legacy: Add common telephony rules

Seen across msm4.4 and msm4.9 families.

Change-Id: I47a049dc72e30363b728aa8c25f4571c3b25045b

.gitupstream

@@ -0,0 +1 @@
+https://git.codelinaro.org/clo/la/device/qcom/sepolicy

SEPolicy.mk

@@ -1,20 +1,21 @@
 # Board specific SELinux policy variable definitions
-ifeq ($(call is-vendor-board-platform,QCOM),true)
-SEPOLICY_PATH:= device/qcom/sepolicy
-BOARD_PLAT_PUBLIC_SEPOLICY_DIR := \
-    $(BOARD_PLAT_PUBLIC_SEPOLICY_DIR) \
-    $(SEPOLICY_PATH)/generic/public
+SEPOLICY_PATH:= device/qcom/sepolicy-legacy-um
+SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS := \
+    $(SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS) \
+    $(SEPOLICY_PATH)/generic/public \
+    $(SEPOLICY_PATH)/generic/public/attribute
 
-BOARD_PLAT_PRIVATE_SEPOLICY_DIR := \
-    $(BOARD_PLAT_PRIVATE_SEPOLICY_DIR) \
+SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS := \
+    $(SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS) \
     $(SEPOLICY_PATH)/generic/private
 
-BOARD_PLAT_PUBLIC_SEPOLICY_DIR := \
-    $(BOARD_PLAT_PUBLIC_SEPOLICY_DIR) \
-    $(SEPOLICY_PATH)/qva/public
+SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS := \
+    $(SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS) \
+    $(SEPOLICY_PATH)/qva/public \
+    $(SEPOLICY_PATH)/qva/public/attribute
 
-BOARD_PLAT_PRIVATE_SEPOLICY_DIR := \
-    $(BOARD_PLAT_PRIVATE_SEPOLICY_DIR) \
+SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS := \
+    $(SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS) \
     $(SEPOLICY_PATH)/qva/private
 
 #once all the services are moved to Product /ODM above lines will be removed.
@@ -22,51 +23,33 @@ BOARD_PLAT_PRIVATE_SEPOLICY_DIR := \
 PRODUCT_PUBLIC_SEPOLICY_DIRS := \
     $(PRODUCT_PUBLIC_SEPOLICY_DIRS) \
     $(SEPOLICY_PATH)/generic/product/public \
-    $(SEPOLICY_PATH)/qva/product/public 
+    $(SEPOLICY_PATH)/qva/product/public
 
 PRODUCT_PRIVATE_SEPOLICY_DIRS := \
     $(PRODUCT_PRIVATE_SEPOLICY_DIRS) \
     $(SEPOLICY_PATH)/generic/product/private \
     $(SEPOLICY_PATH)/qva/product/private
 
-ifeq (,$(filter sdm845 sdm710, $(TARGET_BOARD_PLATFORM)))
-    BOARD_SEPOLICY_DIRS := \
-       $(BOARD_SEPOLICY_DIRS) \
-       $(SEPOLICY_PATH) \
-       $(SEPOLICY_PATH)/generic/vendor/common \
-       $(SEPOLICY_PATH)/qva/vendor/common/sysmonapp \
-       $(SEPOLICY_PATH)/qva/vendor/ssg \
-       $(SEPOLICY_PATH)/qva/vendor/common
-
-    ifeq ($(TARGET_SEPOLICY_DIR),)
-      BOARD_SEPOLICY_DIRS += $(SEPOLICY_PATH)/generic/vendor/$(TARGET_BOARD_PLATFORM)
-      BOARD_SEPOLICY_DIRS += $(SEPOLICY_PATH)/qva/vendor/$(TARGET_BOARD_PLATFORM)
-    else
-      BOARD_SEPOLICY_DIRS += $(SEPOLICY_PATH)/generic/vendor/$(TARGET_SEPOLICY_DIR)
-      BOARD_SEPOLICY_DIRS += $(SEPOLICY_PATH)/qva/vendor/$(TARGET_SEPOLICY_DIR)
-    endif
-
-    ifneq (,$(filter userdebug eng, $(TARGET_BUILD_VARIANT)))
-    BOARD_SEPOLICY_DIRS += $(SEPOLICY_PATH)/generic/vendor/test
-    BOARD_SEPOLICY_DIRS += $(SEPOLICY_PATH)/qva/vendor/test
-    endif
-endif
-
-ifneq (,$(filter sdm845 sdm710, $(TARGET_BOARD_PLATFORM)))
-    BOARD_SEPOLICY_DIRS := \
-                 $(BOARD_SEPOLICY_DIRS) \
+ifneq (,$(filter sdm660 msm8937 msm8953 msm8996 msm8998, $(TARGET_BOARD_PLATFORM)))
+    BOARD_VENDOR_SEPOLICY_DIRS := \
+                 $(BOARD_VENDOR_SEPOLICY_DIRS) \
                  $(SEPOLICY_PATH) \
                  $(SEPOLICY_PATH)/legacy/vendor/common/sysmonapp \
                  $(SEPOLICY_PATH)/legacy/vendor/ssg \
                  $(SEPOLICY_PATH)/legacy/vendor/common
 
     ifeq ($(TARGET_SEPOLICY_DIR),)
-      BOARD_SEPOLICY_DIRS += $(SEPOLICY_PATH)/legacy/vendor/$(TARGET_BOARD_PLATFORM)
+      BOARD_VENDOR_SEPOLICY_DIRS += $(SEPOLICY_PATH)/legacy/vendor/$(TARGET_BOARD_PLATFORM)
     else
-      BOARD_SEPOLICY_DIRS += $(SEPOLICY_PATH)/legacy/vendor/$(TARGET_SEPOLICY_DIR)
+      BOARD_VENDOR_SEPOLICY_DIRS += $(SEPOLICY_PATH)/legacy/vendor/$(TARGET_SEPOLICY_DIR)
     endif
     ifneq (,$(filter userdebug eng, $(TARGET_BUILD_VARIANT)))
-    BOARD_SEPOLICY_DIRS += $(SEPOLICY_PATH)/legacy/vendor/test
+      ifneq ($(PRODUCT_SET_DEBUGFS_RESTRICTIONS),true)
+        BOARD_VENDOR_SEPOLICY_DIRS += $(SEPOLICY_PATH)/legacy/vendor/common/debugfs
+        BOARD_VENDOR_SEPOLICY_DIRS += $(SEPOLICY_PATH)/legacy/vendor/test/debugfs
+      endif
+      BOARD_VENDOR_SEPOLICY_DIRS += $(SEPOLICY_PATH)/legacy/vendor/test
     endif
 endif
-endif
+
+-include device/lineage/sepolicy/qcom/sepolicy.mk

generic/private/dataservice_app.te

@@ -26,6 +26,7 @@
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 typeattribute vendor_dataservice_app coredomain;
+typeattribute vendor_dataservice_app mlstrustedsubject;
 app_domain(vendor_dataservice_app)
 net_domain(vendor_dataservice_app)
 

generic/private/file_contexts

@@ -28,3 +28,5 @@
 /data/misc/seemp(/.*)?          u:object_r:vendor_seemp_data_file:s0
 
 /(product|system/product)/etc/init\.qcom\.testscripts\.sh         u:object_r:qti-testscripts_exec:s0
+
+/storage/emulated(/.*)?         u:object_r:media_rw_data_file:s0

generic/private/property_contexts

@@ -27,3 +27,9 @@
 
 ro.vendor.qti.va_aosp.support       u:object_r:vendor_exported_system_prop:s0 exact bool
 ro.vendor.qti.va_odm.support       u:object_r:vendor_exported_odm_prop:s0 exact bool
+ro.vendor.perf.scroll_opt        u:object_r:vendor_exported_system_prop:s0 exact bool
+ro.vendor.perf.scroll_opt.heavy_app        u:object_r:vendor_exported_system_prop:s0 exact int
+ro.netflix.bsp_rev                 u:object_r:vendor_exported_system_prop:s0 exact string
+
+# Beluga
+ro.vendor.beluga.                         u:object_r:vendor_exported_system_prop:s0

generic/private/qcc_app.te

@@ -1,4 +1,4 @@
-# Copyright (c) 2020 The Linux Foundation. All rights reserved.
+# Copyright (c) 2020, 2021 The Linux Foundation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are
@@ -30,19 +30,9 @@ app_domain(vendor_qcc_app)
 net_domain(vendor_qcc_app)
 binder_use(vendor_qcc_app)
 
