Merge "sepolicy_vndr: add policy for hotspot tethering"
diff --git a/generic/vendor/common/property.te b/generic/vendor/common/property.te
index 728750f..07e3c39 100644
--- a/generic/vendor/common/property.te
+++ b/generic/vendor/common/property.te
@@ -48,6 +48,7 @@
vendor_restricted_prop(vendor_display_prop);
vendor_internal_prop(vendor_usb_prop);
vendor_restricted_prop(vendor_radio_prop);
+vendor_internal_prop(vendor_qteeconnector_opti_prop);
#Needed for ubwc support
vendor_restricted_prop(vendor_gralloc_prop);
diff --git a/generic/vendor/common/property_contexts b/generic/vendor/common/property_contexts
index b81749f..6e1ae2b 100644
--- a/generic/vendor/common/property_contexts
+++ b/generic/vendor/common/property_contexts
@@ -144,4 +144,7 @@
#kernel console log level
persist.vendor.console.silent.config u:object_r:vendor_console_log_level_prop:s0
+#qteeconnector properties
+persist.vendor.qteeconnector. u:object_r:vendor_qteeconnector_opti_prop:s0
+
vendor.dcvs.prop u:object_r:vendor_dcvs_prop:s0
diff --git a/generic/vendor/common/vendor_init.te b/generic/vendor/common/vendor_init.te
index 82d3531..60d3e91 100644
--- a/generic/vendor/common/vendor_init.te
+++ b/generic/vendor/common/vendor_init.te
@@ -94,6 +94,9 @@
# Access vendor sensor properties
set_prop(vendor_init, vendor_sensors_prop)
+# Access qteeconnector properties
+set_prop(vendor_init, vendor_qteeconnector_opti_prop)
+
#Access vendor bluetooth properties
set_prop(vendor_init, vendor_bluetooth_prop)
userdebug_or_eng(`
diff --git a/legacy/vendor/common/hal_qteeconnector_qti.te b/legacy/vendor/common/hal_qteeconnector_qti.te
index 0ffebd2..d527f28 100644
--- a/legacy/vendor/common/hal_qteeconnector_qti.te
+++ b/legacy/vendor/common/hal_qteeconnector_qti.te
@@ -54,6 +54,9 @@
allow vendor_hal_qteeconnector firmware_file:dir r_dir_perms;
allow vendor_hal_qteeconnector firmware_file:file r_file_perms;
+#Allow access to persist.vendor.qteeconnector.
+get_prop(vendor_hal_qteeconnector, vendor_qteeconnector_opti_prop)
+
#Allow access to session files
allow vendor_hal_qteeconnector data_qtee_file:dir create_dir_perms;
allow vendor_hal_qteeconnector data_qtee_file:file create_file_perms;
diff --git a/legacy/vendor/common/property.te b/legacy/vendor/common/property.te
index 218cd00..bd55697 100644
--- a/legacy/vendor/common/property.te
+++ b/legacy/vendor/common/property.te
@@ -162,6 +162,10 @@
#mm-video
type vendor_video_prop, property_type;
+#qtccconnector
+type vendor_qteeconnector_opti_prop, property_type;
+
+
#rmt_storage
type ctl_vendor_rmt_storage_prop, property_type;
diff --git a/legacy/vendor/common/property_contexts b/legacy/vendor/common/property_contexts
index ceb5e7f..06310ba 100644
--- a/legacy/vendor/common/property_contexts
+++ b/legacy/vendor/common/property_contexts
@@ -217,5 +217,8 @@
#qvr properties
vendor.qvr u:object_r:qvr_prop:s0
+#qteeconnector
+persist.vendor.qteeconnector. u:object_r:vendor_qteeconnector_opti_prop:s0
+
#bt lazyhal property
ro.vendor.bt.enablelazyhal u:object_r:bluetooth_prop:s0 exact bool
diff --git a/legacy/vendor/common/vendor_init.te b/legacy/vendor/common/vendor_init.te
index 1c0aacb..a556fcd 100644
--- a/legacy/vendor/common/vendor_init.te
+++ b/legacy/vendor/common/vendor_init.te
@@ -98,6 +98,9 @@
set_prop(vendor_init, vendor_opengles_prop)
get_prop(vendor_init, vendor_video_prop)
+
+set_prop(vendor_init, vendor_qteeconnector_opti_prop)
+
set_prop(vendor_init, vendor_sys_video_prop)
#Acess vendor hvdcp properties
@@ -119,3 +122,6 @@
')
set_prop(vendor_init, vendor_persist_dpm_prop)
+
+# allow vendor_init to use wait for qseecom
+allow vendor_init tee_device:chr_file getattr;
diff --git a/qva/vendor/common/hal_qteeconnector_qti.te b/qva/vendor/common/hal_qteeconnector_qti.te
index 209c8eb..4383abc 100644
--- a/qva/vendor/common/hal_qteeconnector_qti.te
+++ b/qva/vendor/common/hal_qteeconnector_qti.te
@@ -53,6 +53,9 @@
allow vendor_hal_qteeconnector firmware_file:dir r_dir_perms;
allow vendor_hal_qteeconnector firmware_file:file r_file_perms;
+#Allow access to persist.vendor.qteeconnector.
