Merge "eSE: Added weaver service name for ST54x"
diff --git a/generic/vendor/crow/poweroptservice.te b/generic/vendor/crow/poweroptservice.te
index a71d8df..94e7b72 100644
--- a/generic/vendor/crow/poweroptservice.te
+++ b/generic/vendor/crow/poweroptservice.te
@@ -66,6 +66,7 @@
allow vendor_hal_poweroptservice_qti vendor_pm_data_file:file create_file_perms;
allow vendor_hal_poweroptservice_qti cgroup:file r_file_perms;
allow vendor_hal_poweroptservice_qti proc:file r_file_perms;
+allow vendor_hal_poweroptservice_qti proc_stat:file r_file_perms;
allow vendor_hal_poweroptservice_qti {appdomain}:process getpgid;
r_dir_file(vendor_hal_poweroptservice_qti, appdomain);
r_dir_file(vendor_hal_poweroptservice_qti, vendor_sysfs_battery_supply);
diff --git a/qva/vendor/crow/recovery.te b/qva/vendor/crow/recovery.te
new file mode 100644
index 0000000..b92bfbb
--- /dev/null
+++ b/qva/vendor/crow/recovery.te
@@ -0,0 +1,6 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+#============= recovery ==============
+set_prop(recovery, boottime_prop)
+allow recovery vendor_sysfs_scsi_host:dir search;
diff --git a/qva/vendor/kona/device.te b/qva/vendor/kona/device.te
index 37496fb..224830f 100644
--- a/qva/vendor/kona/device.te
+++ b/qva/vendor/kona/device.te
@@ -9,3 +9,6 @@
#define msm_lsm char device
type vendor_msm_lsm_cdev_device, dev_type;
+
+#define aidirector audio device
+type vendor_aid_audio_device, dev_type;
diff --git a/qva/vendor/kona/file_contexts b/qva/vendor/kona/file_contexts
index d32f64d..4328793 100644
--- a/qva/vendor/kona/file_contexts
+++ b/qva/vendor/kona/file_contexts
@@ -152,3 +152,9 @@
#tee
/dev/0:0:0:[0-5] u:object_r:vendor_dev_tee:s0
+
+#uac
+/dev/snd/pcmC[1-9].* u:object_r:vendor_pcm_device:s0
+
+#aidirector
+/dev/snd/controlC0 u:object_r:vendor_aid_audio_device:s0
diff --git a/qva/vendor/kona/hal_audio_default.te b/qva/vendor/kona/hal_audio_default.te
index ce71f48..d4c4613 100644
--- a/qva/vendor/kona/hal_audio_default.te
+++ b/qva/vendor/kona/hal_audio_default.te
@@ -6,3 +6,9 @@
# Allow audio hal to communicate with msm_lsm char dev
allow hal_audio_default vendor_msm_lsm_cdev_device:chr_file rw_file_perms;
+
+#Allow audio hal to communicate to usb pcm node
+allow hal_audio_default vendor_pcm_device:chr_file rw_file_perms;
+
+#Allow audio hal access to aid audio node
+allow hal_audio_default vendor_aid_audio_device:chr_file rw_file_perms;
diff --git a/qva/vendor/kona/hal_camera.te b/qva/vendor/kona/hal_camera.te
index 1c9ab9c..7a5a831 100644
--- a/qva/vendor/kona/hal_camera.te
+++ b/qva/vendor/kona/hal_camera.te
@@ -1,5 +1,21 @@
# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
# SPDX-License-Identifier: BSD-3-Clause-Clear
+#Allow base set of permissions for camera hal to be a client of audio hal
+typeattribute hal_camera_default hal_audio_client;
+
#Allow camera to access hdmi bridge device
allow hal_camera_default vendor_hdmi_bdg_irq_device:chr_file rw_file_perms;
+
+#Allow camera to read vendor_umd_prop and binder call vendor_hal_umd_qti
+get_prop(hal_camera_default, vendor_umd_prop)
+allow hal_camera_default vendor_hal_umd_qti:binder call;
+
+#Allow audio related and read file permissions
+allow hal_camera_default vendor_aid_audio_device:chr_file rw_file_perms;
+allow hal_camera_default audio_device:dir r_dir_perms;
+get_prop(hal_camera_default, vendor_audio_prop)
+
+#Allow access to /data/vendor/camera
+allow hal_camera_default vendor_camera_data_file:dir { add_name write };
+allow hal_camera_default vendor_camera_data_file:file { create getattr open write };
diff --git a/qva/vendor/kona/hwservice.te b/qva/vendor/kona/hwservice.te
index b4e246d..ab8a2f1 100644
--- a/qva/vendor/kona/hwservice.te
+++ b/qva/vendor/kona/hwservice.te
@@ -1,4 +1,4 @@
# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
# SPDX-License-Identifier: BSD-3-Clause-Clear
-type vendor_hal_umd_hwservice , hwservice_manager_type;
+type vendor_hal_umd_hwservice , hwservice_manager_type, protected_hwservice;
diff --git a/qva/vendor/kona/platform_app.te b/qva/vendor/kona/platform_app.te
new file mode 100644
index 0000000..d841664
--- /dev/null
+++ b/qva/vendor/kona/platform_app.te
@@ -0,0 +1,35 @@
+# Copyright (c) 2019-2020, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# Changes from Qualcomm Innovation Center are provided under the following license:
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+#allow platform_app to read vendor_umd_prop
+get_prop(platform_app, vendor_umd_prop)
+
+hal_client_domain(platform_app, vendor_hal_umd)
diff --git a/qva/vendor/kona/property.te b/qva/vendor/kona/property.te
new file mode 100644