-# allow invoking activity and access app content to vendor_qcc_app
-#allow vendor_qcc_app { activity_service content_service }:service_manager find;
-# allow display service to vendor_qcc_app
-#allow vendor_qcc_app { display_service }:service_manager find;
-# allow access to wifi and data network to vendor_qcc_app
-#allow vendor_qcc_app { connectivity_service network_management_service }:service_manager find;
-# allow access telephony service info to vendor_qcc_app
-#allow vendor_qcc_app { radio_service registry_service }:service_manager find;
+hal_client_domain(vendor_qcc_app, vendor_qccsyshal);
+
 allow vendor_qcc_app radio_service:service_manager find;
-# allow acquire wakelock to vendor_qcc_app
-#allow vendor_qcc_app { power_service }:service_manager find;
-# allow to load native library
-#allow vendor_qcc_app { mount_service }:service_manager find;
 # for vendor_perf_service
 allow vendor_qcc_app app_api_service:service_manager find;
 
@@ -52,14 +42,13 @@ allow vendor_qcc_app vendor_qcc_data_file:file create_file_perms;
 
 # allow access to socket
 unix_socket_connect(vendor_qcc_app, vendor_dpmtcm, vendor_dpmd)
-
 # allow access to mediadrmserver for qdmastats/wvstats
 allow vendor_qcc_app mediadrmserver_service:service_manager find;
 
-# allow vendor_qcc_app to access system_app_data_file
-# necessary for read and write /data/data subdirectory.
-allow vendor_qcc_app system_app_data_file:dir create_dir_perms;
-allow vendor_qcc_app system_app_data_file:file create_file_perms;
+# allow vendor_qcc_app to access app_data_file
+# necessary for read and write /data/user_de/0/ subdirectory.
+allow vendor_qcc_app app_data_file:dir create_dir_perms;
+allow vendor_qcc_app app_data_file:file create_file_perms;
 
 # allow cgroup access
 allow vendor_qcc_app cgroup:file rw_file_perms;
@@ -70,3 +59,5 @@ allow vendor_qcc_app mediametrics_service:service_manager find;
 # Allow read-write permissions to qdma sockets under vendor_qcc_app_socket.
 allow vendor_qcc_app vendor_qcc_app_socket:dir rw_dir_perms;
 allow vendor_qcc_app vendor_qcc_app_socket:sock_file create_file_perms;
+
+

generic/private/qcc_authmgr_app.te

@@ -1,4 +1,4 @@
-# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+# Copyright (c) 2021, The Linux Foundation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are
@@ -25,11 +25,11 @@
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-#allow bluetooth to access btconfigstore hal
-hal_client_domain(bluetooth, vendor_hal_btconfigstore);
+typeattribute vendor_qcc_authmgr_app coredomain;
 
-#allow bluetooth to access perf hal
-hal_client_domain(bluetooth, vendor_hal_perf);
+app_domain(vendor_qcc_authmgr_app)
+binder_use(vendor_qcc_authmgr_app)
 
-#allow bluetooth to access bluetooth_dun hal
-hal_client_domain(bluetooth, vendor_hal_bluetooth_dun);
+hal_client_domain(vendor_qcc_authmgr_app, vendor_hal_qccvndhal);
+hal_client_domain(vendor_qcc_authmgr_app, vendor_hal_perf);
+allow vendor_qcc_authmgr_app {app_api_service}:service_manager find;

generic/private/qcc_lmtp_app.te

@@ -1,4 +1,4 @@
-# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
+# Copyright (c) 2017-2020, 2021 The Linux Foundation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are
@@ -24,31 +24,38 @@
 # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-type vendor_port-bridge, domain;
-type vendor_port-bridge_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(vendor_port-bridge)
 
 userdebug_or_eng(`
-  domain_auto_trans(shell, vendor_port-bridge_exec, vendor_netmgrd)
-  #domain_auto_trans(adbd, vendor_port-bridge_exec, netmgrd)
-  diag_use(vendor_port-bridge)
+  typeattribute vendor_qcc_lmtp_app mlstrustedsubject;
+  app_domain(vendor_qcc_lmtp_app)
+  net_domain(vendor_qcc_lmtp_app)
+  binder_use(vendor_qcc_lmtp_app)
+
+  hal_client_domain(vendor_qcc_lmtp_app, vendor_hal_perf);
+
+  allow vendor_qcc_lmtp_app {activity_service}:service_manager find;
+
+  allow vendor_qcc_lmtp_app location_service:service_manager find;
+  allow vendor_qcc_lmtp_app app_api_service:service_manager find;
+
+  # for vendor_perf_service
+  allow vendor_qcc_lmtp_app vendor_perf_service:service_manager find;
+
+  # allow access to socket
+  unix_socket_connect(vendor_qcc_lmtp_app, vendor_dpmtcm, vendor_dpmd)
+  # allow access to qcc dropbox
+  allow vendor_qcc_lmtp_app vendor_qcc_data_file:dir create_dir_perms;
+  allow vendor_qcc_lmtp_app vendor_qcc_data_file:file create_file_perms;
+
+  # allow vendor_qcc_lmtp_app to access system_app_data_file
+  # necessary for read and write /data/data subdirectory
+  allow vendor_qcc_lmtp_app system_app_data_file:dir create_dir_perms;
+  allow vendor_qcc_lmtp_app system_app_data_file:file create_file_perms;
+
+  # Allow read-write permissions to qdma sockets under vendor_qcc_app_socket.
+  unix_socket_connect(vendor_qcc_lmtp_app, vendor_qcc_app, vendor_qcc_app)
+  allow vendor_qcc_lmtp_app vendor_qcc_app_socket:dir rw_dir_perms;
+  allow vendor_qcc_lmtp_app vendor_qcc_app_socket:sock_file create_file_perms;
+
+  allow vendor_qcc_lmtp_app app_api_service:service_manager find;
 ')
-
-# Allow operations on different types of sockets
-allow vendor_port-bridge vendor_port-bridge:netlink_kobject_uevent_socket { create bind read };
-
-allow vendor_port-bridge {
-    # Allow operations on mhi transport
-    vendor_mhi_device
-    # Allow operations on ATCoP g-link transport
-    vendor_at_device
-}:chr_file rw_file_perms;
-
-#access ipa sysfs node
-allow vendor_port-bridge vendor_sysfs_data:file r_file_perms;
-
-allow vendor_port-bridge vendor_port_bridge_data_file:file create_file_perms;
-allow vendor_port-bridge vendor_port_bridge_data_file:dir w_dir_perms;
-allow vendor_port-bridge vendor_port-bridge_socket:dir w_dir_perms;
-allow vendor_port-bridge vendor_port-bridge_socket:sock_file create_file_perms;

generic/private/qcc_netstat_app.te

@@ -1,4 +1,4 @@
-# Copyright (c) 2017-2019 Linux Foundation. All rights reserved.
+# Copyright (c) 2021, The Linux Foundation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are
@@ -25,14 +25,15 @@
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-type vendor_power_off_alarm, domain;
-type vendor_power_off_alarm_exec, exec_type, vendor_file_type, file_type;
+typeattribute vendor_qcc_netstat_app coredomain;
 
-init_daemon_domain(vendor_power_off_alarm)
+app_domain(vendor_qcc_netstat_app)
+net_domain(vendor_qcc_netstat_app)
+binder_use(vendor_qcc_netstat_app)
 
-allow vendor_power_off_alarm rtc_device:chr_file r_file_perms;
-allow vendor_power_off_alarm kmsg_device:chr_file w_file_perms;
+hal_client_domain(vendor_qcc_netstat_app, vendor_hal_qccvndhal);
+hal_client_domain(vendor_qcc_netstat_app, vendor_hal_perf);
+allow vendor_qcc_netstat_app {app_api_service}:service_manager find;
 
-allow vendor_power_off_alarm self:capability2 wake_alarm;
-
-set_prop(vendor_power_off_alarm, powerctl_prop)
+# Allow read-write permissions to qdma sockets under vendor_qcc_app_socket.
+unix_socket_connect(vendor_qcc_netstat_app, vendor_qcc_app, vendor_qcc_app)

generic/private/qcc_utils_app.te

@@ -25,7 +25,8 @@
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-type vendor_qcc_utils_app, domain, coredomain;
+typeattribute vendor_qcc_utils_app mlstrustedsubject;
+
 app_domain(vendor_qcc_utils_app)
 net_domain(vendor_qcc_utils_app)
 binder_use(vendor_qcc_utils_app)

generic/private/qtelephony.te

@@ -32,7 +32,12 @@ app_domain(vendor_qtelephony)
 
 hwbinder_use(vendor_qtelephony);
 get_prop(vendor_qtelephony, hwservicemanager_prop);
-add_hwservice(vendor_qtelephony, vendor_hal_atfwd_hwservice);
 
+userdebug_or_eng(`
+    hal_client_domain( vendor_qtelephony, vendor_hal_diaghal)
+')
+
+allow vendor_qtelephony { cameraserver_service mediaextractor_service mediaserver_service mediametrics_service radio_service drmserver_service audioserver_service}:service_manager find;
 allow vendor_qtelephony system_api_service:service_manager find;
 allow vendor_qtelephony app_api_service:service_manager find;
+hal_client_domain(vendor_qtelephony, hal_telephony)

generic/private/qti-testscripts.te

@@ -95,4 +95,6 @@ userdebug_or_eng(`
   binder_call(platform_app, qti-testscripts)
   binder_call(system_app, qti-testscripts)
 
