diff options
| author | Michael Bestas <mkbestas@lineageos.org> | 2019-10-18 20:19:43 +0300 |
|---|---|---|
| committer | Michael Bestas <mkbestas@lineageos.org> | 2019-10-18 20:19:43 +0300 |
| commit | 4c39c3c5b5266f43aab71a84c8516017b9a24754 (patch) | |
| tree | 4ee86d1dca608b77624237865f3abeaf67e1cdf4 | |
| parent | 0740394e1675c80e10bb02f2c026e2c04db1f115 (diff) | |
| parent | 372e27004d1c83c147904e7167287bce4c9c6f20 (diff) | |
| download | android_device_qcom_sepolicy-4c39c3c5b5266f43aab71a84c8516017b9a24754.tar.gz android_device_qcom_sepolicy-4c39c3c5b5266f43aab71a84c8516017b9a24754.tar.bz2 android_device_qcom_sepolicy-4c39c3c5b5266f43aab71a84c8516017b9a24754.zip | |
Merge tag 'LA.UM.8.1.r1-09500-sm8150.0' of https://source.codeaurora.org/quic/la/device/qcom/sepolicy into lineage-17.0
"LA.UM.8.1.r1-09500-sm8150.0"
Conflicts:
Android.mk
Change-Id: I2aea726910b3b33582c5a4608bbe2fe59d5de1a4
95 files changed, 662 insertions, 133 deletions
diff --git a/generic/private/qti-testscripts.te b/generic/private/qti-testscripts.te index a5ab84bd..cd0e29f7 100644 --- a/generic/private/qti-testscripts.te +++ b/generic/private/qti-testscripts.te @@ -95,4 +95,6 @@ userdebug_or_eng(` binder_call(platform_app, qti-testscripts) binder_call(system_app, qti-testscripts) +# allow lmkd to kill tasks with positive oom_score_adj under memory pressure + allow lmkd qti-testscripts:process { setsched sigkill }; ') diff --git a/generic/vendor/common/attributes b/generic/vendor/common/attributes index b2bc687e..964e7542 100644 --- a/generic/vendor/common/attributes +++ b/generic/vendor/common/attributes @@ -59,3 +59,4 @@ attribute hal_capabilityconfigstore_qti_server; attribute hal_dataconnection_qti; attribute hal_dataconnection_qti_client; attribute hal_dataconnection_qti_server; + diff --git a/generic/vendor/common/device.te b/generic/vendor/common/device.te index e9ab593b..124a9594 100644 --- a/generic/vendor/common/device.te +++ b/generic/vendor/common/device.te @@ -39,6 +39,7 @@ type hbtp_device, dev_type; type hvdcp_device, dev_type; type ipa_dev, dev_type; type latency_device, dev_type; +type limits_block_device, dev_type; type modem_block_device, dev_type; type modem_efs_partition_device, dev_type; type mdtp_device, dev_type; diff --git a/generic/vendor/common/domain.te b/generic/vendor/common/domain.te index 8e44c3f5..01b3724d 100644 --- a/generic/vendor/common/domain.te +++ b/generic/vendor/common/domain.te @@ -50,3 +50,14 @@ dontaudit domain kernel:system module_request; # For compliance testing test suite reads vendor_security_path_level # Which is the public readable property “ ro.vendor.build.security_patch get_prop(domain, vendor_security_patch_level_prop) + +neverallow { + coredomain + -init + -ueventd + -vold + -kernel + } vendor_persist_type: { dir file } *; + +# allow all context to read gpu model +allow { domain - isolated_app } sysfs_kgsl_gpu_model:file r_file_perms; diff --git a/generic/vendor/common/feature_enabler_client.te b/generic/vendor/common/feature_enabler_client.te index 643d0aa4..351a96ec 100644 --- a/generic/vendor/common/feature_enabler_client.te +++ b/generic/vendor/common/feature_enabler_client.te @@ -33,6 +33,14 @@ allow feature_enabler_client tee_device:chr_file rw_file_perms; allow feature_enabler_client ion_device:chr_file rw_file_perms; unix_socket_connect(feature_enabler_client , ssgtzd, ssgtzd) + +# Allow read permission to /mnt/vendor/persist/feature_enabler_client/* allow feature_enabler_client mnt_vendor_file:dir search; -allow feature_enabler_client persist_feature_enabler_file:dir r_dir_perms; -allow feature_enabler_client persist_feature_enabler_file:file r_file_perms; +r_dir_file(feature_enabler_client, persist_feature_enabler_file) + +# Allow read permission to /mnt/vendor/persist/data/* +r_dir_file(feature_enabler_client, persist_data_file) + +# Binder access for featenab_client.service +vndbinder_use(feature_enabler_client) +allow feature_enabler_client qfeatenab_client_service:service_manager { add find }; diff --git a/generic/vendor/common/file.te b/generic/vendor/common/file.te index c2ece051..2fcdf7cc 100644 --- a/generic/vendor/common/file.te +++ b/generic/vendor/common/file.te @@ -109,6 +109,9 @@ type vendor_audio_data_file, file_type, data_file_type; type vendor_radio_data_file, file_type, data_file_type; type wifi_vendor_log_data_file, file_type, data_file_type; +#for mount of /persist +typeattribute mnt_vendor_file vendor_persist_type; + type persist_file, file_type, vendor_persist_type; type persist_data_file, file_type , vendor_persist_type; type persist_display_file, file_type; @@ -195,3 +198,6 @@ type qdcmsocket_socket, file_type; type sysfs_mhi, sysfs_type, fs_type; type sysfs_suspend, fs_type, sysfs_type; + +# kgsl gpu model file type for sysfs access +type sysfs_kgsl_gpu_model, sysfs_type, fs_type; diff --git a/generic/vendor/common/file_contexts b/generic/vendor/common/file_contexts index eb3d4097..8d4a3e63 100644 --- a/generic/vendor/common/file_contexts +++ b/generic/vendor/common/file_contexts @@ -425,6 +425,7 @@ /sys/devices(/platform)?/soc/[a-f0-9]+.qcom,kgsl-3d0/kgsl/kgsl-3d0(/.*)? u:object_r:sysfs_kgsl:s0 /sys/devices(/platform)?/soc/[a-f0-9]+.qcom,kgsl-3d0/devfreq/[a-f0-9]+.qcom,kgsl-3d0(/.*)? u:object_r:sysfs_kgsl:s0 +/sys/devices(/platform)?/soc/[a-f0-9]+.qcom,kgsl-3d0/kgsl/kgsl-3d0/gpu_model u:object_r:sysfs_kgsl_gpu_model:s0 /sys/devices(/platform)?/soc/[a-f0-9]+.qcom,spmi/spmi-[0-9]/spmi0-0[0-9]/[a-f0-9]+.qcom,spmi:qcom,[a-z0-9]+@[0-9]:qcom,usb-pdphy@[0-9]+/usbpd/usbpd[0-9](/.*)? u:object_r:sysfs_usbpd_device:s0 /sys/devices(/platform)?/soc/[a-f0-9]+.qcom,spmi/spmi-[0-9]/spmi0-0[0-9]/[a-f0-9]+.qcom,spmi:qcom,[a-z0-9]+@[0-9]:qcom,qpnp-smb2/power_supply/usb(/.*)? u:object_r:sysfs_usb_supply:s0 @@ -473,3 +474,6 @@ /(vendor|system/vendor)/bin/init\.qcom\.wifi\.sh u:object_r:qti_init_shell_exec:s0 /(vendor|system/vendor)/bin/init\.qti\.ims\.sh u:object_r:init-qti-ims-sh_exec:s0 /(vendor|system/vendor)/bin/qca6234-service.sh u:object_r:qti_init_shell_exec:s0 + +#Limits sysfs node +/sys/module/msm_isense_cdsp/data u:object_r:sysfs_thermal:s0 diff --git a/generic/vendor/common/hal_camera.te b/generic/vendor/common/hal_camera.te index 88921a60..b423db45 100644 --- a/generic/vendor/common/hal_camera.te +++ b/generic/vendor/common/hal_camera.te @@ -65,3 +65,6 @@ get_prop(hal_camera, vendor_adsprpc_prop) # This is needed to access GPU allow hal_camera_default gpu_device:chr_file rw_file_perms; + +# Postproc Service +hal_attribute_hwservice(hal_camera, hal_camera_postproc_hwservice); diff --git a/generic/vendor/common/hwservice.te b/generic/vendor/common/hwservice.te index 10a178ff..04f4de44 100644 --- a/generic/vendor/common/hwservice.te +++ b/generic/vendor/common/hwservice.te @@ -1,4 +1,4 @@ -# Copyright (c) 2018, The Linux Foundation. All rights reserved. +# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are @@ -42,3 +42,4 @@ type hal_qdutils_disp_hwservice, hwservice_manager_type; type hal_display_color_hwservice, hwservice_manager_type; type hal_display_postproc_hwservice, hwservice_manager_type; type hal_capabilityconfigstore_qti_hwservice, hwservice_manager_type; +type hal_camera_postproc_hwservice, hwservice_manager_type; diff --git a/generic/vendor/common/hwservice_contexts b/generic/vendor/common/hwservice_contexts index 50338cb3..9068266d 100644 --- a/generic/vendor/common/hwservice_contexts +++ b/generic/vendor/common/hwservice_contexts @@ -47,6 +47,7 @@ vendor.qti.hardware.perf::IPerf u:object_r:hal_p vendor.qti.hardware.radio.atcmdfwd::IAtCmdFwd u:object_r:hal_atfwd_hwservice:s0 vendor.qti.hardware.radio.qcrilhook::IQtiOemHook u:object_r:hal_telephony_hwservice:s0 vendor.qti.hardware.radio.am::IQcRilAudio u:object_r:hal_telephony_hwservice:s0 +vendor.qti.hardware.radio.internal.deviceinfo::IDeviceInfo u:object_r:hal_telephony_hwservice:s0 vendor.qti.hardware.radio.lpa::IUimLpa u:object_r:hal_telephony_hwservice:s0 vendor.qti.hardware.radio.ims::IImsRadio u:object_r:hal_telephony_hwservice:s0 vendor.qti.hardware.radio.uim::IUim u:object_r:hal_telephony_hwservice:s0 @@ -58,3 +59,4 @@ vendor.qti.hardware.tui_comm::ITuiComm u:object_r:hal_tui_ vendor.qti.hardware.qdutils_disp::IQdutilsDisp u:object_r:hal_qdutils_disp_hwservice:s0 android.hardware.media.c2::IConfigurable u:object_r:hal_codec2_hwservice:s0 vendor.qti.hardware.display.mapper::IQtiMapper u:object_r:hal_graphics_mapper_hwservice:s0 +vendor.qti.hardware.camera.postproc::IPostProcService u:object_r:hal_camera_postproc_hwservice:s0 diff --git a/generic/vendor/common/init_shell.te b/generic/vendor/common/init_shell.te index 853d5d7b..48f3f617 100644 --- a/generic/vendor/common/init_shell.te +++ b/generic/vendor/common/init_shell.te @@ -84,6 +84,7 @@ set_prop(qti_init_shell, vendor_radio_prop) set_prop(qti_init_shell, vendor_audio_prop) get_prop(qti_init_shell, exported3_radio_prop) set_prop(qti_init_shell, vendor_gpu_prop) +set_prop(qti_init_shell, sensors_prop) allow qti_init_shell { sysfs_devices_system_cpu @@ -122,8 +123,8 @@ allow qti_init_shell block_device:dir r_dir_perms; allow qti_init_shell swap_block_device:blk_file rw_file_perms; #For configfs permission -allow qti_init_shell configfs:dir r_dir_perms; -allow qti_init_shell configfs:file rw_file_perms; +allow qti_init_shell configfs:dir rw_dir_perms; +allow qti_init_shell configfs:file { rw_file_perms create }; #Allow /sys access to write zram disksize allow qti_init_shell sysfs_zram:dir r_dir_perms; diff --git a/generic/vendor/common/peripheral_manager.te b/generic/vendor/common/peripheral_manager.te index 85c66f17..ee25cc97 100644 --- a/generic/vendor/common/peripheral_manager.te +++ b/generic/vendor/common/peripheral_manager.te @@ -1,4 +1,4 @@ -# Copyright (c) 2018, The Linux Foundation. All rights reserved. +# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are @@ -52,3 +52,7 @@ allow vendor_per_mgr sysfs_data:file r_file_perms; # Set the peripheral state property set_prop(vendor_per_mgr, vendor_per_mgr_state_prop); + +userdebug_or_eng(` + allow vendor_per_mgr debugfs_ipc:dir search; +') diff --git a/generic/vendor/common/priv_app.te b/generic/vendor/common/priv_app.te index dd2137f7..b22d7a0d 100644 --- a/generic/vendor/common/priv_app.te +++ b/generic/vendor/common/priv_app.te @@ -31,3 +31,4 @@ hal_client_domain(priv_app, hal_perf) # priv_app domain allow priv_app rs_exec:file rx_file_perms; +allow priv_app sysfs_kgsl_gpu_model:file r_file_perms; diff --git a/generic/vendor/common/sensors.te b/generic/vendor/common/sensors.te index 72d62704..b9091e5d 100644 --- a/generic/vendor/common/sensors.te +++ b/generic/vendor/common/sensors.te @@ -75,3 +75,5 @@ allow sensors persist_sensors_file:fifo_file create_file_perms; # Access to /persist/sensors allow sensors persist_sensors_file:dir create_dir_perms; allow sensors persist_sensors_file:file create_file_perms; +# Access to wakelock sysfs +wakelock_use(sensors) diff --git a/generic/vendor/common/system_server.te b/generic/vendor/common/system_server.te index 3cc14a45..bfa0259f 100644 --- a/generic/vendor/common/system_server.te +++ b/generic/vendor/common/system_server.te @@ -34,9 +34,6 @@ binder_call(system_server, hal_graphics_composer) # location binder_call(system_server, location); -allow system_server persist_file:dir search; -allow system_server persist_sensors_file:dir search; -allow system_server persist_sensors_file:file r_file_perms; allow system_server wlan_device:chr_file rw_file_perms; allow system_server hal_audio_default:file w_file_perms; diff --git a/generic/vendor/common/thermal-engine.te b/generic/vendor/common/thermal-engine.te index 786812ab..aeea5272 100644 --- a/generic/vendor/common/thermal-engine.te +++ b/generic/vendor/common/thermal-engine.te @@ -101,3 +101,7 @@ allow thermal-engine ion_device:chr_file r_file_perms; allow thermal-engine sysfs_devfreq:dir r_dir_perms; allow thermal-engine sysfs_devfreq:file r_file_perms; allow thermal-engine sysfs_devfreq:lnk_file r_file_perms; + +#This is required to write into limits-cdsp partition +allow thermal-engine block_device:dir r_dir_perms; +allow thermal-engine limits_block_device:blk_file rw_file_perms; diff --git a/generic/vendor/timeservice/timeservice_app.te b/generic/vendor/common/timeservice_app.te index 27a6a1eb..27a6a1eb 100644 --- a/generic/vendor/timeservice/timeservice_app.te +++ b/generic/vendor/common/timeservice_app.te diff --git a/generic/vendor/common/tlocd.te b/generic/vendor/common/tlocd.te index 2daa759b..ffd3ff42 100644 --- a/generic/vendor/common/tlocd.te +++ b/generic/vendor/common/tlocd.te @@ -1,4 +1,4 @@ -# Copyright (c) 2018, The Linux Foundation. All rights reserved. +# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are @@ -48,3 +48,6 @@ allow tlocd self:{ socket qipcrtr_socket } create_socket_perms; allowxperm tlocd self:{ socket qipcrtr_socket } ioctl msm_sock_ipc_ioctls; allow tlocd ion_device:chr_file rw_file_perms; + +# Allow access to smcinvoke device +allow tlocd smcinvoke_device:chr_file rw_file_perms; diff --git a/generic/vendor/common/ueventd.te b/generic/vendor/common/ueventd.te index 1c72e479..aea82db9 100644 --- a/generic/vendor/common/ueventd.te +++ b/generic/vendor/common/ueventd.te @@ -50,3 +50,4 @@ allow ueventd persist_file:file r_file_perms; # For wifi to access mnt_vendor_file r_dir_file(ueventd, mnt_vendor_file) +allow ueventd metadata_file:dir search; diff --git a/generic/vendor/common/vendor_init.te b/generic/vendor/common/vendor_init.te index e441cffd..84e0eee0 100644 --- a/generic/vendor/common/vendor_init.te +++ b/generic/vendor/common/vendor_init.te @@ -86,8 +86,13 @@ set_prop(vendor_init, public_vendor_default_prop) # Allow timezone to be overrided by vendor set_prop(vendor_init, exported_system_prop) +# Access vendor sensor properties +set_prop(vendor_init, sensors_prop) + #Access vendor bluetooth properties set_prop(vendor_init, vendor_bluetooth_prop) userdebug_or_eng(` allow vendor_init proc_security:file rw_file_perms; ') +# this is for ramdump +allow vendor_init block_device:lnk_file setattr; diff --git a/generic/vendor/common/vndservice.te b/generic/vendor/common/vndservice.te index d03cfa7a..bd8b8d2b 100644 --- a/generic/vendor/common/vndservice.te +++ b/generic/vendor/common/vndservice.te @@ -25,4 +25,5 @@ # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. type qdisplay_service, vndservice_manager_type; -type vendor_per_mgr_service, vndservice_manager_type; +type vendor_per_mgr_service, vndservice_manager_type; +type qfeatenab_client_service, vndservice_manager_type; diff --git a/generic/vendor/common/vndservice_contexts b/generic/vendor/common/vndservice_contexts index 4b9491df..640b3dcd 100644 --- a/generic/vendor/common/vndservice_contexts +++ b/generic/vendor/common/vndservice_contexts @@ -25,4 +25,5 @@ # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. display.qservice u:object_r:qdisplay_service:s0 +featenab_client.service u:object_r:qfeatenab_client_service:s0 vendor.qcom.PeripheralManager u:object_r:vendor_per_mgr_service:s0 diff --git a/generic/vendor/kona/file_contexts b/generic/vendor/kona/file_contexts index f5eb09f3..cc0689cc 100644 --- a/generic/vendor/kona/file_contexts +++ b/generic/vendor/kona/file_contexts @@ -100,3 +100,7 @@ # Same process file /vendor/lib(64)?/hw/gralloc\.kona\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/hw/vulkan\.kona\.so u:object_r:same_process_hal_file:s0 + +# limits Partitions +/dev/block/platform/soc/1d84000.ufshc/by-name/limits u:object_r:limits_block_device:s0 +/dev/block/platform/soc/1d84000.ufshc/by-name/limits-cdsp u:object_r:limits_block_device:s0 diff --git a/generic/vendor/kona/genfs_contexts b/generic/vendor/kona/genfs_contexts index b81e3fb4..ccc696c2 100644 --- a/generic/vendor/kona/genfs_contexts +++ b/generic/vendor/kona/genfs_contexts @@ -31,8 +31,8 @@ genfscon sysfs /devices/platform/soc/soc:qcom,ipa_uc/subsys1/name u:object_r:sys genfscon sysfs /devices/platform/soc/5c00000.qcom,ssc/subsys8/name u:object_r:sysfs_ssr:s0 genfscon sysfs /devices/platform/soc/aab0000.qcom,venus/subsys4/name u:object_r:sysfs_ssr:s0 genfscon sysfs /devices/platform/soc/abb0000.qcom,cvpss/subsys6/name u:object_r:sysfs_ssr:s0 -genfscon sysfs /devices/platform/soc/9800000.qcom,npu/subsys7/name u:object_r:sysfs_ssr:s0 -genfscon sysfs /devices/platform/soc/soc:qcom,kgsl-hyp/subsys9/name u:object_r:sysfs_ssr:s0 +genfscon sysfs /devices/platform/soc/9800000.qcom,npu/subsys11/name u:object_r:sysfs_ssr:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,kgsl-hyp/subsys8/name u:object_r:sysfs_ssr:s0 genfscon sysfs /devices/platform/soc/soc:qcom,mdm0/subsys10/name u:object_r:sysfs_ssr:s0 genfscon sysfs /devices/platform/soc/17300000.qcom,lpass/subsys2/name u:object_r:sysfs_ssr:s0 genfscon sysfs /devices/platform/soc/8300000.qcom,turing/subsys3/name u:object_r:sysfs_ssr:s0 @@ -40,13 +40,11 @@ genfscon sysfs /devices/platform/soc/188101c.qcom,spss/subsys5/name u:object_r:s genfscon sysfs /devices/platform/soc/a600000.ssusb/a600000.dwc3/udc/a600000.dwc3 u:object_r:sysfs_usb_controller:s0 #subsys nodes WLAN -genfscon sysfs /devices/platform/soc/b0000000.qcom,cnss-qca6390/subsys10/name u:object_r:sysfs_ssr:s0 -genfscon sysfs /devices/platform/soc/soc:qcom,mdm0/subsys11/name u:object_r:sysfs_ssr:s0 -genfscon sysfs /devices/platform/soc/soc:qcom,mdm0/subsys7/name u:object_r:sysfs_ssr:s0 +genfscon sysfs /devices/platform/soc/b0000000.qcom,cnss-qca6390/subsys9/name u:object_r:sysfs_ssr:s0 genfscon sysfs /devices/platform/soc/17300000.qcom,lpass/subsys8/name u:object_r:sysfs_ssr:s0 genfscon sysfs /devices/platform/soc/8300000.qcom,turing/subsys9/name u:object_r:sysfs_ssr:s0 genfscon sysfs /devices/platform/soc/188101c.qcom,spss/subsys10/name u:object_r:sysfs_ssr:s0 -genfscon sysfs /devices/platform/soc/5c00000.qcom,ssc/subsys11/name u:object_r:sysfs_ssr:s0 +genfscon sysfs /devices/platform/soc/5c00000.qcom,ssc/subsys7/name u:object_r:sysfs_ssr:s0 genfscon sysfs /devices/platform/soc/soc:qcom,wil6210/subsys12/name u:object_r:sysfs_ssr:s0 genfscon sysfs /devices/platform/soc/soc:qcom,mdm0/esoc0 