SEPolicy: Adding sdm660 policies
Change-Id: I71b5ec869475846e0c7b8f3ba00f6a018a631a50
diff --git a/SEPolicy.mk b/SEPolicy.mk
index e9ac56f..2c6c2ed 100644
--- a/SEPolicy.mk
+++ b/SEPolicy.mk
@@ -29,7 +29,7 @@
$(SEPOLICY_PATH)/generic/product/private \
$(SEPOLICY_PATH)/qva/product/private
-ifeq (,$(filter sdm845 sdm710 msm8937 msm8953, $(TARGET_BOARD_PLATFORM)))
+ifeq (,$(filter sdm845 sdm710 sdm660 msm8937 msm8953, $(TARGET_BOARD_PLATFORM)))
BOARD_SEPOLICY_DIRS := \
$(BOARD_SEPOLICY_DIRS) \
$(SEPOLICY_PATH) \
@@ -52,7 +52,7 @@
endif
endif
-ifneq (,$(filter sdm845 sdm710 msm8937 msm8953, $(TARGET_BOARD_PLATFORM)))
+ifneq (,$(filter sdm845 sdm710 sdm660 msm8937 msm8953, $(TARGET_BOARD_PLATFORM)))
BOARD_SEPOLICY_DIRS := \
$(BOARD_SEPOLICY_DIRS) \
$(SEPOLICY_PATH) \
diff --git a/legacy/vendor/common/location_app.te b/legacy/vendor/common/location_app.te
index 104c78f..3321905 100644
--- a/legacy/vendor/common/location_app.te
+++ b/legacy/vendor/common/location_app.te
@@ -54,4 +54,4 @@
allowxperm vendor_location_app self:socket ioctl msm_sock_ipc_ioctls;
allow vendor_location_app self:qipcrtr_socket create_socket_perms_no_ioctl;
allow vendor_location_app sysfs_data:file r_file_perms;
-unix_socket_connect(vendor_location_app, vendor_dpmtcm, vendor_dpmd)
\ No newline at end of file
+unix_socket_connect(vendor_location_app, vendor_dpmtcm, vendor_dpmd)
diff --git a/legacy/vendor/sdm660/file_contexts b/legacy/vendor/sdm660/file_contexts
new file mode 100644
index 0000000..1827cac
--- /dev/null
+++ b/legacy/vendor/sdm660/file_contexts
@@ -0,0 +1,155 @@
+# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+###################################
+# Dev block nodes for eMMC
+/dev/block/platform/soc/c0c4000.sdhci/by-name/fsc u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/fsg u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/modemst1 u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/modemst2 u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/ssd u:object_r:ssd_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/misc u:object_r:misc_block_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/rpm u:object_r:rpmb_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/system u:object_r:system_block_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/userdata u:object_r:userdata_block_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/msadp u:object_r:mba_debug_dev:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/dip u:object_r:dip_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/mdtp u:object_r:mdtp_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/boot u:object_r:boot_block_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/recovery u:object_r:recovery_block_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/cache u:object_r:cache_block_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/frp u:object_r:frp_block_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/mdm1m9kefs1 u:object_r:efs_boot_dev:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/mdm1m9kefs2 u:object_r:efs_boot_dev:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/mdm1m9kefs3 u:object_r:efs_boot_dev:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/mdm1m9kefsc u:object_r:efs_boot_dev:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/logdump u:object_r:logdump_partition:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/super u:object_r:super_block_device:s0
+
+
+#for UFS blocks
+/dev/block/platform/soc/1da4000.ufshc/by-name/fsc u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/fsg u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/modemst1 u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/modemst2 u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/ssd u:object_r:ssd_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/misc u:object_r:misc_block_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/rpm u:object_r:rpmb_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/system u:object_r:system_block_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/userdata u:object_r:userdata_block_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/msadp u:object_r:mba_debug_dev:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/dip u:object_r:dip_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/mdtp u:object_r:mdtp_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/boot u:object_r:boot_block_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/recovery u:object_r:recovery_block_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/cache u:object_r:cache_block_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/frp u:object_r:frp_block_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/mdm1m9kefs1 u:object_r:efs_boot_dev:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/mdm1m9kefs2 u:object_r:efs_boot_dev:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/mdm1m9kefs3 u:object_r:efs_boot_dev:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/mdm1m9kefsc u:object_r:efs_boot_dev:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/logdump u:object_r:logdump_partition:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/super u:object_r:super_block_device:s0
+
+#Primary storage device nodes
+/dev/block/mmcblk0rpmb u:object_r:rpmb_device:s0
+/dev/block/mmcblk0 u:object_r:root_block_device:s0
+
+##################################
+# FBE
+/(vendor|system/vendor)/bin/init.qti.qseecomd.sh u:object_r:init-qti-fbe-sh_exec:s0
+
+##################################
+# A/B partitions.
