Merge tag 'LA.VENDOR.1.0.r1-25800-WAIPIO.QSSI14.0' into staging/lineage-21.0_merge-LA.VENDOR.1.0.r1-25800-WAIPIO.QSSI14.0
"LA.VENDOR.1.0.r1-25800-WAIPIO.QSSI14.0"
# By Seshu Madhavi Puppala (2) and others
# Via Linux Build Service Account (2) and others
* tag 'LA.VENDOR.1.0.r1-25800-WAIPIO.QSSI14.0':
qseecomd-sepolicy: Add context for qseecomd restart at hibernate exit.
sepolicy: Add properties to restart keymint and gatekeeper services
* sepolicy_vndr: fix for AVC denial for U upgrade targets
sepolicy_vndr: sepolicy rules for SecCam2test app
Sepolicy_vndr: allow qvr to access heap device
sepolicy_vndr: Add sepolicies for eSE
sepolicy_vndr: add permission to access XR app
Change-Id: I4f0fb22feb43c7d703bef8dbb9e35873d5ab1069
diff --git a/.gitupstream b/.gitupstream
new file mode 100644
index 0000000..3b566ca
--- /dev/null
+++ b/.gitupstream
@@ -0,0 +1 @@
+https://git.codelinaro.org/clo/la/device/qcom/sepolicy_vndr
diff --git a/SEPolicy.mk b/SEPolicy.mk
index 46fe273..09e579e 100644
--- a/SEPolicy.mk
+++ b/SEPolicy.mk
@@ -1,26 +1,25 @@
# Board specific SELinux policy variable definitions
-ifeq ($(call is-vendor-board-platform,QCOM),true)
-SEPOLICY_PATH:= device/qcom/sepolicy_vndr
+SEPOLICY_PATH:= device/qcom/sepolicy_vndr/sm8450
QSSI_SEPOLICY_PATH:= device/qcom/sepolicy
BOARD_SYSTEM_EXT_PREBUILT_DIR := device/qcom/sepolicy/generic
BOARD_PRODUCT_PREBUILT_DIR := device/qcom/sepolicy/generic/product
SYS_ATTR_PROJECT_PATH := $(TOP)/device/qcom/sepolicy/generic/public/attribute
-BOARD_PLAT_PUBLIC_SEPOLICY_DIR := \
- $(BOARD_PLAT_PUBLIC_SEPOLICY_DIR) \
+SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS := \
+ $(SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS) \
$(QSSI_SEPOLICY_PATH)/generic/public \
$(QSSI_SEPOLICY_PATH)/generic/public/attribute
-BOARD_PLAT_PRIVATE_SEPOLICY_DIR := \
- $(BOARD_PLAT_PRIVATE_SEPOLICY_DIR) \
+SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS := \
+ $(SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS) \
$(QSSI_SEPOLICY_PATH)/generic/private
-BOARD_PLAT_PUBLIC_SEPOLICY_DIR := \
- $(BOARD_PLAT_PUBLIC_SEPOLICY_DIR) \
+SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS := \
+ $(SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS) \
$(QSSI_SEPOLICY_PATH)/qva/public \
$(QSSI_SEPOLICY_PATH)/qva/public/attribute
-BOARD_PLAT_PRIVATE_SEPOLICY_DIR := \
- $(BOARD_PLAT_PRIVATE_SEPOLICY_DIR) \
+SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS := \
+ $(SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS) \
$(QSSI_SEPOLICY_PATH)/qva/private
#once all the services are moved to Product /ODM above lines will be removed.