index 0000000..209340c
--- /dev/null
+++ b/qva/vendor/kona/property.te
@@ -0,0 +1,33 @@
+# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED"AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# Changes from Qualcomm Innovation Center are provided under the following license:
+# Copyright (c) 2022-2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+#umd property
+vendor_restricted_prop(vendor_umd_prop);
diff --git a/qva/vendor/kona/property_contexts b/qva/vendor/kona/property_contexts
index ccb460c..b521808 100644
--- a/qva/vendor/kona/property_contexts
+++ b/qva/vendor/kona/property_contexts
@@ -3,3 +3,7 @@
#mm-video
persist.vendor.wfd.source.hdmi.enable u:object_r:vendor_video_prop:s0
+
+#umd
+persist.vendor.umdadaptor.mode u:object_r:vendor_umd_prop:s0
+persist.vendor.umd. u:object_r:vendor_umd_prop:s0
diff --git a/qva/vendor/kona/umdservice.te b/qva/vendor/kona/umdservice.te
index 884d1df..0c6c596 100644
--- a/qva/vendor/kona/umdservice.te
+++ b/qva/vendor/kona/umdservice.te
@@ -5,6 +5,11 @@
type vendor_hal_umd_qti, domain;
type vendor_hal_umd_qti_exec, file_type, vendor_file_type, exec_type;
+type vendor_pcm_device, dev_type;
+
+typeattribute vendor_hal_umd_qti hal_camera_client;
+typeattribute vendor_hal_umd_qti hal_audio_client;
+
#Allow for transition from init domain to umdservice
init_daemon_domain(vendor_hal_umd_qti)
@@ -16,3 +21,23 @@
#Ability for domain to get vendor_hal_umd_hwservice to hwservice_manager
#and find it
hal_attribute_hwservice(vendor_hal_umd, vendor_hal_umd_hwservice)
+
+#Allow a base set of permissions for the domain to be the client of hal_graphics_allocator
+hal_client_domain(vendor_hal_umd_qti, hal_graphics_allocator)
+
+allow vendor_hal_umd_qti video_device:chr_file rw_file_perms;
+
+#Allow the domain to access the properties required
+get_prop(vendor_hal_umd_qti, vendor_umd_prop)
+get_prop(vendor_hal_umd_qti, usb_control_prop)
+get_prop(vendor_hal_umd_qti, codec2_config_prop)
+get_prop(vendor_hal_umd_qti, vendor_video_prop)
+
+#Allow the domain to access the uvent socket and the audio device
+allow vendor_hal_umd_qti self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
+allow vendor_hal_umd_qti vendor_pcm_device:chr_file rw_file_perms;
+allow vendor_hal_umd_qti audio_device:dir r_dir_perms;
+
+#Allow the domain to access the configfs file and dir
+allow vendor_hal_umd_qti configfs:file r_file_perms;
+allow vendor_hal_umd_qti configfs:dir r_dir_perms;
diff --git a/qva/vendor/test/episteme_app.te b/qva/vendor/test/episteme_app.te
index 945e0ec..9d96211 100644
--- a/qva/vendor/test/episteme_app.te
+++ b/qva/vendor/test/episteme_app.te
@@ -3,6 +3,7 @@
type vendor_episteme_app, domain;
app_domain(vendor_episteme_app)
+net_domain(vendor_episteme_app)
allow vendor_episteme_app app_api_service:service_manager find;
hal_client_domain(vendor_episteme_app, vendor_hal_qms_qti)
hal_client_domain(vendor_episteme_app, vendor_hal_qesdhal)
diff --git a/qva/vendor/trinket/file_contexts b/qva/vendor/trinket/file_contexts
index 5d1b6f3..cccf574 100644
--- a/qva/vendor/trinket/file_contexts
+++ b/qva/vendor/trinket/file_contexts
@@ -28,6 +28,8 @@
# Dev block nodes
#Primary storage device nodes
+/dev/block/mmcblk0boot1 u:object_r:root_block_device:s0
+/dev/block/mmcblk0boot0 u:object_r:root_block_device:s0
/dev/block/mmcblk0rpmb u:object_r:vendor_rpmb_device:s0
/dev/block/mmcblk0 u:object_r:root_block_device:s0
@@ -189,3 +191,4 @@
#msm_lsm cdev
/dev/msm_lsm_cdev u:object_r:vendor_msm_lsm_cdev_device:s0
/dev/msm_rtac u:object_r:vendor_msm_rtac_device:s0
+/dev/msm_aac_in u:object_r:vendor_media_aac_device:s0
diff --git a/qva/vendor/trinket/mediacodec.te b/qva/vendor/trinket/mediacodec.te
index 7a019e1..a64e29c 100644
--- a/qva/vendor/trinket/mediacodec.te
+++ b/qva/vendor/trinket/mediacodec.te
@@ -4,6 +4,8 @@
# for mediacodec permission
type vendor_audio_cal_device, dev_type;
type vendor_msm_rtac_device, dev_type;
+type vendor_media_aac_device, dev_type;
allow mediacodec vendor_audio_cal_device:chr_file rw_file_perms;
allow mediacodec vendor_msm_rtac_device:chr_file rw_file_perms;
+allow mediacodec vendor_media_aac_device:chr_file rw_file_perms;
allow mediacodec logdr_socket:sock_file { write };
diff --git a/qva/vendor/trinket/qseecomd.te b/qva/vendor/trinket/qseecomd.te
new file mode 100644
index 0000000..7740135
--- /dev/null
+++ b/qva/vendor/trinket/qseecomd.te
@@ -0,0 +1,5 @@
+#Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+#SPDX-License-Identifier: BSD-3-Clause-Clear
+
+#allow tee to read /dev/block/mmcblk0 for gpt listener
+allow tee root_block_device:blk_file r_file_perms;