Merge d22eecffecc4bc284dd053b01181c854e3a0df2a on remote branch

Change-Id: Icfd788c2bb5484128ab08a7eb16a807e53794636

20 files changed, 52 insertions, 13 deletions

diff --git a/common/device.te b/common/device.te
index f1997642..362be377 100644
--- a/common/device.te
+++ b/common/device.te
@@ -69,9 +69,6 @@ type efs_boot_dev, dev_type;
 #MBA debug image partition
 type mba_debug_dev, dev_type;
 
-#Misc partition
-type misc_partition, dev_type;
-
 #logdump partition
 type logdump_partition, dev_type;
 
diff --git a/common/file.te b/common/file.te
index 29d6a721..2d31a6d4 100644
--- a/common/file.te
+++ b/common/file.te
@@ -203,3 +203,6 @@ type wififtmd_socket, file_type;
 type persist_alarm_file, file_type;
 
 type persist_time_file, file_type;
+
+# kgsl file type for sysfs access
+type sysfs_kgsl, sysfs_type, fs_type;
diff --git a/common/file_contexts b/common/file_contexts
index d27f2981..54d1c0e4 100644
--- a/common/file_contexts
+++ b/common/file_contexts
@@ -351,6 +351,7 @@
 /persist/drm(/.*)?                                                  u:object_r:persist_drm_file:s0
 /persist/sensors(/.*)?                                              u:object_r:sensors_persist_file:s0
 /persist/alarm(/.*)?                                                u:object_r:persist_alarm_file:s0
+/persist/time(/.*)?                                                 u:object_r:persist_time_file:s0
 /persist/data(/.*)?                                                 u:object_r:persist_drm_file:s0
 /persist/data/tz(/.*)?                                              u:object_r:persist_drm_file:s0
 /persist/data/sfs(/.*)?                                             u:object_r:persist_drm_file:s0
diff --git a/common/init.te b/common/init.te
index 02d804cd..6cde24b0 100644
--- a/common/init.te
+++ b/common/init.te
@@ -27,3 +27,7 @@ allow init { domain -lmkd }:process noatsecure;
 allow init configfs:dir r_dir_perms;
 allow init configfs:file { rw_file_perms link };
 allow init configfs:lnk_file create_file_perms;
+
+#Allow init to mount non-hlos partitions in A/B builds
+allow init firmware_file:dir { mounton };
+allow init bt_firmware_file:dir { mounton };
diff --git a/common/init_shell.te b/common/init_shell.te
index bc88f3b1..487caf05 100644
--- a/common/init_shell.te
+++ b/common/init_shell.te
@@ -116,7 +116,8 @@ allow qti_init_shell {
 
 r_dir_file(qti_init_shell, sysfs_thermal)
 allow qti_init_shell sysfs_socinfo:file write;
-
+allow qti_init_shell sysfs:{ dir file lnk_file } relabelfrom;
+allow qti_init_shell sysfs_devices_system_cpu: { dir file lnk_file } relabelto;
 # Check if /dev/sensors or /dev/msm_dsps present
 allow qti_init_shell sensors_data_file:dir r_dir_perms;
 allow qti_init_shell sensors_device:chr_file r_file_perms;
@@ -188,3 +189,6 @@ allow qti_init_shell persist_alarm_file:file r_file_perms;
 #Allow /sys access to write zram disksize
 allow qti_init_shell sysfs_zram:dir r_dir_perms;
 allow qti_init_shell sysfs_zram:file w_file_perms;
+
+# To get GPU frequencies
+allow qti_init_shell sysfs_kgsl:file r_file_perms;
diff --git a/common/location.te b/common/location.te
index 393bae60..a72adc11 100644
--- a/common/location.te
+++ b/common/location.te
@@ -41,7 +41,11 @@ allow location sensors_persist_file:dir r_dir_perms;
 allow location sensors_persist_file:file r_file_perms;
 
 #wifi
-allow location wifi_data_file:dir r_dir_perms;
+userdebug_or_eng(`
+allow location wifi_data_file:dir create_dir_perms;
+allow location wifi_data_file:sock_file create_file_perms;
+allow location su:unix_dgram_socket sendto;
+')
 unix_socket_send(wpa, location, location)
 allow location wpa:unix_dgram_socket sendto;
 allow location wpa_socket:dir rw_dir_perms;
diff --git a/common/mmi.te b/common/mmi.te
index 56b2be94..92e1ebcd 100755
--- a/common/mmi.te
+++ b/common/mmi.te
@@ -36,9 +36,6 @@ allow mmi persist_file:dir r_dir_perms;
 allow mmi sensors_persist_file:dir create_dir_perms;
 allow mmi sensors_persist_file:file create_file_perms;
 