@@ -36,8 +35,8 @@
$(QSSI_SEPOLICY_PATH)/qva/product/private
ifeq (,$(filter sdm845 sdm710, $(TARGET_BOARD_PLATFORM)))
- BOARD_SEPOLICY_DIRS := \
- $(BOARD_SEPOLICY_DIRS) \
+ BOARD_VENDOR_SEPOLICY_DIRS := \
+ $(BOARD_VENDOR_SEPOLICY_DIRS) \
$(SEPOLICY_PATH) \
$(SEPOLICY_PATH)/generic/vendor/common \
$(SEPOLICY_PATH)/generic/vendor/common/attribute \
@@ -45,18 +44,16 @@
$(SEPOLICY_PATH)/qva/vendor/common
ifeq ($(TARGET_SEPOLICY_DIR),)
- BOARD_SEPOLICY_DIRS += $(SEPOLICY_PATH)/generic/vendor/$(TARGET_BOARD_PLATFORM)
- BOARD_SEPOLICY_DIRS += $(SEPOLICY_PATH)/qva/vendor/$(TARGET_BOARD_PLATFORM)
+ BOARD_VENDOR_SEPOLICY_DIRS += $(SEPOLICY_PATH)/generic/vendor/$(TARGET_BOARD_PLATFORM)
+ BOARD_VENDOR_SEPOLICY_DIRS += $(SEPOLICY_PATH)/qva/vendor/$(TARGET_BOARD_PLATFORM)
else
- BOARD_SEPOLICY_DIRS += $(SEPOLICY_PATH)/generic/vendor/$(TARGET_SEPOLICY_DIR)
- BOARD_SEPOLICY_DIRS += $(SEPOLICY_PATH)/qva/vendor/$(TARGET_SEPOLICY_DIR)
+ BOARD_VENDOR_SEPOLICY_DIRS += $(SEPOLICY_PATH)/generic/vendor/$(TARGET_SEPOLICY_DIR)
+ BOARD_VENDOR_SEPOLICY_DIRS += $(SEPOLICY_PATH)/qva/vendor/$(TARGET_SEPOLICY_DIR)
endif
ifneq (,$(filter userdebug eng, $(TARGET_BUILD_VARIANT)))
- BOARD_SEPOLICY_DIRS += $(SEPOLICY_PATH)/generic/vendor/test
- BOARD_SEPOLICY_DIRS += $(SEPOLICY_PATH)/qva/vendor/test
- BOARD_SEPOLICY_DIRS += $(SEPOLICY_PATH)/qva/vendor/test/sysmonapp
+ BOARD_VENDOR_SEPOLICY_DIRS += $(SEPOLICY_PATH)/generic/vendor/test
+ BOARD_VENDOR_SEPOLICY_DIRS += $(SEPOLICY_PATH)/qva/vendor/test
+ BOARD_VENDOR_SEPOLICY_DIRS += $(SEPOLICY_PATH)/qva/vendor/test/sysmonapp
endif
endif
-
-endif
diff --git a/generic/vendor/common/app.te b/generic/vendor/common/app.te
index 7648f6c..13defbd 100644
--- a/generic/vendor/common/app.te
+++ b/generic/vendor/common/app.te
@@ -42,6 +42,6 @@
allow appdomain vendor_npu_device:chr_file r_file_perms;
# Allow all apps to access /dev/dma_heap/qcom,system
-allow { appdomain -isolated_app -coredomain } vendor_dmabuf_system_heap_device:chr_file r_file_perms;
+allow { appdomain -isolated_app_all -coredomain } vendor_dmabuf_system_heap_device:chr_file r_file_perms;
dontaudit appdomain vendor_hal_qspmhal_hwservice:hwservice_manager find;
diff --git a/generic/vendor/common/cnd.te b/generic/vendor/common/cnd.te
index bed902a..faaa6ac 100644
--- a/generic/vendor/common/cnd.te
+++ b/generic/vendor/common/cnd.te
@@ -76,6 +76,7 @@
binder_call(vendor_hal_datafactory_qti_client, vendor_hal_datafactory_qti_server)
binder_call(vendor_hal_datafactory_qti_server, vendor_hal_datafactory_qti_client)
hal_attribute_hwservice(vendor_hal_datafactory_qti, vendor_hal_datafactory_hwservice)
+hal_attribute_service(vendor_hal_datafactory_qti, vendor_hal_factory_aidlservice)
r_dir_file(vendor_cnd, vendor_sysfs_ssr)
diff --git a/generic/vendor/common/domain.te b/generic/vendor/common/domain.te
index 8d5c56d..ef8bdad 100644
--- a/generic/vendor/common/domain.te
+++ b/generic/vendor/common/domain.te
@@ -30,10 +30,10 @@
get_prop(domain, vendor_gralloc_prop)
-r_dir_file({domain - isolated_app - untrusted_app_all }, vendor_sysfs_soc);
-r_dir_file({domain - isolated_app - untrusted_app_all }, vendor_sysfs_esoc);
-r_dir_file({domain - isolated_app - untrusted_app_all }, vendor_sysfs_ssr);
-r_dir_file({domain - isolated_app}, sysfs_thermal);
+r_dir_file({domain - isolated_app_all - untrusted_app_all }, vendor_sysfs_soc);
+r_dir_file({domain - isolated_app_all - untrusted_app_all }, vendor_sysfs_esoc);
+r_dir_file({domain - isolated_app_all - untrusted_app_all }, vendor_sysfs_ssr);
+r_dir_file({domain - isolated_app_all}, sysfs_thermal);
#Reding of standard chip details need this
allow untrusted_app_all {
@@ -41,7 +41,7 @@
vendor_sysfs_esoc
vendor_sysfs_ssr
}:dir search ;
-r_dir_file({domain - isolated_app }, vendor_sysfs_public);
+r_dir_file({domain - isolated_app_all }, vendor_sysfs_public);
get_prop(domain, vendor_public_vendor_default_prop)
@@ -58,10 +58,10 @@
-vold
} vendor_persist_type: { dir file } *;
-allow { domain - isolated_app } vendor_sysfs_kgsl:dir search;
+allow { domain - isolated_app_all } vendor_sysfs_kgsl:dir search;
# Allow all context to read gpu model
-allow { domain - isolated_app } vendor_sysfs_kgsl_gpu_model:file r_file_perms;
-allow { domain - isolated_app } vendor_sysfs_kgsl_gpubusy:file r_file_perms;
+allow { domain - isolated_app_all } vendor_sysfs_kgsl_gpu_model:file r_file_perms;
+allow { domain - isolated_app_all } vendor_sysfs_kgsl_gpubusy:file r_file_perms;
neverallow {
coredomain
diff --git a/generic/vendor/common/file.te b/generic/vendor/common/file.te
index edf01cf..75eaf0a 100644
--- a/generic/vendor/common/file.te
+++ b/generic/vendor/common/file.te
@@ -27,7 +27,7 @@
# Changes from Qualcomm Innovation Center are provided under the following license:
#
-# Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved.
