Merge tag 'LA.VENDOR.13.2.0.r1-23800-KAILUA.QSSI14.0' into staging/lineage-21.0_merge-LA.VENDOR.13.2.0.r1-23800-KAILUA.QSSI14.0
LA.VENDOR.13.2.0.r1-23800-KAILUA.QSSI14.0
# By Neelu Maheshwari (3) and others
# Via Gerrit - the friendly Code Review server (4) and others
* tag 'LA.VENDOR.13.2.0.r1-23800-KAILUA.QSSI14.0':
location: Add rules for crash_dump to act on hal_gnss crash
sepolicy_vndr: Allow bootanim to have read access to vendor_display_prop
Revert "Added SE-Policy for UsbUdev Service"
Revert "Added SE-Policy for UsbUdev Service"
sepolicy_vndr: Add rule to allow graphics_composer to find qspm hal
sepolicy_vndr : allow to read aon property(ro.vendor.qc_aon_presence)
Not need access to /dev/smcinvoke for QTEE API
sepolicy_vndr: Added wakeup nodes
sepolicy_vndr: Add leds and vibrator selinux support for bengal
sepolicy: Fix avc denials of icnss for wakeup nodes
Change-Id: Ifcff974d574cd70fa9a052517f89afdfc16d877a
diff --git a/generic/vendor/common/bootanim.te b/generic/vendor/common/bootanim.te
index 21172a6..a24d925 100644
--- a/generic/vendor/common/bootanim.te
+++ b/generic/vendor/common/bootanim.te
@@ -24,6 +24,10 @@
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+# Changes from Qualcomm Innovation Center are provided under the following license:
+# Copyright (c) 2024 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
allow bootanim hwservicemanager:binder call;
# TODO(b/62954877). On Android Wear, bootanim reads the time
@@ -32,4 +36,7 @@
# this denial on phones since this functionality is not used.
dontaudit bootanim system_data_file:dir read;
-dontaudit bootanim vendor_hal_qspmhal_hwservice:hwservice_manager find;
\ No newline at end of file
+dontaudit bootanim vendor_hal_qspmhal_hwservice:hwservice_manager find;
+
+#Allow read access to vendor_display_prop
+get_prop(bootanim, vendor_display_prop)
\ No newline at end of file
diff --git a/generic/vendor/common/hal_gnss_qti.te b/generic/vendor/common/hal_gnss_qti.te
index 7edf8e6..280a206 100644
--- a/generic/vendor/common/hal_gnss_qti.te
+++ b/generic/vendor/common/hal_gnss_qti.te
@@ -73,6 +73,11 @@
allow vendor_hal_gnss_qti vendor_rild_socket:dir search;
unix_socket_connect(vendor_hal_gnss_qti, vendor_rild, rild)
+#Allow crash dump to communicate with hal_gnss_qti
+userdebug_or_eng(`
+ allow crash_dump vendor_hal_gnss_qti:unix_dgram_socket { read write };
+')
+
# Most HALs are not allowed to use network sockets. QTI library
# libqdi is used across multiple processes which are clients of
# netmgrd including the GNSS HAL. libqdi first attempts to get the network
diff --git a/generic/vendor/common/hal_graphics_composer_default.te b/generic/vendor/common/hal_graphics_composer_default.te
index 7f2aae6..36d5854 100644
--- a/generic/vendor/common/hal_graphics_composer_default.te
+++ b/generic/vendor/common/hal_graphics_composer_default.te
@@ -107,6 +107,9 @@
#allow composer to find hal_thermal
hal_client_domain(hal_graphics_composer_default, hal_thermal);
+#allow composer to find hal_qspmhal
+hal_client_domain(hal_graphics_composer_default, vendor_hal_qspmhal);
+
# Allow access to qipcrtr_socket
# Remove this when QMI service moves to pfmd
allow hal_graphics_composer self: qipcrtr_socket create_socket_perms_no_ioctl;
diff --git a/generic/vendor/kalama/file_contexts b/generic/vendor/kalama/file_contexts
index dc42fbd..4f25859 100644