-#allow mmi operation on MISC partition
-allow mmi misc_partition:blk_file w_file_perms;
-
 #wifi case
 allow mmi system_file:file x_file_perms;
 allow mmi wpa_exec:file rx_file_perms;
diff --git a/common/platform_app.te b/common/platform_app.te
index bc558e90..0dd94ddc 100644
--- a/common/platform_app.te
+++ b/common/platform_app.te
@@ -10,7 +10,7 @@ binder_call(platform_app, secotad)
 
 # Allow platform apps to interact with imscm daemon
 binder_call(platform_app, imscm)
-
+allow platform_app imscm_service:service_manager find;
 allow platform_app color_service:service_manager find;
 
 # Allow NFC service to be found
diff --git a/common/property_contexts b/common/property_contexts
index ea5bbda5..bb4720d9 100755
--- a/common/property_contexts
+++ b/common/property_contexts
@@ -46,6 +46,7 @@ ctl.ipacm-diag             u:object_r:ipacm-diag_prop:s0
 ctl.qti                    u:object_r:qti_prop:s0
 ctl.sensors                u:object_r:sensors_prop:s0
 ctl.msm_irqbalance         u:object_r:msm_irqbalance_prop:s0
+ctl.msm_irqbal_lb          u:object_r:msm_irqbalance_prop:s0
 camera.                    u:object_r:camera_prop:s0
 persist.camera.            u:object_r:camera_prop:s0
 spcomlib.                    u:object_r:spcomlib_prop:s0
@@ -84,3 +85,5 @@ ro.hwui.texture_cache_size u:object_r:hwui_prop:s0
 persist.graphics.vulkan.disable     u:object_r:graphics_vulkan_prop:s0
 #boot mode property
 sys.boot_mode              u:object_r:boot_mode_prop:s0
+# GPU
+ro.gpu.available_frequencies u:object_r:freq_prop:s0
diff --git a/common/qcomsysd.te b/common/qcomsysd.te
index 2dbd2cbc..c1257cb8 100644
--- a/common/qcomsysd.te
+++ b/common/qcomsysd.te
@@ -10,7 +10,6 @@ allow qcomsysd smem_log_device:chr_file rw_file_perms;
 #Needed to read/write cookies to the misc partition
 allow qcomsysd block_device:dir r_dir_perms;
 allow qcomsysd {
-    misc_partition
     #Needed to access the bootselect partition
     bootselect_device
 }:blk_file rw_file_perms;
diff --git a/common/rfs_access.te b/common/rfs_access.te
index 69c14e65..318fffc1 100644
--- a/common/rfs_access.te
+++ b/common/rfs_access.te
@@ -53,6 +53,7 @@ allow rfs_access self:capability {
     setuid
     setgid
     setpcap
+    net_bind_service
     net_raw
 };
 
@@ -62,6 +63,9 @@ allow rfs_access self:capability {
 
 allow rfs_access self:capability { dac_read_search chown dac_override };
 
+#For access to the kmsg device
+allow rfs_access kmsg_device:chr_file w_file_perms;
+
 #Prevent other domains from accessing RFS data files.
 neverallow { domain -rfs_access -kernel -recovery -init userdebug_or_eng(`-su') -qti_init_shell } rfs_file:dir create_dir_perms;
 neverallow { domain -rfs_access -kernel -recovery -init userdebug_or_eng(`-su') -qti_init_shell } rfs_file:file create_file_perms;
diff --git a/common/rmt_storage.te b/common/rmt_storage.te
index 6b43ae07..f043becc 100644
--- a/common/rmt_storage.te
+++ b/common/rmt_storage.te
@@ -18,6 +18,7 @@ allow rmt_storage self:capability {
     setgid
     sys_admin
     dac_override
+    net_bind_service
     net_raw
     setpcap
 };
@@ -32,6 +33,9 @@ wakelock_use(rmt_storage)
 allow rmt_storage self:socket create_socket_perms;
 allow rmt_storage uio_device:chr_file rw_file_perms;
 
+#For access to the kmsg device
+allow rmt_storage kmsg_device:chr_file w_file_perms;
+
 #debugfs access
 userdebug_or_eng(`
 typeattribute rmt_storage qti_debugfs_domain;
diff --git a/common/system_app.te b/common/system_app.te
index 255e5664..01d999af 100644
--- a/common/system_app.te
+++ b/common/system_app.te
@@ -100,6 +100,7 @@ binder_call(system_app, secotad)
 
 # allow system_app to interact with imscm daemon
 binder_call(system_app, imscm)
+allow system_app imscm_service:service_manager find;
 
 # access to seemp folder
 allow system_app seemp_file:dir r_dir_perms;
diff --git a/common/untrusted_app.te b/common/untrusted_app.te
index c2b75d54..8f6d10b7 100644
--- a/common/untrusted_app.te
+++ b/common/untrusted_app.te
@@ -9,6 +9,7 @@ neverallow untrusted_app diag_device:chr_file rw_file_perms;
 # using binder call
 userdebug_or_eng(`
   binder_call(untrusted_app, imscm)
+  allow untrusted_app imscm_service:service_manager find;
 ')
 
