne_hwservice:hwservice_manager find;
-binder_call(ims, cnd)
diff --git a/vendor/common/init.te b/vendor/common/init.te
deleted file mode 100644
index a55ff78..0000000
--- a/vendor/common/init.te
+++ /dev/null
@@ -1,50 +0,0 @@
-allow init {
- adsprpcd_file
- cache_file
- mnt_vendor_file
- storage_file
-}:dir mounton;
-
-# symlink /sdcard to backing block
-allow init tmpfs:lnk_file create;
-
-allow init tty_device:chr_file rw_file_perms;
-
-allow init mnt_vendor_file:dir mounton;
-
-allow init ab_block_device:lnk_file relabelto;
-
-#Allow init to mount non-hlos partitions in A/B builds
-allow init { bt_firmware_file vendor_firmware_file firmware_file } :dir mounton;
-
-allow init { bt_firmware_file firmware_file }:filesystem { relabelfrom mount };
-allow { bt_firmware_file firmware_file }self:filesystem associate;
-
-dontaudit init kernel:system module_request;
-
-allow init sysfs_leds:lnk_file r_file_perms;
-
-allow init socket_device:sock_file create_file_perms;
-
-#Needed for restorecon. Init already has these permissions
-#for generic block devices, but is unable to access those
-#which have a custom lable added by us.
-allow init {
- custom_ab_block_device
- boot_block_device
- xbl_block_device
- ssd_block_device
- modem_block_device
- mdtp_device
-}:{ blk_file lnk_file } relabelto;
-
-#Allow /sys access to write zram disksize
-allow init sysfs_zram:dir r_dir_perms;
-allow init sysfs_zram:file r_file_perms;
-
-allow init sysfs_boot_adsp:file w_file_perms;
-# Search and write access for sysfs_graphics for backlight in recovery
-recovery_only(`
-allow init sysfs_graphics:file w_file_perms;
-allow init sysfs_graphics:dir search;
-')
diff --git a/vendor/common/ioctl_defines b/vendor/common/ioctl_defines
deleted file mode 100644
index e1c50a7..0000000
--- a/vendor/common/ioctl_defines
+++ /dev/null
@@ -1,10 +0,0 @@
-# socket ioctls
-define(`RMNET_IOCTL_EXTENDED', `0x000089FD')
-
-# socket ioctls defined in the kernel in include/uapi/linux/msm_ipc.h
-define(`IPC_ROUTER_IOCTL_GET_VERSION', `0x0000c300')
-define(`IPC_ROUTER_IOCTL_GET_MTU', `0x0000c301')
-define(`IPC_ROUTER_IOCTL_LOOKUP_SERVER', `0x0000c302')
-define(`IPC_ROUTER_IOCTL_GET_CURR_PKT_SIZE', `0x0000c303')
-define(`IPC_ROUTER_IOCTL_BIND_CONTROL_PORT', `0x0000c304')
-define(`IPC_ROUTER_IOCTL_CONFIG_SEC_RULES', `0x0000c305')
diff --git a/vendor/common/ioctl_macros b/vendor/common/ioctl_macros
deleted file mode 100644
index dd9a2e8..0000000
--- a/vendor/common/ioctl_macros
+++ /dev/null
@@ -1,8 +0,0 @@
-define(`msm_sock_ipc_ioctls', `{
-IPC_ROUTER_IOCTL_GET_VERSION
-IPC_ROUTER_IOCTL_GET_MTU
-IPC_ROUTER_IOCTL_LOOKUP_SERVER
-IPC_ROUTER_IOCTL_GET_CURR_PKT_SIZE
-IPC_ROUTER_IOCTL_BIND_CONTROL_PORT
-IPC_ROUTER_IOCTL_CONFIG_SEC_RULES
-}')
diff --git a/vendor/common/ipacm.te b/vendor/common/ipacm.te
deleted file mode 100644
index b728d4f..0000000
--- a/vendor/common/ipacm.te
+++ /dev/null
@@ -1,43 +0,0 @@
-# General definitions
-type ipacm, domain;
-type ipacm-diag, domain;
-type ipacm_exec, exec_type, vendor_file_type, file_type;
-type ipacm-diag_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(ipacm)
-init_daemon_domain(ipacm-diag)
-
-# associate netdomain to use for accessing internet sockets
-net_domain(ipacm)
-
-hal_server_domain(ipacm, hal_tetheroffload)
-
-userdebug_or_eng(`
- # Allow using the logging file between ipacm and ipacm-diag
- unix_socket_send(ipacm, ipacm, ipacm-diag)
-')
-
-# Allow operations with /dev/ipa, /dev/wwan_ioctl and /dev/ipaNatTable
-allow hal_tetheroffload ipa_dev:chr_file rw_file_perms;
-
-# Allow UDP socket create and ioctl
-allow hal_tetheroffload self:udp_socket create_socket_perms;
-allowxperm ipacm self:udp_socket ioctl SIOCGIFNAME;
-
-# Allow receiving NETLINK messages
-allow hal_tetheroffload self:netlink_route_socket { nlmsg_read create_socket_perms_no_ioctl };
-
-
-# Allow receiving NETLINK messages
-allow hal_tetheroffload self:{
- netlink_socket
- # Allow querying the network stack via IOCTLs
- netlink_generic_socket
-} create_socket_perms_no_ioctl;
-
-# Allow creating and modifying the PID file
-allow hal_tetheroffload ipa_vendor_data_file:dir w_dir_perms;
-allow hal_tetheroffload ipa_vendor_data_file:file create_file_perms;
-
-# To register ipacm to hwbinder
-#add_hwservice(ipacm, hal_ipacm_hwservice)
-#binder_call(ipacm, system_server)
diff --git a/vendor/common/irsc_util.te b/vendor/common/irsc_util.te
deleted file mode 100644
index 79f3c73..0000000
--- a/vendor/common/irsc_util.te
+++ /dev/null
@@ -1,7 +0,0 @@
-type irsc_util, domain;
-type irsc_util_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(irsc_util)
-
-allow irsc_util self:socket create_socket_perms;
-allowxperm irsc_util self:socket ioctl msm_sock_ipc_ioctls;
diff --git a/vendor/common/kernel.te b/vendor/common/kernel.te
deleted file mode 100644
index c840b40..0000000
--- a/vendor/common/kernel.te
+++ /dev/null
@@ -1,17 +0,0 @@
-# for diag over socket
-userdebug_or_eng(`
- allow kernel self:socket create;
- allow kernel debugfs_wlan:dir search;
- allow kernel debugfs_ipc:dir search;
-')
-
-# Access firmware_file
-r_dir_file(kernel, firmware_file)
-
-
-# access vendor_firmware_file
-r_dir_file(kernel, vendor_firmware_file)
-
-dontaudit kernel kernel:system module_request;
-
-allow kernel persist_file:dir search;
diff --git a/vendor/common/location.te b/vendor/common/location.te
deleted file mode 100644
index 49aa452..0000000
--- a/vendor/common/location.te
+++ /dev/null
@@ -1,65 +0,0 @@
-# loc_launcher service
-# which launches various other services supporting GPS & Wifi-RTT (LOWI) location
-type location, domain;
-type location_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(location)
-
-# STOPSHIP b/28340421
-# Temporarily grant this permission (for LOWI) and log its use.