--- a/generic/vendor/kalama/file_contexts
+++ b/generic/vendor/kalama/file_contexts
@@ -320,4 +320,3 @@
# Microdump collector parameters
/sys/module/microdump_collector/parameters/.* u:object_r:vendor_sysfs_microdump:s0
-/vendor/bin/usbudev u:object_r:vendor_usbudev_qti_exec:s0
diff --git a/generic/vendor/kalama/usbudev.te b/generic/vendor/kalama/usbudev.te
deleted file mode 100644
index ef24bd3..0000000
--- a/generic/vendor/kalama/usbudev.te
+++ /dev/null
@@ -1,22 +0,0 @@
-# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
-# SPDX-License-Identifier: BSD-3-Clause-Clear
-
-#============= vendor_usbudev_qti ==============
-
-type vendor_usbudev_qti, domain;
-type vendor_usbudev_qti_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(vendor_usbudev_qti)
-domain_auto_trans(init, vendor_usbudev_qti_exec, vendor_usbudev_qti)
-
-allow vendor_usbudev_qti self:capability net_admin;
-allow vendor_usbudev_qti self:netlink_route_socket { nlmsg_read read };
-allow vendor_usbudev_qti self:udp_socket { create ioctl };
-allow vendor_usbudev_qti self:netlink_kobject_uevent_socket { bind create getopt read setopt };
-allow vendor_usbudev_qti self:netlink_route_socket { create nlmsg_readpriv write };
-allow vendor_usbudev_qti vendor_sysfs_usb_node:dir search;
-allow vendor_usbudev_qti vendor_sysfs_usb_node:file { getattr open read };
-allow vendor_usbudev_qti proc_net:file { getattr open read };
-allow vendor_usbudev_qti vendor_shell_exec:file rx_file_perms;
-allow vendor_usbudev_qti vendor_toolbox_exec:file rx_file_perms;
-allowxperm vendor_usbudev_qti self:udp_socket ioctl { SIOCSIFHWADDR SIOCSIFFLAGS SIOCSIFADDR };
\ No newline at end of file
diff --git a/qva/vendor/bengal/genfs_contexts b/qva/vendor/bengal/genfs_contexts
index 91b6744..660dd4a 100644
--- a/qva/vendor/bengal/genfs_contexts
+++ b/qva/vendor/bengal/genfs_contexts
@@ -79,6 +79,9 @@
genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-03/1c40000.qcom,spmi:qcom,pmi632@3:qcom,leds@d000/leds u:object_r:vendor_sysfs_graphics:s0
genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-03/1c40000.qcom,spmi:qcom,pmi632@3:qcom,leds@d300/leds u:object_r:sysfs_leds:s0
genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-03/1c40000.qcom,spmi:qcom,pmi632@3:qcom,vibrator@5700/leds/vibrator u:object_r:sysfs_leds:s0
+genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/0-03/1c40000.qcom,spmi:qcom,pmi632@3:qcom,leds@d000/leds u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/0-03/1c40000.qcom,spmi:qcom,pmi632@3:qcom,leds@d300/leds u:object_r:sysfs_leds:s0
+genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/0-03/1c40000.qcom,spmi:qcom,pmi632@3:qcom,vibrator@5700/leds/vibrator u:object_r:sysfs_leds:s0
genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/0-02/1c40000.qcom,spmi:qcom,pmi632@2:qcom,qpnp-smb5/power_supply/battery u:object_r:vendor_sysfs_battery_supply:s0
genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/0-02/1c40000.qcom,spmi:qcom,pmi632@2:qcom,qpnp-smb5/power_supply/pc_port u:object_r:vendor_sysfs_usb_supply:s0
genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/0-02/1c40000.qcom,spmi:qcom,pmi632@2:qcom,qpnp-smb5/power_supply/usb u:object_r:vendor_sysfs_usb_supply:s0
@@ -357,3 +360,10 @@