+# allow lmkd to kill tasks with positive oom_score_adj under memory pressure
+  allow lmkd qti-testscripts:process { setsched sigkill };
 ')

generic/private/radio.te

@@ -1,4 +1,4 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, 2020, The Linux Foundation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are
@@ -24,5 +24,7 @@
 # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-allow hal_light vendor_sysfs_graphics:dir search;
-allow hal_light vendor_sysfs_graphics:file rw_file_perms;
+
+hwbinder_use(radio)
+allow radio mediaextractor_service:service_manager find;
+add_hwservice(radio, vendor_hal_atfwd_hwservice);

generic/private/seapp_contexts

@@ -28,3 +28,12 @@
 #Add new domain for DataServices
 # Needed for CNEService , uceShimService and other connectivity services
 user=radio seinfo=platform name=.dataservices domain=vendor_dataservice_app type=radio_data_file
+
+# AtFwd app
+user=_app seinfo=platform name=com.qualcomm.telephony domain=vendor_qtelephony type=app_data_file levelFrom=all
+
+#Add new domain for ims app
+user=_app seinfo=platform name=org.codeaurora.ims isPrivApp=true domain=vendor_qtelephony type=app_data_file levelFrom=all
+
+#Add DeviceInfoHidlClient to vendor_qtelephony
+user=_app seinfo=platform name=com.qualcomm.qti.devicestatisticsservice domain=vendor_qtelephony type=app_data_file levelFrom=all

generic/private/service_contexts

@@ -26,3 +26,4 @@
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 cneservice                                           u:object_r:vendor_cne_service:s0
 com.qualcomm.qti.ustaservice.USTAServiceImpl         u:object_r:vendor_usta_app_service:s0
+vendor.qti.hardware.radio.atcmdfwd.IAtCmdFwd/AtCmdFwdAidl u:object_r:radio_service:s0

generic/product/private/file_contexts

@@ -1,4 +1,4 @@
-# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+# Copyright (c) 2019-2020, The Linux Foundation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are
@@ -24,3 +24,4 @@
 # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+/(product|system/product)/bin/init\.qti\.display\.sh             u:object_r:vendor_sys_qti_display_exec:s0

generic/product/private/property_contexts

@@ -1,4 +1,4 @@
-# Copyright (c) 2019 The Linux Foundation. All rights reserved.
+# Copyright (c) 2019-2020 The Linux Foundation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are
@@ -24,3 +24,4 @@
 # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+vendor.display.disable_rounded_corner       u:object_r:vendor_display_notch_prop:s0

generic/product/private/qti-display.te

@@ -1,5 +1,5 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
-
+# Copyright (c) 2020 The Linux Foundation. All rights reserved.
+#
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are
 # met:
@@ -12,7 +12,7 @@
 #     * Neither the name of The Linux Foundation nor the names of its
 #       contributors may be used to endorse or promote products derived
 #       from this software without specific prior written permission.
-
+#
 # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
 # WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
 # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
@@ -25,12 +25,10 @@
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-#mmi_sys basic
-r_dir_file(vendor_mmi_sys, vendor_sysfs_graphics)
+type vendor_sys_qti_display_exec, system_file_type, exec_type, file_type;
 
-hal_client_domain(vendor_mmi_sys, vendor_hal_factory_qti);
-
-#diag
 userdebug_or_eng(`
-    diag_use(vendor_mmi_sys)
+  typeattribute  vendor_sys_qti_display coredomain;
+  init_daemon_domain(vendor_sys_qti_display)
+  set_prop(vendor_sys_qti_display, vendor_display_notch_prop)
 ')

generic/product/private/systemhelper_app.te

@@ -36,3 +36,4 @@ allow vendor_systemhelper_app { activity_service trust_service surfaceflinger_se
 
 allow vendor_systemhelper_app app_data_file:dir rw_dir_perms;
 allow vendor_systemhelper_app thermal_service:service_manager find;
+allow vendor_systemhelper_app vendor_perf_service:service_manager find;

generic/product/public/attributes

@@ -28,7 +28,3 @@
 attribute vendor_hal_systemhelper;
 attribute vendor_hal_systemhelper_client;
 attribute vendor_hal_systemhelper_server;
-
-attribute vendor_hal_perf;
-attribute vendor_hal_perf_client;
-attribute vendor_hal_perf_server;

generic/product/public/property.te

@@ -1,4 +1,4 @@
-# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+# Copyright (c) 2019-2020, The Linux Foundation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are
@@ -24,3 +24,5 @@
 # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+product_restricted_prop(vendor_display_notch_prop)

generic/product/public/qti-display.te

@@ -25,11 +25,10 @@
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-# This domain is for pdt apps and should always be in
-# userdebug_or_eng macro
+type vendor_sys_qti_display, domain, mlstrustedsubject;
 
+#============= vendor_sys_qti_display ==============
 userdebug_or_eng(`
-type vendor_cta_app, domain;
-app_domain(vendor_cta_app);
-permissive vendor_cta_app;
+  allow vendor_sys_qti_display shell_exec:file rx_file_perms;
+  allow vendor_sys_qti_display toolbox_exec:file rx_file_perms;
 ')

generic/public/attribute/attributes

@@ -1,4 +1,4 @@
-# Copyright (c) 2016-2019, The Linux Foundation. All rights reserved.
+# Copyright (c) 2016-2020, The Linux Foundation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are
@@ -59,3 +59,19 @@ attribute vendor_hal_capabilityconfigstore_qti_server;
 attribute vendor_hal_dataconnection_qti;
 attribute vendor_hal_dataconnection_qti_client;
 attribute vendor_hal_dataconnection_qti_server;
+
+attribute vendor_hal_embmssl;
+attribute vendor_hal_embmssl_client;
+attribute vendor_hal_embmssl_server;
+
+attribute vendor_hal_dspmanager;
+attribute vendor_hal_dspmanager_client;
+attribute vendor_hal_dspmanager_server;
+
+attribute vendor_hal_diaghal;
+attribute vendor_hal_diaghal_client;
+attribute vendor_hal_diaghal_server;
+
+attribute vendor_hal_perf;
+attribute vendor_hal_perf_client;
+attribute vendor_hal_perf_server;

generic/public/qcc_authmgr_app.te

@@ -0,0 +1,28 @@
+# Copyright (c) 2021, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_qcc_authmgr_app, domain;

generic/public/qcc_lmtp_app.te

@@ -1,4 +1,4 @@
-# Copyright (c) 2016-2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2017-2021, The Linux Foundation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are
@@ -24,3 +24,5 @@
 # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_qcc_lmtp_app, domain, coredomain;

generic/public/qcc_netstat_app.te

@@ -0,0 +1,28 @@
+# Copyright (c) 2021, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_qcc_netstat_app, domain;

generic/public/qcc_utils_app.te

@@ -1,4 +1,4 @@
-# Copyright (c) 2016-2017, The Linux Foundation. All rights reserved.
+# Copyright (c) 2017-2020, The Linux Foundation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are
@@ -24,3 +24,5 @@
 # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_qcc_utils_app, domain, coredomain;

generic/vendor/common/app.te

@@ -1,38 +0,0 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-# Allow all apps to open and send ioctl to qdsp device
-allow appdomain vendor_qdsp_device:chr_file r_file_perms;
-
-# For the camera app
-get_prop(appdomain, vendor_camera_prop)
-
-#Allow all apps to have read access to vendor_adsprpc_prop
-get_prop(appdomain, vendor_adsprpc_prop)
-
-# Allow all apps to open and send ioctl to npu device
-allow appdomain vendor_npu_device:chr_file r_file_perms;

generic/vendor/common/atfwd.te

@@ -1,43 +0,0 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-type vendor_atfwd, domain;
-type vendor_atfwd_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(vendor_atfwd)
-
-allow vendor_atfwd self:socket create_socket_perms;
-allow vendor_atfwd self:qipcrtr_socket create_socket_perms_no_ioctl;
-allowxperm vendor_atfwd self:socket ioctl msm_sock_ipc_ioctls;
-
-binder_call(vendor_atfwd, system_app);
-
-r_dir_file(vendor_atfwd, vendor_sysfs_data);
-
-set_prop(vendor_atfwd, vendor_radio_prop)
-
-hwbinder_use(vendor_atfwd)
-get_prop(vendor_atfwd, hwservicemanager_prop)

