Merge "sepolicy: add permission for qdmaststsd"
diff --git a/generic/vendor/common/timeservice_app.te b/generic/vendor/common/timeservice_app.te
index 1b532ab..27a6a1e 100644
--- a/generic/vendor/common/timeservice_app.te
+++ b/generic/vendor/common/timeservice_app.te
@@ -30,3 +30,5 @@
allow timeservice_app app_api_service:service_manager find;
allow timeservice_app time_daemon:unix_stream_socket connectto;
+#allow timeservice to access perf hal
+hal_client_domain(timeservice_app, hal_perf);
diff --git a/generic/vendor/kona/genfs_contexts b/generic/vendor/kona/genfs_contexts
index b10485d..f9b70b4 100644
--- a/generic/vendor/kona/genfs_contexts
+++ b/generic/vendor/kona/genfs_contexts
@@ -70,6 +70,18 @@
#mhi sysfs
genfscon sysfs /devices/platform/soc/1c10000.qcom,pcie/pci0002:00/0002:00:00.0/0002:01:00.0/0306_02.01.00_QMI0 u:object_r:sysfs_mhi:s0
genfscon sysfs /devices/platform/soc/1c10000.qcom,pcie/pci0002:00/0002:00:00.0/0002:01:00.0/0306_02.01.00_QMI1 u:object_r:sysfs_mhi:s0
+genfscon sysfs /devices/0306_00.01.00/time u:object_r:sysfs_mhi:s0
+genfscon sysfs /devices/0306_01.01.00/time u:object_r:sysfs_mhi:s0
+genfscon sysfs /devices/0306_02.01.00/time u:object_r:sysfs_mhi:s0
+genfscon sysfs /devices/1101_00.01.00/time u:object_r:sysfs_mhi:s0
+genfscon sysfs /devices/1101_01.01.00/time u:object_r:sysfs_mhi:s0
+genfscon sysfs /devices/1101_02.01.00/time u:object_r:sysfs_mhi:s0
+genfscon sysfs /devices/0306_00.01.00/time_us u:object_r:sysfs_mhi:s0
+genfscon sysfs /devices/0306_01.01.00/time_us u:object_r:sysfs_mhi:s0
+genfscon sysfs /devices/0306_02.01.00/time_us u:object_r:sysfs_mhi:s0
+genfscon sysfs /devices/1101_00.01.00/time_us u:object_r:sysfs_mhi:s0
+genfscon sysfs /devices/1101_01.01.00/time_us u:object_r:sysfs_mhi:s0
+genfscon sysfs /devices/1101_02.01.00/time_us u:object_r:sysfs_mhi:s0
# Power supply device nodes
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/battery u:object_r:sysfs_battery_supply:s0
diff --git a/generic/vendor/msmnile/genfs_contexts b/generic/vendor/msmnile/genfs_contexts
index b840fa4..f649614 100644
--- a/generic/vendor/msmnile/genfs_contexts
+++ b/generic/vendor/msmnile/genfs_contexts
@@ -108,6 +108,18 @@
genfscon sysfs /bus/mhi/devices/0306_00.01.00_QMI1/mhi_uci u:object_r:sysfs_mhi:s0
genfscon sysfs /devices/platform/soc/1c08000.qcom,pcie/pci0001:00/0001:00:00.0/0001:01:00.0/0306_01.01.00_QMI0 u:object_r:sysfs_mhi:s0
genfscon sysfs /devices/platform/soc/1c08000.qcom,pcie/pci0001:00/0001:00:00.0/0001:01:00.0/0306_01.01.00_QMI1 u:object_r:sysfs_mhi:s0
+genfscon sysfs /devices/0306_00.01.00/time u:object_r:sysfs_mhi:s0
+genfscon sysfs /devices/0306_01.01.00/time u:object_r:sysfs_mhi:s0
+genfscon sysfs /devices/0306_02.01.00/time u:object_r:sysfs_mhi:s0
+genfscon sysfs /devices/1101_00.01.00/time u:object_r:sysfs_mhi:s0
+genfscon sysfs /devices/1101_01.01.00/time u:object_r:sysfs_mhi:s0
+genfscon sysfs /devices/1101_02.01.00/time u:object_r:sysfs_mhi:s0
+genfscon sysfs /devices/0306_00.01.00/time_us u:object_r:sysfs_mhi:s0
+genfscon sysfs /devices/0306_01.01.00/time_us u:object_r:sysfs_mhi:s0
+genfscon sysfs /devices/0306_02.01.00/time_us u:object_r:sysfs_mhi:s0
+genfscon sysfs /devices/1101_00.01.00/time_us u:object_r:sysfs_mhi:s0
+genfscon sysfs /devices/1101_01.01.00/time_us u:object_r:sysfs_mhi:s0
+genfscon sysfs /devices/1101_02.01.00/time_us u:object_r:sysfs_mhi:s0
#net sysfs