+# Copyright (c) 2022-2023 Qualcomm Innovation Center, Inc. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted (subject to the limitations in the
@@ -114,6 +114,9 @@
type vendor_sysfs_trusted_touch_type, sysfs_type, fs_type;
type vendor_sysfs_mmc_device_type, fs_type, sysfs_type;
+#haptics sysfs files
+type vendor_sysfs_haptics, fs_type, sysfs_type;
+
# /proc
type vendor_proc_wifi_dbg, fs_type, proc_type;
type vendor_proc_audiod, fs_type, proc_type;
@@ -149,7 +152,7 @@
type vendor_cnd_data_file, file_type, data_file_type;
type vendor_location_data_file, file_type, data_file_type;
type vendor_audio_data_file, file_type, data_file_type;
-type vendor_radio_data_file, file_type, data_file_type;
+type vendor_radio_data_file, file_type, data_file_type, app_data_file_type;
type vendor_wifi_vendor_log_data_file, file_type, data_file_type;
type vendor_log_wifi_data_file, file_type, data_file_type;
# for mount /persist
diff --git a/generic/vendor/common/file_contexts b/generic/vendor/common/file_contexts
index 45cd2f0..db7945c 100644
--- a/generic/vendor/common/file_contexts
+++ b/generic/vendor/common/file_contexts
@@ -266,6 +266,8 @@
/vendor/bin/hw/android\.hardware\.bluetooth@1\.0-service-qti u:object_r:hal_bluetooth_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@[0-9]+\.[0-9]+-service.widevine u:object_r:vendor_hal_drm_widevine_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@[0-9]+\.[2-9]+-service-lazy.widevine u:object_r:vendor_hal_drm_widevine_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.drm-service\.widevine u:object_r:vendor_hal_drm_widevine_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.drm-service-lazy\.widevine u:object_r:vendor_hal_drm_widevine_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.display\.allocator@1\.0-service u:object_r:hal_graphics_allocator_default_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.display\.allocator-service u:object_r:hal_graphics_allocator_default_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.display\.composer@1\.0-service u:object_r:hal_graphics_composer_default_exec:s0
diff --git a/generic/vendor/common/genfs_contexts b/generic/vendor/common/genfs_contexts
index 6690a25..3654c72 100644
--- a/generic/vendor/common/genfs_contexts
+++ b/generic/vendor/common/genfs_contexts
@@ -27,7 +27,7 @@
# Changes from Qualcomm Innovation Center are provided under the following license:
#
-# Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved.
+# Copyright (c) 2022-2023 Qualcomm Innovation Center, Inc. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted (subject to the limitations in the
@@ -181,10 +181,14 @@
genfscon sysfs /kernel/boot_adsp/ssr u:object_r:vendor_sysfs_adsp_ssr:s0
genfscon sysfs /firmware/devicetree/base/soc u:object_r:vendor_sysfs_devicetree_soc:s0
+genfscon sysfs /class/qcom-haptics/primitive_duration u:object_r:vendor_sysfs_haptics:s0
+
genfscon sysfs /module/rmnet_aps/parameters u:object_r:vendor_sysfs_rmnet:s0
genfscon sysfs /module/rmnet_offload/parameters u:object_r:vendor_sysfs_rmnet:s0
genfscon sysfs /module/rmnet_perf/parameters u:object_r:vendor_sysfs_rmnet:s0
genfscon sysfs /module/rmnet_perf_tether/parameters u:object_r:vendor_sysfs_rmnet:s0
genfscon sysfs /module/rmnet_sch/parameters u:object_r:vendor_sysfs_rmnet:s0
genfscon sysfs /module/rmnet_shs/parameters u:object_r:vendor_sysfs_rmnet:s0
-genfscon sysfs /module/rmnet_wlan/parameters u:object_r:vendor_sysfs_rmnet:s0
\ No newline at end of file
+genfscon sysfs /module/rmnet_wlan/parameters u:object_r:vendor_sysfs_rmnet:s0
+
+genfscon sysfs /devices/platform/soc/soc:qcom,pmic_glink/soc:qcom,pmic_glink:qcom,ucsi/power_supply/ucsi-source-psy-soc:qcom,pmic_glink:qcom,ucsi1 u:object_r:vendor_sysfs_battery_supply:s0
diff --git a/generic/vendor/common/hal_drm_widevine.te b/generic/vendor/common/hal_drm_widevine.te
index 864a0f4..563c2da 100644
--- a/generic/vendor/common/hal_drm_widevine.te