generic/vendor/common/audioadsprpcd.te

@@ -1,39 +0,0 @@
-# Copyright (c) 2020, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-type vendor_audioadsprpcd, domain;
-type vendor_audioadsprpcd_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(vendor_audioadsprpcd)
-
-allow vendor_audioadsprpcd ion_device:chr_file r_file_perms;
-allow vendor_audioadsprpcd vendor_qdsp_device:chr_file r_file_perms;
-allow vendor_audioadsprpcd vendor_xdsp_device:chr_file r_file_perms;
-
-r_dir_file(vendor_audioadsprpcd, adsprpcd_file)
-get_prop(vendor_audioadsprpcd, vendor_adsprpc_prop)
-
-allow vendor_audioadsprpcd mnt_vendor_file:dir r_dir_perms;

generic/vendor/common/bluetooth.te

@@ -1,29 +0,0 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-# Allow access to net_admin ioctls
-allowxperm bluetooth self:udp_socket ioctl priv_sock_ioctls;
-get_prop(bluetooth, vendor_bluetooth_prop)

generic/vendor/common/cameraserver.te

@@ -1,41 +0,0 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-allow cameraserver gpu_device:chr_file rw_file_perms;
-
-get_prop(cameraserver, vendor_camera_prop)
-
-allow cameraserver vendor_sysfs_camera:file r_file_perms;
-allow cameraserver vendor_sysfs_camera:dir search;
-allow cameraserver system_file:dir r_dir_perms;
-
-allow cameraserver system_server:unix_stream_socket { read write };
-
-# TODO (b/37688918) Verify that this is actually needed and not a violation of treble
-binder_call(cameraserver, mediacodec)
-
-#allow cameraserver to read adsprpc_prop
-get_prop(cameraserver, vendor_adsprpc_prop)

generic/vendor/common/cdsprpcd.te

@@ -1,47 +0,0 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
-
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#    * Redistributions of source code must retain the above copyright
-#      notice, this list of conditions and the following disclaimer.
-#    * Redistributions in binary form must reproduce the above
-#      copyright notice, this list of conditions and the following
-#      disclaimer in the documentation and/or other materials provided
-#      with the distribution.
-#    * Neither the name of The Linux Foundation nor the names of its
-#      contributors may be used to endorse or promote products derived
-#      from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-# vendor_cdsprpcd daemon
-type vendor_cdsprpcd, domain;
-type vendor_cdsprpcd_exec, exec_type, vendor_file_type, file_type;
-
-# Started by init
-init_daemon_domain(vendor_cdsprpcd)
-
-# For reading dir/files on /dsp
-r_dir_file(vendor_cdsprpcd, adsprpcd_file)
-
-# For reading adsprpc_prop
-get_prop(vendor_cdsprpcd, vendor_adsprpc_prop)
-
-allow vendor_cdsprpcd vendor_qdsp_device:chr_file r_file_perms;
-allow vendor_cdsprpcd vendor_xdsp_device:chr_file r_file_perms;
-allow vendor_cdsprpcd ion_device:chr_file r_file_perms;
-
-r_dir_file(vendor_cdsprpcd, vendor_sysfs_devfreq)
-allow vendor_cdsprpcd vendor_sysfs_devfreq_l3cdsp:dir r_dir_perms;
-allow vendor_cdsprpcd vendor_sysfs_devfreq_l3cdsp:file rw_file_perms;

generic/vendor/common/charger.te

@@ -1,37 +0,0 @@
-# Copyright (c) 2019, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-allow charger self:capability2 wake_alarm;
-r_dir_file(charger, vendor_sysfs_battery_supply)
-r_dir_file(charger, vendor_sysfs_usb_supply)
-
-allow charger {
-    vendor_sysfs_battery_supply
-    vendor_sysfs_usb_supply
-}:file w_file_perms;
-
-dontaudit charger device:dir r_dir_perms;
-dontaudit charger self:capability sys_admin;

generic/vendor/common/chre.te

@@ -1,41 +0,0 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-# This daemon loads the Context Hub Runtime Environment (CHRE) dynamic modules
-# onto the SLPI using FastRPC, and exposes a sockets interface for clients on
-# the applications processor to interact CHRE
-type vendor_chre, domain;
-type vendor_chre_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(vendor_chre)
-r_dir_file(vendor_chre, adsprpcd_file)
-#allow vendor_chre to read adsprpc_prop
-get_prop(vendor_chre, vendor_adsprpc_prop)
-
-allow vendor_chre ion_device:chr_file r_file_perms;
-allow vendor_chre vendor_qdsp_device:chr_file r_file_perms;
-allow vendor_chre vendor_xdsp_device:chr_file r_file_perms;
-allow vendor_chre vendor_dsp_device:chr_file r_file_perms;

generic/vendor/common/cnd.te

@@ -1,86 +0,0 @@
-# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-type vendor_cnd, domain;
-type vendor_cnd_exec, exec_type, vendor_file_type, file_type;
-file_type_auto_trans(vendor_cnd, socket_device, vendor_cnd_socket);
-
-# vendor_cnd is started by init, type transit from init domain to vendor_cnd domain
-init_daemon_domain(vendor_cnd)
-
-#communicating with QTI wlan driver for WFC/ VTiWLAN quality
-allow vendor_cnd self:capability net_bind_service;
-unix_socket_send(vendor_cnd, wpa, hal_wifi_supplicant)
-allow vendor_cnd wpa_data_file:dir w_dir_perms;
-allow vendor_cnd wpa_data_file:sock_file create_file_perms;
-
-#allow processing of VoWifi indications from modem over QMI while dozing
-allow vendor_cnd self:capability2 block_suspend;
-
-allow vendor_cnd self:udp_socket create_socket_perms;
-allow vendor_cnd self:{
-    # Allow receiving NETLINK responses from WLAN driver.
-    netlink_socket
-    netlink_generic_socket
-    qipcrtr_socket
-} create_socket_perms_no_ioctl;
-
-allowxperm vendor_cnd self:udp_socket ioctl SIOCGIFMTU;
-
-allow vendor_cnd vendor_sysfs_timestamp_switch:file r_file_perms;
-allow vendor_cnd vendor_sysfs_data:file r_file_perms;
-
-allow vendor_cnd proc_meminfo:file r_file_perms;
-
-set_prop(vendor_cnd, vendor_cnd_prop)
-
-# allow vendor_cnd to access vendor_cnd_data_file
-allow vendor_cnd vendor_cnd_data_file:file create_file_perms;
-allow vendor_cnd vendor_cnd_data_file:sock_file { unlink create setattr };
-allow vendor_cnd vendor_cnd_data_file:dir rw_dir_perms;
-
-# allow vendor_cnd to obtain wakelock
-wakelock_use(vendor_cnd)
-
-allow vendor_cnd vendor_ipa_vendor_data_file:dir r_dir_perms;
-allow vendor_cnd vendor_ipa_vendor_data_file:file r_file_perms;
-
-# To register vendor_cnd to hwbinder
-add_hwservice(vendor_cnd, vendor_hal_datafactory_hwservice)
-hwbinder_use(vendor_cnd)
-get_prop(vendor_cnd, hwservicemanager_prop)
-binder_call(vendor_cnd, vendor_dataservice_app)
-binder_call(vendor_cnd, vendor_qtidataservices_app)
-binder_call(vendor_cnd, vendor_ims)
-binder_call(vendor_cnd, vendor_location)
-
-r_dir_file(vendor_cnd, vendor_sysfs_ssr)
-
-#diag
-userdebug_or_eng(`
-    diag_use(vendor_cnd)
-	r_dir_file(vendor_cnd, vendor_sysfs_diag)
-')

generic/vendor/common/dataservice_app.te

@@ -1,40 +0,0 @@
-# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-get_prop(vendor_dataservice_app, vendor_cnd_prop)
-
-allow vendor_dataservice_app vendor_hal_imsrcsd_hwservice:hwservice_manager find;
-allow vendor_dataservice_app vendor_hal_datafactory_hwservice:hwservice_manager find;
-
-allow vendor_dataservice_app vendor_sysfs_data:file r_file_perms;
-
-binder_call(vendor_dataservice_app, vendor_cnd)
-
-# imsrcsd to bind with UceShimService.apk
-binder_call(vendor_dataservice_app, vendor_hal_rcsservice)
-
-hal_client_domain(vendor_dataservice_app , vendor_hal_perf)