genfscon sysfs /devices/platform/soc/1c08000.qcom,pcie/pci0001:00/0001:00:00.0/0001:01:00.0/0306_01.01.00_IP_HW0/net u:object_r:sysfs_net:s0
diff --git a/legacy/vendor/common/file.te b/legacy/vendor/common/file.te
index fddcc94..203c193 100644
--- a/legacy/vendor/common/file.te
+++ b/legacy/vendor/common/file.te
@@ -403,3 +403,6 @@
# /dev/msm_aac_in
type msm_aac_in_device, dev_type;
+
+# sysfs mhi file
+type sysfs_mhi, sysfs_type, fs_type;
diff --git a/legacy/vendor/common/genfs_contexts b/legacy/vendor/common/genfs_contexts
index cef11ef..5918b0d 100755
--- a/legacy/vendor/common/genfs_contexts
+++ b/legacy/vendor/common/genfs_contexts
@@ -74,3 +74,15 @@
genfscon sysfs /devices/virtual/xt_hardidletimer/timers u:object_r:sysfs_data:s0
genfscon sysfs /devices/virtual/xt_idletimer/timers u:object_r:sysfs_data:s0
+genfscon sysfs /devices/0306_00.01.00/time u:object_r:sysfs_mhi:s0
+genfscon sysfs /devices/0306_01.01.00/time u:object_r:sysfs_mhi:s0
+genfscon sysfs /devices/0306_02.01.00/time u:object_r:sysfs_mhi:s0
+genfscon sysfs /devices/1101_00.01.00/time u:object_r:sysfs_mhi:s0
+genfscon sysfs /devices/1101_01.01.00/time u:object_r:sysfs_mhi:s0
+genfscon sysfs /devices/1101_02.01.00/time u:object_r:sysfs_mhi:s0
+genfscon sysfs /devices/0306_00.01.00/time_us u:object_r:sysfs_mhi:s0
+genfscon sysfs /devices/0306_01.01.00/time_us u:object_r:sysfs_mhi:s0
+genfscon sysfs /devices/0306_02.01.00/time_us u:object_r:sysfs_mhi:s0
+genfscon sysfs /devices/1101_00.01.00/time_us u:object_r:sysfs_mhi:s0
+genfscon sysfs /devices/1101_01.01.00/time_us u:object_r:sysfs_mhi:s0
+genfscon sysfs /devices/1101_02.01.00/time_us u:object_r:sysfs_mhi:s0
diff --git a/legacy/vendor/common/timeservice_app.te b/legacy/vendor/common/timeservice_app.te
index 6c820a3..01dd04c 100644
--- a/legacy/vendor/common/timeservice_app.te
+++ b/legacy/vendor/common/timeservice_app.te
@@ -30,5 +30,7 @@
allow timeservice_app app_api_service:service_manager find;
allow timeservice_app time_daemon:unix_stream_socket connectto;
+#allow timeservice to access perf hal
+hal_client_domain(timeservice_app, hal_perf);
get_prop(timeservice_app, vendor_mpctl_prop)
diff --git a/qva/vendor/atoll/device.te b/qva/vendor/atoll/device.te
new file mode 100644
index 0000000..a1f9405
--- /dev/null
+++ b/qva/vendor/atoll/device.te
@@ -0,0 +1,34 @@
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#type sysfs_qdss_dev;
+type uefi_block_device, dev_type;
+#logdump partition
+type logdump_partition, dev_type;
+type mba_debug_dev, dev_type;
+type dip_device, dev_type;
+type rawdump_block_device, dev_type;
diff --git a/qva/vendor/atoll/file.te b/qva/vendor/atoll/file.te
new file mode 100644
index 0000000..22c56de
--- /dev/null
+++ b/qva/vendor/atoll/file.te
@@ -0,0 +1,31 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type sysfs_fps_attr, fs_type, sysfs_type;
+
+# secure element file type for data vendor access
+type secure_element_vendor_data_file, file_type, data_file_type;
diff --git a/qva/vendor/atoll/file_contexts b/qva/vendor/atoll/file_contexts
new file mode 100644
index 0000000..fb91053
--- /dev/null
+++ b/qva/vendor/atoll/file_contexts
@@ -0,0 +1,161 @@
+# Copyright (c) 2016-2019, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+###################################
+# Dev block nodes
+
+#Primary storage device nodes
+/dev/block/mmcblk0rpmb u:object_r:rpmb_device:s0
+/dev/block/mmcblk0 u:object_r:root_block_device:s0
+
+# UFS Devices