u:object_r:sysfs_esoc:s0 @@ -125,4 +123,16 @@ genfscon sysfs /devices/platform/soc/1c10000.qcom,pcie/pci0002:00/0002:00:00.0/0 #restart_level -genfscon sysfs /devices/platform/soc/soc:qcom,mdm0/subsys11/restart_level u:object_r:sysfs_ssr_toggle:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,ipa_fws/subsys0/restart_level u:object_r:sysfs_ssr_toggle:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,ipa_uc/subsys1/restart_level u:object_r:sysfs_ssr_toggle:s0 +genfscon sysfs /devices/platform/soc/b0000000.qcom,cnss-qca6390/subsys9/restart_level u:object_r:sysfs_ssr_toggle:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,mdm0/subsys10/restart_level u:object_r:sysfs_ssr_toggle:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,wil6210/subsys12/restart_level u:object_r:sysfs_ssr_toggle:s0 +genfscon sysfs /devices/platform/soc/17300000.qcom,lpass/subsys2/restart_level u:object_r:sysfs_ssr_toggle:s0 +genfscon sysfs /devices/platform/soc/8300000.qcom,turing/subsys3/restart_level u:object_r:sysfs_ssr_toggle:s0 +genfscon sysfs /devices/platform/soc/aab0000.qcom,venus/subsys4/restart_level u:object_r:sysfs_ssr_toggle:s0 +genfscon sysfs /devices/platform/soc/188101c.qcom,spss/subsys5/restart_level u:object_r:sysfs_ssr_toggle:s0 +genfscon sysfs /devices/platform/soc/abb0000.qcom,cvpss/subsys6/restart_level u:object_r:sysfs_ssr_toggle:s0 +genfscon sysfs /devices/platform/soc/9800000.qcom,npu/subsys11/restart_level u:object_r:sysfs_ssr_toggle:s0 +genfscon sysfs /devices/platform/soc/5c00000.qcom,ssc/subsys7/restart_level u:object_r:sysfs_ssr_toggle:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,kgsl-hyp/subsys8/restart_level u:object_r:sysfs_ssr_toggle:s0 diff --git a/generic/vendor/test/domain.te b/generic/vendor/test/domain.te index 7e8f96af..fedc00ff 100644 --- a/generic/vendor/test/domain.te +++ b/generic/vendor/test/domain.te @@ -26,23 +26,13 @@ # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. dontaudit { - system_server - surfaceflinger - bootanim - system_app - platform_app - zygote - location_app - location_app_test - priv_app - radio - shell - zygote - mediaswcodec + coredomain + appdomain } vendor_gles_data_file:dir search; dontaudit { - system_app + coredomain + appdomain } vendor_gles_data_file:file *; #allow all gpu clients to access configuration settings userdebug_or_eng(` diff --git a/generic/vendor/test/property_contexts b/generic/vendor/test/property_contexts index a9703ce8..1fad3092 100644 --- a/generic/vendor/test/property_contexts +++ b/generic/vendor/test/property_contexts @@ -30,6 +30,7 @@ persist.vendor.debug.sensors. u:object_r:sensors_dbg_prop:s0 persist.vendor.debug.mux. u:object_r:wfd_vendor_debug_prop:s0 persist.vendor.debug.rtp. u:object_r:wfd_vendor_debug_prop:s0 persist.vendor.debug.wfd. u:object_r:wfd_vendor_debug_prop:s0 +vendor.debug.wfd. u:object_r:wfd_vendor_debug_prop:s0 #CNE IWLAN Logging persist.vendor.iwlan.logging.logcat u:object_r:cnd_prop:s0 diff --git a/generic/vendor/timeservice/keys.conf b/generic/vendor/test/vendor_modprobe.te index 4d007823..afbb57cd 100644 --- a/generic/vendor/timeservice/keys.conf +++ b/generic/vendor/test/vendor_modprobe.te @@ -25,5 +25,4 @@ # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -[@TIMESERVICE] -ALL : device/qcom/sepolicy/generic/vendor/timeservice/timeservice_app_cert.x509.pem +allow vendor_modprobe debugfs_ipc:dir search; diff --git a/legacy/vendor/common/domain.te b/legacy/vendor/common/domain.te index d788c6a4..c4d6dffc 100644 --- a/legacy/vendor/common/domain.te +++ b/legacy/vendor/common/domain.te @@ -69,3 +69,6 @@ allow { domain -isolated_app -runas_app -untrusted_app_25 -untrusted_app_27 -eph find; allow { domain -isolated_app -runas_app -untrusted_app_25 -untrusted_app_27 -ephemeral_app -mediaprovider -untrusted_app -perfprofd -vold -iorapd -installd } hal_perf_default:binder call; allow { domain -isolated_app -runas_app -untrusted_app_25 -untrusted_app_27 -ephemeral_app -mediaprovider -untrusted_app -perfprofd -vold -iorapd -installd } hwservicemanager:binder call; + +# allow all context to read gpu model +allow { domain - isolated_app } sysfs_kgsl_gpu_model:file r_file_perms; diff --git a/legacy/vendor/common/file.te b/legacy/vendor/common/file.te index 0e13e7a8..8739263a 100644 --- a/legacy/vendor/common/file.te +++ b/legacy/vendor/common/file.te @@ -284,6 +284,8 @@ type sysfs_kgsl, sysfs_type, fs_type; type sysfs_kgsl_proc, sysfs_type, fs_type; # kgsl snapshot file type for sysfs access type sysfs_kgsl_snapshot, sysfs_type, fs_type; +# kgsl gpu model file type for sysfs access +type sysfs_kgsl_gpu_model, sysfs_type, fs_type; # secure touch files type sysfs_securetouch, fs_type, sysfs_type; diff --git a/legacy/vendor/common/file_contexts b/legacy/vendor/common/file_contexts index 82fb7a2a..6b7ec215 100644 --- a/legacy/vendor/common/file_contexts +++ b/legacy/vendor/common/file_contexts @@ -481,6 +481,7 @@ /sys/devices(/platform)?/soc/[a-f0-9]+/host0/scsi_host/host0(/.*)? u:object_r:sysfs_scsi_host:s0 /sys/devices(/platform)?/soc/[a-f0-9]+.ufshc/host0/target0:0:0/0:0:0:[0-9]+/scsi_generic(/.*)? u:object_r:sysfs_scsi_target:s0 /sys/devices(/platform)?/soc/[a-f0-9]+.qcom,kgsl-3d0/kgsl/kgsl-3d0(/.*)? u:object_r:sysfs_kgsl:s0 +/sys/devices(/platform)?/soc/[a-f0-9]+.qcom,kgsl-3d0/kgsl/kgsl-3d0/gpu_model u:object_r:sysfs_kgsl_gpu_model:s0 /sys/devices(/platform)?/soc/[a-f0-9]+.qcom,kgsl-3d0/devfreq/[a-f0-9]+.qcom,kgsl-3d0(/.*)? u:object_r:sysfs_kgsl:s0 /sys/devices(/platform)?/soc/[a-f0-9]+.qcom,kgsl-3d0/kgsl/kgsl-3d0/snapshot(/.*)? u:object_r:sysfs_kgsl_snapshot:s0 diff --git a/legacy/vendor/common/hal_perf_default.te b/legacy/vendor/common/hal_perf_default.te index 6784270c..618b176c 100644 --- a/legacy/vendor/common/hal_perf_default.te +++ b/legacy/vendor/common/hal_perf_default.te @@ -92,3 +92,6 @@ allow hal_perf { # Allow to self kill capability allow hal_perf_default self:capability { kill }; + +# Allow connecting to thermal_socket +unix_socket_connect(hal_perf_default, thermal, thermal-engine) diff --git a/legacy/vendor/common/hal_wifi.te b/legacy/vendor/common/hal_wifi.te index 70fd8bf1..be6d4f73 100644 --- a/legacy/vendor/common/hal_wifi.te +++ b/legacy/vendor/common/hal_wifi.te @@ -37,6 +37,9 @@ unix_socket_connect(hal_wifi, location, location) allow hal_wifi_default wifihal_socket:dir rw_dir_perms; allow hal_wifi_default wifihal_socket:sock_file create_file_perms; +# allow hal_wifi to write into /proc/sys/net/ipv4 +allow hal_wifi proc_net:file w_file_perms; + allow hal_wifi wlan_device:chr_file rw_file_perms; allow hal_wifi self:capability sys_module; allow hal_wifi kernel:key search; diff --git a/legacy/vendor/common/hwservice_contexts b/legacy/vendor/common/hwservice_contexts index f4b1c98a..ac4bcf69 100644 --- a/legacy/vendor/common/hwservice_contexts +++ b/legacy/vendor/common/hwservice_contexts @@ -35,6 +35,7 @@ vendor.qti.hardware.radio.lpa::IUimLpa u:object_r:hal_tele vendor.qti.hardware.radio.uim_remote_client::IUimRemoteServiceClient u:object_r:hal_telephony_hwservice:s0 vendor.qti.hardware.radio.uim_remote_server::IUimRemoteServiceServer u:object_r:hal_telephony_hwservice:s0 vendor.qti.hardware.radio.uim::IUim u:object_r:hal_telephony_hwservice:s0 +vendor.qti.hardware.radio.internal.deviceinfo::IDeviceInfo u:object_r:hal_telephony_hwservice:s0 vendor.qti.hardware.radio.atcmdfwd::IAtCmdFwd u:object_r:hal_atfwd_hwservice:s0 vendor.display.color::IDisplayColor u:object_r:hal_display_color_hwservice:s0 vendor.display.config::IDisplayConfig u:object_r:hal_display_config_hwservice:s0 diff --git a/legacy/vendor/common/location_app.te b/legacy/vendor/common/location_app.te index 6d42bfc9..74c71025 100644 --- a/legacy/vendor/common/location_app.te +++ b/legacy/vendor/common/location_app.te @@ -50,3 +50,5 @@ allowxperm location_app self:socket ioctl msm_sock_ipc_ioctls; allow location_app self:qipcrtr_socket create_socket_perms_no_ioctl; allow location_app sysfs_data:file r_file_perms; unix_socket_connect(location_app, dpmtcm, dpmd) + +allow location_app sysfs_kgsl_gpu_model:file r_file_perms; diff --git a/legacy/vendor/common/mediaserver.te b/legacy/vendor/common/mediaserver.te index ebf55781..35906e7a 100644 --- a/legacy/vendor/common/mediaserver.te +++ b/legacy/vendor/common/mediaserver.te @@ -57,6 +57,8 @@ binder_call(mediaserver, bootanim); get_prop(mediaserver, vendor_audio_prop) +get_prop(mediaserver, vendor_video_prop) + allow mediaserver surfaceflinger:unix_stream_socket rw_socket_perms; hal_client_domain(mediaserver, hal_graphics_composer) diff --git a/legacy/vendor/common/priv_app.te b/legacy/vendor/common/priv_app.te index 62ca1ce8..bef2a5e7 100644 --- a/legacy/vendor/common/priv_app.te +++ b/legacy/vendor/common/priv_app.te @@ -29,3 +29,5 @@ hal_client_domain(priv_app, hal_perf) # TODO(b/123050471): this grants renderscript exec permissions to the # priv_app domain allow priv_app rs_exec:file rx_file_perms; + +allow priv_app sysfs_kgsl_gpu_model:file r_file_perms; diff --git a/legacy/vendor/timeservice/timeservice_app.te