Merge "sepolicy: allow powerservice_app access to framework services" into sepolicy.vndr.lnx.1.0
diff --git a/generic/vendor/common/domain.te b/generic/vendor/common/domain.te
index 91ac493..f712ecb 100644
--- a/generic/vendor/common/domain.te
+++ b/generic/vendor/common/domain.te
@@ -57,5 +57,6 @@
-vold
} vendor_persist_type: { dir file } *;
+allow { domain - isolated_app } vendor_sysfs_kgsl:dir search;
# Allow all context to read gpu model
allow { domain - isolated_app } vendor_sysfs_kgsl_gpu_model:file r_file_perms;
\ No newline at end of file
diff --git a/generic/vendor/common/hal_gnss_qti.te b/generic/vendor/common/hal_gnss_qti.te
index ff32346..4b083a0 100644
--- a/generic/vendor/common/hal_gnss_qti.te
+++ b/generic/vendor/common/hal_gnss_qti.te
@@ -47,6 +47,10 @@
allow vendor_hal_gnss_qti vendor_location:unix_stream_socket connectto;
allow vendor_hal_gnss_qti vendor_location:unix_dgram_socket sendto;
+# allow reading /sys/bus/mhi/devices/.../time_us files, this files hold the
+# time offset between local and remote for dual SoC architectures
+allow vendor_hal_gnss_qti vendor_sysfs_mhi:file r_file_perms;
+
# Allow Gnss HAL to get updates from health hal
hal_client_domain(vendor_hal_gnss_qti, hal_health)
diff --git a/generic/vendor/lito/file_contexts b/generic/vendor/lito/file_contexts
index eb5f82f..8f66904 100644
--- a/generic/vendor/lito/file_contexts
+++ b/generic/vendor/lito/file_contexts
@@ -213,3 +213,10 @@
/sys/devices/virtual/block/dm-[0-6]/queue/read_ahead_kb u:object_r:vendor_sysfs_mmc_host:s0
/sys/devices/platform/soc/4744000.sdhci/mmc_host/mmc0/mmc0:0001/block/mmcblk0/queue/read_ahead_kb u:object_r:vendor_sysfs_mmc_host:s0
+#Display nodes
+/sys/devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DP-1/enabled u:object_r:vendor_sysfs_graphics:s0
+/sys/devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-2/enabled u:object_r:vendor_sysfs_graphics:s0
+/sys/devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-Virtual-1/enabled u:object_r:vendor_sysfs_graphics:s0
+
+#poweropt-service
+/(vendor|system/vendor)/bin/poweropt-service u:object_r:vendor_poweroptservice_exec:s0
diff --git a/generic/vendor/lito/hal_perf_default.te b/generic/vendor/lito/hal_perf_default.te
index cb232af..4a5dc96 100644
--- a/generic/vendor/lito/hal_perf_default.te
+++ b/generic/vendor/lito/hal_perf_default.te
@@ -27,4 +27,4 @@
allow vendor_hal_perf_default self:capability kill;
allow vendor_hal_perf_default {appdomain}:process sigkill;
-
+binder_call(vendor_hal_perf_default, vendor_poweroptservice)
\ No newline at end of file
diff --git a/generic/vendor/lito/poweroptservice.te b/generic/vendor/lito/poweroptservice.te
new file mode 100644
index 0000000..bf22469
--- /dev/null
+++ b/generic/vendor/lito/poweroptservice.te
@@ -0,0 +1,45 @@
+# Copyright (c) 2019-2020, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+type vendor_poweroptservice, domain;
+type vendor_poweroptservice_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(vendor_poweroptservice)
+
+hwbinder_use(vendor_poweroptservice)
+
+hal_client_domain(vendor_poweroptservice, vendor_hal_perf)
+hal_client_domain(vendor_poweroptservice, hal_graphics_composer)
+
+get_prop(vendor_poweroptservice, vendor_mpctl_prop)
+
+r_dir_file(vendor_poweroptservice, vendor_sysfs_graphics)
+r_dir_file(vendor_poweroptservice, vendor_sysfs_kgsl)
+r_dir_file(vendor_poweroptservice, sysfs_android_usb)
+
+allow vendor_poweroptservice vendor_qdisplay_service:service_manager find;
diff --git a/legacy/vendor/common/file_contexts b/legacy/vendor/common/file_contexts
index 1ea0b9a..95e426e 100755
--- a/legacy/vendor/common/file_contexts
+++ b/legacy/vendor/common/file_contexts
@@ -274,7 +274,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.0-service-qti u:object_r:hal_bluetooth_qti_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.display\.color@1\.0-service u:object_r:hal_display_color_default_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.perf@1\.0-service u:object_r:hal_perf_default_exec:s0
-/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.perf@2\.0-service u:object_r:hal_perf_default_exec:s0
+/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.perf@2\.[0-1]-service u:object_r:hal_perf_default_exec:s0
/(vendor|system/vendor)/bin/ssgqmigd u:object_r:ssgqmigd_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.iop@1\.0-service u:object_r:hal_iop_default_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.iop@2\.0-service u:object_r:hal_iop_default_exec:s0
@@ -655,7 +655,6 @@
/vendor/lib(64)?/libgrallocutils\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libgralloccore\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libExtendedExtractor.so u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/vendor\.qti\.hardware\.perf@2\.0\.so u:object_r:same_process_hal_file:s0