-allow location self:capability { net_admin };
-
-allow location self:capability { setgid setuid };
-
-hwbinder_use(location)
-get_prop(location, hwservicemanager_prop)
-allow location fwk_sensor_hwservice:hwservice_manager find;
-binder_call(location, system_server)
-allow location hal_wifi:unix_stream_socket { read write };
-
-# Enable standard network access (for XTRA download)
-net_domain(location)
-
-# And some additional network access
-allow location self:netlink_generic_socket create_socket_perms_no_ioctl;
-allow location self:netlink_socket create_socket_perms_no_ioctl;
-allowxperm location self:udp_socket ioctl { SIOCGIFINDEX SIOCGIFHWADDR SIOCIWFIRSTPRIV_05 };
-
-allow location sysfs_data:file r_file_perms;
-
-allow location self:socket create_socket_perms;
-# whitelist socket ioctl commands
-allowxperm location self:socket ioctl msm_sock_ipc_ioctls;
-
-dontaudit location kernel:system module_request;
-
-allow location proc_net:file r_file_perms;
-
-# execute /vendor/bin/lowi-server
-allow location location_exec:file rx_file_perms;
-
-# /data/vendor/location
-allow location location_data_file:dir create_dir_perms;
-allow location location_data_file:file create_file_perms;
-
-# /dev/socket/location
-allow location location_socket:sock_file create_file_perms;
-allow location location_socket:dir rw_dir_perms;
-
-allow location hal_gnss_qti:unix_dgram_socket sendto;
-
-# /data/vendor/wifi/wpa
-allow location wpa_data_file:dir rw_dir_perms;
-
-allow location wpa_data_file:sock_file create_file_perms;
-
-allow location hal_wifi_supplicant_default:unix_dgram_socket sendto;
-
-userdebug_or_eng(`
- allow location diag_device:chr_file rw_file_perms;
-')
-
-allow location hal_cne_hwservice:hwservice_manager find;
-binder_call(location, cnd)
-
-get_prop(location, vendor_wifi_prop)
diff --git a/vendor/common/mediacodec.te b/vendor/common/mediacodec.te
deleted file mode 100644
index 85f0531..0000000
--- a/vendor/common/mediacodec.te
+++ /dev/null
@@ -1,11 +0,0 @@
-allow mediacodec sysfs_soc:file r_file_perms;
-allow mediacodec sysfs_soc:dir search;
-
-allow mediacodec system_file:dir r_dir_perms;
-
-userdebug_or_eng(`
- allow mediacodec dumpstate:fd use;
-')
-#Allow mediacodec to access vendor_media_data_file files
-allow mediacodec vendor_media_data_file:dir create_dir_perms;
-allow mediacodec vendor_media_data_file:file create_file_perms;
diff --git a/vendor/common/msm_irqbalanced.te b/vendor/common/msm_irqbalanced.te
deleted file mode 100644
index 41467fa..0000000
--- a/vendor/common/msm_irqbalanced.te
+++ /dev/null
@@ -1,14 +0,0 @@
-type msm_irqbalanced, domain;
-type msm_irqbalanced_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(msm_irqbalanced)
-
-allow msm_irqbalanced cgroup:dir { create add_name };
-allow msm_irqbalanced { proc sysfs_devices_system_cpu }:file w_file_perms;
-
-# access smp_affinity
-allow msm_irqbalanced proc:file r_file_perms;
-allow msm_irqbalanced proc_interrupts:file r_file_perms;
-allow msm_irqbalanced proc_stat:file r_file_perms;
-# irq_blacklist_on
-allow msm_irqbalanced sysfs_irqbalance:file r_file_perms;
diff --git a/vendor/common/netd.te b/vendor/common/netd.te
deleted file mode 100644
index 01c5cc3..0000000
--- a/vendor/common/netd.te
+++ /dev/null
@@ -1,2 +0,0 @@
-dontaudit netd kernel:system module_request;
-dontaudit netd self:capability sys_module;
diff --git a/vendor/common/netmgrd.te b/vendor/common/netmgrd.te
deleted file mode 100644
index 2ff88a3..0000000
--- a/vendor/common/netmgrd.te
+++ /dev/null
@@ -1,59 +0,0 @@
-type netmgrd, domain;
-type netmgrd_exec, exec_type, vendor_file_type, file_type;
-
-net_domain(netmgrd)
-init_daemon_domain(netmgrd)
-
-# communicate with netd
-unix_socket_connect(netmgrd, netd, netd)
-
-allow netmgrd netmgrd_socket:dir w_dir_perms;
-allow netmgrd netmgrd_socket:sock_file create_file_perms;
-allow netmgrd self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_write };
-allow netmgrd self:netlink_generic_socket create_socket_perms_no_ioctl;
-allow netmgrd self:netlink_route_socket nlmsg_write;
-allow netmgrd self:netlink_socket create_socket_perms_no_ioctl;
-allow netmgrd self:socket create_socket_perms;
-allowxperm netmgrd self:socket ioctl msm_sock_ipc_ioctls;
-allowxperm netmgrd self:udp_socket ioctl priv_sock_ioctls;
-
-allow netmgrd sysfs_net:dir r_dir_perms;
-allow netmgrd sysfs_net:file rw_file_perms;
-allow netmgrd sysfs_soc:dir search;
-allow netmgrd sysfs_soc:file r_file_perms;
-allow netmgrd sysfs_data:file r_file_perms;
-
-wakelock_use(netmgrd)
-
-#Allow netutils usage
-domain_auto_trans(netmgrd, netutils_wrapper_exec, netutils_wrapper)
-
-use_netutils(netmgrd)
-
-#Allow diag logging
-allow netmgrd sysfs_timestamp_switch:file { read open };
-userdebug_or_eng(`
- r_dir_file(netmgrd, sysfs_diag)
-')
-
-#Ignore if device loading for private IOCTL failed
-dontaudit netmgrd kernel:system { module_request };
-
-allow netmgrd proc_net:file rw_file_perms;