+/dev/block/platform/soc/1d84000.ufshc/by-name/system u:object_r:system_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/metadata u:object_r:metadata_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/userdata u:object_r:userdata_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/boot u:object_r:boot_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/logdump u:object_r:logdump_partition:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/fsc u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/fsg u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/modemst1 u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/modemst2 u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/ssd u:object_r:ssd_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/misc u:object_r:misc_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/rpm u:object_r:rpmb_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/msadp u:object_r:mba_debug_dev:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/recovery u:object_r:recovery_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/cache u:object_r:cache_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/frp u:object_r:frp_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/mdtp u:object_r:mdtp_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/dip u:object_r:dip_device:s0
+
+#rawdump partition
+/dev/block/platform/soc/1d84000.ufshc/by-name/rawdump u:object_r:rawdump_block_device:s0
+
+# A/B partitions.
+/dev/block/platform/soc/1d84000.ufshc/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/aop_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/apdp_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/bluetooth_[ab] u:object_r:modem_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/boot_[ab] u:object_r:boot_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/cmnlib_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/cmnlib64_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/devcfg_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/dsp_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/hyp_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/keymaster_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/mdtp_[ab] u:object_r:mdtp_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/mdtpsecapp_[ab] u:object_r:mdtp_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/modem_[ab] u:object_r:modem_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/msadp_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/persist u:object_r:persist_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/pmic_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/qupfw_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/rpm_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/system_[ab] u:object_r:system_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/tz_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/vendor_[ab] u:object_r:system_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/xbl_[ab] u:object_r:xbl_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/xbl_config_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/imagefv_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/uefisecapp_[ab] u:object_r:uefi_block_device:s0
+
+# Block device holding the GPT, where the A/B attributes are stored.
+/dev/block/platform/soc/1d84000.ufshc/sd[ade] u:object_r:gpt_block_device:s0
+
+# Block devices for the drive that holds the xbl_a and xbl_b partitions.
