Merge remote-tracking branch 'caf/LA.HB.1.3.1' into HEADLA.HB.1.3.1

Change-Id: I36c24ad497c112a2f0144a013fe4d8a68b999818

16 files changed, 298 insertions, 0 deletions

diff --git a/common/healthd.te b/common/healthd.te
index 3f7f25b0..c98ebff2 100644
--- a/common/healthd.te
+++ b/common/healthd.te
@@ -1,3 +1,6 @@
 r_dir_file(healthd, sysfs_battery_supply)
 r_dir_file(healthd, sysfs_usb_supply)
 r_dir_file(healthd, sysfs_thermal);
+
+#allow healthd read rtc device file
+allow healthd rtc_device:chr_file r_file_perms;
diff --git a/common/mm-qcamerad.te b/common/mm-qcamerad.te
index 9c5093aa..4be1fa47 100644
--- a/common/mm-qcamerad.te
+++ b/common/mm-qcamerad.te
@@ -5,6 +5,7 @@ init_daemon_domain(mm-qcamerad)
 #added to support EZTune for camera
 userdebug_or_eng(`
   allow mm-qcamerad debugfs:dir r_dir_perms;
+  allow mm-qcamerad debugfs:file read;
   allow mm-qcamerad camera_data_file:file create_file_perms;
   allow mm-qcamerad self:tcp_socket create_stream_socket_perms;
   allow mm-qcamerad node:tcp_socket node_bind;
diff --git a/common/qfp-daemon.te b/common/qfp-daemon.te
index b154c54d..d09c24cc 100644
--- a/common/qfp-daemon.te
+++ b/common/qfp-daemon.te
@@ -43,6 +43,9 @@ allow qfp-daemon qfp-daemon_data_file:file create_file_perms;
 # Access to tee_device
 allow qfp-daemon tee_device:chr_file rw_file_perms;
 
+# Access QFP Android Proxy
+allow qfp-daemon qfp_proxy_service:service_manager find;
+
 # Add IQfpService service
 allow qfp-daemon iqfp_service:service_manager add;
 
diff --git a/common/service.te b/common/service.te
index 65b6222f..9e5c96a5 100644
--- a/common/service.te
+++ b/common/service.te
@@ -1,4 +1,5 @@
 type iqfp_service,                service_manager_type;
+type qfp_proxy_service,           service_manager_type;
 type atfwd_service,               service_manager_type;
 type per_mgr_service,             service_manager_type;
 type dpmservice,                  service_manager_type;
diff --git a/common/service_contexts b/common/service_contexts
index bce0192f..86e1381a 100644
--- a/common/service_contexts
+++ b/common/service_contexts
@@ -1,4 +1,5 @@
 android.apps.IQfpService                       u:object_r:iqfp_service:s0
+android.apps.IQfpAndroidService                u:object_r:qfp_proxy_service:s0
 AtCmdFwd                                       u:object_r:atfwd_service:s0
 dpmservice                                     u:object_r:dpmservice:s0
 listen.service                                 u:object_r:mediaserver_service:s0
diff --git a/common/system_app.te b/common/system_app.te
index f88097fb..2de3fe8e 100644
--- a/common/system_app.te
+++ b/common/system_app.te
@@ -16,6 +16,7 @@ allow system_app {
     # access to color service SDK
     color_service
     STAProxyService
+    qfp_proxy_service
 }:service_manager add;
 
 # access to perflock
diff --git a/common/system_server.te b/common/system_server.te
index 679e2bbc..beec4119 100644
--- a/common/system_server.te
+++ b/common/system_server.te
@@ -126,3 +126,7 @@ r_dir_file(system_server, dhcp_data_file)
 
 # Allow system server to set fst system properties
 allow system_server fst_prop:property_service set;
+
+#allow access to fingerprintd data file
+allow system_server fingerprintd_data_file:file { r_file_perms unlink };
+allow system_server fingerprintd_data_file:dir { rw_dir_perms rmdir };
diff --git a/msm8996/app.te b/msm8996/app.te
new file mode 100644
index 00000000..9893883f
--- /dev/null
+++ b/msm8996/app.te
@@ -0,0 +1,30 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# Allow all apps to connect to VR service
+allow appdomain qvrd:fd use;
+unix_socket_connect(appdomain, qvrd, qvrd)
diff --git a/msm8996/file.te b/msm8996/file.te
index f45217db..ebc72cfe 100644
--- a/msm8996/file.te
+++ b/msm8996/file.te
@@ -30,3 +30,7 @@ type qvop_data_file, file_type, data_file_type;
 
 #TLOC Files
 type tlocd_data_file, file_type, data_file_type;
+
+# Data type for qvrd
+type qvrd_data_file, file_type, data_file_type;
+type qvrd_socket, file_type, mlstrustedobject;
diff --git a/msm8996/file_contexts b/msm8996/file_contexts
index 948bdcda..6cb9d479 100644
--- a/msm8996/file_contexts
+++ b/msm8996/file_contexts
@@ -23,6 +23,7 @@
 # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
 # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 ###################################
 # Dev block nodes
@@ -76,13 +77,25 @@
 /dev/block/platform/soc/7464900.sdhci/by-name/mdm1m9kefsc                       u:object_r:efs_boot_dev:s0
 