-allow netmgrd netmgr_data_file:dir rw_dir_perms;
-allow netmgrd netmgr_data_file:file create_file_perms;
-allow netmgrd system_file:file execute_no_trans;
-allow netmgrd netmgr_recovery_data_file:file create_file_perms;
-allow netmgrd netmgr_recovery_data_file:dir rw_dir_perms;
-
-get_prop(netmgrd, hwservicemanager_prop)
-hwbinder_use(netmgrd)
-binder_call(netmgrd, netd)
-allow netmgrd system_net_netd_hwservice:hwservice_manager find;
-
-allow netmgrd self:capability { net_admin net_raw setgid setpcap setuid };
-
-allow netmgrd vendor_toolbox_exec:file rx_file_perms;
-
-dontaudit netmgrd kernel:system module_request;
-dontaudit netmgrd self:system module_request;
diff --git a/vendor/common/pd_services.te b/vendor/common/pd_services.te
deleted file mode 100644
index 43914d9..0000000
--- a/vendor/common/pd_services.te
+++ /dev/null
@@ -1,15 +0,0 @@
-type vendor_pd_mapper, domain;
-
-type vendor_pd_mapper_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(vendor_pd_mapper);
-
-allow vendor_pd_mapper self:capability { setgid setpcap setuid net_bind_service };
-
-allow vendor_pd_mapper firmware_file:dir r_dir_perms;
-allow vendor_pd_mapper firmware_file:file r_file_perms;
-
-allow vendor_pd_mapper self:socket create_socket_perms;
-allowxperm vendor_pd_mapper self:socket ioctl IPC_ROUTER_IOCTL_BIND_CONTROL_PORT;
-
-allow vendor_pd_mapper sysfs_data:file r_file_perms;
-get_prop(vendor_pd_mapper, vendor_pd_locater_dbg_prop)
diff --git a/vendor/common/per_proxy.te b/vendor/common/per_proxy.te
deleted file mode 100644
index 9c5ed59..0000000
--- a/vendor/common/per_proxy.te
+++ /dev/null
@@ -1,12 +0,0 @@
-# Policy for /system/bin/pm-proxy
-type vendor_per_proxy, domain;
-type vendor_per_proxy_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(vendor_per_proxy)
-
-allow vendor_per_proxy vendor_per_mgr_service:service_manager find;
-
-r_dir_file(vendor_per_proxy, sysfs_ssr)
-
-vndbinder_use(vendor_per_proxy)
-binder_call(vendor_per_proxy, vendor_per_mgr)
diff --git a/vendor/common/peripheral_manager.te b/vendor/common/peripheral_manager.te
deleted file mode 100644
index a089b37..0000000
--- a/vendor/common/peripheral_manager.te
+++ /dev/null
@@ -1,32 +0,0 @@
-# Policy for pm-service and pm-proxy
-type vendor_per_mgr, domain;
-type vendor_per_mgr_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(vendor_per_mgr);
-
-add_service(vendor_per_mgr, vendor_per_mgr_service)
-
-vndbinder_use(vendor_per_mgr)
-binder_call(vendor_per_mgr, hal_gnss)
-binder_call(vendor_per_mgr, vendor_per_proxy)
-binder_call(vendor_per_mgr, wcnss_service)
-binder_call(vendor_per_mgr, rild)
-
-allow vendor_per_mgr self:capability net_bind_service;
-
-allow vendor_per_mgr firmware_file:file r_file_perms;
-allow vendor_per_mgr firmware_file:dir search;
-
-allow vendor_per_mgr self:socket create_socket_perms;
-allowxperm vendor_per_mgr self:socket ioctl msm_sock_ipc_ioctls;
-allow vendor_per_mgr ssr_device:chr_file { open read };
-
-# Needed by libmdmdetect to figure out the system configuration
-r_dir_file(vendor_per_mgr, sysfs_esoc)
-
-# Needed by libmdmdetect to get subsystem info and to check their states
-r_dir_file(vendor_per_mgr, sysfs_ssr)
-allow vendor_per_mgr sysfs_data:file r_file_perms;
-
-# Set the peripheral state property
-set_prop(vendor_per_mgr, vendor_per_mgr_state_prop);
diff --git a/vendor/common/platform_app.te b/vendor/common/platform_app.te
deleted file mode 100644
index 28f66b5..0000000
--- a/vendor/common/platform_app.te
+++ /dev/null
@@ -1,2 +0,0 @@
-#allow embms app to access vendor radio property
-get_prop(radio, vendor_radio_prop)
diff --git a/vendor/common/port-bridge.te b/vendor/common/port-bridge.te
deleted file mode 100644
index 256b568..0000000
--- a/vendor/common/port-bridge.te
+++ /dev/null
@@ -1,15 +0,0 @@
-type port-bridge, domain;
-type port-bridge_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(port-bridge)
-
-#access ipa sysfs node
-allow port-bridge sysfs_data:file r_file_perms;
-
-allow port-bridge sysfs_soc:dir search;
-allow port-bridge sysfs_soc:file r_file_perms;
-
-allow port-bridge at_device:chr_file rw_file_perms;
-
-allow port-bridge port_bridge_data_file:file create_file_perms;
-allow port-bridge port_bridge_data_file:dir w_dir_perms;
diff --git a/vendor/common/property.te b/vendor/common/property.te
deleted file mode 100644
index 0e3759f..0000000
--- a/vendor/common/property.te
+++ /dev/null
@@ -1,60 +0,0 @@
-type ctl_netmgrd_prop, property_type;
-type ctl_port-bridge_prop, property_type;
-type ctl_qcrild_prop, property_type;
-type vendor_camera_prop, property_type;
-type cnd_prop, property_type;
-type crash_cnt_prop, property_type;
-type crash_detect_prop, property_type;
-type ims_prop, property_type;
-type ipacm_prop, property_type;
-type ipacm-diag_prop, property_type;
-type vendor_modem_diag_prop, property_type;
-type msm_irqbalance_prop, property_type;
-type vendor_per_mgr_state_prop, property_type;
-type vendor_dataqti_prop, property_type;
