Merge tag 'LA.UM.11.2.1.r1-04100-sdm660.0' into staging/lineage-20.0_merge-LA.UM.11.2.1.r1-04100-sdm660.0

"LA.UM.11.2.1.r1-04100-sdm660.0"

* tag 'LA.UM.11.2.1.r1-04100-sdm660.0':
  sepolicy: Compilation fix for newer upgrade.
  sepolicy: Add sepolicy rules for TZAS
  sepolicy: using SYSTEM_EXT_<PUBLIC/PRIVATE>_SEPOLICY_DIRS variable
  sepolicy: Add policy for atfwd client
  sepolicy: Add sepolicy for AtCmdFwd app

 Conflicts:
	SEPolicy.mk

Change-Id: I3743693bab62bcacd4862b40fe3a51e8131ca66a
diff --git a/generic/private/qtelephony.te b/generic/private/qtelephony.te
index b838cc2..1ba8237 100644
--- a/generic/private/qtelephony.te
+++ b/generic/private/qtelephony.te
@@ -32,7 +32,6 @@
 
 hwbinder_use(vendor_qtelephony);
 get_prop(vendor_qtelephony, hwservicemanager_prop);
-add_hwservice(vendor_qtelephony, vendor_hal_atfwd_hwservice);
 
 userdebug_or_eng(`
     hal_client_domain( vendor_qtelephony, vendor_hal_diaghal)
diff --git a/generic/private/radio.te b/generic/private/radio.te
index 9f6cb84..cd164b5 100644
--- a/generic/private/radio.te
+++ b/generic/private/radio.te
@@ -27,3 +27,4 @@
 
 hwbinder_use(radio)
 allow radio mediaextractor_service:service_manager find;
+add_hwservice(radio, vendor_hal_atfwd_hwservice);
diff --git a/generic/private/seapp_contexts b/generic/private/seapp_contexts
index 43bb51e..bb18965 100644
--- a/generic/private/seapp_contexts
+++ b/generic/private/seapp_contexts
@@ -30,7 +30,7 @@
 user=radio seinfo=platform name=.dataservices domain=vendor_dataservice_app type=radio_data_file
 
 # AtFwd app
-user=_app seinfo=platform name=com.qualcomm.telephony domain=vendor_qtelephony type=app_data_file levelFrom=all
+user=_app seinfo=platform name=com.qualcomm.telephony domain=radio_service type=app_data_file levelFrom=all
 
 #Add new domain for ims app
 user=_app seinfo=platform name=org.codeaurora.ims isPrivApp=true domain=vendor_qtelephony type=app_data_file levelFrom=all
diff --git a/generic/private/service_contexts b/generic/private/service_contexts
index 365d35f..853ae6b 100644
--- a/generic/private/service_contexts
+++ b/generic/private/service_contexts
@@ -26,3 +26,4 @@
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 cneservice                                           u:object_r:vendor_cne_service:s0
 com.qualcomm.qti.ustaservice.USTAServiceImpl         u:object_r:vendor_usta_app_service:s0
+vendor.qti.hardware.radio.atcmdfwd.IAtCmdFwd/AtCmdFwdAidl u:object_r:radio_service:s0
diff --git a/legacy/vendor/common/atfwd.te b/legacy/vendor/common/atfwd.te
index a937b3c..d2d735b 100644
--- a/legacy/vendor/common/atfwd.te
+++ b/legacy/vendor/common/atfwd.te
@@ -35,6 +35,8 @@
 
 binder_call(atfwd, system_app);
 
+binder_call(atfwd, radio)
+
 r_dir_file(atfwd, sysfs_data);
 
 set_prop(atfwd, vendor_radio_prop)
diff --git a/legacy/vendor/common/bluetooth.te b/legacy/vendor/common/bluetooth.te
index 60a7da3..d8c328a 100644
--- a/legacy/vendor/common/bluetooth.te
+++ b/legacy/vendor/common/bluetooth.te
@@ -49,7 +49,7 @@
     serial_device
     #BT needes read and write on smd device node
     smd_device
-    bt_device
+    vendor_bt_device
 }:chr_file rw_file_perms;
 
 
diff --git a/legacy/vendor/common/device.te b/legacy/vendor/common/device.te
index c0fbe99..168e81e 100644
--- a/legacy/vendor/common/device.te
+++ b/legacy/vendor/common/device.te
@@ -163,7 +163,7 @@
 type at_device, dev_type;
 