+++ b/generic/vendor/common/hal_drm_widevine.te
@@ -33,7 +33,7 @@
init_daemon_domain(vendor_hal_drm_widevine)
allow vendor_hal_drm_widevine mediacodec:fd use;
-allow vendor_hal_drm_widevine { appdomain -isolated_app }:fd use;
+allow vendor_hal_drm_widevine { appdomain -isolated_app_all }:fd use;
allow vendor_hal_drm_widevine vendor_qce_device:chr_file rw_file_perms;
#Allow access to smcinvoke device
diff --git a/generic/vendor/common/hal_vibrator_default.te b/generic/vendor/common/hal_vibrator_default.te
index d65b92a..41de4ab 100644
--- a/generic/vendor/common/hal_vibrator_default.te
+++ b/generic/vendor/common/hal_vibrator_default.te
@@ -24,9 +24,47 @@
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+# Changes from Qualcomm Innovation Center are provided under the following license:
+#
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted (subject to the limitations in the
+# disclaimer below) provided that the following conditions are met:
+#
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+#
+# * Neither the name of Qualcomm Innovation Center, Inc. nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# NO EXPRESS OR IMPLIED LICENSES TO ANY PARTY'S PATENT RIGHTS ARE
+# GRANTED BY THIS LICENSE. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT
+# HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+# IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
+# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+# GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+# IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
r_dir_file(hal_vibrator_default, sysfs_leds)
allow hal_vibrator_default sysfs_leds:file rw_file_perms;
# read-only permission to obtain the calibration data
r_dir_file(hal_vibrator_default, vendor_persist_haptics_file)
allow hal_vibrator_default mnt_vendor_file:dir search;
+
+# read/write permissions to haptics sysfs node
+r_dir_file(hal_vibrator_default, vendor_sysfs_haptics)
+allow hal_vibrator_default vendor_sysfs_haptics:file rw_file_perms;
diff --git a/generic/vendor/common/hwservice_contexts b/generic/vendor/common/hwservice_contexts
index 9ba1f13..7b9b5f4 100644
--- a/generic/vendor/common/hwservice_contexts
+++ b/generic/vendor/common/hwservice_contexts
@@ -39,7 +39,6 @@
vendor.display.config::IDisplayConfig u:object_r:vendor_hal_display_config_hwservice:s0
vendor.display.color::IDisplayColor u:object_r:vendor_hal_display_color_hwservice:s0
vendor.display.postproc::IDisplayPostproc u:object_r:vendor_hal_display_postproc_hwservice:s0
-vendor.qti.hardware.data.iwlan::IIWlan u:object_r:vendor_hal_iwlan_hwservice:s0
vendor.qti.hardware.capabilityconfigstore::ICapabilityConfigStore u:object_r:vendor_hal_capabilityconfigstore_qti_hwservice:s0
vendor.qti.hardware.improvetouch.touchcompanion::ITouchCompanion u:object_r:vendor_hal_hbtp_hwservice:s0
vendor.qti.hardware.improvetouch.gesturemanager::IGestureManager u:object_r:vendor_hal_hbtp_hwservice:s0
diff --git a/generic/vendor/common/init.te b/generic/vendor/common/init.te
index 9c880de..826c2b6 100644
--- a/generic/vendor/common/init.te
+++ b/generic/vendor/common/init.te
@@ -76,6 +76,8 @@
allow init vendor_sysfs_boot_adsp:file w_file_perms;
+allow init vendor_sysfs_mmc_host:file w_file_perms;
+
allow init bt_firmware_file:filesystem getattr;
allow init firmware_file:filesystem getattr;
diff --git a/generic/vendor/common/init_shell.te b/generic/vendor/common/init_shell.te
index 07fad73..f350bd4 100644
--- a/generic/vendor/common/init_shell.te
+++ b/generic/vendor/common/init_shell.te
@@ -27,7 +27,7 @@
# Restricted domain for shell processes spawned by init.
# Normally these are shell commands or scripts invoked via sh
# from an init*.rc file. No service should ever run in this domain.
-#
+#
# Changes from Qualcomm Innovation Center are provided under the following license:
#
# Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved.
