Merge 5207f749c4820bb8df8aca13fa9f7c6619146eff on remote branch
Change-Id: I09b5099e114c2765b525dbc8674085569aa746a7
diff --git a/generic/private/qcc_app.te b/generic/private/qcc_app.te
index b1674dd..ffab64d 100644
--- a/generic/private/qcc_app.te
+++ b/generic/private/qcc_app.te
@@ -25,12 +25,13 @@
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-typeattribute vendor_qcc_app mlstrustedsubject;
app_domain(vendor_qcc_app)
net_domain(vendor_qcc_app)
binder_use(vendor_qcc_app)
+hal_client_domain(vendor_qcc_app, vendor_qccsyshal);
+
allow vendor_qcc_app radio_service:service_manager find;
# for vendor_perf_service
allow vendor_qcc_app app_api_service:service_manager find;
@@ -44,10 +45,10 @@
# allow access to mediadrmserver for qdmastats/wvstats
allow vendor_qcc_app mediadrmserver_service:service_manager find;
-# allow vendor_qcc_app to access system_app_data_file
-# necessary for read and write /data/user_de/0/com.---.qti.qdma subdirectory.
-allow vendor_qcc_app system_app_data_file:dir create_dir_perms;
-allow vendor_qcc_app system_app_data_file:file create_file_perms;
+# allow vendor_qcc_app to access app_data_file
+# necessary for read and write /data/user_de/0/ subdirectory.
+allow vendor_qcc_app app_data_file:dir create_dir_perms;
+allow vendor_qcc_app app_data_file:file create_file_perms;
# allow cgroup access
allow vendor_qcc_app cgroup:file rw_file_perms;
diff --git a/generic/vendor/sdm660_64/hal_gnss_qti.te b/generic/vendor/sdm660_64/hal_gnss_qti.te
index 388dbab..b85704e 100644
--- a/generic/vendor/sdm660_64/hal_gnss_qti.te
+++ b/generic/vendor/sdm660_64/hal_gnss_qti.te
@@ -6,4 +6,5 @@
#Allow Gnss HAL to access ril socket
allow vendor_hal_gnss_qti vendor_rild_socket:dir search;
unix_socket_connect(vendor_hal_gnss_qti, vendor_rild, rild)
-
+# allows Gnss HAL to access ssgtzd socket
+unix_socket_connect(vendor_hal_gnss_qti, vendor_ssgtzd, vendor_ssgtzd)
diff --git a/legacy/vendor/common/location_app.te b/legacy/vendor/common/location_app.te
index 3321905..d3c6594 100644
--- a/legacy/vendor/common/location_app.te
+++ b/legacy/vendor/common/location_app.te
@@ -55,3 +55,4 @@
allow vendor_location_app self:qipcrtr_socket create_socket_perms_no_ioctl;
allow vendor_location_app sysfs_data:file r_file_perms;
unix_socket_connect(vendor_location_app, vendor_dpmtcm, vendor_dpmd)
+dontaudit vendor_location_app default_prop:file {read};
diff --git a/legacy/vendor/common/vendor_init.te b/legacy/vendor/common/vendor_init.te
index efdcfda..1f8b8dc 100644
--- a/legacy/vendor/common/vendor_init.te
+++ b/legacy/vendor/common/vendor_init.te
@@ -125,3 +125,4 @@
allow vendor_init tee_device:chr_file getattr;
allow vendor_init block_device:lnk_file setattr;
+dontaudit vendor_init vendor_fm_prop:property_service set;
diff --git a/qva/private/file.te b/qva/private/file.te
index fb8f9a6..9ed43ca 100644
--- a/qva/private/file.te
+++ b/qva/private/file.te
@@ -34,5 +34,5 @@
type vendor_qvrd_hvx_socket, file_type, coredomain_socket;
type vendor_sys_sxrd_data_file, file_type, data_file_type, core_data_file_type;
type vendor_sys_sxrd_socket, file_type, mlstrustedobject, coredomain_socket;
-type vendor_qcc_data_file, file_type, data_file_type, core_data_file_type;
+type vendor_qcc_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
type vendor_qcc_app_socket, file_type, mlstrustedobject, coredomain_socket;
diff --git a/qva/private/file_contexts b/qva/private/file_contexts
index e0cffa1..650acaf 100644
--- a/qva/private/file_contexts
+++ b/qva/private/file_contexts
@@ -38,7 +38,7 @@
/dev/socket/qvrservice_camera u:object_r:vendor_qvrd_socket:s0
/dev/socket/qvrservice_hvx_camera u:object_r:vendor_qvrd_hvx_socket:s0
/dev/socket/sxrservice u:object_r:vendor_sys_sxrd_socket:s0
-/dev/socket/qdma_app(/.*)? u:object_r:vendor_qcc_app_socket:s0
+/dev/socket/(qcc_app|qdma_app)(/.*)? u:object_r:vendor_qcc_app_socket:s0
####### system file ###############
/system/bin/seempd u:object_r:vendor_seempd_exec:s0
@@ -65,4 +65,4 @@
/data/misc/qvr(/.*)? u:object_r:vendor_qvrd_data_file:s0
/data/misc/sxr(/.*)? u:object_r:vendor_sys_sxrd_data_file:s0
/data/nfc(/.*)? u:object_r:nfc_data_file:s0
-/data/misc/qdma(/.*)? u:object_r:vendor_qcc_data_file:s0
+/data/misc/(qcc|qdma)(/.*)? u:object_r:vendor_qcc_data_file:s0
diff --git a/qva/private/seapp_contexts b/qva/private/seapp_contexts
index 19d2ca0..7245b43 100644
--- a/qva/private/seapp_contexts
+++ b/qva/private/seapp_contexts
@@ -31,7 +31,7 @@
user=_app seinfo=platform name=com.qualcomm.qti.ssmeditor domain=vendor_qconfig_app type=app_data_file levelfrom=all
#Add new domain for QCC
-user=system seinfo=platform name=com.qti.qcc isPrivApp=true domain=vendor_qcc_app type=system_app_data_file
+user=_app seinfo=platform name=com.qti.qcc domain=vendor_qcc_app type=app_data_file levelFrom=all
#Add new domain for QCCLMTP
user=system seinfo=platform name=com.qualcomm.qti.qcclmtp isPrivApp=true domain=vendor_qcc_lmtp_app type=system_app_data_file
#Add new domain for QCC-Utils