b/legacy/vendor/common/timeservice_app.te index 01dd04c5..01dd04c5 100644 --- a/legacy/vendor/timeservice/timeservice_app.te +++ b/legacy/vendor/common/timeservice_app.te diff --git a/legacy/vendor/common/tlocd.te b/legacy/vendor/common/tlocd.te index 2daa759b..ffd3ff42 100644 --- a/legacy/vendor/common/tlocd.te +++ b/legacy/vendor/common/tlocd.te @@ -1,4 +1,4 @@ -# Copyright (c) 2018, The Linux Foundation. All rights reserved. +# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are @@ -48,3 +48,6 @@ allow tlocd self:{ socket qipcrtr_socket } create_socket_perms; allowxperm tlocd self:{ socket qipcrtr_socket } ioctl msm_sock_ipc_ioctls; allow tlocd ion_device:chr_file rw_file_perms; + +# Allow access to smcinvoke device +allow tlocd smcinvoke_device:chr_file rw_file_perms; diff --git a/legacy/vendor/common/vendor_init.te b/legacy/vendor/common/vendor_init.te index 567176e4..e15637f7 100644 --- a/legacy/vendor/common/vendor_init.te +++ b/legacy/vendor/common/vendor_init.te @@ -109,6 +109,9 @@ set_prop(vendor_init, exported_system_prop) #Acess vendor bluetooth properties set_prop(vendor_init, vendor_bluetooth_prop) +# Access vendor sensor properties +set_prop(vendor_init, sensors_prop) + #Access vendor wigig properties, mainly for on-demand module loading set_prop(vendor_init, vendor_wigig_prop) userdebug_or_eng(` diff --git a/legacy/vendor/test/domain.te b/legacy/vendor/test/domain.te index 8606bb7f..589671e5 100644 --- a/legacy/vendor/test/domain.te +++ b/legacy/vendor/test/domain.te @@ -25,6 +25,16 @@ # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +dontaudit { + coredomain + appdomain +} vendor_gles_data_file:dir search; + +dontaudit { + coredomain + appdomain +} vendor_gles_data_file:file *; + #allow all gpu clients to access configuration settings userdebug_or_eng(` allow {domain - coredomain - hal_configstore_default} sysfs_kgsl:dir search; @@ -34,6 +44,8 @@ allow {domain - coredomain - hal_configstore_default} vendor_gles_data_file:dir allow {domain - coredomain - hal_configstore_default} vendor_gles_data_file:file create_file_perms; ') +allow ephemeral_app vendor_gles_data_file:dir search; + userdebug_or_eng(` allow {system_server system_app diff --git a/legacy/vendor/test/untrusted_app.te b/legacy/vendor/test/untrusted_app.te new file mode 100644 index 00000000..ce8f693b --- /dev/null +++ b/legacy/vendor/test/untrusted_app.te @@ -0,0 +1,38 @@ +# Copyright (c) 2019, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#allow untrusted_app clients to access configuration settings +userdebug_or_eng(` +allow untrusted_app sysfs_kgsl:dir search; +dontaudit { + untrusted_app +} sysfs_kgsl:dir read; +r_dir_file(untrusted_app, sysfs_kgsl_snapshot); +r_dir_file(untrusted_app, vendor_gles_data_file); +allow untrusted_app vendor_gles_data_file:dir rw_dir_perms; +allow untrusted_app vendor_gles_data_file:file rw_file_perms; +') diff --git a/legacy/vendor/timeservice/mac_permissions.xml b/legacy/vendor/timeservice/mac_permissions.xml deleted file mode 100644 index 2b7b6d9e..00000000 --- a/legacy/vendor/timeservice/mac_permissions.xml +++ /dev/null @@ -1,40 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<!-- -Copyright (c) 2019, The Linux Foundation. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials provided - with the distribution. - * Neither the name of The Linux Foundation nor the names of its - contributors may be used to endorse or promote products derived - from this software without specific prior written permission. - - THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED - WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT - ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS - BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE - OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN - IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - --> -<policy> - -<!-- -See /system/sepolicy/private/mac_permissions.xml ---> - - <signer signature="@TIMESERVICE" > - <seinfo value="timeserviceapp" /> - </signer> - -</policy> diff --git a/legacy/vendor/timeservice/timeservice_app_cert.pk8 b/legacy/vendor/timeservice/timeservice_app_cert.pk8 Binary files differdeleted file mode 100644 index e1ef6f19..00000000 --- a/legacy/vendor/timeservice/timeservice_app_cert.pk8 +++ /dev/null diff --git a/legacy/vendor/timeservice/timeservice_app_cert.x509.pem b/legacy/vendor/timeservice/timeservice_app_cert.x509.pem deleted file mode 100644 index ad0998b4..00000000 --- a/legacy/vendor/timeservice/timeservice_app_cert.x509.pem +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIID+zCCAuOgAwIBAgIJAMg/RXpMUk2MMA0GCSqGSIb3DQEBCwUAMIGTMQswCQYD -VQQGEwJJTjEQMA4GA1UECAwHVW5rbm93bjEQMA4GA1UEBwwHVW5rbm93bjEkMCIG -A1UECgwbUXVhbGNvbW0gVGVjaG5vbG9naWVzLCBJbmMuMRQwEgYDVQQLDAtUSU1F -U0VSVklDRTEkMCIGA1UEAwwbVElNRVNFUlZJQ0UgUHJpdmlsZWdlZCBBcHBzMB4X -DTE5MDczMTA5MzkyMloXDTQ2MTIxNjA5MzkyMlowgZMxCzAJBgNVBAYTAklOMRAw -DgYDVQQIDAdVbmtub3duMRAwDgYDVQQHDAdVbmtub3duMSQwIgYDVQQKDBtRdWFs -Y29tbSBUZWNobm9sb2dpZXMsIEluYy4xFDASBgNVBAsMC1RJTUVTRVJWSUNFMSQw -IgYDVQQDDBtUSU1FU0VSVklDRSBQcml2aWxlZ2VkIEFwcHMwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQDHEZhGjzKyYWuz4VYseoKiRXPXQ+3FLj7MYChe -9fj3bqeCmp4h2oX1hrI5y2Nml466K7+XnRmzqoeK1QxPnt6E3jZJttQDojGSyqtA -mA1UDYLeaMYUSk4+rSiJ22xJ2HP0gLxTfV9Gz8N5zsvwB65ZM5q2wL2jZX48aA51 -PcNYbtKeVPKt2ZP1m9LWjEIySjxj1pKhPaQdB3ukCsxZOLv27sqk3JE9Z6n/uWCB -bFt0OuaXZGpIwcKO53X1Bw4/M3wYcWmGNvFBUnRzZA2MTj49f+lprgxkx4GnbU9j -TGl8dxImLCvtvIXYjB8cuLJWhKnS/qoItdRruX4fK1Bkf1nvAgMBAAGjUDBOMB0G -A1UdDgQWBBSZ/rBADK7UrF89aVV5YYOgB0/zyDAfBgNVHSMEGDAWgBSZ/rBADK7U -rF89aVV5YYOgB0/zyDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAF -HG/GPgwZwXD0OgkE44f6CAhBsH2FfbGs4l0oapCJmtbWCNEu7LM0oZbr1J5JFv41 -lug8eOSGb1cTbGZF6hl+6JdO42NGI96A/3mHlffPoUjDuLYcMRUoWfimI+T9PS0W -gRfavA8osdyrBU7QxM0Axp62chWEF3/wmOZRIJd8rW8FpDPrqKZlywnJXDPNm5Wo -9g1WLAuu7bcFGUeed7fOmKPaVzA3aWCPSUTapj30fe0Mq+0ezODLaRhoMpVKuS6z -QlUedAEkBpamFTk90nnWoBpOhwcw2P5L1D3fhzZCAqf8xmp+torqiJxBA+9t6GHK -LR5CTP6cVxCy5pNWkW4Y ------END CERTIFICATE----- diff --git a/qva/private/file_contexts b/qva/private/file_contexts index dafef67c..3841eddc 100755..100644 --- a/qva/private/file_contexts +++ b/qva/private/file_contexts @@ -51,6 +51,7 @@ /system/bin/perfservice u:object_r:perfservice_exec:s0 /system/bin/mirrorlinkserver u:object_r:mirrorlink_exec:s0 /system/bin/vpsservice u:object_r:vpsservice_exec:s0 +/system/bin/qspmsvc u:object_r:qspmsvc_exec:s0 /system/bin/sigma_miracasthalservice u:object_r:sigmahal_qti_exec:s0 ####### data files ################ diff --git a/qva/private/mediaserver.te b/qva/private/mediaserver.te index 8f789d5b..d4c0dc85 100644 --- a/qva/private/mediaserver.te +++ b/qva/private/mediaserver.te @@ -27,4 +27,5 @@ unix_socket_send(mediaserver, seempdw, seempd) -get_prop(mediaserver, mm_video_prop)
\ No newline at end of file +get_prop(mediaserver, mm_video_prop) +get_prop(mediaserver, vendor_sys_video_prop) diff --git a/qva/private/property_contexts b/qva/private/property_contexts index d48d73b3..a245505b 100644 --- a/qva/private/property_contexts +++ b/qva/private/property_contexts @@ -60,6 +60,7 @@ vendor.sys.video.disable.ubwc u:object_r:vendor_sys_video_prop:s0 #Wifi Display vendor.wfdservice u:object_r:wfd_service_prop:s0 +vendor.sys.debug.wfd. u:object_r:wfd_sys_debug_prop:s0 persist.vendor.debug.wfd.wfdsvc u:object_r:wfd_sys_debug_prop:s0 persist.vendor.debug.wfdcdbg u:object_r:wfd_sys_debug_prop:s0 persist.vendor.debug.wfdcdbgv u:object_r:wfd_sys_debug_prop:s0 diff --git a/qva/private/qspmsvc.te b/qva/private/qspmsvc.te new file mode 100644 index 00000000..ff7a12b0 --- /dev/null +++ b/qva/private/qspmsvc.te @@ -0,0 +1,35 @@ +# Copyright (c) 2019, The Linux Foundation. All rights reserved. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +typeattribute qspmsvc coredomain; +type qspmsvc_exec, exec_type, system_file_type, file_type; + +init_daemon_domain(qspmsvc) +add_service(qspmsvc, qspmsvc_service); +binder_use(qspmsvc); +binder_call(qspmsvc, system_server); +binder_service(qspmsvc); diff --git a/qva/private/service.te b/qva/private/service.te index daf0a027..4f0f3be3 100644 --- a/qva/private/service.te +++ b/qva/private/service.te @@ -35,3 +35,5 @@ type wfdservice_service, service_manager_type; type wigigp2p_service, app_api_service, system_server_service, service_manager_type; type wigig_service, app_api_service, system_server_service, service_manager_type; type vendor_vps_service, app_api_service, service_manager_type; +type qspmsvc_service, app_api_service, service_manager_type; + diff --git a/qva/private/service_contexts b/qva/private/service_contexts index b00ee1d4..32d28624 100755..100644 --- a/qva/private/service_contexts +++ b/qva/private/service_contexts @@ -40,3 +40,5 @@ wigigp2p u:object_r:wigigp2p_service:s0 wigig u:object_r:wigig_service:s0 display.smomoservice u:object_r:surfaceflinger_service:s0 vendor.vpsservice u:object_r:vendor_vps_service:s0 +qspmsvc u:object_r:qspmsvc_service:s0 + diff --git a/qva/private/system_server.te b/qva/private/system_server.te index 8a7ac89a..10c8d941 100644 --- a/qva/private/system_server.te +++ b/qva/private/system_server.te @@ -60,3 +60,10 @@ userdebug_or_eng(` # Allow system server to access fst,wigig system properties set_prop(system_server, wigig_core_prop) set_prop(system_server, fst_prop) + +#Allow system_server to add and find qspmsvc service +allow system_server qspmsvc_service:service_manager find; + +# Allow system server to access for dpm +get_prop(system_server, persist_dpm_prop) + diff --git a/qva/private/wfdservice.te b/qva/private/wfdservice.te index 66d0e655..3a6eebe2 100644 --- a/qva/private/wfdservice.te +++ b/qva/private/wfdservice.te @@ -52,9 +52,11 @@ binder_call(wfdservice, system_server) #Allow wfdservice to be registered with service manager add_service(wfdservice, wfdservice_service) -#Allow access to read mmosal_logmask file in /data partition userdebug_or_eng(` +#Allow access to read mmosal_logmask file in /data partition allow wfdservice system_data_file:file r_file_perms; +#Allow access to read debug properties + get_prop(wfdservice, wfd_sys_debug_prop); ') # Allow access to mediaserver, surfaceflinger and permissionmanager for interaction of wfdservice diff --git a/qva/private/zygote.te b/qva/private/zygote.te index 97aec53a..8ae52798 100644 --- a/qva/private/zygote.te +++ b/qva/private/zygote.te @@ -26,3 +26,5 @@ # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. unix_socket_send(zygote, seempdw, seempd) + +get_prop(zygote, persist_dpm_prop) diff --git a/qva/public/qspmsvc.te b/qva/public/qspmsvc.te new file mode 100644 index 00000000..e5982a57 --- /dev/null +++ b/qva/public/qspmsvc.te @@ -0,0 +1,28 @@ +# Copyright (c) 2019, The Linux Foundation. All rights reserved. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type qspmsvc, domain; diff --git a/qva/vendor/atoll/file_contexts b/qva/vendor/atoll/file_contexts index 612b586e..910a768a 100644 --- a/qva/vendor/atoll/file_contexts +++ b/qva/vendor/atoll/file_contexts @@ -160,6 +160,15 @@ /(vendor|system/vendor)/bin/init.qti.qseecomd.sh u:object_r:init-qti-fbe-sh_exec:s0 /(vendor|system/vendor)/bin/init\.qti\.can\.sh u:object_r:qti_init_shell_exec:s0 +################################## +# same process HAL libs +/vendor/lib(64)?/hw/vulkan\.atoll\.so u:object_r:same_process_hal_file:s0 + +#QFPROM0 file access +/sys/devices/platform/soc/786018.qfprom/qfprom0/nvmem u:object_r:sysfs_qfprom:s0 + #FPC /sys/devices/platform/soc/soc:fpc1020(/.*?) u:object_r:sysfs_fps_attr:s0 /sys/devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-03/200f000.qcom,spmi:qcom,pmi632@3:qcom,leds@d000/modalias u:object_r:sysfs_fps_attr:s0 +#Same process file +/vendor/lib(64)?/hw/gralloc\.atoll\.so u:object_r:same_process_hal_file:s0 diff --git a/qva/vendor/atoll/genfs_contexts b/qva/vendor/atoll/genfs_contexts index 82b6ec64..58a2595d 100644 --- a/qva/vendor/atoll/genfs_contexts +++ b/qva/vendor/atoll/genfs_contexts @@ -1,4 +1,4 @@ -# Copyright (c) 2018, The Linux Foundation. All rights reserved. +# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are @@ -65,6 +65,7 @@ genfscon sysfs /devices/platform/soc/4080000.qcom,mss/subsys2/name u: genfscon sysfs /devices/platform/soc/9800000.qcom,npu/subsys4/name u:object_r:sysfs_ssr:s0 genfscon sysfs /devices/platform/soc/soc:qcom,ipa_fws/subsys5/name u:object_r:sysfs_ssr:s0 genfscon sysfs /devices/platform/soc/soc:qcom,kgsl-hyp/subsys6/name u:object_r:sysfs_ssr:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,kgsl-hyp/subsys4/name u:object_r:sysfs_ssr:s0 # We see this combo set also so adding this also genfscon sysfs /devices/platform/soc/4080000.qcom,mss/subsys0/name u:object_r:sysfs_ssr:s0 @@ -77,11 +78,11 @@ genfscon sysfs /devices/platform/soc/aae0000.qcom,venus/subsys4/name u: genfscon sysfs /devices/platform/soc/a600000.ssusb/a600000.dwc3/udc/a600000.dwc3 u:object_r:sysfs_usb_controller:s0 #qdss sysfs-node -genfscon sysfs /devices/platform/soc/6047000.tmc/coresight-tmc-etf u:object_r:sysfs_qdss_dev:s0 +genfscon sysfs /devices/platform/soc/6b05000.tmc/coresight-tmc-etf u:object_r:sysfs_qdss_dev:s0 genfscon sysfs /devices/platform/soc/6048000.tmc/coresight-tmc-etr u:object_r:sysfs_qdss_dev:s0 genfscon sysfs /devices/platform/soc/6002000.stm/coresight-stm u:object_r:sysfs_qdss_dev:s0 -genfscon sysfs /devices/platform/soc/91866f0.hwevent/coresight-hwevent u:object_r:sysfs_qdss_dev:s0 -genfscon sysfs /devices/platform/soc/6b0e000.csr/coresight-swao-csr u:object_r:sysfs_qdss_dev:s0 +genfscon sysfs /devices/platform/soc/soc:hwevent/coresight-hwevent u:object_r:sysfs_qdss_dev:s0 +genfscon sysfs /devices/platform/soc/6b0c000.csr/coresight-swao-csr u:object_r:sysfs_qdss_dev:s0 genfscon sysfs /devices/platform/soc/soc:qcom,cpu-cpu-llcc-bw/devfreq u:object_r:sysfs_devfreq:s0 genfscon sysfs /devices/platform/soc/soc:qcom,cpu-llcc-ddr-bw/devfreq u:object_r:sysfs_devfreq:s0 genfscon sysfs /devices/platform/soc/soc:qcom,cpu0-cpu-l3-lat/devfreq u:object_r:sysfs_devfreq:s0 diff --git a/qva/vendor/common/attributes b/qva/vendor/common/attributes index 4c0ce456..e218fdca 100644 --- a/qva/vendor/common/attributes +++ b/qva/vendor/common/attributes @@ -109,6 +109,10 @@ attribute hal_srvctracker; attribute hal_srvctracker_client; attribute hal_srvctracker_server; +attribute hal_qspmhal; +attribute hal_qspmhal_client; +attribute hal_qspmhal_server; + attribute spunvm_file_type; attribute hal_bluetooth_dun; diff --git a/qva/vendor/common/device.te b/qva/vendor/common/device.te index cf875344..c9c258e0 100644 --- a/qva/vendor/common/device.te +++ b/qva/vendor/common/device.te @@ -26,6 +26,7 @@ # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. type hsic_device, dev_type; +type spss_utils_device, dev_type; type skp_device, dev_type; type sp_keymaster_device, dev_type; type sp_ssr_device, dev_type; diff --git a/qva/vendor/common/domain.te b/qva/vendor/common/domain.te index a2870bd2..f4630278 100644 --- a/qva/vendor/common/domain.te +++ b/qva/vendor/common/domain.te @@ -30,3 +30,9 @@ allow { domain -isolated_app -runas_app -untrusted_app_25 -untrusted_app_27 -eph find; allow { domain -isolated_app -runas_app -untrusted_app_25 -untrusted_app_27 -ephemeral_app -mediaprovider -untrusted_app -perfprofd -vold -iorapd -installd } hal_perf_default:binder call; allow { domain -isolated_app -runas_app -untrusted_app_25 -untrusted_app_27 -ephemeral_app -mediaprovider -untrusted_app -perfprofd -vold -iorapd -installd } hwservicemanager:binder call; +neverallow { + coredomain + -init + -ueventd + -spdaemon +} spunvm_file_type: { dir file } *; diff --git a/qva/vendor/common/file.te b/qva/vendor/common/file.te index 32f7d36f..9855fca1 100644 --- a/qva/vendor/common/file.te +++ b/qva/vendor/common/file.te @@ -29,6 +29,7 @@ type vendor_qti_data_file, file_type, data_file_type; type persist_secnvm_file, file_type , vendor_persist_type; +type persist_iar_db_file, file_type , vendor_persist_type; #mink-lowi-interface-daemon (mlid) socket type mlid_socket, file_type, mlstrustedobject; @@ -39,6 +40,10 @@ type ssgqmig_socket, file_type, mlstrustedobject; #ssg tz daemon socket type ssgtzd_socket, file_type, mlstrustedobject; +#spunvm file types +type spunvm_file, file_type, spunvm_file_type; +allow spunvm_file self:filesystem associate; + type qfp-daemon_data_file, file_type, data_file_type; type persist_qti_fp_file, file_type, vendor_persist_type; type sysfs_touch_aoi, fs_type, sysfs_type; @@ -86,6 +91,9 @@ type wifi_vendor_data_file, file_type, data_file_type; type wifi_vendor_wpa_socket, file_type, data_file_type; type hostapd_socket, file_type, data_file_type; +#spss sysfs files +type sysfs_spss, fs_type, sysfs_type; + #vpp type vendor_vpp_data_file, file_type, data_file_type; type persist_vpp_file, file_type, vendor_persist_type; @@ -108,5 +116,10 @@ type sysfs_rmnet, fs_type, sysfs_type; #qvrservice sysfs files type sysfs_qvr_external_sensor, sysfs_type, fs_type; +#qspm-hal +type vendor_qspmhal_data_file, file_type, data_file_type; + #Memory offlining file types type sysfs_memory_offline, sysfs_type, fs_type; + +type sysfs_qfprom, fs_type, sysfs_type; diff --git a/qva/vendor/common/file_contexts b/qva/vendor/common/file_contexts index d3844e4a..c27d7f10 100644 --- a/qva/vendor/common/file_contexts +++ b/qva/vendor/common/file_contexts @@ -33,7 +33,10 @@ /dev/sp_keymaster u:object_r:sp_keymaster_device:s0 /dev/sp_ssr u:object_r:sp_ssr_device:s0 /dev/spdaemon_ssr u:object_r:spdaemon_ssr_device:s0 +/dev/spss_utils u:object_r:spss_utils_device:s0 /dev/iuicc u:object_r:iuicc_device:s0 +/dev/iuicc0 u:object_r:iuicc_device:s0 +/dev/iuicc1 u:object_r:iuicc_device:s0 /dev/cryptoapp u:object_r:cryptoapp_device:s0 /dev/sec_nvm_.* u:object_r:sec_nvm_device:s0 /dev/qbt.* u:object_r:qbt_device:s0 @@ -54,7 +57,7 @@ /dev/socket/qdma(/.