diff --git a/generic/vendor/common/seapp_contexts b/generic/vendor/common/seapp_contexts
index 527246a..42cee04 100644
--- a/generic/vendor/common/seapp_contexts
+++ b/generic/vendor/common/seapp_contexts
@@ -34,7 +34,7 @@
user=_app seinfo=platform name=.qtidataservices domain=vendor_qtidataservices_app type=app_data_file levelFrom=all
#Add new domain for imshelper service
-user=radio seinfo=platform name=.imshelperservice domain=vendor_imshelper_app type=radio_data_file
+user=radio seinfo=platform name=.imshelperservice domain=vendor_imshelper_app type=vendor_radio_data_file
#Add new domain for power off alarm app
user=_app seinfo=platform name=com.qualcomm.qti.poweroffalarm domain=vendor_poweroffalarm_app type=app_data_file levelFrom=all
diff --git a/generic/vendor/common/service.te b/generic/vendor/common/service.te
index d2f1ce9..6432b03 100644
--- a/generic/vendor/common/service.te
+++ b/generic/vendor/common/service.te
@@ -30,5 +30,8 @@
# # OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-type vendor_hal_vnddisplayconfig_service, vendor_service, protected_service, service_manager_type;
-type vendor_hal_telephony_service2, vendor_service, protected_service, service_manager_type;
+type vendor_hal_vnddisplayconfig_service, hal_service_type, protected_service, service_manager_type;
+type vendor_hal_telephony_service2, hal_service_type, protected_service, service_manager_type;
+type vendor_hal_factory_aidlservice, hal_service_type, protected_service, service_manager_type;
+type vendor_hal_perf2_service, hal_service_type, protected_service, service_manager_type;
+type vendor_hal_dpmaidl_service, hal_service_type, protected_service, service_manager_type;
diff --git a/generic/vendor/common/service_contexts b/generic/vendor/common/service_contexts
index a43b0c7..b7fab3e 100644
--- a/generic/vendor/common/service_contexts
+++ b/generic/vendor/common/service_contexts
@@ -67,5 +67,16 @@
vendor.qti.hardware.radio.ims.IImsRadio/imsradio1 u:object_r:vendor_hal_telephony_service2:s0
vendor.qti.hardware.radio.qtiradio.IQtiRadioStable/slot1 u:object_r:vendor_hal_telephony_service2:s0
vendor.qti.hardware.radio.qtiradio.IQtiRadioStable/slot2 u:object_r:vendor_hal_telephony_service2:s0
+vendor.qti.hardware.radio.am.IQcRilAudio/slot1 u:object_r:vendor_hal_telephony_service2:s0
+vendor.qti.hardware.radio.am.IQcRilAudio/slot2 u:object_r:vendor_hal_telephony_service2:s0
vendor.qti.hardware.radio.qtiradioconfig.IQtiRadioConfig/default u:object_r:vendor_hal_telephony_service2:s0
+vendor.qti.hardware.radio.qcrilhook.IQtiOemHook/oemhook0 u:object_r:vendor_hal_telephony_service2:s0
+vendor.qti.hardware.radio.qcrilhook.IQtiOemHook/oemhook1 u:object_r:vendor_hal_telephony_service2:s0
+vendor.qti.hardware.radio.internal.deviceinfo.IDeviceInfo/deviceinfo u:object_r:vendor_hal_telephony_service2:s0
+vendor.qti.data.factoryservice.IFactory/default u:object_r:vendor_hal_factory_aidlservice:s0
+vendor.qti.hardware.perf2.IPerf/default u:object_r:vendor_hal_perf2_service:s0
+vendor.qti.hardware.dpmaidlservice.IDpmService/default u:object_r:vendor_hal_dpmaidl_service:s0
+vendor.qti.ims.factoryaidlservice.IImsFactory/default u:object_r:vendor_hal_factory_aidlservice:s0
+#Refer to b/236750094
+android.hardware.drm.IDrmFactory/widevine u:object_r:hal_drm_service:s0
diff --git a/generic/vendor/parrot/cnd.te b/generic/vendor/parrot/cnd.te
deleted file mode 100644
index 80aa2eb..0000000
--- a/generic/vendor/parrot/cnd.te
+++ /dev/null
@@ -1,4 +0,0 @@
-# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
-# SPDX-License-Identifier: BSD-3-Clause-Clear
-
-hal_attribute_service(vendor_hal_datafactory_qti, vendor_hal_factory_aidlservice)
diff --git a/generic/vendor/parrot/service.te b/generic/vendor/parrot/service.te
deleted file mode 100644
index 2965deb..0000000
--- a/generic/vendor/parrot/service.te
+++ /dev/null
@@ -1,6 +0,0 @@
-# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
-# SPDX-License-Identifier: BSD-3-Clause-Clear
-
-type vendor_hal_factory_aidlservice, vendor_service, protected_service, service_manager_type;