 #define Bluetooth device
-type bt_device, dev_type;
+type vendor_bt_device, dev_type;
 
 #define Wlan device
 type wlan_device, dev_type;
diff --git a/legacy/vendor/common/file_contexts b/legacy/vendor/common/file_contexts
index 276cd1f..e0d3bb8 100644
--- a/legacy/vendor/common/file_contexts
+++ b/legacy/vendor/common/file_contexts
@@ -54,7 +54,7 @@
 /dev/spdaemon_ssr                               u:object_r:spdaemon_ssr_device:s0
 /dev/qsee_ipc_irq_spss                          u:object_r:qsee_ipc_irq_spss_device:s0
 /dev/radio0                                     u:object_r:fm_radio_device:s0
-/dev/btpower                                    u:object_r:bt_device:s0
+/dev/btpower                                    u:object_r:vendor_bt_device:s0
 /dev/rtc0                                       u:object_r:rtc_device:s0
 /dev/sdsprpc-smd                                u:object_r:dsp_device:s0
 /dev/sensors                                    u:object_r:sensors_device:s0
diff --git a/legacy/vendor/common/hal_bluetooth_qti.te b/legacy/vendor/common/hal_bluetooth_qti.te
index 5b4e4aa..9c15992 100644
--- a/legacy/vendor/common/hal_bluetooth_qti.te
+++ b/legacy/vendor/common/hal_bluetooth_qti.te
@@ -55,7 +55,7 @@
 #bt power node access
 allow hal_bluetooth {
     smd_device
-    bt_device
+    vendor_bt_device
 }:chr_file rw_file_perms;
 
 #diag access
diff --git a/legacy/vendor/common/seapp_contexts b/legacy/vendor/common/seapp_contexts
index f665eb4..6cbb4dd 100644
--- a/legacy/vendor/common/seapp_contexts
+++ b/legacy/vendor/common/seapp_contexts
@@ -67,3 +67,6 @@
 
 #allow embms msdc app to access embmssl hal
 user=_app seinfo=platform name=com.qti.ltebc domain=vendor_embmssl_app type=app_data_file levelFrom=all
+
+#Add new domain for trustzone access app
+user=_app seinfo=platform name=com.qualcomm.qti.qms.service.trustzoneaccess domain=vendor_tzas_app type=app_data_file levelfrom=all
diff --git a/legacy/vendor/common/system_server.te b/legacy/vendor/common/system_server.te
index dc43c86..a08d0d5 100644
--- a/legacy/vendor/common/system_server.te
+++ b/legacy/vendor/common/system_server.te
@@ -86,7 +86,7 @@
     serial_device
     smd_device
     #allow access to power control ANT chip
-    bt_device
+    vendor_bt_device
 }:chr_file rw_file_perms;
 
 hal_client_domain(system_server, hal_dataconnection_qti)
diff --git a/legacy/vendor/common/tzas_app.te b/legacy/vendor/common/tzas_app.te
new file mode 100644
index 0000000..1e6c784
--- /dev/null
+++ b/legacy/vendor/common/tzas_app.te
@@ -0,0 +1,14 @@
+# Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+type vendor_tzas_app, domain;
+
+app_domain(vendor_tzas_app)
+net_domain(vendor_tzas_app)
+
+unix_socket_connect(vendor_tzas_app, ssgtzd, ssgtzd)
+
+binder_call(vendor_tzas_app,hal_perf_default)
+allow vendor_tzas_app app_api_service:service_manager find;
+allow vendor_tzas_app hal_perf_hwservice:hwservice_manager find;
+