generic/vendor/common/device.te

@@ -1,68 +0,0 @@
-# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-type vendor_ab_block_device, dev_type;
-type vendor_at_device, dev_type;
-type vendor_avtimer_device, dev_type;
-type vendor_bt_device, dev_type;
-type vendor_bu21150_device, dev_type;
-type vendor_citadel_device, dev_type;
-type vendor_custom_ab_block_device, dev_type;
-type vendor_diag_device, dev_type, mlstrustedobject;
-type vendor_dsp_device, dev_type;
-type vendor_xdsp_device, dev_type;
-type vendor_easel_device, dev_type;
-type vendor_hbtp_device, dev_type;
-type vendor_hvdcp_device, dev_type;
-type vendor_ipa_dev, dev_type;
-type vendor_latency_device, dev_type;
-type vendor_limits_block_device, dev_type;
-type vendor_modem_block_device, dev_type;
-type vendor_modem_efs_partition_device, dev_type;
-type vendor_mdtp_device, dev_type;
-type vendor_persist_block_device, dev_type;
-type vendor_vm_data_block_device, dev_type;
-type vendor_qsee_ipc_irq_spss_device, dev_type;
-type vendor_qdsp_device, dev_type, mlstrustedobject;
-type vendor_ramdump_device, dev_type;
-type vendor_ramdump_microdump_modem_device, dev_type;
-type vendor_rmnet_device, dev_type;
-type vendor_gpt_block_device, dev_type;
-type vendor_ramdump_block_device, dev_type;
-type vendor_rpmb_device, dev_type;
-type vendor_seemplog_device, dev_type;
-type vendor_sg_device, dev_type;
-type vendor_bsg_device, dev_type;
-type vendor_smd_device, dev_type;
-type vendor_spcom_device, dev_type;
-type vendor_ssd_block_device, dev_type;
-type vendor_ssr_device, dev_type;
-type vendor_synx_device, dev_type;
-type vendor_wlan_device, dev_type;
-type vendor_xbl_block_device, dev_type;
-type vendor_uefi_block_device, dev_type;
-type vendor_qce_device, dev_type;
-type vendor_npu_device, dev_type;

generic/vendor/common/diag-router.te

@@ -1,37 +0,0 @@
-# Copyright (c) 2020, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-type vendor_diag-router, domain;
-type vendor_diag-router_exec, exec_type, vendor_file_type, file_type;
-userdebug_or_eng(`
-  init_daemon_domain(vendor_diag-router)
-  allow vendor_diag-router functionfs:dir r_dir_perms;
-  allow vendor_diag-router functionfs:file rw_file_perms;
-  allow vendor_diag-router self:qipcrtr_socket create_socket_perms_no_ioctl;
-  allow vendor_diag-router vendor_mhi_diag_device:chr_file rw_file_perms;
-  allow { domain -coredomain -hal_configstore -vendor_init} vendor_diag-router:unix_stream_socket connectto;
-')

generic/vendor/common/diag.te

@@ -1,70 +0,0 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-type vendor_diag, domain;
-type vendor_diag_exec, exec_type, vendor_file_type, file_type;
-userdebug_or_eng(`
-  domain_auto_trans(shell, vendor_diag_exec, vendor_diag)
-  #domain_auto_trans(adbd, vendor_diag_exec, vendor_diag)
-  allow vendor_diag {
-      vendor_diag_device
-      devpts
-      tty_device
-      # allow access to qseecom for drmdiagapp
-      tee_device
-  }:chr_file rw_file_perms;
-  allow vendor_diag {
-      shell
-      su
-  }:fd use;
-
-  allow vendor_diag {
-      cgroup
-      fuse
-      vendor_persist_drm_file
-  }:dir create_dir_perms;
-
-  allow vendor_diag port:tcp_socket name_connect;
-  allow vendor_diag self:capability { setuid net_raw sys_admin setgid };
-  allow vendor_diag self:capability2 syslog;
-  allow vendor_diag self:tcp_socket { create connect setopt};
-  wakelock_use(vendor_diag)
-  allow vendor_diag kernel:system syslog_mod;
-  # allow drmdiagapp access to drm related paths
-  allow vendor_diag mnt_vendor_file:dir r_dir_perms;
-  r_dir_file(vendor_diag, vendor_persist_data_file)
-  # Write to drm related pieces of persist partition
-  allow vendor_diag vendor_persist_drm_file:file create_file_perms;
-
-  # For DiagExample daemon
-  init_daemon_domain(vendor_diag)
-  net_domain(vendor_diag)
-
-  allow vendor_diag fuse:dir r_dir_perms;
-  allow vendor_diag fuse:file r_file_perms;
-  r_dir_file(vendor_diag, storage_file)
-  r_dir_file(vendor_diag, mnt_user_file)
-')

generic/vendor/common/domain.te

@@ -1,61 +0,0 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-userdebug_or_eng(`
-  allow domain vendor_diag_device:chr_file rw_file_perms;
-')
-
-# In order for /sys/kernel/debug/kgsl/proc/<pid>/mem
-# to be created for memory tracking, the domain of
-# the tracked process must have permission to search
-# in /sys/kernel/debug/kgsl
-allow domain vendor_debugfs_kgsl:dir search;
-
-allow domain vendor_debugfs_ion:dir search;
-
-get_prop(domain, vendor_gralloc_prop)
-
-r_dir_file({domain - isolated_app}, vendor_sysfs_soc);
-r_dir_file({domain - isolated_app}, vendor_sysfs_esoc);
-r_dir_file({domain - isolated_app}, vendor_sysfs_ssr);
-r_dir_file({domain - isolated_app}, sysfs_thermal);
-
-get_prop(domain, vendor_public_vendor_default_prop)
-
-dontaudit domain kernel:system module_request;
-
-# For compliance testing test suite reads vendor_security_path_level
-# Which is the public readable property “ ro.vendor.build.security_patch
-get_prop(domain, vendor_security_patch_level_prop)
-neverallow {
-     coredomain
-     -init
-     -ueventd
-     -vold
-     } vendor_persist_type: { dir file } *;
-
-# Allow all context to read gpu model
-allow { domain - isolated_app } vendor_sysfs_kgsl_gpu_model:file r_file_perms;

generic/vendor/common/fastbootd.te

@@ -1,50 +0,0 @@
-# Copyright (c) 2019, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-#Allow fastbootd
-recovery_only(`
-allow fastbootd {
-	vendor_custom_ab_block_device
-	recovery_block_device
-	vendor_xbl_block_device
-	vendor_uefi_block_device
-	vendor_ssd_block_device
-	vendor_modem_block_device
-	vendor_mdtp_device
-}:blk_file { rw_file_perms };
-
-
-# Allow fastbootd to read /sys/class/power_supply directory
-# and access to power supply, usb nodes.
-allow fastbootd sysfs:dir r_dir_perms;
-r_dir_file(fastbootd, vendor_sysfs_battery_supply)
-r_dir_file(fastbootd, vendor_sysfs_usb_supply)
-allow fastbootd {
-    vendor_sysfs_battery_supply
-    vendor_sysfs_usb_supply
-}:file w_file_perms;
-')

generic/vendor/common/feature_enabler_client.te

@@ -1,52 +0,0 @@
-# Copyright (c) 2019 - 2020, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-type vendor_feature_enabler_client, domain;
-type vendor_feature_enabler_client_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(vendor_feature_enabler_client)
-allow vendor_feature_enabler_client tee_device:chr_file rw_file_perms;
-allow vendor_feature_enabler_client ion_device:chr_file rw_file_perms;
-allow vendor_feature_enabler_client vendor_smcinvoke_device:chr_file rw_file_perms;
-unix_socket_connect(vendor_feature_enabler_client , vendor_ssgtzd, vendor_ssgtzd)
-
-
-# Allow read permission to /mnt/vendor/persist/vendor_feature_enabler_client/*
-allow vendor_feature_enabler_client mnt_vendor_file:dir search;
-r_dir_file(vendor_feature_enabler_client, vendor_persist_feature_enabler_file)
-
-# Allow read permission to /mnt/vendor/persist/data/*
-r_dir_file(vendor_feature_enabler_client, vendor_persist_data_file)
-
-# Binder access for featenab_client.service
-vndbinder_use(vendor_feature_enabler_client)
-allow vendor_feature_enabler_client vendor_qfeatenab_client_service:service_manager { add find };
-
-#Allow access to display services and graphics_device for DRM
-allow vendor_feature_enabler_client vendor_qdisplay_service:service_manager find;
-hal_client_domain(vendor_feature_enabler_client, hal_graphics_composer)
-allow vendor_feature_enabler_client graphics_device:chr_file rw_file_perms;