genfscon sysfs /devices/platform/soc/4ac0000.qcom,qupv3_0_geni_se/4a84000.i2c/i2c-0/0-0028/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/ab00000.remoteproc-adsp/remoteproc/remoteproc0/ab00000.remoteproc-adsp:glink-edge/ab00000.remoteproc-adsp:glink-edge.adsp_apps.-1.-1/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/soc:spf_core_platform/soc:spf_core_platform:bolero-codec/va-macro/va_swr_ctrl/wakeup u:object_r:sysfs_wakeup:s0
+
+genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/0-02/1c40000.qcom,spmi:qcom,pmi632@2:qcom,power-on@800/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/0-02/1c40000.qcom,spmi:qcom,pmi632@2:qcom,qpnp-smb5/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/0-02/1c40000.qcom,spmi:qcom,pmi632@2:qcom,qpnp-smb5/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/0-02/1c40000.qcom,spmi:qcom,pmi632@2:qcom,qpnp-smb5/power_supply/pc_port/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/0-02/1c40000.qcom,spmi:qcom,pmi632@2:qcom,qpnp-smb5/power_supply/battery/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/0-02/1c40000.qcom,spmi:qcom,pmi632@2:qpnp,qg/power_supply/bms/wakeup u:object_r:sysfs_wakeup:s0
diff --git a/qva/vendor/bengal/hal_gnss_qti.te b/qva/vendor/bengal/hal_gnss_qti.te
new file mode 100644
index 0000000..3d3e293
--- /dev/null
+++ b/qva/vendor/bengal/hal_gnss_qti.te
@@ -0,0 +1,5 @@
+#Copyright (c) 2024 Qualcomm Innovation Center, Inc. All rights reserved.
+#SPDX-License-Identifier: BSD-3-Clause-Clear
+
+# allow to read aon related properties
+get_prop(vendor_hal_gnss_qti, vendor_qc_aon_prop)
diff --git a/qva/vendor/bengal/init_shell.te b/qva/vendor/bengal/init_shell.te
new file mode 100644
index 0000000..5dc71c0
--- /dev/null
+++ b/qva/vendor/bengal/init_shell.te
@@ -0,0 +1,5 @@
+#Copyright (c) 2024 Qualcomm Innovation Center, Inc. All rights reserved.
+#SPDX-License-Identifier: BSD-3-Clause-Clear
+
+# allow to read aon related properties
+get_prop(vendor_qti_init_shell, vendor_qc_aon_prop)
diff --git a/qva/vendor/common/location_engine_service.te b/qva/vendor/common/location_engine_service.te
index e29f7ef..cc192bd 100644
--- a/qva/vendor/common/location_engine_service.te
+++ b/qva/vendor/common/location_engine_service.te
@@ -34,9 +34,6 @@
domain_auto_trans(vendor_location, vendor_location_engine_service_exec, vendor_location_engine_service)
allow vendor_location_engine_service vendor_location:fd use;
-# allows read/write file access in /dev/smcinvoke
-allow vendor_location_engine_service tee_device:chr_file rw_file_perms;
-
# allows file access in /data/vendor/location
allow vendor_location_engine_service vendor_location_data_file:dir create_dir_perms;
allow vendor_location_engine_service vendor_location_data_file:file create_file_perms;
diff --git a/qva/vendor/trinket/genfs_contexts b/qva/vendor/trinket/genfs_contexts
index e30cfa3..bceb439 100644
--- a/qva/vendor/trinket/genfs_contexts
+++ b/qva/vendor/trinket/genfs_contexts
@@ -96,6 +96,7 @@
genfscon sysfs /devices/platform/soc/5c0c000.qcom,cci/5c0c000.qcom,cci:qcom,camera@0/video4linux/video3/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/5c0c000.qcom,cci/5c0c000.qcom,cci:qcom,camera@1/video4linux/video4/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/5c0c000.qcom,cci/5c0c000.qcom,cci:qcom,camera@2/video4linux/video5/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c800000.qcom,icnss/wakeup u:object_r:sysfs_wakeup:s0
# USB device wakeup nodes
genfscon sysfs /devices/platform/soc/4e00000.ssusb/wakeup/wakeup u:object_r:sysfs_wakeup:s0