-type vendor_dataqdp_prop, property_type;
-type vendor_ramdump_prop, property_type;
-type sensors_prop, property_type;
-type vendor_tee_listener_prop, property_type;
-type vendor_display_prop, property_type;
-type vendor_usb_prop, property_type;
-type vendor_radio_prop, property_type;
-
-#Needed for ubwc support
-type vendor_gralloc_prop, property_type;
-
-type vendor_system_prop, property_type;
-
-#imsrcsservice
-type ctl_vendor_imsrcsservice_prop, property_type;
-
-#mpdecision
-type vendor_mpdecision_prop, property_type;
-
-# HBTP
-type ctl_vendor_hbtp_prop, property_type;
-
-# Bluetooth props
-type vendor_bluetooth_prop, property_type;
-
-# Audio props
-type vendor_audio_prop, property_type;
-
-#ss-restart
-type vendor_ssr_prop, property_type;
-
-#ss-services (PD)
-type vendor_pd_locater_dbg_prop, property_type;
-
-#rmt_storage
-type ctl_vendor_rmt_storage_prop, property_type;
-
-type vendor_gpu_prop, property_type;
-
-type public_vendor_default_prop, property_type;
-
-# alarm property
-type vendor_alarm_boot_prop, property_type;
-
-#wlan-vendor prop
-type vendor_wifi_prop, property_type;
diff --git a/vendor/common/qlogd.te b/vendor/common/qlogd.te
deleted file mode 100644
index e000ecb..0000000
--- a/vendor/common/qlogd.te
+++ /dev/null
@@ -1,15 +0,0 @@
-type qlogd, domain;
-type qlogd_exec, exec_type, vendor_file_type, file_type;
-
-userdebug_or_eng(`
- # make transition from init to its domain
- init_daemon_domain(qlogd)
-
- allow qlogd diag_device:chr_file rw_file_perms;
- allow qlogd qlogd_exec:file rx_file_perms;
-
- allow qlogd radio_vendor_data_file:file create_file_perms;
- allow qlogd radio_vendor_data_file:dir create_dir_perms;
-
- set_prop(qlogd, vendor_modem_diag_prop)
-')
diff --git a/vendor/common/qti.te b/vendor/common/qti.te
deleted file mode 100644
index 91a5a45..0000000
--- a/vendor/common/qti.te
+++ /dev/null
@@ -1,21 +0,0 @@
-type qti, domain;
-type qti_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(qti)
-net_domain(qti)
-
-allow qti sysfs_soc:dir search;
-allow qti sysfs_soc:file r_file_perms;
-
-allow qti smd_device:chr_file rw_file_perms;
-allow qti rmnet_device:chr_file rw_file_perms;
-
-allow qti self:socket create_socket_perms;
-allowxperm qti self:socket ioctl msm_sock_ipc_ioctls;
-allow qti { vendor_shell_exec }:file rx_file_perms;
-
-#diag
-userdebug_or_eng(`
- diag_use(qti)
- allow qti sysfs_data:file r_file_perms;
-')
diff --git a/vendor/common/radio.te b/vendor/common/radio.te
deleted file mode 100644
index 432f565..0000000
--- a/vendor/common/radio.te
+++ /dev/null
@@ -1,28 +0,0 @@
-get_prop(radio, ims_prop)
-
-allow radio vendor_file:lnk_file r_file_perms;
-allow radio vendor_framework_file:file r_file_perms;
-allow radio vendor_framework_file:dir search;
-
-hwbinder_use(radio)
-allow radio vnd_ims_radio_hwservice:hwservice_manager find;
-allow radio vnd_qcrilhook_hwservice:hwservice_manager find;
-allow radio hal_imsrtp_hwservice:hwservice_manager find;
-
-add_service(radio, radio_service)
-allow radio {
- mediaextractor_service
- mediacodec_service
-}:service_manager find;
-
-# IMS needs permission to use avtimer
-allow radio avtimer_device:chr_file r_file_perms;
-
-binder_call(radio, hal_imsrtp)
-
-#diag
-userdebug_or_eng(`
- diag_use(radio)
-')
-
-get_prop(radio, vendor_radio_prop)
diff --git a/vendor/common/rfs_access.te b/vendor/common/rfs_access.te
deleted file mode 100644
index 9c43b16..0000000
--- a/vendor/common/rfs_access.te
+++ /dev/null
@@ -1,29 +0,0 @@
-type rfs_access, domain;
-type rfs_access_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(rfs_access)
-
-#For tftp server
-allow rfs_access self:capability { chown setgid setpcap setuid net_bind_service };
-
-wakelock_use(rfs_access)
-
-type_transition rfs_access mnt_vendor_file:{ dir file } persist_rfs_file;
-type_transition rfs_access mnt_vendor_file:dir persist_rfs_shared_hlos_file "hlos_rfs";
-
-r_dir_file(rfs_access, firmware_file);
-
-allow rfs_access mnt_vendor_file:dir create_dir_perms;
-
-allow rfs_access persist_rfs_file:dir search;
-allow rfs_access persist_rfs_file:dir create_dir_perms;
-allow rfs_access persist_rfs_file:file create_file_perms;
-allow rfs_access persist_rfs_shared_hlos_file:dir create_dir_perms;
-allow rfs_access persist_rfs_shared_hlos_file:file create_file_perms;
-
-#For QMI sockets and IPCR Sockets
-allow rfs_access self:{ socket qipcrtr_socket } create_socket_perms_no_ioctl;
-
-allow rfs_access vendor_tombstone_data_file:dir create_dir_perms;
-allow rfs_access vendor_tombstone_data_file:file create_file_perms;
-
diff --git a/vendor/common/rild.te b/vendor/common/rild.te
deleted file mode 100644
index 7daacf7..0000000
--- a/vendor/common/rild.te
+++ /dev/null
@@ -1,33 +0,0 @@
-binder_call(rild, vendor_per_mgr)
-
-vndbinder_use(rild)
-
-allow rild netmgrd_socket:dir search;
-unix_socket_connect(rild, netmgrd, netmgrd)
-
-allow rild vendor_file:file { execute_no_trans lock ioctl };
-
-allow rild vendor_per_mgr_service:service_manager find;