generic/vendor/common/file.te

@@ -1,210 +0,0 @@
-# Copyright (c) 2018-2020 The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-type vendor_sysfs_audio, fs_type, sysfs_type;
-type vendor_sysfs_battery_supply, sysfs_type, fs_type;
-type vendor_sysfs_bond0, fs_type, sysfs_type;
-type vendor_sysfs_boot_adsp, sysfs_type, fs_type;
-type vendor_sysfs_camera, sysfs_type, fs_type;
-type vendor_sysfs_cpu_boost, fs_type, sysfs_type;
-type vendor_sysfs_devfreq, fs_type, sysfs_type;
-type vendor_sysfs_easel, sysfs_type, fs_type;
-type vendor_sysfs_esoc, sysfs_type, fs_type;
-type vendor_sysfs_fingerprint, sysfs_type, fs_type;
-type vendor_sysfs_graphics, sysfs_type, fs_type;
-type vendor_sysfs_kgsl, sysfs_type, fs_type;
-type vendor_sysfs_kgsl_proc, sysfs_type, fs_type;
-type vendor_hbtp_kernel_sysfs, sysfs_type, fs_type;
-type vendor_sysfs_irqbalance, sysfs_type, fs_type;
-type vendor_sysfs_laser, sysfs_type, fs_type;
-type vendor_sysfs_mdss_mdp_caps, sysfs_type, fs_type;
-type vendor_sysfs_devfreq_l3cdsp, fs_type, sysfs_type;
-type vendor_sysfs_mmc_host, fs_type, sysfs_type;
-type vendor_sysfs_msm_perf, fs_type, sysfs_type;
-type vendor_sysfs_msm_power, fs_type, sysfs_type;
-type vendor_sysfs_msm_stats, fs_type, sysfs_type;
-type vendor_sysfs_msm_subsys_restart, sysfs_type, fs_type;
-type vendor_sysfs_sensors, sysfs_type, fs_type;
-type vendor_sysfs_sectouch, sysfs_type, fs_type;
-type vendor_sysfs_soc, sysfs_type, fs_type;
-type vendor_sysfs_scsi_host, fs_type, sysfs_type;
-type vendor_sysfs_scsi_target, fs_type, sysfs_type;
-type vendor_sysfs_slpi, fs_type, sysfs_type;
-type vendor_sysfs_spmi_dev, sysfs_type, fs_type;
-type vendor_sysfs_ssr, sysfs_type, fs_type;
-type vendor_sysfs_ssr_toggle, sysfs_type, fs_type;
-type vendor_sysfs_timestamp_switch, sysfs_type, fs_type;
-type vendor_sysfs_touch, sysfs_type, fs_type;
-type vendor_sysfs_uio_file, sysfs_type, fs_type;
-type vendor_sysfs_usb_c, sysfs_type, fs_type;
-type vendor_sysfs_usb_device, sysfs_type, fs_type;
-type vendor_sysfs_usb_supply, sysfs_type, fs_type;
-type vendor_sysfs_usbpd_device, sysfs_type, fs_type;
-type vendor_sysfs_vadc_dev, sysfs_type, fs_type;
-type vendor_sysfs_lcd, sysfs_type, fs_type;
-type vendor_sysfs_adsp_ssr, sysfs_type, fs_type;
-
-type vendor_debugfs_clk, debugfs_type, fs_type;
-type vendor_debugfs_ion, debugfs_type, fs_type;
-type vendor_debugfs_ipc, debugfs_type, fs_type;
-type vendor_debugfs_kgsl, debugfs_type, fs_type;
-type vendor_debugfs_rpm, debugfs_type, fs_type;
-type vendor_debugfs_rmt_storage, debugfs_type, fs_type;
-type vendor_debugfs_usb, debugfs_type, fs_type;
-type vendor_debugfs_wlan, debugfs_type, fs_type;
-type vendor_debugfs_mdp, debugfs_type, fs_type;
-type vendor_debugfs_icnss, debugfs_type, fs_type;
-
-# /proc
-type vendor_proc_wifi_dbg, fs_type, proc_type;
-type vendor_proc_audiod, fs_type, proc_type;
-type vendor_proc_shs, fs_type, proc_type;
-
-type vendor_qmuxd_socket, file_type;
-type vendor_netmgrd_socket, file_type;
-type vendor_port-bridge_socket, file_type;
-type vendor_thermal_socket, file_type;
-
-#Define the qti socket type
-type vendor_dataqti_socket, file_type;
-
-type vendor_ims_socket, file_type;
-type vendor_ipacm_socket, file_type;
-type vendor_cnd_socket, file_type;
-type vendor_chre_socket, file_type;
-type vendor_hal_bootctl_socket, file_type;
-type vendor_location_socket, file_type;
-type vendor_wifihal_socket, file_type;
-type vendor_pps_socket, file_type;
-
-# imshelper_app file types
-type vendor_imshelper_app_data_file, file_type, data_file_type;
-
-type firmware_file, file_type, contextmount_type, vendor_file_type;
-
-type vendor_cnd_data_file, file_type, data_file_type;
-type vendor_location_data_file, file_type, data_file_type;
-type vendor_audio_data_file, file_type, data_file_type;
-type vendor_radio_data_file, file_type, data_file_type;
-type vendor_wifi_vendor_log_data_file, file_type, data_file_type;
-# for mount /persist
-typeattribute mnt_vendor_file vendor_persist_type;
-type vendor_persist_file, file_type, vendor_persist_type;
-type vendor_persist_data_file, file_type , vendor_persist_type;
-type vendor_persist_display_file, file_type;
-type vendor_persist_drm_file, file_type, vendor_persist_type;
-type vendor_persist_elabel_file, file_type, vendor_persist_type;
-type vendor_persist_haptics_file, file_type, vendor_persist_type;
-type vendor_persist_rfs_file, file_type, vendor_persist_type;
-type vendor_persist_rfs_shared_hlos_file, file_type, vendor_persist_type;
-type vendor_persist_sensors_file, file_type, vendor_persist_type;
-type vendor_persist_time_file, file_type, vendor_persist_type;
-type vendor_persist_audio_file, file_type, vendor_persist_type;
-type vendor_persist_bluetooth_file, file_type, vendor_persist_type;
-type vendor_persist_alarm_file, file_type, vendor_persist_type;
-type vendor_persist_feature_enabler_file, file_type, vendor_persist_type;
-
-type vendor_netmgr_data_file, file_type, data_file_type;
-type vendor_netmgr_recovery_data_file, file_type, data_file_type;
-type vendor_qmipriod_data_file, file_type, data_file_type;
-type vendor_ipa_vendor_data_file, file_type, data_file_type;
-type vendor_shsusr_data_file, file_type, data_file_type;
-
-type vendor_tombstone_data_file, file_type, data_file_type;
-type vendor_camera_data_file, file_type, data_file_type;
-type vendor_display_vendor_data_file, file_type, data_file_type;
-type vendor_nfc_vendor_data_file, file_type, data_file_type;
-type vendor_radio_vendor_data_file, file_type, data_file_type, mlstrustedobject;
-type vendor_ramdump_vendor_data_file, file_type, data_file_type, mlstrustedobject;
-type vendor_modem_dump_file, file_type, data_file_type;
-type vendor_sensors_vendor_data_file, file_type, data_file_type;
-type vendor_port_bridge_data_file, file_type, data_file_type;
-type bt_firmware_file, file_type, contextmount_type, vendor_file_type;
-type vendor_firmware_file, vendor_file_type, file_type;
-type vendor_mdmhelperdata_data_file, file_type, data_file_type;
-type vendor_mbn_data_file, file_type, data_file_type;
-
-#vendor capability configstore hal
-type vendor_capabilityconfigstore_data_file, file_type, data_file_type;
-
-#widevine data file
-type vendor_mediadrm_vendor_data_file, file_type, data_file_type;
-
-#time-services data file
-type vendor_time_data_file, file_type, data_file_type;
-
-#data sysfs files
-type vendor_sysfs_data, fs_type, sysfs_type;
-
-#diag sysfs files
-type vendor_sysfs_diag, fs_type, sysfs_type;
-
-type vendor_hexagon_halide_file, vendor_file_type, file_type;
-
-# vendor media files
-type vendor_media_data_file, file_type, data_file_type;
-
-type adsprpcd_file, file_type, mlstrustedobject, vendor_file_type;
-
-# vm system files
-type vendor_vm_system_file, file_type, vendor_file_type;
-
-type vendor_hbtp_log_file, file_type, data_file_type;
-type vendor_hbtp_cfg_file, file_type, vendor_file_type;
-
-#tloc data files
-type vendor_tlocd_data_file, file_type, data_file_type;
-
-#qseecom
-type vendor_data_qsee_file, file_type, data_file_type;
-
-#TUI Files
-type vendor_tui_data_file, file_type, data_file_type;
-
-# SFS listener data file
-type vendor_data_tzstorage_file, file_type, data_file_type;
-
-#NNHAL files
-type vendor_hal_neuralnetworks_data_file, file_type, data_file_type;
-
-#BT Files
-type vendor_bt_data_file, file_type, data_file_type;
-
-type vendor_sysfs_usb_controller, sysfs_type, fs_type;
-
-#for qdss
-type vendor_sysfs_qdss_dev, sysfs_type, fs_type;
-
-#Define the qdcmss socket type
-type vendor_qdcmsocket_socket, file_type;
-type vendor_sysfs_mhi, sysfs_type, fs_type;
-
-type vendor_sysfs_suspend, fs_type, sysfs_type;
-
-# kgsl gpu model file type for sysfs access
-type vendor_sysfs_kgsl_gpu_model, sysfs_type, fs_type;
-
-type vendor_sysfs_kgsl_gpuclk, sysfs_type, fs_type;