# RenderScript dependencies.
# To test: run cts -m CtsRenderscriptTestCases
/vendor/lib(64)?/libRSDriver_adreno\.so u:object_r:same_process_hal_file:s0
diff --git a/legacy/vendor/common/hwservice.te b/legacy/vendor/common/hwservice.te
index 17c171f..136d8ad 100644
--- a/legacy/vendor/common/hwservice.te
+++ b/legacy/vendor/common/hwservice.te
@@ -62,3 +62,4 @@
type hal_btconfigstore_hwservice, hwservice_manager_type;
type hal_capabilityconfigstore_qti_hwservice, hwservice_manager_type;
type hal_qseecom_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_perfcallback_hwservice, hwservice_manager_type, protected_hwservice;
diff --git a/legacy/vendor/common/hwservice_contexts b/legacy/vendor/common/hwservice_contexts
index 83fb41c..3f48544 100644
--- a/legacy/vendor/common/hwservice_contexts
+++ b/legacy/vendor/common/hwservice_contexts
@@ -106,3 +106,4 @@
vendor.qti.hardware.bluetooth_sar::IBluetoothSar u:object_r:hal_bluetooth_hwservice:s0
com.dsi.ant::IAnt u:object_r:hal_bluetooth_hwservice:s0
vendor.qti.hardware.qseecom::IQSEECom u:object_r:hal_qseecom_hwservice:s0
+vendor.qti.hardware.perf::IPerfCallback u:object_r:hal_perfcallback_hwservice:s0
diff --git a/qva/vendor/common/file_contexts b/qva/vendor/common/file_contexts
index 309b9b4..ceb32e8 100755
--- a/qva/vendor/common/file_contexts
+++ b/qva/vendor/common/file_contexts
@@ -90,7 +90,7 @@
/(vendor|system/vendor)/bin/hw/vendor\.qti\.power\.pasrmanager\@1\.0-service u:object_r:vendor_hal_pasrmanager_qti_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.secure_element@1\.0-service u:object_r:hal_secure_element_default_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.secure_element@1\.2-service u:object_r:hal_secure_element_default_exec:s0
-/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.perf@2\.0-service u:object_r:vendor_hal_perf_default_exec:s0
+/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.perf@2\.[0-1]-service u:object_r:vendor_hal_perf_default_exec:s0
/(vendor|system/vendor)/bin/mm-audio-ftm u:object_r:vendor_audioftm_exec:s0
/(vendor|system/vendor)/bin/qrtr-ns u:object_r:vendor_qrtr_exec:s0
/(vendor|system/vendor)/bin/spdaemon u:object_r:vendor_spdaemon_exec:s0
@@ -213,7 +213,6 @@
#
# libmmi_jni
/vendor/lib(64)?/libmmi_jni\.so u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/vendor\.qti\.hardware\.perf@2\.0\.so u:object_r:same_process_hal_file:s0
# SVA files
/vendor/lib(64)?/liblistenjni\.so u:object_r:same_process_hal_file:s0
diff --git a/qva/vendor/common/hal_secureprocessor_qti.te b/qva/vendor/common/hal_secureprocessor_qti.te
index 1547eaa..b570f5d 100644
--- a/qva/vendor/common/hal_secureprocessor_qti.te
+++ b/qva/vendor/common/hal_secureprocessor_qti.te
@@ -37,3 +37,6 @@
hal_attribute_hwservice(vendor_hal_secureprocessor, vendor_hal_secureprocessor_hwservice)
allow vendor_hal_secureprocessor_qti tee_device:chr_file rw_file_perms;
+allow vendor_hal_secureprocessor_qti ion_device:chr_file r_file_perms;
+
+hal_client_domain(vendor_hal_secureprocessor_qti, hal_graphics_allocator);
diff --git a/qva/vendor/common/hwservice.te b/qva/vendor/common/hwservice.te
index 804cbcf..e582d5f 100644
--- a/qva/vendor/common/hwservice.te
+++ b/qva/vendor/common/hwservice.te
@@ -57,3 +57,4 @@
type vendor_hal_qccvndhal_hwservice , hwservice_manager_type, protected_hwservice;
type vendor_hal_spu_hwservice, hwservice_manager_type, protected_hwservice;
type vendor_hal_slmadapter_hwservice, hwservice_manager_type, protected_hwservice;
+type vendor_hal_perfcallback_hwservice, hwservice_manager_type, protected_hwservice;
diff --git a/qva/vendor/common/hwservice_contexts b/qva/vendor/common/hwservice_contexts
index 4b7df7a..625f795 100644
--- a/qva/vendor/common/hwservice_contexts
+++ b/qva/vendor/common/hwservice_contexts
@@ -75,3 +75,4 @@
vendor.qti.hardware.qccvndhal::IQccvndhal u:object_r:vendor_hal_qccvndhal_hwservice:s0
vendor.qti.spu::ISPUManager u:object_r:vendor_hal_spu_hwservice:s0
vendor.qti.hardware.slmadapter::ISlmAdapter u:object_r:vendor_hal_slmadapter_hwservice:s0
+vendor.qti.hardware.perf::IPerfCallback u:object_r:vendor_hal_perfcallback_hwservice:s0
diff --git a/qva/vendor/common/vendor_dataservice_app.te b/qva/vendor/common/vendor_dataservice_app.te
index 51b75ce..219a4fe 100644
--- a/qva/vendor/common/vendor_dataservice_app.te
+++ b/qva/vendor/common/vendor_dataservice_app.te
@@ -26,3 +26,5 @@
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
allow vendor_dataservice_app vendor_hal_slmadapter_hwservice:hwservice_manager find;
+
+get_prop(vendor_dataservice_app, vendor_slm_prop)