-
-add_hwservice(rild, vnd_ims_radio_hwservice)
-add_hwservice(rild, vnd_qcrilhook_hwservice)
-
-allow rild self:socket ioctl;
-allowxperm rild self:socket ioctl msm_sock_ipc_ioctls;
-allow rild time_daemon:unix_stream_socket connectto;
-
-allow rild radio_vendor_data_file:dir rw_dir_perms;
-allow rild radio_vendor_data_file:file create_file_perms;
-
-userdebug_or_eng(`
- allow rild diag_device:chr_file rw_file_perms;
- get_prop(rild, vendor_pd_locater_dbg_prop)
-')
-
-hal_server_domain(rild, hal_secure_element)
-
-get_prop(rild, exported3_radio_prop)
-get_prop(rild, vendor_dataqdp_prop)
-
-allow rild qmuxd_socket:dir w_dir_perms;
-allow rild qmuxd_socket:sock_file create_file_perms;
diff --git a/vendor/common/rmt_storage.te b/vendor/common/rmt_storage.te
deleted file mode 100644
index 1e6217a..0000000
--- a/vendor/common/rmt_storage.te
+++ /dev/null
@@ -1,31 +0,0 @@
-type rmt_storage, domain;
-type rmt_storage_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(rmt_storage)
-
-wakelock_use(rmt_storage)
-
-allow rmt_storage self:capability { net_bind_service setgid setpcap setuid };
-
-set_prop(rmt_storage, ctl_vendor_rmt_storage_prop)
-
-allow rmt_storage cgroup:dir create_dir_perms;
-allow rmt_storage uio_device:chr_file rw_file_perms;
-
-allow rmt_storage self:{ socket qipcrtr_socket } create_socket_perms;
-allowxperm rmt_storage self:{ socket qipcrtr_socket } ioctl msm_sock_ipc_ioctls;
-
-allow rmt_storage kmsg_device:chr_file w_file_perms;
-
-r_dir_file(rmt_storage, sysfs_uio)
-r_dir_file(rmt_storage, sysfs_uio_file)
-
-allow rmt_storage block_device:dir r_dir_perms;
-
-allow rmt_storage {
- modem_efs_partition_device
- ssd_block_device
-}:blk_file rw_file_perms;
-
-#sysfs_ssr
-r_dir_file(rmt_storage, sysfs_ssr)
diff --git a/vendor/common/seapp_contexts b/vendor/common/seapp_contexts
deleted file mode 100644
index dc6f9bc..0000000
--- a/vendor/common/seapp_contexts
+++ /dev/null
@@ -1,12 +0,0 @@
-#Add new domain for DataServices
-# Needed for CNEService , uceShimService and other connectivity services
-user=radio seinfo=platform name=.dataservices domain=dataservice_app type=radio_data_file
-
-# A fallback in case tango_core is missing something critical that untrusted_app provides
-user=_app seinfo=tango name=com.google.tango:app domain=untrusted_app type=app_data_file levelFrom=user
-
-#Needed for time service apk
-user=_app seinfo=platform name=com.qualcomm.timeservice domain=timeservice_app type=app_data_file
-
-# AtFwd app
-user=_app seinfo=platform name=com.qualcomm.telephony domain=qtelephony type=app_data_file levelFrom=all
diff --git a/vendor/common/sensors.te b/vendor/common/sensors.te
deleted file mode 100644
index 3148303..0000000
--- a/vendor/common/sensors.te
+++ /dev/null
@@ -1,36 +0,0 @@
-# Policy for sensor daemon
-type sensors, domain;
-type sensors_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(sensors)
-
-allow sensors self:capability {
- setuid
- setgid
- net_bind_service
-};
-
-allow sensors self:socket create_socket_perms;
-allowxperm sensors self:socket ioctl msm_sock_ipc_ioctls;
-
-allow sensors persist_sensors_file:dir rw_dir_perms;
-allow sensors persist_sensors_file:file create_file_perms;
-allow sensors mnt_vendor_file:dir r_dir_perms;
-
-allow sensors sensors_vendor_data_file:dir create_dir_perms;
-allow sensors sensors_vendor_data_file:file create_file_perms;
-
-allow sensors system_file:dir r_dir_perms;
-allow sensors sensors_device:chr_file rw_file_perms;
-
-allow sensors sysfs:dir r_dir_perms;
-allow sensors sysfs_soc:dir r_dir_perms;
-allow sensors sysfs_soc:file rw_file_perms;
-allow sensors sysfs_data:file r_file_perms;
-
-allow sensors ion_device:chr_file r_file_perms;
-allow sensors qdsp_device:chr_file r_file_perms;
-allow sensors xdsp_device:chr_file r_file_perms;
-
-# For reading dir/files on /dsp
-r_dir_file(sensors, adsprpcd_file)
diff --git a/vendor/common/service.te b/vendor/common/service.te
deleted file mode 100644
index 2b24fe4..0000000
--- a/vendor/common/service.te
+++ /dev/null
@@ -1 +0,0 @@
-type imsuce_service, service_manager_type;
diff --git a/vendor/common/service_contexts b/vendor/common/service_contexts
deleted file mode 100644
index ad75ea1..0000000
--- a/vendor/common/service_contexts
+++ /dev/null
@@ -1,3 +0,0 @@
-rcs u:object_r:radio_service:s0
-com.fingerprints.extension.IFingerprintNavigation u:object_r:fingerprint_service:s0
-com.qualcomm.qti.uceservice u:object_r:imsuce_service:s0
diff --git a/vendor/common/shell.te b/vendor/common/shell.te
deleted file mode 100644
index 8b13789..0000000
--- a/vendor/common/shell.te
+++ /dev/null
@@ -1 +0,0 @@
-
diff --git a/vendor/common/ssr_diag.te b/vendor/common/ssr_diag.te
deleted file mode 100644
index fed9ab8..0000000
--- a/vendor/common/ssr_diag.te
+++ /dev/null
@@ -1,4 +0,0 @@
-type vendor_ssr_diag, domain;
-type vendor_ssr_diag_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(vendor_ssr_diag);