+/dev/block/platform/soc/1d84000.ufshc/sd[bc] u:object_r:xbl_block_device:s0
+
+##################################
+# non-hlos mount points
+/firmware u:object_r:firmware_file:s0
+/bt_firmware u:object_r:bt_firmware_file:s0
+
+#for eMMC
+/dev/block/platform/soc/7c4000.sdhci/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/apdp_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/boot_[ab] u:object_r:boot_block_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/cmnlib_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/cmnlib64_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/devcfg_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/hyp_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/keymaster_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/modem_[ab] u:object_r:modem_block_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/bluetooth_[ab] u:object_r:modem_block_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/msadp_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/pmic_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/rpm_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/system_[ab] u:object_r:system_block_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/tz_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/vendor_[ab] u:object_r:system_block_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/xbl_[ab] u:object_r:xbl_block_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/aop_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/dsp_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/mdtp_[ab] u:object_r:mdtp_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/mdtpsecapp_[ab] u:object_r:mdtp_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/qupfw_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/xbl_config_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/storsec_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/imagefv_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/uefisecapp_[ab] u:object_r:uefi_block_device:s0
+
+#non A/B
+/dev/block/platform/soc/7c4000.sdhci/by-name/system u:object_r:system_block_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/metadata u:object_r:metadata_block_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/userdata u:object_r:userdata_block_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/boot u:object_r:boot_block_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/logdump u:object_r:logdump_partition:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/fsc u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/fsg u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/modemst1 u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/modemst2 u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/ssd u:object_r:ssd_block_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/misc u:object_r:misc_block_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/rpm u:object_r:rpmb_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/msadp u:object_r:mba_debug_dev:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/recovery u:object_r:recovery_block_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/cache u:object_r:cache_block_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/frp u:object_r:frp_block_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/mdtp u:object_r:mdtp_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/dip u:object_r:dip_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/storsec u:object_r:boot_block_device:s0
+/dev/block/platform/soc/7c4000.sdhci/by-name/persist u:object_r:persist_block_device:s0
+
+#rawdump partition
+/dev/block/platform/soc/7c4000.sdhci/by-name/rawdump u:object_r:rawdump_block_device:s0
+
+# FBE
+/(vendor|system/vendor)/bin/init.qti.qseecomd.sh u:object_r:init-qti-fbe-sh_exec:s0
+/(vendor|system/vendor)/bin/init\.qti\.can\.sh u:object_r:qti_init_shell_exec:s0
+
+#FPC
+/sys/devices/platform/soc/soc:fpc1020(/.*?) u:object_r:sysfs_fps_attr:s0
+/sys/devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-03/200f000.qcom,spmi:qcom,pmi632@3:qcom,leds@d000/modalias u:object_r:sysfs_fps_attr:s0
+# data files
+/data/vendor/secure_element(/.*)? u:object_r:secure_element_vendor_data_file:s0
diff --git a/qva/vendor/atoll/genfs_contexts b/qva/vendor/atoll/genfs_contexts
new file mode 100644
index 0000000..c2ae6fb
--- /dev/null
+++ b/qva/vendor/atoll/genfs_contexts
@@ -0,0 +1,100 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+###################################