+#EMMC
+/dev/block/platform/soc/c0c4000.sdhci/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/apdp_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/boot_[ab] u:object_r:boot_block_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/cmnlib_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/cmnlib64_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/devcfg_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/mdtp_[ab] u:object_r:mdtp_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/mdtpsecapp_[ab] u:object_r:mdtp_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/hyp_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/keymaster_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/dsp_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/modem_[ab] u:object_r:modem_block_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/bluetooth_[ab] u:object_r:modem_block_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/msadp_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/pmic_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/rpm_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/system_[ab] u:object_r:system_block_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/tz_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/ImageFv_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/vendor_[ab] u:object_r:system_block_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/xbl_[ab] u:object_r:xbl_block_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/recovery_[ab] u:object_r:recovery_block_device:s0
+/dev/block/platform/soc/c0c4000.sdhci/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0
+
+#UFS
+/dev/block/platform/soc/1da4000.ufshc/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/apdp_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/boot_[ab] u:object_r:boot_block_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/cmnlib_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/cmnlib64_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/devcfg_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/mdtp_[ab] u:object_r:mdtp_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/mdtpsecapp_[ab] u:object_r:mdtp_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/hyp_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/keymaster_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/dsp_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/modem_[ab] u:object_r:modem_block_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/bluetooth_[ab] u:object_r:modem_block_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/msadp_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/pmic_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/rpm_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/system_[ab] u:object_r:system_block_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/tz_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/ImageFv_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/vendor_[ab] u:object_r:system_block_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/xbl_[ab] u:object_r:xbl_block_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/recovery_[ab] u:object_r:recovery_block_device:s0
+/dev/block/platform/soc/1da4000.ufshc/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0
+
+# Block device holding the GPT, where the A/B attributes are stored.
+/dev/block/platform/soc/1da4000.ufshc/sd[ade] u:object_r:gpt_block_device:s0
+
+# Block devices for the drive that holds the xbl_a and xbl_b partitions.
+/dev/block/platform/soc/1da4000.ufshc/sd[bc] u:object_r:xbl_block_device:s0
+
+############################################################################################
+#Same hal process libs
+#
+/vendor/lib(64)?/hw/gralloc\.sdm660\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/hw/vulkan\.sdm660\.so u:object_r:same_process_hal_file:s0
+#sysfs
+/sys/devices(/platform)?/soc/caa0000.qcom,jpeg/video4linux/video[0-33]/name(/.*)? u:object_r:sysfs_jpeg:s0
+/sys/devices(/platform)?/soc/ca00000.qcom,msm-cam/video4linux/video[0-33]/name(/.*)? u:object_r:sysfs_jpeg:s0
diff --git a/legacy/vendor/sdm660/genfs_contexts b/legacy/vendor/sdm660/genfs_contexts
new file mode 100644
index 0000000..8ac1dad
--- /dev/null
+++ b/legacy/vendor/sdm660/genfs_contexts
@@ -0,0 +1,92 @@
+# Copyright (c) 2018, 2020, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+###################################
+
+#secure touch sysfs node
+genfscon sysfs /devices/soc/c178000.i2c/i2c-4/4-0020 u:object_r:sysfs_sectouch:s0
+