diff --git a/vendor/common/ssr_setup.te b/vendor/common/ssr_setup.te
deleted file mode 100644
index df54e08..0000000
--- a/vendor/common/ssr_setup.te
+++ /dev/null
@@ -1,17 +0,0 @@
-type vendor_ssr_setup, domain;
-type vendor_ssr_setup_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(vendor_ssr_setup);
-
-# Required to discover esoc's
-r_dir_file(vendor_ssr_setup, sysfs_esoc)
-
-# Required to enable/disable ssr
-r_dir_file(vendor_ssr_setup, sysfs_ssr)
-allow vendor_ssr_setup sysfs_ssr:lnk_file w_file_perms;
-allow vendor_ssr_setup sysfs_ssr_toggle:file rw_file_perms;
-allow vendor_ssr_setup sysfs_ssr:file rw_file_perms;
-
-allow vendor_ssr_setup sysfs_data:file r_file_perms;
-
-get_prop(vendor_ssr_setup, vendor_ssr_prop)
diff --git a/vendor/common/subsystem_ramdump.te b/vendor/common/subsystem_ramdump.te
deleted file mode 100644
index 6b02c41..0000000
--- a/vendor/common/subsystem_ramdump.te
+++ /dev/null
@@ -1,20 +0,0 @@
-type vendor_subsystem_ramdump_exec, exec_type, vendor_file_type, file_type;
-
-userdebug_or_eng(`
- type vendor_subsystem_ramdump, domain;
-
- init_daemon_domain(vendor_subsystem_ramdump);
-
- allow vendor_subsystem_ramdump device:dir r_dir_perms;
- allow vendor_subsystem_ramdump ramdump_device:chr_file r_file_perms;
-
- r_dir_file(vendor_subsystem_ramdump, sysfs_type);
-
- allow vendor_subsystem_ramdump ramdump_vendor_data_file:dir rw_dir_perms;
- allow vendor_subsystem_ramdump ramdump_vendor_data_file:file create_file_perms;
-
- set_prop(vendor_subsystem_ramdump, vendor_ssr_prop);
-
- allow vendor_subsystem_ramdump vendor_mdmhelperdata_data_file:dir r_dir_perms;
- allow vendor_subsystem_ramdump vendor_mdmhelperdata_data_file:file r_file_perms;
-')
diff --git a/vendor/common/surfaceflinger.te b/vendor/common/surfaceflinger.te
deleted file mode 100644
index 623e09a..0000000
--- a/vendor/common/surfaceflinger.te
+++ /dev/null
@@ -1,14 +0,0 @@
-dontaudit surfaceflinger firmware_file:dir search;
-dontaudit surfaceflinger kernel:system module_request;
-
-allow surfaceflinger sysfs_graphics:file rw_file_perms;
-
-#diag
-userdebug_or_eng(`
- diag_use(surfaceflinger)
-')
-
-allow surfaceflinger {
- vendor_gralloc_prop
- vendor_display_prop
-}:file r_file_perms;
diff --git a/vendor/common/sysmonapp/keys.conf b/vendor/common/sysmonapp/keys.conf
deleted file mode 100644
index 2088a52..0000000
--- a/vendor/common/sysmonapp/keys.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-[@SYSMONAPP]
-ALL : device/qcom/sepolicy/vendor/common/sysmonapp/sysmonapp_app_cert.x509.pem
diff --git a/vendor/common/system_app.te b/vendor/common/system_app.te
deleted file mode 100755
index a89bef6..0000000
--- a/vendor/common/system_app.te
+++ /dev/null
@@ -1,12 +0,0 @@
-# read regulatory info
-allow system_app elabel_data_file:dir r_dir_perms;
-allow system_app elabel_data_file:file r_file_perms;
-
-# Allow hbtp hal Service to be found
-hal_client_domain(system_app, hal_hbtp)
-
-#secureUI
-hal_client_domain(system_app, hal_qdutils_disp);
-hal_client_domain(system_app, hal_tui_comm);
-
-get_prop(system_app, vendor_radio_prop)
diff --git a/vendor/common/system_server.te b/vendor/common/system_server.te
deleted file mode 100644
index 21cab0e..0000000
--- a/vendor/common/system_server.te
+++ /dev/null
@@ -1,20 +0,0 @@
-allow system_server self:socket ioctl;
-allowxperm system_server self:socket ioctl msm_sock_ipc_ioctls;
-
-binder_call(system_server, hal_camera_default)
-
-allow system_server persist_file:dir search;
-allow system_server persist_sensors_file:dir search;
-allow system_server persist_sensors_file:file r_file_perms;
-allow system_server wlan_device:chr_file rw_file_perms;
-allow system_server hal_audio_default:file w_file_perms;
-
-allow system_server sysfs_sensors:dir search;
-allow system_server sysfs_sensors:file rw_file_perms;
-binder_call(system_server, mm-pp-daemon)
-# allow access to low persistence mode sysfs node
-allow system_server sysfs_graphics:file rw_file_perms;
-
-userdebug_or_eng(`
- diag_use(system_server)
-')
diff --git a/vendor/common/te_macros b/vendor/common/te_macros
deleted file mode 100644
index 30cc8ac..0000000
--- a/vendor/common/te_macros
+++ /dev/null
@@ -1,52 +0,0 @@
-########################################
-## peripheral_manager
-## Allow clients to interact with peripheral
-## manager
-define(`use_vendor_per_mgr', `
- vndbinder_use($1);
- binder_call(vendor_per_mgr, $1);
- binder_call($1, vendor_per_mgr);
- allow $1 vendor_per_mgr_service:service_manager find;
- get_prop($1, vendor_per_mgr_state_prop);
-')
-
-#####################################
-## use_netutils(clientdomain)
-## allow access to netutils from vendor
-define(`use_netutils', `
- domain_auto_trans($1, netutils_wrapper_exec, netutils_wrapper)
- allow netutils_wrapper $1:fd use;
- allow netutils_wrapper $1:fifo_file { read write getattr };
- allow netutils_wrapper $1:netlink_route_socket { read write };
- allow netutils_wrapper $1:unix_stream_socket { read write };