-type vendor_hal_perf2_service, vendor_service, protected_service, service_manager_type;
-type vendor_hal_dpmaidl_service, vendor_service, protected_service, service_manager_type;
diff --git a/generic/vendor/parrot/service_contexts b/generic/vendor/parrot/service_contexts
deleted file mode 100644
index 548cd68..0000000
--- a/generic/vendor/parrot/service_contexts
+++ /dev/null
@@ -1,7 +0,0 @@
-# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
-# SPDX-License-Identifier: BSD-3-Clause-Clear
-
-vendor.qti.data.factoryservice.IFactory/default u:object_r:vendor_hal_factory_aidlservice:s0
-vendor.qti.hardware.perf2.IPerf/default u:object_r:vendor_hal_perf2_service:s0
-vendor.qti.hardware.dpmaidlservice.IDpmService/default u:object_r:vendor_hal_dpmaidl_service:s0
-
diff --git a/generic/vendor/taro/genfs_contexts b/generic/vendor/taro/genfs_contexts
index 4c9daee..c17bb67 100644
--- a/generic/vendor/taro/genfs_contexts
+++ b/generic/vendor/taro/genfs_contexts
@@ -278,3 +278,6 @@
genfscon sysfs /devices/platform/soc/3000000.remoteproc-adsp/remoteproc/remoteproc1/3000000.remoteproc-adsp:glink-edge/3000000.remoteproc-adsp:glink-edge.adsp_apps.-1.-1/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/soc/3000000.remoteproc-adsp/remoteproc/remoteproc0/3000000.remoteproc-adsp:glink-edge/3000000.remoteproc-adsp:glink-edge.adsp_apps.-1.-1/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /kernel/camera/subparts_info u:object_r:vendor_sysfs_camera:s0
+
+# UFS
+genfscon sysfs /devices/platform/soc/1d84000.ufshc/host0/target0:0:0/0:0:0:0/block/sda/queue/discard_max_bytes u:object_r:vendor_sysfs_mmc_host:s0
diff --git a/generic/vendor/test/domain.te b/generic/vendor/test/domain.te
index ee8e842..24058d1 100644
--- a/generic/vendor/test/domain.te
+++ b/generic/vendor/test/domain.te
@@ -37,7 +37,7 @@
#allow all gpu clients to access configuration settings
userdebug_or_eng(`
allow domain vendor_sysfs_kgsl:dir search;
-r_dir_file({domain - isolated_app}, vendor_sysfs_kgsl_snapshot);
+r_dir_file({domain - isolated_app_all}, vendor_sysfs_kgsl_snapshot);
allow domain coredump_file:dir create_dir_perms;
allow domain coredump_file:file create_file_perms;
allow domain coredump_file:dir rw_dir_perms;
diff --git a/qva/vendor/common/cnd.te b/qva/vendor/common/cnd.te
index edbff51..fe5b0ed 100644
--- a/qva/vendor/common/cnd.te
+++ b/qva/vendor/common/cnd.te
@@ -45,6 +45,9 @@
allow vendor_cnd vendor_wifi_vendor_data_file:dir r_dir_perms;
allow vendor_cnd vendor_wifi_vendor_wpa_socket:sock_file write;
+# allow vendor_cnd to read wifi_hal_prop
+get_prop(vendor_cnd, wifi_hal_prop)
+
#allow vendor_cnd daemon to invoke hostapd_cli
allow vendor_cnd vendor_shell_exec:file rx_file_perms;
domain_auto_trans(vendor_cnd, vendor_hostapd_exec, vendor_hostapd)
diff --git a/qva/vendor/common/dpmd_vndr.te b/qva/vendor/common/dpmd_vndr.te
index 9336d95..f405805 100644
--- a/qva/vendor/common/dpmd_vndr.te
+++ b/qva/vendor/common/dpmd_vndr.te
@@ -50,6 +50,7 @@
binder_call(vendor_hal_dpmapiservice_qti_client, vendor_hal_dpmapiservice_qti_server)
binder_call(vendor_hal_dpmapiservice_qti_server, vendor_hal_dpmapiservice_qti_client)
hal_attribute_hwservice(vendor_hal_dpmapiservice_qti,vendor_hal_dpmapi_hwservice)
+hal_attribute_service(vendor_hal_dpmapiservice_qti,vendor_hal_dpmaidl_service)
allow vendor_dpmd_vndr vendor_dpm_vndr_data_file:file create_file_perms;
allow vendor_dpmd_vndr vendor_dpm_vndr_data_file:dir create_dir_perms;
diff --git a/qva/vendor/common/file_contexts b/qva/vendor/common/file_contexts
index 718fb99..79adc78 100644
--- a/qva/vendor/common/file_contexts
+++ b/qva/vendor/common/file_contexts
@@ -105,6 +105,7 @@
/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.soter@1\.0-service u:object_r:vendor_hal_soter_qti_exec:s0
/vendor/bin/hw/vendor\.qti\.hardware\.vibrator@1\.[0-3]-service u:object_r:hal_vibrator_default_exec:s0
/vendor/bin/hw/vendor\.qti\.hardware\.vibrator\.service u:object_r:hal_vibrator_default_exec:s0