+
+#pmic sysfs_nodes
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qcom,qpnp-smb5/power_supply/battery u:object_r:sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qcom,qpnp-smb5/power_supply/dc u:object_r:sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qcom,qpnp-smb5/power_supply/main u:object_r:sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qcom,qpnp-smb5/power_supply/pc_port u:object_r:sysfs_usb_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qcom,qpnp-smb5/power_supply/usb u:object_r:sysfs_usb_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qcom,usb-pdphy@1700/usbpd/usbpd0 u:object_r:sysfs_usbpd_device:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qpnp,qg/power_supply/bms u:object_r:sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qcom,pm6150_rtc/rtc u:object_r:sysfs_rtc:s0
+genfscon sysfs /devices/platform/soc/88c000.i2c/i2c-2/2-0008/88c000.i2c:qcom,smb1355@8:qcom,smb1355-charger@1000/power_supply/parallel u:object_r:sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/88c000.i2c/i2c-2/2-000c/88c000.i2c:qcom,smb1355@c:qcom,smb1355-charger@1000/power_supply/parallel u:object_r:sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/88c000.i2c/i2c-2/2-0010/88c000.i2c:qcom,smb1390@10:qcom,charge_pump/power_supply/charge_pump u:object_r:sysfs_battery_supply:s0
+genfscon sysfs /class/qcom-battery u:object_r:sysfs_battery_supply:s0
+genfscon sysfs /class/charge_pump u:object_r:sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/a8c000.i2c/i2c-2/2-000c/a8c000.i2c:qcom,smb1355@c:qcom,smb1355-charger@1000/power_supply/parallel u:object_r:sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/a8c000.i2c/i2c-2/2-0008/a8c000.i2c:qcom,smb1355@8:qcom,smb1355-charger@1000/power_supply/parallel u:object_r:sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/a8c000.i2c/i2c-2/2-0010/a8c000.i2c:qcom,smb1390@10:qcom,charge_pump/power_supply/charge_pump_master u:object_r:sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/88c000.i2c/i2c-2/2-0010/88c000.i2c:qcom,smb1390@10:qcom,charge_pump/power_supply/charge_pump_master u:object_r:sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-01/c440000.qcom,spmi:qcom,pm6150@1:qcom,vibrator@5300/leds/vibrator u:object_r:sysfs_leds:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-05/c440000.qcom,spmi:qcom,pm6150l@5:qcom,leds@d000/leds/red u:object_r:sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-05/c440000.qcom,spmi:qcom,pm6150l@5:qcom,leds@d000/leds/green u:object_r:sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-05/c440000.qcom,spmi:qcom,pm6150l@5:qcom,leds@d000/leds/blue u:object_r:sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-05/c440000.qcom,spmi:qcom,pm6150l@5:qcom,leds@d300/leds u:object_r:sysfs_leds:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-05/c440000.qcom,spmi:qcom,pm6150l@5:qcom,wled@d800/leds u:object_r:sysfs_leds:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-05/c440000.qcom,spmi:qcom,pm6150l@5:qcom,wled@d800/backlight u:object_r:sysfs_leds:s0
+
+# subsys SSR entries
+genfscon sysfs /devices/platform/soc/62400000.qcom,lpass/subsys0/name u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/platform/soc/4080000.qcom,mss/subsys1/name u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/platform/soc/8300000.qcom,turing/subsys2/name u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/platform/soc/aae0000.qcom,venus/subsys3/name u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,ipa_fws/subsys4/name u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,kgsl-hyp/subsys5/name u:object_r:sysfs_ssr:s0
+
+#diffrent target using same apps combo
+genfscon sysfs /devices/platform/soc/8300000.qcom,turing/subsys1/name u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/platform/soc/4080000.qcom,mss/subsys2/name u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/platform/soc/9800000.qcom,npu/subsys4/name u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,ipa_fws/subsys5/name u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,kgsl-hyp/subsys6/name u:object_r:sysfs_ssr:s0
+
+#entry for usb controller
+genfscon sysfs /devices/platform/soc/a600000.ssusb/a600000.dwc3/udc/a600000.dwc3 u:object_r:sysfs_usb_controller:s0
+
+#qdss sysfs-node
+genfscon sysfs /devices/platform/soc/6047000.tmc/coresight-tmc-etf u:object_r:sysfs_qdss_dev:s0
+genfscon sysfs /devices/platform/soc/6048000.tmc/coresight-tmc-etr u:object_r:sysfs_qdss_dev:s0