- allow netutils_wrapper $1:netlink_generic_socket { read write };
- allow netutils_wrapper $1:netlink_xfrm_socket { read write };
- allow netutils_wrapper $1:udp_socket { read write };
- allow netutils_wrapper $1:tcp_socket { read write };
-')
-
-#####################################
-## hal_server_domain_bypass(domain, hal_type)
-## Allow a base set of permissions required for a domain to offer a
-## HAL implementation of the specified type over HwBinder without
-## halserverdomain attribute
-##
-## For example, default implementation of Foo HAL:
-## type hal_foo_default, domain;
-## hal_server_domain_bypass(hal_foo_default, hal_foo)
-##
-define(`hal_server_domain_bypass', `
- hwbinder_use($1)
- allow $1 system_file:dir r_dir_perms;
- get_prop($1, hwservicemanager_prop)
- typeattribute $1 $2_server;
- typeattribute $1 $2;
-')
-
-#####################################
-## diag_use(clientdomain)
-## allow clientdomain to read/write to diag
-define(`diag_use', `
- r_dir_file($1, sysfs_diag)
- allow $1 diag_device:chr_file rw_file_perms;
-')
diff --git a/vendor/common/tee.te b/vendor/common/tee.te
deleted file mode 100644
index 4b35734..0000000
--- a/vendor/common/tee.te
+++ /dev/null
@@ -1,34 +0,0 @@
-allow tee self:capability { chown setgid setuid sys_admin sys_rawio };
-
-allow tee device:dir r_dir_perms;
-
-set_prop(tee, vendor_tee_listener_prop)
-
-allow tee firmware_file:dir search;
-allow tee block_device:dir { getattr search };
-allow tee rpmb_device:blk_file rw_file_perms;
-allow tee ssd_block_device:blk_file rw_file_perms;
-allow tee sg_device:chr_file { rw_file_perms setattr };
-
-allow tee mnt_vendor_file:dir r_dir_perms;
-allow tee persist_drm_file:dir create_dir_perms;
-allow tee persist_drm_file:file create_file_perms;
-allow tee persist_data_file:dir create_dir_perms;
-allow tee persist_data_file:file create_file_perms;
-
-allow tee time_daemon:unix_stream_socket connectto;
-
-# Allow SFS to write to data partition
-allow tee data_tzstorage_file:dir create_dir_perms;
-allow tee data_tzstorage_file:file create_file_perms;
-
-#secureUI
-hal_client_domain(tee, hal_tui_comm);
-hal_client_domain(tee, hal_qdutils_disp);
-hal_client_domain(tee, hal_graphics_allocator);
-vndbinder_use(tee);
-allow tee qdisplay_service:service_manager find;
-hal_client_domain(tee, hal_graphics_composer);
-allow tee sysfs_sectouch:file rw_file_perms;
-allow tee vendor_tui_data_file:file rw_file_perms;
-allow tee vendor_tui_data_file:dir search;
diff --git a/vendor/common/thermal-engine.te b/vendor/common/thermal-engine.te
deleted file mode 100644
index 5b746d2..0000000
--- a/vendor/common/thermal-engine.te
+++ /dev/null
@@ -1,47 +0,0 @@
-type thermal-engine, domain;
-type thermal-engine_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(thermal-engine)
-
-allow thermal-engine self:capability2 block_suspend;
-
-# to read /sys/devices
-allow thermal-engine sysfs:dir r_dir_perms;
-
-# This is required for thermal sysfs access
-r_dir_file(thermal-engine, sysfs_thermal)
-allow thermal-engine sysfs_thermal:file w_file_perms;
-
-# Allow to read and write cpufreq sysfs
-allow thermal-engine sysfs_devices_system_cpu:file rw_file_perms;
-
-# To search, read and write kgsl sysfs
-allow thermal-engine sysfs_kgsl:dir r_dir_perms;
-allow thermal-engine sysfs_kgsl:file rw_file_perms;
-allow thermal-engine sysfs_kgsl:lnk_file r_file_perms;
-
-allow thermal-engine sysfs_data:file r_file_perms;
-
-# This is required read and write battery power supply sysfs
-allow thermal-engine sysfs_battery_supply:dir r_dir_perms;
-allow thermal-engine sysfs_battery_supply:file rw_file_perms;
-allow thermal-engine sysfs_battery_supply:lnk_file r_file_perms;
-
-# This is required to read and write lcd-backlight sysfs
-allow thermal-engine sysfs_graphics:dir r_dir_perms;
-allow thermal-engine sysfs_graphics:file rw_file_perms;
-allow thermal-engine sysfs_graphics:lnk_file r_file_perms;
-
-r_dir_file(thermal-engine, sysfs_ssr);
-r_dir_file(thermal-engine, sysfs_leds)
-
-allow thermal-engine audio_device:chr_file rw_file_perms;
-
-allow thermal-engine self:socket create_socket_perms;
-allowxperm thermal-engine self:socket ioctl msm_sock_ipc_ioctls;
-
-# reboot/shutdown for thermal limits exceeded
-set_prop(thermal-engine, powerctl_prop)
-
-# netlink access
-allow thermal-engine self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
diff --git a/vendor/common/time_daemon.te b/vendor/common/time_daemon.te
deleted file mode 100644
index fe1757b..0000000
--- a/vendor/common/time_daemon.te
+++ /dev/null
@@ -1,24 +0,0 @@
-type time_daemon, domain;
-type time_daemon_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(time_daemon)
-
-allow time_daemon self:capability { setgid setuid sys_time };
-
-allow time_daemon rtc_device:chr_file r_file_perms;
-
-r_dir_file(time_daemon, sysfs_esoc);
-
-allow time_daemon sysfs_soc:dir search;
-allow time_daemon sysfs_soc:file r_file_perms;
-
-allow time_daemon persist_time_file:dir w_dir_perms;