+/vendor/bin/hw/android\.hardware\.health-service\.qti u:object_r:hal_health_default_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.power\.pasrmanager\@1\.0-service u:object_r:vendor_hal_pasrmanager_qti_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.memory\.pasrmanager\@1\.0-service u:object_r:vendor_pasrmanager_memory_qti_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.psiclient\@1\.0-service u:object_r:vendor_psiservice_exec:s0
@@ -147,7 +148,7 @@
/(vendor|system/vendor)/bin/wigighalsvc u:object_r:vendor_wigighalsvc_exec:s0
/(vendor|system/vendor)/bin/wigignpt u:object_r:vendor_wigignpt_exec:s0
/(vendor|system/vendor)/bin/sensingdaemon u:object_r:vendor_sensingdaemon_exec:s0
-/vendor/bin/hw/android\.hardware\.usb\@1\.[0-2]-service-qti u:object_r:vendor_hal_usb_qti_exec:s0
+/vendor/bin/hw/android\.hardware\.usb\@1\.[0-3]-service-qti u:object_r:vendor_hal_usb_qti_exec:s0
/vendor/bin/hw/android\.hardware\.usb\.gadget\@1\.[0-2]-service-qti u:object_r:vendor_hal_usb_qti_exec:s0
/vendor/bin/vendor\.qti\.qspmhal@1\.0-service u:object_r:vendor_hal_qspmhal_default_exec:s0
/vendor/bin/qesdk-manager u:object_r:vendor_hal_qesdhal_default_exec:s0
diff --git a/qva/vendor/common/genfs_contexts b/qva/vendor/common/genfs_contexts
index 90a6870..b95060b 100644
--- a/qva/vendor/common/genfs_contexts
+++ b/qva/vendor/common/genfs_contexts
@@ -67,21 +67,10 @@
genfscon sysfs /kernel/snd_card/card_state u:object_r:vendor_sysfs_sndcard:s0
-genfscon sysfs /devices/platform/soc/soc:qcom,msm-ext-disp/extcon/extcon0/name u:object_r:vendor_sysfs_graphics:s0
-genfscon sysfs /devices/platform/soc/soc:qcom,msm-ext-disp/extcon/extcon0/cable.0/ u:object_r:vendor_sysfs_graphics:s0
-genfscon sysfs /devices/platform/soc/soc:qcom,msm-ext-disp/extcon/extcon0/cable.1/ u:object_r:vendor_sysfs_graphics:s0
-
-genfscon sysfs /devices/platform/soc/soc:qcom,msm-ext-disp/extcon/extcon1/name u:object_r:vendor_sysfs_graphics:s0
-genfscon sysfs /devices/platform/soc/soc:qcom,msm-ext-disp/extcon/extcon1/cable.0/ u:object_r:vendor_sysfs_graphics:s0
-genfscon sysfs /devices/platform/soc/soc:qcom,msm-ext-disp/extcon/extcon1/cable.1/ u:object_r:vendor_sysfs_graphics:s0
-
-genfscon sysfs /devices/platform/soc/soc:qcom,msm-ext-disp/extcon/extcon2/name u:object_r:vendor_sysfs_graphics:s0
-genfscon sysfs /devices/platform/soc/soc:qcom,msm-ext-disp/extcon/extcon2/cable.0/ u:object_r:vendor_sysfs_graphics:s0
-genfscon sysfs /devices/platform/soc/soc:qcom,msm-ext-disp/extcon/extcon2/cable.1/ u:object_r:vendor_sysfs_graphics:s0
-
-genfscon sysfs /devices/platform/soc/soc:qcom,msm-ext-disp/extcon/extcon3/name u:object_r:vendor_sysfs_graphics:s0
-genfscon sysfs /devices/platform/soc/soc:qcom,msm-ext-disp/extcon/extcon3/cable.0/ u:object_r:vendor_sysfs_graphics:s0
-genfscon sysfs /devices/platform/soc/soc:qcom,msm-ext-disp/extcon/extcon3/cable.1/ u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/88e0000.qcom,msm-eud/extcon u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,msm-ext-disp/extcon u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,pmic_glink/soc:qcom,pmic_glink:qcom,battery_charger/extcon u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/soc:spf_core_platform/soc:spf_core_platform:lpass-cdc/wcd938x-codec/extcon u:object_r:vendor_sysfs_graphics:s0
genfscon sysfs /kernel/load_guestvm/boot_guestvm u:object_r:vendor_sysfs_bootguestvm:s0
diff --git a/qva/vendor/common/hal_health.te b/qva/vendor/common/hal_health.te
new file mode 100644
index 0000000..13e4823
--- /dev/null
+++ b/qva/vendor/common/hal_health.te
@@ -0,0 +1,7 @@
+# Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+allow hal_health vendor_sysfs_battery_supply:{file lnk_file} r_file_perms;
+allow hal_health vendor_sysfs_battery_supply:dir r_dir_perms;
+allow hal_health vendor_sysfs_usb_supply:{file lnk_file} r_file_perms;
+allow hal_health vendor_sysfs_usb_supply:dir r_dir_perms;
diff --git a/qva/vendor/common/hal_perf_default.te b/qva/vendor/common/hal_perf_default.te
index bdecb56..1b8f6b6 100644