generic/vendor/common/file_contexts

@@ -1,487 +0,0 @@
-# Copyright (c) 2018-2020 The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-# dev nodes
-/dev/btpower                                    u:object_r:vendor_bt_device:s0
-/dev/diag                                       u:object_r:vendor_diag_device:s0
-/dev/kgsl-3d0                                   u:object_r:gpu_device:s0
-/dev/rtc0                                       u:object_r:rtc_device:s0
-/dev/smd.*                                      u:object_r:vendor_smd_device:s0
-/dev/msm_npu                                    u:object_r:vendor_npu_device:s0
-# TODO: does ttyMSM0 need to be more specific
-/dev/ttyMSM0                                    u:object_r:tty_device:s0
-/dev/ipa                                        u:object_r:vendor_ipa_dev:s0
-/dev/wwan_ioctl                                 u:object_r:vendor_ipa_dev:s0
-/dev/ipaNatTable                                u:object_r:vendor_ipa_dev:s0
-/dev/cpu_dma_latency                            u:object_r:vendor_latency_device:s0
-/dev/dpl_ctrl                                   u:object_r:vendor_rmnet_device:s0
-/dev/rmnet_ctrl.*                               u:object_r:vendor_rmnet_device:s0
-/dev/at_.*                                      u:object_r:vendor_at_device:s0
-/dev/video([0-9])+                              u:object_r:video_device:s0
-/dev/cvp*                                       u:object_r:video_device:s0
-/dev/media([0-9])+                              u:object_r:video_device:s0
-/dev/v4l-subdev.*                               u:object_r:video_device:s0
-/dev/qseecom                                    u:object_r:tee_device:s0
-/dev/qsee_ipc_irq_spss                          u:object_r:vendor_qsee_ipc_irq_spss_device:s0
-/dev/seemplog                                   u:object_r:vendor_seemplog_device:s0
-/dev/spcom                                      u:object_r:vendor_spcom_device:s0
-/dev/jpeg[0-9]*                                 u:object_r:video_device:s0
-/dev/adsprpc-smd                                u:object_r:vendor_qdsp_device:s0
-/dev/adsprpc-smd-secure                         u:object_r:vendor_xdsp_device:s0
-/dev/sdsprpc-smd                                u:object_r:vendor_dsp_device:s0
-/dev/wcd-dsp-glink                              u:object_r:audio_device:s0
-/dev/wcd_dsp0_control                           u:object_r:audio_device:s0
-/dev/wcd-spi-ac-client                          u:object_r:audio_device:s0
-/dev/msm_.*                                     u:object_r:audio_device:s0
-/dev/avtimer                                    u:object_r:vendor_avtimer_device:s0
-/dev/subsys_.*                                  u:object_r:vendor_ssr_device:s0
-/dev/ramdump_.*                                 u:object_r:vendor_ramdump_device:s0
-/dev/ramdump_microdump_modem                    u:object_r:vendor_ramdump_microdump_modem_device:s0
-/dev/hbtp_input                                 u:object_r:vendor_hbtp_device:s0
-/dev/hbtp_vm                                    u:object_r:vendor_hbtp_device:s0
-/dev/sg[0-9]+                                   u:object_r:vendor_sg_device:s0
-/dev/ufs-bsg.*                                   u:object_r:vendor_bsg_device:s0
-/dev/0:0:0:49476                                u:object_r:vendor_bsg_device:s0
-/dev/sensors                                    u:object_r:sensors_device:s0
-/dev/mnh_sm                                     u:object_r:vendor_easel_device:s0
-/dev/easelcomm-client                           u:object_r:vendor_easel_device:s0
-/dev/citadel0                                   u:object_r:vendor_citadel_device:s0
-/dev/jdi-bu21150                                u:object_r:vendor_bu21150_device:s0
-/dev/usb_ext_chg                                u:object_r:vendor_hvdcp_device:s0
-/dev/synx_device                                u:object_r:vendor_synx_device:s0
-/dev/ipa_odl_ctl                                u:object_r:vendor_ipa_dev:s0
-/dev/ipa_adpl                                   u:object_r:vendor_ipa_dev:s0
-
-# dev socket nodes
-/dev/socket/chre                                u:object_r:vendor_chre_socket:s0
-/dev/socket/oemlock                             u:object_r:vendor_hal_bootctl_socket:s0
-/dev/socket/ims_qmid                            u:object_r:vendor_ims_socket:s0
-/dev/socket/ims_datad                           u:object_r:vendor_ims_socket:s0
-/dev/socket/ipacm_log_file                      u:object_r:vendor_ipacm_socket:s0
-/dev/socket/cnd                                 u:object_r:vendor_cnd_socket:s0
-/dev/socket/thermal-send-client                 u:object_r:vendor_thermal_socket:s0
-/dev/socket/thermal-recv-client                 u:object_r:vendor_thermal_socket:s0
-/dev/socket/thermal-recv-passive-client         u:object_r:vendor_thermal_socket:s0
-/dev/socket/thermal-send-rule                   u:object_r:vendor_thermal_socket:s0
-/dev/socket/netmgr(/.*)?                        u:object_r:vendor_netmgrd_socket:s0
-/dev/socket/port-bridge(/.*)?                   u:object_r:vendor_port-bridge_socket:s0
-/dev/socket/qti_dpm_uds_file                    u:object_r:vendor_dataqti_socket:s0
-/dev/socket/location(/.*)?                      u:object_r:vendor_location_socket:s0
-/dev/socket/wifihal(/.*)?                       u:object_r:vendor_wifihal_socket:s0
-/dev/socket/pps                                 u:object_r:vendor_pps_socket:s0
-/dev/nq-nci                                     u:object_r:nfc_device:s0
-/dev/ttyHS0                                     u:object_r:hci_attach_dev:s0
-/dev/wlan                                       u:object_r:vendor_wlan_device:s0
-/dev/socket/qmux_radio(/.*)?                    u:object_r:vendor_qmuxd_socket:s0
-/data/vendor/modem_config(/.*)?                 u:object_r:vendor_mbn_data_file:s0
-/dev/socket/qdcmsocket                          u:object_r:vendor_qdcmsocket_socket:s0
-/dev/qce                                        u:object_r:vendor_qce_device:s0
-
-# Block device holding the GPT, where the A/B attributes are stored.
-/dev/block/sda                                  u:object_r:vendor_gpt_block_device:s0
-
-# Block devices for the drive that holds the xbl_a and xbl_b partitions.
-/dev/block/sd[bc]1?                             u:object_r:vendor_xbl_block_device:s0
-
-# Block device for hal_bootctl
-/dev/block/sde                                  u:object_r:boot_block_device:s0
-
-# Block device for ZRAM
-/dev/block/zram0                                u:object_r:swap_block_device:s0
-
-# files in /vendor
-/vendor/firmware(/.*)?          u:object_r:vendor_firmware_file:s0
-/vendor/bt_firmware(/.*)?       u:object_r:vendor_firmware_file:s0
-
-/vendor/bin/ATFWD-daemon        u:object_r:vendor_atfwd_exec:s0
-/vendor/bin/hw/android\.hardware\.vr@1\.0-service.crosshatch      u:object_r:hal_vr_default_exec:s0
-/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.fpc u:object_r:hal_fingerprint_default_exec:s0
-/vendor/bin/thermal-engine      u:object_r:vendor_thermal-engine_exec:s0
-/vendor/bin/sensors.qcom        u:object_r:vendor_sensors_exec:s0
-/vendor/bin/sensors.qti         u:object_r:vendor_sensors_exec:s0
-/vendor/bin/ssr_setup           u:object_r:vendor_ssr_setup_exec:s0
-/vendor/bin/ssr_diag            u:object_r:vendor_ssr_diag_exec:s0
-/vendor/bin/pm-service          u:object_r:vendor_per_mgr_exec:s0
-/vendor/bin/pm-proxy            u:object_r:vendor_per_proxy_exec:s0
-/vendor/bin/qseecomd            u:object_r:tee_exec:s0
-/vendor/bin/subsystem_ramdump   u:object_r:vendor_subsystem_ramdump_exec:s0
-/vendor/bin/adsprpcd            u:object_r:vendor_adsprpcd_exec:s0
-/vendor/bin/cdsprpcd            u:object_r:vendor_cdsprpcd_exec:s0
-/vendor/bin/audioadsprpcd       u:object_r:vendor_audioadsprpcd_exec:s0
-/vendor/bin/irsc_util           u:object_r:vendor_irsc_util_exec:s0
-/vendor/bin/rmt_storage         u:object_r:vendor_rmt_storage_exec:s0
-/vendor/bin/tftp_server         u:object_r:vendor_rfs_access_exec:s0
-/vendor/bin/cnss-daemon         u:object_r:vendor_wcnss_service_exec:s0
-/vendor/bin/cnss_diag           u:object_r:vendor_wcnss_service_exec:s0
-/vendor/bin/diag_mdlog          u:object_r:vendor_qlogd_exec:s0
-/vendor/bin/netmgrd             u:object_r:vendor_netmgrd_exec:s0
-/vendor/bin/qmipriod            u:object_r:vendor_qmipriod_exec:s0
-/vendor/bin/shsusrd             u:object_r:vendor_shsusrd_exec:s0
-/vendor/bin/port-bridge         u:object_r:vendor_port-bridge_exec:s0
-/vendor/bin/qti                 u:object_r:vendor_qti_exec:s0