+genfscon sysfs /devices/soc/cce0000.qcom,venus/subsys0/name u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/soc/1a300000.qcom,turing/subsys3/name u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/soc/4080000.qcom,mss/subsys4/name u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/soc/soc:qcom,kgsl-hyp/subsys1/name u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/soc/15700000.qcom,lpass/subsys2/name u:object_r:sysfs_ssr:s0
+
+#SSR nodes for sdm660 with kernel 4.14 has different path
+genfscon sysfs /devices/platform/soc/4080000.qcom,mss/subsys0/name u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/platform/soc/cce0000.qcom,venus/subsys1/name u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/platform/soc/15700000.qcom,lpass/subsys2/name u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/platform/soc/1a300000.qcom,turing/subsys3/name u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,kgsl-hyp/subsys4/name u:object_r:sysfs_ssr:s0
+genfscon sysfs /bus/msm_subsys u:object_r:sysfs_ssr:s0
+
+#for sdm630
+genfscon sysfs /devices/soc/4080000.qcom,mss/subsys3/name u:object_r:sysfs_ssr:s0
+
+#sdm660
+genfscon sysfs /devices/soc/cce0000.qcom,venus/subsys1/name u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/soc/4080000.qcom,mss/subsys0/name u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/soc/soc:qcom,kgsl-hyp/subsys4/name u:object_r:sysfs_ssr:s0
+
+#pmic sysfs_nodes
+genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,qpnp-smb2/power_supply/battery u:object_r:sysfs_battery_supply:s0
+genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,qpnp-smb2/power_supply/dc u:object_r:sysfs_battery_supply:s0
+genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,qpnp-smb2/power_supply/main u:object_r:sysfs_battery_supply:s0
+genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,qpnp-smb2/power_supply/pc_port u:object_r:sysfs_usb_supply:s0
+genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,qpnp-smb2/power_supply/usb u:object_r:sysfs_usb_supply:s0
+genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qpnp,fg/power_supply/bms u:object_r:sysfs_battery_supply:s0
+genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,usb-pdphy@1700/usbpd/usbpd0 u:object_r:sysfs_usbpd_device:s0
+genfscon sysfs /devices/soc/c176000.i2c/i2c-2/2-001d/power_supply/parallel u:object_r:sysfs_battery_supply:s0
+genfscon sysfs /class/qcom-battery u:object_r:sysfs_battery_supply:s0
+genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds/red u:object_r:sysfs_graphics:s0
+genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds/green u:object_r:sysfs_graphics:s0
+genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds/blue u:object_r:sysfs_graphics:s0
+genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d300/leds u:object_r:sysfs_leds:s0
+genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d800/leds/wled u:object_r:sysfs_leds:s0
+
+#pmic sysfs nodes for sdm660 with kernel 4.14 have different paths
+genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,qpnp-smb2/power_supply/battery u:object_r:sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,qpnp-smb2/power_supply/dc u:object_r:sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,qpnp-smb2/power_supply/main u:object_r:sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,qpnp-smb2/power_supply/pc_port u:object_r:sysfs_usb_supply:s0
+genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,qpnp-smb2/power_supply/usb u:object_r:sysfs_usb_supply:s0
+genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qpnp,fg/power_supply/bms u:object_r:sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,usb-pdphy@1700/usbpd/usbpd0 u:object_r:sysfs_usbpd_device:s0
+genfscon sysfs /devices/platform/soc/c176000.i2c/i2c-2/2-001d/power_supply/parallel u:object_r:sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds/red u:object_r:sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds/green u:object_r:sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds/blue u:object_r:sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d300/leds u:object_r:sysfs_leds:s0
+
+#cpu-ddr devfreq nodes for K4.14
+genfscon sysfs /devices/platform/soc/soc:qcom,cpu-cpu-ddr-bw/devfreq u:object_r:sysfs_devfreq:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,cpu0-cpu-ddr-lat/devfreq u:object_r:sysfs_devfreq:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,cpu4-cpu-ddr-lat/devfreq u:object_r:sysfs_devfreq:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,cpu0-cpu-ddr-latfloor/devfreq u:object_r:sysfs_devfreq:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,cpu4-cpu-ddr-latfloor/devfreq u:object_r:sysfs_devfreq:s0