--- a/qva/vendor/common/hal_perf_default.te
+++ b/qva/vendor/common/hal_perf_default.te
@@ -145,4 +145,4 @@
allow vendor_hal_perf_default self:capability sys_nice;
dontaudit vendor_hal_perf_default self:capability dac_override;
dontaudit vendor_hal_perf_default system_server:dir search;
-dontaudit vendor_hal_perf_default { domain – appdomain }:process { getsched setsched };
+dontaudit vendor_hal_perf_default { domain - appdomain }:process { getsched setsched };
diff --git a/qva/vendor/common/hwservice_contexts b/qva/vendor/common/hwservice_contexts
index a91c564..bf53b95 100644
--- a/qva/vendor/common/hwservice_contexts
+++ b/qva/vendor/common/hwservice_contexts
@@ -50,7 +50,6 @@
vendor.qti.gnss::ILocHidlGnss u:object_r:hal_gnss_hwservice:s0
vendor.nxp.hardware.nfc::INqNfc u:object_r:hal_nfc_hwservice:s0
vendor.qti.hardware.sensorscalibrate::ISensorsCalibrate u:object_r:vendor_hal_sensorscalibrate_qti_hwservice:s0
-com.qualcomm.qti.imscmservice::IImsCmService u:object_r:vendor_hal_imsrcsd_hwservice:s0
vendor.qti.hardware.AGMIPC::IAGM u:object_r:vendor_agm_hwservice:s0
vendor.qti.hardware.fingerprint::IQtiExtendedFingerprint u:object_r:hal_fingerprint_hwservice:s0
vendor.qti.hardware.radio.qtiradio::IQtiRadio u:object_r:hal_telephony_hwservice:s0
diff --git a/qva/vendor/common/init_shell.te b/qva/vendor/common/init_shell.te
index 7b50aad..e6eb37b 100644
--- a/qva/vendor/common/init_shell.te
+++ b/qva/vendor/common/init_shell.te
@@ -45,6 +45,8 @@
allow vendor_qti_init_shell vendor_sysfs_vmpressure:file w_file_perms;
allow vendor_qti_init_shell vendor_sysfs_bootguestvm:file w_file_perms;
+allow vendor_qti_init_shell proc_watermark_boost_factor:file { open append write };
+allow vendor_qti_init_shell proc_watermark_scale_factor:file { open append write };
userdebug_or_eng(`
# Needed for starting console in userdebug mode
diff --git a/qva/vendor/common/service.te b/qva/vendor/common/service.te
index dc2a46c..a653015 100644
--- a/qva/vendor/common/service.te
+++ b/qva/vendor/common/service.te
@@ -27,7 +27,7 @@
type vendor_dun_service, service_manager_type;
type vendor_imsrcs_service, service_manager_type;
-type vendor_hal_qvrd_service, vendor_service,protected_service,service_manager_type;
-type vendor_hal_qvrd_camservice, vendor_service,protected_service,service_manager_type;
-type vendor_hal_sxrd_service, vendor_service,protected_service,service_manager_type;
-type vendor_hal_dataconnection_service, vendor_service, protected_service, service_manager_type;
+type vendor_hal_qvrd_service, hal_service_type, protected_service, service_manager_type;
+type vendor_hal_qvrd_camservice, hal_service_type, protected_service, service_manager_type;
+type vendor_hal_sxrd_service, hal_service_type, protected_service, service_manager_type;
+type vendor_hal_dataconnection_service, hal_service_type, protected_service, service_manager_type;
diff --git a/qva/vendor/parrot/dpmd_vndr.te b/qva/vendor/parrot/dpmd_vndr.te
deleted file mode 100644
index ecd113a..0000000
--- a/qva/vendor/parrot/dpmd_vndr.te
+++ /dev/null
@@ -1,4 +0,0 @@
-# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
-# SPDX-License-Identifier: BSD-3-Clause-Clear
-
-hal_attribute_service(vendor_hal_dpmapiservice_qti,vendor_hal_dpmaidl_service)
diff --git a/qva/vendor/ssg/keys.conf b/qva/vendor/ssg/keys.conf
index bfc08ca..7baca80 100644
--- a/qva/vendor/ssg/keys.conf
+++ b/qva/vendor/ssg/keys.conf
@@ -1,2 +1,2 @@
[@SSG]
-ALL : device/qcom/sepolicy_vndr/qva/vendor/ssg/ssg_app_cert.x509.pem
+ALL : device/qcom/sepolicy_vndr/sm8450/qva/vendor/ssg/ssg_app_cert.x509.pem
diff --git a/qva/vendor/test/sysmonapp/keys.conf b/qva/vendor/test/sysmonapp/keys.conf
index 4626aff..fa69e87 100644
--- a/qva/vendor/test/sysmonapp/keys.conf
+++ b/qva/vendor/test/sysmonapp/keys.conf
@@ -25,4 +25,4 @@
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
[@SYSMONAPP]
-ALL : device/qcom/sepolicy_vndr/qva/vendor/test/sysmonapp/sysmonapp_app_cert.x509.pem
+ALL : device/qcom/sepolicy_vndr/sm8450/qva/vendor/test/sysmonapp/sysmonapp_app_cert.x509.pem