*)? u:object_r:qdma_socket:s0 /dev/socket/adpl_cmd_uds_file u:object_r:dataadpl_socket:s0 /dev/socket/wigig/wpa_wigig[0-9] u:object_r:wigig_vendor_wpa_socket:s0 -/dev/socket/wigig/vendor_wpa_wlan[0-9] u:object_r:wigig_vendor_wpa_socket:s0 +/dev/socket/vendor_wpa_wlan[0-9] u:object_r:wifi_vendor_wpa_socket:s0 /dev/socket/wigig/wigignpt u:object_r:wigignpt_socket:s0 /dev/socket/wigig/sensingdaemon u:object_r:sensingdaemon_socket:s0 @@ -115,6 +118,8 @@ /(vendor|system/vendor)/bin/wigignpt u:object_r:wigignpt_exec:s0 /(vendor|system/vendor)/bin/sensingdaemon u:object_r:sensingdaemon_exec:s0 /vendor/bin/hw/android\.hardware\.usb\@1\.[0-2]-service-qti u:object_r:hal_usb_qti_exec:s0 +/vendor/bin/vendor\.qti\.qspmhal@1\.0-service u:object_r:hal_qspmhal_default_exec:s0 + #### Context for location features ## location daemons and binaries @@ -152,6 +157,8 @@ /sys/devices(/platform)?/soc/soc:qcom,gpubw/devfreq/soc:qcom,gpubw(/.*)? u:object_r:sysfs_devfreq:s0 +/sys/devices(/platform)?/soc/soc:qcom,spss_utils(/.*)? u:object_r:sysfs_spss:s0 + ################################### # data files # @@ -171,16 +178,21 @@ /data/vendor/lm(/.*)? u:object_r:lm_data_file:s0 /data/vendor/secure_element(/.*)? u:object_r:secure_element_vendor_data_file:s0 /data/vendor/sensing(/.*)? u:object_r:sensing_vendor_data_file:s0 +/data/vendor/gaming(/.*)? u:object_r:vendor_qspmhal_data_file:s0 ################################### # persist files # /mnt/vendor/persist/secnvm(/.*)? u:object_r:persist_secnvm_file:s0 +/mnt/vendor/persist/iar_db(/.*)? u:object_r:persist_iar_db_file:s0 /mnt/vendor/persist/qti_fp(/.*)? u:object_r:persist_qti_fp_file:s0 /mnt/vendor/persist/FTM_AP(/.*)? u:object_r:vendor_persist_mmi_file:s0 /mnt/vendor/persist/vpp(/.*)? u:object_r:persist_vpp_file:s0 /mnt/vendor/persist/hvdcp_opti(/.*)? u:object_r:persist_hvdcp_file:s0 +# spunvm partition +/mnt/vendor/spunvm(/.*)? u:object_r:spunvm_file:s0 + # same-process HAL files and their dependencies # # libmmi_jni @@ -190,6 +202,7 @@ # SVA files /vendor/lib(64)?/liblistenjni\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/liblistensoundmodel2\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/vendor.qti.qspmhal@1.0\.so u:object_r:same_process_hal_file:s0 #wifilearner daemon /(vendor|system/vendor)/bin/wifilearner u:object_r:wifilearnersvc_exec:s0 diff --git a/qva/vendor/common/hal_perf_default.te b/qva/vendor/common/hal_perf_default.te index 8831ca1d..65c7ab84 100644 --- a/qva/vendor/common/hal_perf_default.te +++ b/qva/vendor/common/hal_perf_default.te @@ -71,6 +71,7 @@ allow hal_perf { sysfs_msm_power sysfs_battery_supply sysfs_process_reclaim + sysfs_qfprom }:dir r_dir_perms; allow hal_perf { @@ -89,6 +90,7 @@ allow hal_perf { sysfs_msm_power sysfs_battery_supply sysfs_process_reclaim + sysfs_qfprom }:file rw_file_perms; allow hal_perf { @@ -100,3 +102,11 @@ allow hal_perf { # Allow to self kill capability allow hal_perf_default self:capability { kill }; + +# Allow QSPM access +hal_client_domain(hal_perf_default, hal_qspmhal); + +#Allow Display Config access +hal_client_domain(hal_perf_default, hal_graphics_composer); +# Allow connecting to thermal_socket +unix_socket_connect(hal_perf_default, thermal, thermal-engine) diff --git a/qva/vendor/common/hal_secure_element_default.te b/qva/vendor/common/hal_secure_element_default.te index 679c2d65..ccc07fd4 100644 --- a/qva/vendor/common/hal_secure_element_default.te +++ b/qva/vendor/common/hal_secure_element_default.te @@ -30,3 +30,6 @@ hal_client_domain(hal_secure_element_default, hal_esepowermanager) allow hal_secure_element_default secure_element_vendor_data_file:dir rw_dir_perms; allow hal_secure_element_default secure_element_vendor_data_file:file create_file_perms; + +#Allow access to nfc device +allow hal_secure_element_default nfc_device:chr_file rw_file_perms; diff --git a/qva/vendor/common/hwservice.te b/qva/vendor/common/hwservice.te index a04c15cd..6d875cd1 100644 --- a/qva/vendor/common/hwservice.te +++ b/qva/vendor/common/hwservice.te @@ -48,5 +48,6 @@ type hal_fm_hwservice, hwservice_manager_type; type hal_btconfigstore_hwservice, hwservice_manager_type; type hal_wifilearner_hwservice, hwservice_manager_type; type hal_srvctracker_hwservice, hwservice_manager_type; +type hal_qspmhal_hwservice, untrusted_app_visible_hwservice_violators, hwservice_manager_type; type hal_bluetooth_dun_hwservice, hwservice_manager_type; type hal_qseecom_hwservice, hwservice_manager_type; diff --git a/qva/vendor/common/hwservice_contexts b/qva/vendor/common/hwservice_contexts index 28ac6409..0365b8a9 100644 --- a/qva/vendor/common/hwservice_contexts +++ b/qva/vendor/common/hwservice_contexts @@ -71,3 +71,4 @@ vendor.qti.hardware.bluetooth_audio::IBluetoothAudioProvidersFactory u:object_r vendor.qti.hardware.wifi.wifilearner::IWifiStats u:object_r:hal_wifilearner_hwservice:s0 vendor.qti.hardware.cryptfshw::ICryptfsHw u:object_r:hal_keymaster_hwservice:s0 vendor.qti.hardware.qseecom::IQSEECom u:object_r:hal_qseecom_hwservice:s0 +vendor.qti.qspmhal::IQspmhal u:object_r:hal_qspmhal_hwservice:s0 diff --git a/qva/vendor/common/init.te b/qva/vendor/common/init.te index d8005729..d811644a 100644 --- a/qva/vendor/common/init.te +++ b/qva/vendor/common/init.te @@ -1,4 +1,4 @@ -# Copyright (c) 2018, The Linux Foundation. All rights reserved. +# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are @@ -26,3 +26,8 @@ # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. allow init sysfs_graphics:file setattr; + +# allow init to mount spunvm partition +allow init spunvm_file:dir mounton; +allow init spunvm_file:filesystem { relabelto relabelfrom mount }; +allow init sysfs_qvr_external_sensor:file setattr; diff --git a/qva/vendor/common/lmkd.te b/qva/vendor/common/lmkd.te index 4a8e011a..aa8eb737 100644 --- a/qva/vendor/common/lmkd.te +++ b/qva/vendor/common/lmkd.te @@ -27,6 +27,10 @@ allow lmkd hal_perf_hwservice:hwservice_manager find; allow lmkd hal_perf_default:binder call; +allow lmkd hal_iop_hwservice:hwservice_manager find; +allow lmkd hal_iop_default:binder call; allow lmkd hwservicemanager:binder call; -allow lmkd kmsg_device:chr_file rw_file_perms; +userdebug_or_eng(` + allow lmkd kmsg_device:chr_file rw_file_perms; +') get_prop(lmkd, hwservicemanager_prop); diff --git a/qva/vendor/common/location_app.te b/qva/vendor/common/location_app.te index 558b3caa..4d9c3d9c 100644 --- a/qva/vendor/common/location_app.te +++ b/qva/vendor/common/location_app.te @@ -30,3 +30,6 @@ # allow location_app to access perf hal hal_client_domain(location_app, hal_perf) + +# allow location_app to access gpu_model +allow location_app sysfs_kgsl_gpu_model:file r_file_perms; diff --git a/qva/vendor/common/mediaserver.te b/qva/vendor/common/mediaserver.te index c73954b5..4a150e6f 100644 --- a/qva/vendor/common/mediaserver.te +++ b/qva/vendor/common/mediaserver.te @@ -29,3 +29,6 @@ hal_client_domain(mediaserver, hal_audio) #to read audio props get_prop(mediaserver, vendor_audio_prop) + +#to read video props +get_prop(mediaserver, vendor_video_prop) diff --git a/qva/vendor/common/mlid.te b/qva/vendor/common/mlid.te index 54b58f58..a95d3063 100644 --- a/qva/vendor/common/mlid.te +++ b/qva/vendor/common/mlid.te @@ -33,4 +33,5 @@ init_daemon_domain(mlid) # Allow access to location socket allow mlid self:netlink_generic_socket create_socket_perms_no_ioctl; +allow mlid location_socket:dir search; unix_socket_connect(mlid, location, location) diff --git a/qva/vendor/common/platform_app.te b/qva/vendor/common/platform_app.te index bd8699e2..61ec389e 100644 --- a/qva/vendor/common/platform_app.te +++ b/qva/vendor/common/platform_app.te @@ -32,10 +32,10 @@ hal_client_domain(platform_app, hal_perf) hal_client_domain(platform_app, hal_cvp) #scve hal_client_domain(platform_app, hal_scve) - #allow platform_app to read vendor_mpctl_prop get_prop(platform_app, vendor_mpctl_prop) - +#qspmhal +hal_client_domain(platform_app, hal_qspmhal) #fingerprint hal_client_domain(platform_app, hal_fingerprint) diff --git a/qva/vendor/common/priv_app.te b/qva/vendor/common/priv_app.te new file mode 100644 index 00000000..7375e846 --- /dev/null +++ b/qva/vendor/common/priv_app.te @@ -0,0 +1,31 @@ +# Copyright (c) 2019, The Linux Foundation. All rights reserved. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#allow priv_app to access hal_qspmhal +hal_client_domain(priv_app, hal_qspmhal) + + diff --git a/qva/vendor/common/property.te b/qva/vendor/common/property.te index d3312e63..db4135ce 100644 --- a/qva/vendor/common/property.te +++ b/qva/vendor/common/property.te @@ -40,6 +40,11 @@ type vendor_boot_mode_prop, property_type; #mpctl type vendor_mpctl_prop, property_type; type freq_prop, property_type; +#service opts +type bservice_prop, property_type; +type reschedule_service_prop, property_type; +type vendor_cgroup_follow_prop, property_type; +type vendor_scroll_prop, property_type; type vendor_qspm_prop, property_type; #iop diff --git a/qva/vendor/common/property_contexts b/qva/vendor/common/property_contexts index c08c5c1d..8c146560 100644 --- a/qva/vendor/common/property_contexts +++ b/qva/vendor/common/property_contexts @@ -41,6 +41,22 @@ vendor.qti.qdma. u:object_r:vendor_qdma_prop:s0 #perf vendor.post_boot.parsed u:object_r:vendor_mpctl_prop:s0 +vendor.perf.cores_online u:object_r:vendor_mpctl_prop:s0 +persist.vendor.qti. u:object_r:vendor_mpctl_prop:s0 +ro.vendor.at_library u:object_r:vendor_mpctl_prop:s0 +vendor.debug.trace.perf u:object_r:vendor_mpctl_prop:s0 +vendor.iop.enable_uxe u:object_r:vendor_iop_prop:s0 +vendor.perf.iop_v3.enable u:object_r:vendor_iop_prop:s0 +vendor.perf.iop_v3.enable.debug u:object_r:vendor_iop_prop:s0 +vendor.iop.enable_prefetch_ofr u:object_r:vendor_iop_prop:s0 +# cgroup follow +ro.vendor.qti.cgroup_follow.enable u:object_r:vendor_cgroup_follow_prop:s0 +ro.vendor.qti.cgroup_follow.dex2oat_only u:object_r:vendor_cgroup_follow_prop:s0 +#Bservice Property, Delayed Service Restart Property +ro.vendor.qti.sys.fw.bservice_ u:object_r:bservice_prop:s0 +ro.vendor.qti.am.reschedule_service u:object_r:reschedule_service_prop:s0 +#gesture-fling scroll +vendor.perf.gestureflingboost.enable u:object_r:vendor_scroll_prop:s0 # NFC vendor.qti.nfc. u:object_r:vendor_nfc_nq_prop:s0 diff --git a/qva/vendor/common/qspmhal.te b/qva/vendor/common/qspmhal.te new file mode 100644 index 00000000..5a8a8435 --- /dev/null +++ b/qva/vendor/common/qspmhal.te @@ -0,0 +1,47 @@ +# Copyright (c) 2019, The Linux Foundation. All rights reserved. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type hal_qspmhal_default, domain; +type hal_qspmhal_default_exec, exec_type, vendor_file_type, file_type; +typeattribute hal_qspmhal_default untrusted_app_visible_halserver_violators; + +init_daemon_domain(hal_qspmhal_default) + +hal_server_domain(hal_qspmhal_default, hal_qspmhal) +hal_client_domain(hal_qspmhal_default, hal_allocator) + +binder_call(hal_qspmhal_client, hal_qspmhal_server) +binder_call(hal_qspmhal_server, hal_qspmhal_client) + +# Add hwservice related rules +hal_attribute_hwservice(hal_qspmhal, hal_qspmhal_hwservice) + +allow hal_qspmhal vendor_qspmhal_data_file:dir r_dir_perms; +allow hal_qspmhal vendor_qspmhal_data_file:file r_file_perms; + +#getprop rule for qspm debug prop +userdebug_or_eng(`get_prop(hal_qspmhal_default, vendor_qspm_dbg_prop)') diff --git a/qva/vendor/common/qspmsvc.te b/qva/vendor/common/qspmsvc.te new file mode 100644 index 00000000..6aa18e9e --- /dev/null +++ b/qva/vendor/common/qspmsvc.te @@ -0,0 +1,28 @@ +# Copyright (c) 2019, The Linux Foundation. All rights reserved. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +hal_client_domain(qspmsvc, hal_qspmhal) diff --git a/qva/vendor/common/spdaemon.te b/qva/vendor/common/spdaemon.te index 2385da10..7fe4e6d6 100644 --- a/qva/vendor/common/spdaemon.te +++ b/qva/vendor/common/spdaemon.te @@ -32,6 +32,10 @@ type spdaemon_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(spdaemon) allow spdaemon spcom_device:chr_file { getattr rw_file_perms }; + +# Allow access to spss_utils device +allow spdaemon spss_utils_device:chr_file rw_file_perms; + allow spdaemon skp_device:chr_file { getattr rw_file_perms }; # Need to check if really needed set_prop(spdaemon, spcomlib_prop) @@ -45,9 +49,26 @@ r_dir_file(spdaemon, firmware_file); use_vendor_per_mgr(spdaemon) hal_client_domain(spdaemon, hal_telephony) -allow spdaemon sysfs_data:file r_file_perms; +# Allow to access IAR-DB at /mnt/vendor/persist/iar_db +allow spdaemon persist_iar_db_file:dir rw_dir_perms; +allow spdaemon persist_iar_db_file:file rw_file_perms; + +r_dir_file(spdaemon, mnt_vendor_file) +# Allow to mount spunvm partition +allow spdaemon spunvm_file:dir mounton; +allow spdaemon spunvm_file:filesystem mount; +allow spdaemon spunvm_file:filesystem remount; + +# Allow to access IAR-DB at /mnt/vendor/spunvm +allow spdaemon spunvm_file:dir rw_dir_perms; +allow spdaemon spunvm_file:file rw_file_perms; +allow spdaemon spunvm_file:file create_file_perms; + +# allow read access to sysfs +allow spdaemon sysfs_data:file r_file_perms; allow spdaemon sysfs_spdaemon:file r_file_perms; +r_dir_file(spdaemon, sysfs_spss); userdebug_or_eng(` allow spdaemon debugfs_ipc:file rw_file_perms; diff --git a/qva/vendor/common/surfaceflinger.te b/qva/vendor/common/surfaceflinger.te new file mode 100644 index 00000000..50ce8086 --- /dev/null +++ b/qva/vendor/common/surfaceflinger.te @@ -0,0 +1,28 @@ +# Copyright (c) 2019, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +r_dir_file(surfaceflinger, sysfs_qfprom) diff --git a/qva/vendor/common/system_app.te b/qva/vendor/common/system_app.te index 6ad9d8f8..0bdc98aa 100644 --- a/qva/vendor/common/system_app.te +++ b/qva/vendor/common/system_app.te @@ -54,5 +54,8 @@ hal_client_domain(system_app, hal_btconfigstore); # update engine binder_call( system_app, update_engine ) +#allow system app to access hal_qspmhal +hal_client_domain(system_app, hal_qspmhal); + # allow system_app to interact with pasr hal hal_client_domain(system_app, hal_pasrmanager) diff --git a/qva/vendor/common/system_server.te b/qva/vendor/common/system_server.te index 78b89e9b..3a982140 100644 --- a/qva/vendor/common/system_server.te +++ b/qva/vendor/common/system_server.te @@ -37,8 +37,12 @@ allow system_server proc_audiod:file r_file_perms; # allow system_server to access IOP HAL service hal_client_domain(system_server, hal_iop) -# allow system_server to access vendor display property. +# allow system_server to access vendor perf properties get_prop(system_server, vendor_iop_prop) +get_prop(system_server, bservice_prop) +get_prop(system_server, reschedule_service_prop) +get_prop(system_server, vendor_cgroup_follow_prop) +get_prop(system_server, vendor_scroll_prop) # allow WIGIG framework hosted in system_server to access wigig_hal hal_client_domain(system_server, hal_wigig) diff --git a/legacy/vendor/timeservice/seapp_contexts b/qva/vendor/common/untrusted_app.te index 186c9fdb..522ed8b0 100644 --- a/legacy/vendor/timeservice/seapp_contexts +++ b/qva/vendor/common/untrusted_app.te @@ -25,6 +25,5 @@ # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# Needed for time service apk -user=_app seinfo=timeserviceapp name=com.qualcomm.timeservice domain=timeservice_app type=app_data_file levelFrom=all +hal_client_domain(untrusted_app, hal_qspmhal) diff --git a/qva/vendor/common/vendor_init.te b/qva/vendor/common/vendor_init.te index a7b33e7c..12b57163 100644 --- a/qva/vendor/common/vendor_init.te +++ b/qva/vendor/common/vendor_init.te @@ -45,6 +45,8 @@ set_prop(vendor_init, vendor_wigig_prop) set_prop(vendor_init, vendor_qspm_prop) +set_prop(vendor_init, vendor_mpctl_prop) + userdebug_or_eng(` set_prop(vendor_init, vendor_audio_debug_prop) ') diff --git a/qva/vendor/kona/genfs_contexts b/qva/vendor/kona/genfs_contexts index b95d547e..cb0d5be9 100644 --- a/qva/vendor/kona/genfs_contexts +++ b/qva/vendor/kona/genfs_contexts @@ -28,3 +28,6 @@ # spdaemon sysfs genfscon sysfs /firmware/devicetree/base/soc/qcom,spmi@c440000/qcom,pm8150b@2/vadc@3100/vph_pwr@83/name u:object_r:sysfs_spdaemon:s0 genfscon sysfs /devices/platform/soc/soc:qcom,spss_utils/firmware_name u:object_r:sysfs_spdaemon:s0 + +#net sysfs +genfscon sysfs /devices/platform/soc/1c00000.qcom,pcie/pci0000:00/0000:00:00.0/0000:01:00.0/net u:object_r:sysfs_net:s0 diff --git a/qva/vendor/lito/file_contexts b/qva/vendor/lito/file_contexts index 022550ee..44ece1a3 100644 --- a/qva/vendor/lito/file_contexts +++ b/qva/vendor/lito/file_contexts @@ -84,6 +84,8 @@ /dev/block/platform/soc/1d84000.ufshc/by-name/imagefv_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/1d84000.ufshc/by-name/uefisecapp_[ab] u:object_r:uefi_block_device:s0 /dev/block/platform/soc/1d84000.ufshc/by-name/recovery_[ab] u:object_r:recovery_block_device:s0 +/dev/block/platform/soc/1d84000.ufshc/by-name/featenabler_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000.ufshc/by-name/core_nhlos_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/1d84000.ufshc/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/1d84000.ufshc/by-name/super u:object_r:super_block_device:s0 @@ -93,6 +95,10 @@ # Block devices for the drive that holds the xbl_a and xbl_b partitions. /dev/block/platform/soc/1d84000.ufshc/sd[bc] u:object_r:xbl_block_device:s0 +# limits Partitions +/dev/block/platform/soc/1d84000.ufshc/by-name/limits u:object_r:limits_block_device:s0 +/dev/block/platform/soc/1d84000.ufshc/by-name/limits-cdsp u:object_r:limits_block_device:s0 + ################################## # non-hlos mount points /firmware u:object_r:firmware_file:s0 @@ -127,6 +133,10 @@ /dev/block/platform/soc/7c4000.sdhci/by-name/storsec_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/7c4000.sdhci/by-name/imagefv_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/7c4000.sdhci/by-name/uefisecapp_[ab] u:object_r:uefi_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/recovery_[ab] u:object_r:recovery_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/featenabler_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/core_nhlos_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0 #non A/B /dev/block/platform/soc/7c4000.sdhci/by-name/system u:object_r:system_block_device:s0 @@ -154,6 +164,10 @@ #rawdump partition /dev/block/platform/soc/7c4000.sdhci/by-name/rawdump u:object_r:rawdump_block_device:s0 +# limits Partitions +/dev/block/platform/soc/7c4000.sdhci/by-name/limits u:object_r:limits_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/limits-cdsp u:object_r:limits_block_device:s0 + # FBE /(vendor|system/vendor)/bin/init.qti.qseecomd.sh u:object_r:init-qti-fbe-sh_exec:s0 /(vendor|system/vendor)/bin/init\.qti\.can\.sh u:object_r:qti_init_shell_exec:s0 @@ -163,7 +177,26 @@ /vendor/lib(64)?