 ###################################
+# Dev socket nodes
+#
+/dev/socket/qvrservice                                                          u:object_r:qvrd_socket:s0
+
+###################################
 # System files
 #
 /system/bin/qvop-daemon u:object_r:qvop_exec:s0
 /system/bin/tloc_daemon u:object_r:tlocd_exec:s0
+/system/vendor/bin/qvrservice u:object_r:qvrd_exec:s0
+
+###################################
+# sysfs files
+#
+/sys/devices/virtual/graphics/fb([0-2])+/lineptr_value                          u:object_r:sysfs_graphics:s0
 
 ###################################
 # data files
 #
 /data/misc/qvop(/.*)?      u:object_r:qvop_data_file:s0
 /data/misc/tloc(/.*)?      u:object_r:tlocd_data_file:s0
+/data/misc/qvr(/.*)?       u:object_r:qvrd_data_file:s0
diff --git a/msm8996/init_shell.te b/msm8996/init_shell.te
new file mode 100644
index 00000000..5546fa1a
--- /dev/null
+++ b/msm8996/init_shell.te
@@ -0,0 +1,28 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+allow qti_init_shell ctl_qvrd_prop:property_service set;
diff --git a/msm8996/mm-qcamerad.te b/msm8996/mm-qcamerad.te
new file mode 100644
index 00000000..5e3ff470
--- /dev/null
+++ b/msm8996/mm-qcamerad.te
@@ -0,0 +1,29 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#Allow camera to work normally in VR mode
+binder_call(mm-qcamerad, qvrd)
diff --git a/msm8996/property.te b/msm8996/property.te
new file mode 100644
index 00000000..e317966c
--- /dev/null
+++ b/msm8996/property.te
@@ -0,0 +1,29 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#properties for qvrd
+type ctl_qvrd_prop, property_type;
diff --git a/msm8996/property_contexts b/msm8996/property_contexts
new file mode 100644
index 00000000..9548ba89
--- /dev/null
+++ b/msm8996/property_contexts
@@ -0,0 +1,28 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+ctl.qvrd                   u:object_r:ctl_qvrd_prop:s0
diff --git a/msm8996/qvrd.te b/msm8996/qvrd.te
new file mode 100644
index 00000000..03cd15ac
--- /dev/null
+++ b/msm8996/qvrd.te
@@ -0,0 +1,93 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type qvrd, domain, mlstrustedsubject;
+type qvrd_exec, exec_type, file_type;
+
+init_daemon_domain(qvrd)
+
+#
+# General
+#
+
+# Allow interracting with qvrd directory
+allow qvrd qvrd_data_file:dir create_dir_perms;
+allow qvrd qvrd_data_file:file create_file_perms;
+
+# Allow access to our socket
+allow qvrd qvrd_socket:sock_file rw_file_perms;
+
+#
+# Sensors
+#
+
+# Allow access to ADSP & SLPI
+allow qvrd { qdsp_device dsp_device }:chr_file r_file_perms;
+
+# Allow access to adsprpcd
+r_dir_file(qvrd, adsprpcd_file);
+
+#
+# Display
+#
+
+# Allow access to /sys/devices/virtual/graphics/fb* for lineptr interrupts
+allow qvrd sysfs_graphics:file rw_file_perms;
+
+# Allow access to /dev/graphics/fb0 for configuring vsync interrupts
+allow qvrd graphics_device:dir r_dir_perms;
+allow qvrd graphics_device:chr_file rw_file_perms;
+
+# Allow access to SurfaceFlinger for toggling display sync model
+binder_use(qvrd)
+binder_call(qvrd, surfaceflinger);
+allow qvrd surfaceflinger_service:service_manager find;
+
+#
+# Scheduler
+#
+
+allow qvrd self:capability { sys_nice };
+userdebug_or_eng(`
+  allow qvrd su:process setsched;
+')
+allow qvrd appdomain:process setsched;
+
+#
+# Camera
+#
+
+# Allow access to camera HAL
+allow qvrd { gpu_device video_device camera_device sensors_device }:chr_file rw_file_perms;
+allow qvrd camera_data_file:dir rw_dir_perms;
+allow qvrd camera_data_file:sock_file w_file_perms;
+allow qvrd mm-qcamerad:unix_dgram_socket sendto;
+
+# Allow access to /dev/video/* devices
+allow qvrd video_device:dir r_dir_perms;
+
+unix_socket_connect(qvrd, mpctl, perfd)
diff --git a/msm8996/surfaceflinger.te b/msm8996/surfaceflinger.te
new file mode 100644
index 00000000..cbad216c
--- /dev/null
+++ b/msm8996/surfaceflinger.te
@@ -0,0 +1,30 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# Required to allow VR service to access camera via HAL
+allow surfaceflinger qvrd:dir r_dir_perms;
+allow surfaceflinger qvrd:file r_file_perms;