+genfscon sysfs /devices/platform/soc/6002000.stm/coresight-stm u:object_r:sysfs_qdss_dev:s0
+genfscon sysfs /devices/platform/soc/91866f0.hwevent/coresight-hwevent u:object_r:sysfs_qdss_dev:s0
+genfscon sysfs /devices/platform/soc/6b0e000.csr/coresight-swao-csr u:object_r:sysfs_qdss_dev:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,cpu-cpu-llcc-bw/devfreq u:object_r:sysfs_devfreq:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,cpu-llcc-ddr-bw/devfreq u:object_r:sysfs_devfreq:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,cpu0-cpu-l3-lat/devfreq u:object_r:sysfs_devfreq:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,cpu6-cpu-l3-lat/devfreq u:object_r:sysfs_devfreq:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,cpu0-cpu-llcc-lat/devfreq u:object_r:sysfs_devfreq:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,cpu6-cpu-llcc-lat/devfreq u:object_r:sysfs_devfreq:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,cpu0-llcc-ddr-lat/devfreq u:object_r:sysfs_devfreq:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,cpu6-llcc-ddr-lat/devfreq u:object_r:sysfs_devfreq:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,cpu0-cpu-ddr-latfloor/devfreq u:object_r:sysfs_devfreq:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,cpu6-cpu-ddr-latfloor/devfreq u:object_r:sysfs_devfreq:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,cdsp-cdsp-l3-lat/devfreq u:object_r:sysfs_devfreq:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,npu-npu-ddr-bw/devfreq u:object_r:sysfs_devfreq:s0
+#fps sysfs-node
+genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/sde-crtc-0/measured_fps u:object_r:sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/sde-crtc-1/measured_fps u:object_r:sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/sde-crtc-2/measured_fps u:object_r:sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/sde-crtc-0/fps_periodicity_ms u:object_r:sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/sde-crtc-1/fps_periodicity_ms u:object_r:sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/sde-crtc-2/fps_periodicity_ms u:object_r:sysfs_graphics:s0
+#subsys nodes
+genfscon sysfs /devices/platform/soc/soc:bt_qca6174/extldo u:object_r:sysfs_bluetooth_writable:s0
+genfscon sysfs /devices/platform/soc/soc:bt_qca6174/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0
diff --git a/qva/vendor/atoll/hal_secure_element_default.te b/qva/vendor/atoll/hal_secure_element_default.te
new file mode 100644
index 0000000..ad565ee
--- /dev/null
+++ b/qva/vendor/atoll/hal_secure_element_default.te
@@ -0,0 +1,30 @@
+#Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+#Redistribution and use in source and binary forms, with or without
+#modification, are permitted provided that the following conditions are
+#met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+#THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+#WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+#MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+#ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+#BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+#CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+#SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+#BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+#WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+#IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#Allow access to the secure element HAL service
+allow hal_secure_element_default secure_element_vendor_data_file:dir rw_dir_perms;
+allow hal_secure_element_default secure_element_vendor_data_file:file create_file_perms;
diff --git a/qva/vendor/atoll/init-qti-fbe-sh.te b/qva/vendor/atoll/init-qti-fbe-sh.te
new file mode 100644
index 0000000..a1cc3bd
--- /dev/null
+++ b/qva/vendor/atoll/init-qti-fbe-sh.te
@@ -0,0 +1,37 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type init-qti-fbe-sh, domain;
+type init-qti-fbe-sh_exec, exec_type, file_type, vendor_file_type;
+
+init_daemon_domain(init-qti-fbe-sh)
+
+allow init-qti-fbe-sh vendor_shell_exec:file rx_file_perms;
+
+# execute toybox/toolbox
+allow init-qti-fbe-sh vendor_toolbox_exec:file rx_file_perms;
+get_prop(init-qti-fbe-sh, vendor_tee_listener_prop)
diff --git a/qva/vendor/common/file.te b/qva/vendor/common/file.te
index 42ec55c..e4db2b8 100644
--- a/qva/vendor/common/file.te
+++ b/qva/vendor/common/file.te
@@ -41,6 +41,7 @@
type qfp-daemon_data_file, file_type, data_file_type;