+
+#net sysfs
+genfscon sysfs /devices/platform/soc/18800000.qcom,icnss/net u:object_r:sysfs_net:s0
diff --git a/legacy/vendor/sdm660/idmap.te b/legacy/vendor/sdm660/idmap.te
new file mode 100755
index 0000000..5a17b25
--- /dev/null
+++ b/legacy/vendor/sdm660/idmap.te
@@ -0,0 +1,29 @@
+# Copyright (c) 2016, 2018 The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#for oemfs
+r_dir_file(idmap, oemfs);
diff --git a/legacy/vendor/sdm660/init-qti-fbe-sh.te b/legacy/vendor/sdm660/init-qti-fbe-sh.te
new file mode 100644
index 0000000..702223e
--- /dev/null
+++ b/legacy/vendor/sdm660/init-qti-fbe-sh.te
@@ -0,0 +1,37 @@
+# Copyright (c) 2016,2017 The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type init-qti-fbe-sh, domain;
+type init-qti-fbe-sh_exec, exec_type, file_type, vendor_file_type;
+
+init_daemon_domain(init-qti-fbe-sh)
+
+allow init-qti-fbe-sh vendor_shell_exec:file rx_file_perms;
+
+# execute toybox/toolbox
+allow init-qti-fbe-sh vendor_toolbox_exec:file rx_file_perms;
+get_prop(init-qti-fbe-sh, vendor_tee_listener_prop)
diff --git a/legacy/vendor/sdm660/init_shell.te b/legacy/vendor/sdm660/init_shell.te
new file mode 100644
index 0000000..9f2b95c
--- /dev/null
+++ b/legacy/vendor/sdm660/init_shell.te
@@ -0,0 +1,33 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# For regionalization
+allow qti_init_shell regionalization_file:dir r_dir_perms;
+allow qti_init_shell regionalization_file:file create_file_perms;
+
+#Needed for starting cdsprpcd service post-boot
+set_prop(qti_init_shell, vendor_cdsprpcd_prop)
diff --git a/legacy/vendor/sdm660/platform_app.te b/legacy/vendor/sdm660/platform_app.te
new file mode 100755
index 0000000..bc02a19
--- /dev/null
+++ b/legacy/vendor/sdm660/platform_app.te
@@ -0,0 +1,29 @@
+# Copyright (c) 2016, 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#for oemfs
+allow platform_app oemfs:lnk_file { read getattr };
diff --git a/legacy/vendor/sdm660/priv_app.te b/legacy/vendor/sdm660/priv_app.te
new file mode 100755
index 0000000..203ed54
--- /dev/null
+++ b/legacy/vendor/sdm660/priv_app.te
@@ -0,0 +1,29 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#for oemfs
+allow priv_app oemfs:lnk_file { read getattr };
diff --git a/legacy/vendor/sdm660/property.te b/legacy/vendor/sdm660/property.te
new file mode 100644
index 0000000..663dd2d
--- /dev/null
+++ b/legacy/vendor/sdm660/property.te
@@ -0,0 +1,29 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#properites for init.qcom.sh script
+type vendor_cdsprpcd_prop, property_type;
\ No newline at end of file
diff --git a/legacy/vendor/sdm660/property_contexts b/legacy/vendor/sdm660/property_contexts
new file mode 100644
index 0000000..5f846af
--- /dev/null
+++ b/legacy/vendor/sdm660/property_contexts
@@ -0,0 +1,28 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+ctl.vendor.cdsprpcd u:object_r:vendor_cdsprpcd_prop:s0
diff --git a/legacy/vendor/sdm660/recovery.te b/legacy/vendor/sdm660/recovery.te
new file mode 100644
index 0000000..4f75bc4
--- /dev/null
+++ b/legacy/vendor/sdm660/recovery.te
@@ -0,0 +1,30 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+recovery_only(`
+ allow recovery vendor_shell_exec:file x_file_perms;
+')
diff --git a/legacy/vendor/sdm660/system_server.te b/legacy/vendor/sdm660/system_server.te
new file mode 100755
index 0000000..d2cb28e
--- /dev/null
+++ b/legacy/vendor/sdm660/system_server.te
@@ -0,0 +1,29 @@
+# Copyright (c) 2016, 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+allow system_server resourcecache_data_file:dir create_dir_perms;
+allow system_server resourcecache_data_file:file create_file_perms;
diff --git a/legacy/vendor/sdm660/update_engine_common.te b/legacy/vendor/sdm660/update_engine_common.te
new file mode 100644
index 0000000..f54049f
--- /dev/null
+++ b/legacy/vendor/sdm660/update_engine_common.te
@@ -0,0 +1,40 @@
+# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# Allow update_engine and update_engine_sideload (recovery) read/write on the
+# device-specific partitions it should update.
+allow update_engine_common {
+ custom_ab_block_device
+ xbl_block_device
+ ssd_device
+ modem_block_device
+ root_block_device
+ system_block_device
+ boot_block_device
+ mdtp_device
+}:blk_file rw_file_perms;
+
diff --git a/legacy/vendor/sdm660/zygote.te b/legacy/vendor/sdm660/zygote.te
new file mode 100644
index 0000000..dbffa1e
--- /dev/null
+++ b/legacy/vendor/sdm660/zygote.te
@@ -0,0 +1,30 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# For regionalization
+allow zygote oemfs:dir r_dir_perms;
+allow zygote oemfs:file r_file_perms;