+get_prop(vendor_hal_qteeconnector, vendor_qteeconnector_opti_prop)
+
#Allow access to the gp_reqcancel socket
allow vendor_hal_qteeconnector_qti tee:unix_dgram_socket sendto;
diff --git a/qva/vendor/test/file_contexts b/qva/vendor/test/file_contexts
index f1ff024..8d5cffd 100644
--- a/qva/vendor/test/file_contexts
+++ b/qva/vendor/test/file_contexts
@@ -34,4 +34,5 @@
/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.debugutils@1\.0-service u:object_r:vendor_hal_debugutils_default_exec:s0
#wifimyftm daemon
-/(vendor|system/vendor)/bin/wifimyftm u:object_r:vendor_wifimyftmsvc_exec:s0
+/(vendor|system/vendor)/bin/wifimyftm u:object_r:vendor_wifimyftmsvc_exec:s0
+/vendor/bin/init\.qcom\.debug\.sh u:object_r:vendor-qti-testscripts_exec:s0
diff --git a/qva/vendor/trinket/file_contexts b/qva/vendor/trinket/file_contexts
index ac13bf0..8516dbf 100644
--- a/qva/vendor/trinket/file_contexts
+++ b/qva/vendor/trinket/file_contexts
@@ -84,6 +84,8 @@
/dev/block/platform/soc/4804000.ufshc/by-name/imagefv_[ab] u:object_r:vendor_custom_ab_block_device:s0
/dev/block/platform/soc/4804000.ufshc/by-name/uefisecapp_[ab] u:object_r:vendor_uefi_block_device:s0
/dev/block/platform/soc/4804000.ufshc/by-name/super u:object_r:super_block_device:s0
+/dev/block/platform/soc/4804000.ufshc/by-name/vbmeta_system_[ab] u:object_r:vendor_custom_ab_block_device:s0
+/dev/block/platform/soc/4804000.ufshc/by-name/recovery_[ab] u:object_r:recovery_block_device:s0
# Block device holding the GPT, where the A/B attributes are stored.
/dev/block/platform/soc/4804000.ufshc/sd[ade] u:object_r:vendor_gpt_block_device:s0
@@ -126,6 +128,7 @@
/dev/block/platform/soc/4744000.sdhci/by-name/imagefv_[ab] u:object_r:vendor_custom_ab_block_device:s0
/dev/block/platform/soc/4744000.sdhci/by-name/uefisecapp_[ab] u:object_r:vendor_uefi_block_device:s0
/dev/block/platform/soc/4744000.sdhci/by-name/vbmeta_system_[ab] u:object_r:vendor_custom_ab_block_device:s0
+/dev/block/platform/soc/4744000.sdhci/by-name/recovery_[ab] u:object_r:recovery_block_device:s0
#non A/B
/dev/block/platform/soc/4744000.sdhci/by-name/system u:object_r:system_block_device:s0