/hw/gralloc\.lito\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/hw/vulkan\.lito\.so u:object_r:same_process_hal_file:s0 +#SSR nodes +/sys/devices/platform/soc/4080000.qcom,mss/subsys[0-9]+/name u:object_r:sysfs_ssr:s0 +/sys/devices/platform/soc/3000000.qcom,lpass/subsys[0-9]+/name u:object_r:sysfs_ssr:s0 +/sys/devices/platform/soc/8300000.qcom,turing/subsys[0-9]+/name u:object_r:sysfs_ssr:s0 +/sys/devices/platform/soc/aae0000.qcom,venus/subsys[0-9]+/name u:object_r:sysfs_ssr:s0 +/sys/devices/platform/soc/soc:qcom,ipa_fws/subsys[0-9]+/name u:object_r:sysfs_ssr:s0 +/sys/devices/platform/soc/9800000.qcom,npu/subsys[0-9]+/name u:object_r:sysfs_ssr:s0 +/sys/devices/platform/soc/soc:qcom,kgsl-hyp/subsys[0-9]+/name u:object_r:sysfs_ssr:s0 + +/sys/devices/platform/soc/4080000.qcom,mss/subsys[0-9]+/restart_level u:object_r:sysfs_ssr_toggle:s0 +/sys/devices/platform/soc/3000000.qcom,lpass/subsys[0-9]+/restart_level u:object_r:sysfs_ssr_toggle:s0 +/sys/devices/platform/soc/8300000.qcom,turing/subsys[0-9]+/restart_level u:object_r:sysfs_ssr_toggle:s0 +/sys/devices/platform/soc/aae0000.qcom,venus/subsys[0-9]+/restart_level u:object_r:sysfs_ssr_toggle:s0 +/sys/devices/platform/soc/soc:qcom,ipa_fws/subsys[0-9]+/restart_level u:object_r:sysfs_ssr_toggle:s0 +/sys/devices/platform/soc/9800000.qcom,npu/subsys[0-9]+/restart_level u:object_r:sysfs_ssr_toggle:s0 +/sys/devices/platform/soc/soc:qcom,kgsl-hyp/subsys[0-9]+/restart_level u:object_r:sysfs_ssr_toggle:s0 + #FPC /sys/devices/platform/soc/soc:fpc1020(/.*?) u:object_r:sysfs_fps_attr:s0 /sys/devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-03/200f000.qcom,spmi:qcom,pmi632@3:qcom,leds@d000/modalias u:object_r:sysfs_fps_attr:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service-fpc u:object_r:hal_fingerprint_fpc_exec:s0 + +/sys/devices/platform/soc/780000.qfprom/qfprom0/feat_conf10 u:object_r:sysfs_qfprom:s0 diff --git a/qva/vendor/lito/genfs_contexts b/qva/vendor/lito/genfs_contexts index 0d37cd5b..f78ad3c4 100644 --- a/qva/vendor/lito/genfs_contexts +++ b/qva/vendor/lito/genfs_contexts @@ -44,21 +44,6 @@ genfscon sysfs /devices/platform/soc/soc:hwevent/coresight-hwevent u:object_r:sy genfscon sysfs /devices/platform/soc/6b0c000.csr/coresight-swao-csr u:object_r:sysfs_qdss_dev:s0 genfscon sysfs /devices/platform/soc/soc:dummy_source/coresight-modem-diag u:object_r:sysfs_qdss_dev:s0 -genfscon sysfs /devices/platform/soc/4080000.qcom,mss/subsys0/name u:object_r:sysfs_ssr:s0 -genfscon sysfs /devices/platform/soc/3000000.qcom,lpass/subsys1/name u:object_r:sysfs_ssr:s0 -genfscon sysfs /devices/platform/soc/8300000.qcom,turing/subsys2/name u:object_r:sysfs_ssr:s0 -genfscon sysfs /devices/platform/soc/aae0000.qcom,venus/subsys3/name u:object_r:sysfs_ssr:s0 -genfscon sysfs /devices/platform/soc/soc:qcom,ipa_fws/subsys4/name u:object_r:sysfs_ssr:s0 -genfscon sysfs /devices/platform/soc/9800000.qcom,npu/subsys5/name u:object_r:sysfs_ssr:s0 -genfscon sysfs /devices/platform/soc/soc:qcom,kgsl-hyp/subsys6/name u:object_r:sysfs_ssr:s0 - - -#It seem some change in the subsystem numbering adding the new list also -genfscon sysfs /devices/platform/soc/soc:qcom,ipa_fws/subsys3/name u:object_r:sysfs_ssr:s0 -genfscon sysfs /devices/platform/soc/9800000.qcom,npu/subsys4/name u:object_r:sysfs_ssr:s0 -genfscon sysfs /devices/platform/soc/soc:qcom,kgsl-hyp/subsys5/name u:object_r:sysfs_ssr:s0 -genfscon sysfs /devices/platform/soc/aae0000.qcom,venus/subsys6/name u:object_r:sysfs_ssr:s0 - # PMIC UI peripherals genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm8150@0:qcom,pm8150_rtc/rtc u:object_r:sysfs_rtc:s0 genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-03/c440000.qcom,spmi:qcom,pm7250b@3:qcom,vibrator@5300/leds/vibrator u:object_r:sysfs_leds:s0 @@ -70,7 +55,8 @@ genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-05/c440000.q # DCVS nodes genfscon sysfs /devices/platform/soc/soc:qcom,cpu-cpu-llcc-bw/devfreq u:object_r:sysfs_devfreq:s0 genfscon sysfs /devices/platform/soc/soc:qcom,cpu-llcc-ddr-bw/devfreq u:object_r:sysfs_devfreq:s0 -genfscon sysfs /devices/platform/soc/soc:qcom,npu-npu-ddr-bw/devfreq u:object_r:sysfs_devfreq:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,npu-npu-llcc-bw/devfreq u:object_r:sysfs_devfreq:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,npu-llcc-ddr-bw/devfreq u:object_r:sysfs_devfreq:s0 genfscon sysfs /devices/platform/soc/soc:qcom,npudsp-npu-ddr-bw/devfreq u:object_r:sysfs_devfreq:s0 genfscon sysfs /devices/platform/soc/18321000.qcom,devfreq-l3/18321000.qcom,devfreq-l3:qcom,cpu0-cpu-l3-lat/devfreq u:object_r:sysfs_devfreq:s0 genfscon sysfs /devices/platform/soc/18321000.qcom,devfreq-l3/18321000.qcom,devfreq-l3:qcom,cpu6-cpu-l3-lat/devfreq u:object_r:sysfs_devfreq:s0 diff --git a/qva/vendor/test/property.te b/qva/vendor/test/property.te new file mode 100644 index 00000000..6df02c59 --- /dev/null +++ b/qva/vendor/test/property.te @@ -0,0 +1,30 @@ + +# Copyright (c) 2019, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#qspm hal debug +type vendor_qspm_dbg_prop, property_type; diff --git a/qva/vendor/test/property_contexts b/qva/vendor/test/property_contexts new file mode 100644 index 00000000..517485ff --- /dev/null +++ b/qva/vendor/test/property_contexts @@ -0,0 +1,30 @@ + +# Copyright (c) 2019, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#qspm debug prop +vendor.debug.qspm u:object_r:vendor_qspm_dbg_prop:s0 diff --git a/qva/vendor/trinket/file_contexts b/qva/vendor/trinket/file_contexts index 3f3b8db3..b6c2bcd6 100644 --- a/qva/vendor/trinket/file_contexts +++ b/qva/vendor/trinket/file_contexts @@ -177,3 +177,5 @@ /sys/devices/platform/soc/soc:fpc1020(/.*?) u:object_r:sysfs_fps_attr:s0 /sys/devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-03/c440000.qcom,spmi:qcom,pmi632@3:qcom,leds@d000/leds/modalias u:object_r:sysfs_fps_attr:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service-fpc u:object_r:hal_fingerprint_fpc_exec:s0 + +/sys/devices/platform/soc/1b46018.qfprom/qfprom0/nvmem u:object_r:sysfs_qfprom:s0 diff --git a/qva/vendor/trinket/hal_camera.te b/qva/vendor/trinket/hal_camera.te new file mode 100644 index 00000000..094cb7e9 --- /dev/null +++ b/qva/vendor/trinket/hal_camera.te @@ -0,0 +1,28 @@ +# Copyright (c) 2019, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED"AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +binder_call(hal_camera, system_server)
\ No newline at end of file diff --git a/sepolicy.mk b/sepolicy.mk index 23f3d20e..f52e5f7d 100644 --- a/sepolicy.mk +++ b/sepolicy.mk @@ -16,7 +16,7 @@ ifeq (,$(filter sdm845 sdm710, $(TARGET_BOARD_PLATFORM))) device/qcom/sepolicy/generic/vendor/common \ device/qcom/sepolicy/qva/vendor/common/sysmonapp \ device/qcom/sepolicy/qva/vendor/ssg \ - device/qcom/sepolicy/generic/vendor/timeservice \ + device/qcom/sepolicy/timeservice \ device/qcom/sepolicy/qva/vendor/common ifeq ($(TARGET_SEPOLICY_DIR),) @@ -37,7 +37,7 @@ ifneq (,$(filter sdm845 sdm710, $(TARGET_BOARD_PLATFORM))) BOARD_SEPOLICY_DIRS += \ device/qcom/sepolicy/legacy/vendor/common/sysmonapp \ device/qcom/sepolicy/legacy/vendor/ssg \ - device/qcom/sepolicy/legacy/vendor/timeservice \ + device/qcom/sepolicy/timeservice \ device/qcom/sepolicy/legacy/vendor/common ifeq ($(TARGET_SEPOLICY_DIR),) diff --git a/legacy/vendor/timeservice/keys.conf b/timeservice/keys.conf index 4c81e70e..a9e20b6c 100644 --- a/legacy/vendor/timeservice/keys.conf +++ b/timeservice/keys.conf @@ -26,4 +26,4 @@ # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. [@TIMESERVICE] -ALL : device/qcom/sepolicy/legacy/vendor/timeservice/timeservice_app_cert.x509.pem +ALL : device/qcom/sepolicy/timeservice/timeservice_app_cert.x509.pem diff --git a/generic/vendor/timeservice/mac_permissions.xml b/timeservice/mac_permissions.xml index 2b7b6d9e..2b7b6d9e 100644 --- a/generic/vendor/timeservice/mac_permissions.xml +++ b/timeservice/mac_permissions.xml diff --git a/generic/vendor/timeservice/seapp_contexts b/timeservice/seapp_contexts index 186c9fdb..186c9fdb 100644 --- a/generic/vendor/timeservice/seapp_contexts +++ b/timeservice/seapp_contexts diff --git a/generic/vendor/timeservice/timeservice_app_cert.pk8 b/timeservice/timeservice_app_cert.pk8 Binary files differindex e1ef6f19..e1ef6f19 100644 --- a/generic/vendor/timeservice/timeservice_app_cert.pk8 +++ b/timeservice/timeservice_app_cert.pk8 diff --git a/generic/vendor/timeservice/timeservice_app_cert.x509.pem b/timeservice/timeservice_app_cert.x509.pem index ad0998b4..ad0998b4 100644 --- a/generic/vendor/timeservice/timeservice_app_cert.x509.pem +++ b/timeservice/timeservice_app_cert.x509.pem |