type persist_qti_fp_file, file_type, vendor_persist_type;
+type sysfs_touch_aoi, fs_type, sysfs_type;
# QDMA data files
type vendor_qdma_data_file, file_type, data_file_type;
diff --git a/qva/vendor/common/genfs_contexts b/qva/vendor/common/genfs_contexts
index ef96868..2345731 100644
--- a/qva/vendor/common/genfs_contexts
+++ b/qva/vendor/common/genfs_contexts
@@ -26,6 +26,7 @@
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
genfscon sysfs /devices/virtual/npu/msm_npu/pwr u:object_r:sysfs_npu:s0
+genfscon sysfs /devices/virtual/fts/touch_aoi u:object_r:sysfs_touch_aoi:s0
genfscon proc /asound/card0/state u:object_r:proc_audiod:s0
genfscon proc /asound/cards u:object_r:proc_audiod:s0
genfscon sysfs /module/msm_thermal/core_control/cpus_offlined u:object_r:sysfs_mpctl:s0
diff --git a/qva/vendor/common/qfp-daemon.te b/qva/vendor/common/qfp-daemon.te
index 0b7e9c3..9d4582f 100644
--- a/qva/vendor/common/qfp-daemon.te
+++ b/qva/vendor/common/qfp-daemon.te
@@ -35,6 +35,9 @@
allow qfp-daemon qfp-daemon_data_file:dir { rw_dir_perms setattr };
allow qfp-daemon qfp-daemon_data_file:file create_file_perms;
+allow qfp-daemon sysfs_touch_aoi:dir r_dir_perms;
+allow qfp-daemon sysfs_touch_aoi:file rw_file_perms;
+
# Access to tee_device
allow qfp-daemon tee_device:chr_file rw_file_perms;
diff --git a/qva/vendor/common/qtelephony.te b/qva/vendor/common/qtelephony.te
new file mode 100644
index 0000000..19e8b47
--- /dev/null
+++ b/qva/vendor/common/qtelephony.te
@@ -0,0 +1,29 @@
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# Allow qtelephony to access perf hal
+hal_client_domain(qtelephony, hal_perf);
diff --git a/qva/vendor/common/system_app.te b/qva/vendor/common/system_app.te
index ec65035..2745981 100644
--- a/qva/vendor/common/system_app.te
+++ b/qva/vendor/common/system_app.te
@@ -52,3 +52,6 @@
#allow system app to access btconfigstore hal
hal_client_domain(system_app, hal_btconfigstore);
+
+# update engine
+binder_call( system_app, update_engine )
diff --git a/qva/vendor/common/wcnss_service.te b/qva/vendor/common/wcnss_service.te
index 5720548..c241919 100644
--- a/qva/vendor/common/wcnss_service.te
+++ b/qva/vendor/common/wcnss_service.te
@@ -27,3 +27,6 @@
# allow access to network performance tuner
unix_socket_connect(wcnss_service, wigignpt, wigignpt)
+
+# allow net admin to cnss-daemon
+allow wcnss_service self:capability net_admin;
diff --git a/qva/vendor/lito/genfs_contexts b/qva/vendor/lito/genfs_contexts
index cce1e15..14d72e2 100644
--- a/qva/vendor/lito/genfs_contexts
+++ b/qva/vendor/lito/genfs_contexts
@@ -43,6 +43,14 @@
genfscon sysfs /devices/platform/soc/6b0c000.csr/coresight-swao-csr u:object_r:sysfs_qdss_dev:s0
genfscon sysfs /devices/platform/soc/soc:dummy_source/coresight-modem-diag u:object_r:sysfs_qdss_dev:s0
+genfscon sysfs /devices/platform/soc/4080000.qcom,mss/subsys0/name u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/platform/soc/3000000.qcom,lpass/subsys1/name u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/platform/soc/8300000.qcom,turing/subsys2/name u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/platform/soc/aae0000.qcom,venus/subsys3/name u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,ipa_fws/subsys4/name u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/platform/soc/9800000.qcom,npu/subsys5/name u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,kgsl-hyp/subsys6/name u:object_r:sysfs_ssr:s0
+
# PMIC UI peripherals
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm8150@0:qcom,pm8150_rtc/rtc u:object_r:sysfs_rtc:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-03/c440000.qcom,spmi:qcom,pm7250b@3:qcom,vibrator@5300/leds/vibrator u:object_r:sysfs_leds:s0
@@ -67,3 +75,10 @@
genfscon sysfs /devices/platform/soc/soc:qcom,cpu0-cpu-ddr-latfloor/devfreq u:object_r:sysfs_devfreq:s0
genfscon sysfs /devices/platform/soc/soc:qcom,cpu6-cpu-ddr-latfloor/devfreq u:object_r:sysfs_devfreq:s0
genfscon sysfs /devices/platform/soc/soc:qcom,cpu7-cpu-ddr-latfloor/devfreq u:object_r:sysfs_devfreq:s0
+
+#fps sysfs-node
+genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/sde-crtc-1/measured_fps u:object_r:sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/sde-crtc-0/measured_fps u:object_r:sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/sde-crtc-1/fps_periodicity_ms u:object_r:sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/sde-crtc-0/fps_periodicity_ms u:object_r:sysfs_graphics:s0
+