-allow time_daemon persist_time_file:file create_file_perms;
-allow time_daemon persist_time_file:dir search;
-
-allow time_daemon mnt_vendor_file:dir search;
-
-allow time_daemon self:socket create_socket_perms;
-allowxperm time_daemon self:socket ioctl msm_sock_ipc_ioctls;
-
-allow time_daemon sysfs_data:file r_file_perms;
diff --git a/vendor/common/timeservice_app.te b/vendor/common/timeservice_app.te
deleted file mode 100644
index c047793..0000000
--- a/vendor/common/timeservice_app.te
+++ /dev/null
@@ -1,6 +0,0 @@
-type timeservice_app, domain;
-app_domain(timeservice_app);
-
-allow timeservice_app app_api_service:service_manager find;
-allow timeservice_app app_data_file:dir { search getattr };
-allow timeservice_app time_daemon:unix_stream_socket connectto;
diff --git a/vendor/common/ueventd.te b/vendor/common/ueventd.te
deleted file mode 100644
index 9358ff5..0000000
--- a/vendor/common/ueventd.te
+++ /dev/null
@@ -1,25 +0,0 @@
-# For setting up various WIGIG files
-allow ueventd sysfs_bond0:file rw_file_perms;
-
-allow ueventd sysfs_usb_c:file w_file_perms;
-
-allow ueventd {
- { sysfs_type - usermodehelper }
- sysfs_battery_supply
- sysfs_data
- sysfs_graphics
- sysfs_kgsl
- sysfs_leds
- sysfs_net
- sysfs_scsi_host
- sysfs_soc
- sysfs_thermal
- sysfs_usbpd_device
- sysfs_usb_supply
-}:file w_file_perms;
-
-allow ueventd firmware_file:dir search;
-allow ueventd firmware_file:file r_file_perms;
-allow ueventd tmpfs:blk_file getattr;
-allow ueventd persist_file:dir search;
-allow ueventd persist_file:file r_file_perms;
diff --git a/vendor/common/vndservice.te b/vendor/common/vndservice.te
deleted file mode 100644
index 31b6085..0000000
--- a/vendor/common/vndservice.te
+++ /dev/null
@@ -1,2 +0,0 @@
-type qdisplay_service, vndservice_manager_type;
-type vendor_per_mgr_service, vndservice_manager_type;
diff --git a/vendor/common/vndservice_contexts b/vendor/common/vndservice_contexts
deleted file mode 100644
index 71128ba..0000000
--- a/vendor/common/vndservice_contexts
+++ /dev/null
@@ -1,2 +0,0 @@
-display.qservice u:object_r:qdisplay_service:s0
-vendor.qcom.PeripheralManager u:object_r:vendor_per_mgr_service:s0
diff --git a/vendor/common/vold.te b/vendor/common/vold.te
deleted file mode 100644
index 4028635..0000000
--- a/vendor/common/vold.te
+++ /dev/null
@@ -1,2 +0,0 @@
-get_prop(vold, vendor_tee_listener_prop)
-
diff --git a/vendor/common/wcnss_filter.te b/vendor/common/wcnss_filter.te
deleted file mode 100644
index ee24afe..0000000
--- a/vendor/common/wcnss_filter.te
+++ /dev/null
@@ -1,16 +0,0 @@
-type wcnss_filter, domain;
-type wcnss_filter_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(wcnss_filter)
-
-allow wcnss_filter hci_attach_dev:chr_file rw_file_perms;
-
-userdebug_or_eng(`
- allow wcnss_filter diag_device:chr_file rw_file_perms;
- allow wcnss_filter ramdump_vendor_data_file:dir create_dir_perms;
- allow wcnss_filter ramdump_vendor_data_file:file create_file_perms;
- r_dir_file(wcnss_filter, debugfs_ipc)
-')
-
-# allow wcnss to set threads to RT priority
-allow wcnss_filter self:capability sys_nice;
diff --git a/vendor/common/wcnss_service.te b/vendor/common/wcnss_service.te
deleted file mode 100644
index 508dcb2..0000000
--- a/vendor/common/wcnss_service.te
+++ /dev/null
@@ -1,48 +0,0 @@
-type wcnss_service, domain;
-type wcnss_service_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(wcnss_service)
-net_domain(wcnss_service)
-
-vndbinder_use(wcnss_service)
-binder_call(wcnss_service, vendor_per_mgr)
-
-allow wcnss_service vendor_per_mgr_service:service_manager find;
-
-allow wcnss_service vendor_shell_exec:file rx_file_perms;
-allow wcnss_service vendor_toolbox_exec:file rx_file_perms;
-
-allow wcnss_service proc_net:file w_file_perms;
-
-allow wcnss_service self:socket create_socket_perms;
-allowxperm wcnss_service self:socket ioctl msm_sock_ipc_ioctls;
-allowxperm wcnss_service self:udp_socket ioctl { SIOCIWFIRSTPRIV_05 SIOCSIFFLAGS };
-
-allow wcnss_service self:netlink_generic_socket create_socket_perms_no_ioctl;
-allow wcnss_service self:netlink_socket create_socket_perms_no_ioctl;
-
-allow wcnss_service firmware_file:dir r_dir_perms;
-allow wcnss_service firmware_file:file r_file_perms;
-
-allow wcnss_service sysfs_soc:dir search;
-allow wcnss_service sysfs_soc:file r_file_perms;
-
-allow wcnss_service wpa_data_file:dir create_dir_perms;
-allow wcnss_service wpa_data_file:file create_file_perms;
-
-allow wcnss_service proc_net:file getattr;
-
-allow wcnss_service sysfs_data:file r_file_perms;
-# pkt logging for cnss_diag
-userdebug_or_eng(`
- r_dir_file(wcnss_service, proc_wifi_dbg)
-')
-
-userdebug_or_eng(`
-allow wcnss_service wifi_vendor_log_data_file:dir create_dir_perms;
-allow wcnss_service wifi_vendor_log_data_file:file create_file_perms;
-# This is needed for ptt_socket_app to write logs file collected to sdcard
-r_dir_file(wcnss_service, storage_file)
-r_dir_file(wcnss_service, mnt_user_file)
-')
-