 # for finding wbc_service
diff --git a/common/vold.te b/common/vold.te
index 08476cf3..48411ebf 100755
--- a/common/vold.te
+++ b/common/vold.te
@@ -2,6 +2,11 @@ allow vold tee_device:chr_file rw_file_perms;
 allow vold self:capability sys_boot;
 allow vold cache_file:dir w_dir_perms;
 allow vold { fscklogs cache_file }:file create_file_perms;
+
+# Read and write /cache/recovery/command
+allow vold cache_recovery_file:dir rw_dir_perms;
+allow vold cache_recovery_file:file create_file_perms;
+
 allow vold { proc_sysrq proc_dirty_ratio }:file rw_file_perms;
 wakelock_use(vold)
 allow vold swap_block_device:blk_file r_file_perms;
diff --git a/msm8952/mediaserver.te b/msm8952/mediaserver.te
index 0f88a051..5bd54323 100644
--- a/msm8952/mediaserver.te
+++ b/msm8952/mediaserver.te
@@ -27,3 +27,6 @@
 
 # allow mediaserver to access media.msm8956hw
 allow mediaserver media_msm8956hw_prop:file r_file_perms;
+allow mediaserver media_settings_xml_prop:file r_file_perms;
+allow mediaserver seempd:unix_dgram_socket sendto;
+allow mediaserver seempdw_socket:sock_file write;
diff --git a/msm8952/property.te b/msm8952/property.te
index 9b93f862..2cfa17e8 100644
--- a/msm8952/property.te
+++ b/msm8952/property.te
@@ -27,5 +27,5 @@
 
 #properites for init.qcom.sh script
 type media_msm8956hw_prop, property_type;
-type media_settings_xml_prop, property_type;
+type media_settings_xml_prop, property_type, core_property_type;
 type media_msm8956_version_prop, property_type;
diff --git a/msm8996/file_contexts b/msm8996/file_contexts
index 02618e09..6c3e83bd 100644
--- a/msm8996/file_contexts
+++ b/msm8996/file_contexts
@@ -96,6 +96,8 @@
 #
 /sys/devices/virtual/graphics/fb([0-2])+/lineptr_value                          u:object_r:sysfs_graphics:s0
 
+/sys/devices/soc/b00000.qcom,kgsl-3d0/kgsl/kgsl-3d0/gpu_available_frequencies   u:object_r:sysfs_kgsl:s0
+
 ###################################
 # data files
 #
diff --git a/msmcobalt/file_contexts b/msmcobalt/file_contexts
index 0a29e092..46ad29a2 100644
--- a/msmcobalt/file_contexts
+++ b/msmcobalt/file_contexts
@@ -37,7 +37,7 @@
 /dev/block/platform/soc/1da4000.ufshc/by-name/modemst1                           u:object_r:modem_efs_partition_device:s0
 /dev/block/platform/soc/1da4000.ufshc/by-name/modemst2                           u:object_r:modem_efs_partition_device:s0
 /dev/block/platform/soc/1da4000.ufshc/by-name/ssd                                u:object_r:ssd_device:s0
-/dev/block/platform/soc/1da4000.ufshc/by-name/misc                               u:object_r:misc_partition:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/misc                               u:object_r:misc_block_device:s0
 /dev/block/platform/soc/1da4000.ufshc/by-name/rpm                                u:object_r:rpmb_device:s0
 /dev/block/platform/soc/1da4000.ufshc/by-name/msadp                              u:object_r:mba_debug_dev:s0
 /dev/block/platform/soc/1da4000.ufshc/by-name/recovery                           u:object_r:recovery_block_device:s0
@@ -55,3 +55,8 @@
 # data files
 #
 /data/misc/qvop(/.*)?      u:object_r:qvop_data_file:s0
+
+##################################
+# non-hlos mount points
+/firmware                  u:object_r:firmware_file:s0
+/bt_firmware               u:object_r:bt_firmware_file:s0
diff --git a/msmcobalt/qvop.te b/msmcobalt/qvop.te
index 47b61b31..ce69fa4d 100644
--- a/msmcobalt/qvop.te
+++ b/msmcobalt/qvop.te
@@ -41,4 +41,6 @@ allow qvop iqvop_service:service_manager add;
 binder_use(qvop)
 
 allow qvop tee_device:chr_file rw_file_perms;
-r_dir_file(qvop, firmware_file)
\ No newline at end of file
+r_dir_file(qvop, firmware_file)
+
+allow qvop ion_device:chr_file r_file_perms;
\ No newline at end of file