-/vendor/bin/loc_launcher        u:object_r:vendor_location_exec:s0
-/vendor/bin/lowi-server         u:object_r:vendor_location_exec:s0
-/vendor/bin/xtra-daemon         u:object_r:vendor_location_exec:s0
-/vendor/bin/pd-mapper           u:object_r:vendor_pd_mapper_exec:s0
-/vendor/bin/imsqmidaemon        u:object_r:vendor_ims_exec:s0
-/vendor/bin/imsdatadaemon       u:object_r:vendor_ims_exec:s0
-/vendor/bin/ims_rtp_daemon      u:object_r:vendor_hal_imsrtp_exec:s0
-/vendor/bin/ipacm               u:object_r:hal_tetheroffload_default_exec:s0
-/vendor/bin/ipacm-diag          u:object_r:hal_tetheroffload_default_exec:s0
-/vendor/bin/cnd                 u:object_r:vendor_cnd_exec:s0
-/vendor/bin/oemlock_provision   u:object_r:hal_bootctl_default_exec:s0
-/vendor/bin/oemlock-bridge      u:object_r:hal_bootctl_default_exec:s0
-/vendor/bin/diag-router         u:object_r:vendor_diag-router_exec:s0
-/(vendor|system/vendor)/bin/msm_irqbalance u:object_r:vendor_msm_irqbalanced_exec:s0
-/vendor/bin/hw/android\.hardware\.usb@1\.1-service.crosshatch             u:object_r:hal_usb_default_exec:s0
-/vendor/bin/chre                u:object_r:vendor_chre_exec:s0
-/vendor/bin/time_daemon         u:object_r:vendor_time_daemon_exec:s0
-/vendor/bin/imsrcsd             u:object_r:vendor_hal_rcsservice_exec:s0
-/vendor/bin/tloc_daemon         u:object_r:vendor_tlocd_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.power@1\.2-service        u:object_r:hal_power_default_exec:s0
-
-/vendor/bin/hw/qcrild           u:object_r:rild_exec:s0
-/vendor/bin/hw/qcrilNrd         u:object_r:rild_exec:s0
-/vendor/bin/hw/android\.hardware\.drm@1\.0-service.widevine          u:object_r:vendor_hal_drm_widevine_exec:s0
-/vendor/bin/hw/android\.hardware\.vibrator@1\.1-service.crosshatch        u:object_r:hal_vibrator_default_exec:s0
-/vendor/bin/hw/android\.hardware\.keymaster@3\.0-service-qti         u:object_r:vendor_hal_keymaster_qti_exec:s0
-/vendor/bin/hw/android\.hardware\.keymaster@4\.0-service-qti         u:object_r:vendor_hal_keymaster_qti_exec:s0
-/vendor/bin/hw/android\.hardware\.keymaster@4\.1-service-qti         u:object_r:vendor_hal_keymaster_qti_exec:s0
-/vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service-qti        u:object_r:vendor_hal_gatekeeper_qti_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.gnss@.*-service-qti u:object_r:vendor_hal_gnss_qti_exec:s0
-/vendor/bin/hw/android\.hardware\.bluetooth@1\.0-service-qti         u:object_r:hal_bluetooth_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.1-service.widevine    u:object_r:vendor_hal_drm_widevine_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.2-service.widevine    u:object_r:vendor_hal_drm_widevine_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.2-service-lazy.widevine    u:object_r:vendor_hal_drm_widevine_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.3-service.widevine    u:object_r:vendor_hal_drm_widevine_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.3-service-lazy.widevine    u:object_r:vendor_hal_drm_widevine_exec:s0
-/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.display\.allocator@1\.0-service   u:object_r:hal_graphics_allocator_default_exec:s0
-/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.display\.allocator-service   u:object_r:hal_graphics_allocator_default_exec:s0
-/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.display\.composer@1\.0-service   u:object_r:hal_graphics_composer_default_exec:s0
-/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.display\.composer-service   u:object_r:hal_graphics_composer_default_exec:s0
-/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.tui_comm@1\.0-service-qti u:object_r:vendor_hal_tui_comm_qti_exec:s0
-/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.qdutils_disp@1\.0-service-qti u:object_r:vendor_hal_qdutils_disp_qti_exec:s0
-/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.trustedui@1\.0-service-qti u:object_r:vendor_hal_trustedui_qti_exec:s0
-/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.capabilityconfigstore@1\.0-service u:object_r:vendor_hal_capabilityconfigstore_qti_default_exec:s0
-
-/(vendor|system/vendor)/bin/power_off_alarm        u:object_r:vendor_power_off_alarm_exec:s0
-
-/(vendor|system/vendor)/bin/grep                   u:object_r:vendor_toolbox_exec:s0
-
-/vendor/bin/hw/vendor\.display\.color@1\.0-service            u:object_r:vendor_hal_display_color_default_exec:s0
-/vendor/bin/hw/vendor\.qti\.media\.c2@1\.0-service               u:object_r:mediacodec_exec:s0
-/vendor/bin/hw/hardware\.google\.media\.c2@1\.0-service-software u:object_r:mediacodec_exec:s0
-/vendor/bin/feature_enabler_client          u:object_r:vendor_feature_enabler_client_exec:s0
-/(vendor|system/vendor)/bin/qdcmss              u:object_r:vendor_qdcm-ss_exec:s0
-
-###############################################
-# same-process HAL files and their dependencies
-#
-/vendor/lib(64)?/hw/gralloc\.qcom\.so    u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/hw/android\.hardware\.graphics\.mapper@2\.0-impl-qti-display\.so   u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/vendor\.qti\.hardware\.display\.mapper@1\.0\.so   u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/vendor\.qti\.hardware\.display\.mapper@1\.1\.so   u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/vendor\.qti\.hardware\.display\.mapper@2\.0\.so   u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/vendor\.qti\.hardware\.display\.mapperextensions@1\.0\.so   u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/vendor\.qti\.hardware\.display\.mapperextensions@1\.1\.so   u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/hw/android\.hardware\.graphics\.mapper@3\.0-impl-qti-display\.so   u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/vendor\.qti\.hardware\.display\.mapper@3\.0\.so   u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/hw/android\.hardware\.graphics\.mapper@4\.0-impl-qti-display\.so   u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/vendor\.qti\.hardware\.display\.mapper@4\.0\.so   u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libcamxexternalformatutils\.so                    u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libgralloccore\.so        u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libgrallocutils\.so       u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libqdMetaData\.so         u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libgralloc\.qti\.so       u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libqservice\.so           u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libqdutils\.so            u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libadreno_utils\.so       u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libgsl\.so                u:object_r:same_process_hal_file:s0
-
-/vendor/lib(64)?/hw/vulkan\.adreno\.so         u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libEGL_adreno\.so             u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libGLESv1_CM_adreno\.so       u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libGLESv2_adreno\.so          u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libadreno_app_profiles\.so    u:object_r:same_process_hal_file:s0
-
-/vendor/lib(64)?/libdrmutils\.so           u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libdrm\.so                u:object_r:same_process_hal_file:s0
-
-# /vendor/app/TimeService/TimeService.apk
-/vendor/lib(64)?/libTimeService\.so        u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libtime_genoff\.so        u:object_r:same_process_hal_file:s0
-
-# hbtp dependencies
-/vendor/lib(64)?/libhbtpitsjni\.so          u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libhbtpdbgclientjni\.so    u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libhbtpjni\.so             u:object_r:same_process_hal_file:s0
-
-# framework detect libs libvndfwk_detect_jni.qti and libqti_vndfwk_detect
-/vendor/lib(64)?/libvndfwk_detect_jni\.qti\.so             u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libqti_vndfwk_detect\.so             u:object_r:same_process_hal_file:s0
-
-# NPU files
-/vendor/lib(64)?/libnpu\.so                           u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libhta_controller\.so                u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libhta_hexagon_runtime\.so           u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/unnhal-acc-hta\.so                   u:object_r:same_process_hal_file:s0
-
-# RenderScript dependencies.
-# To test: run cts -m CtsRenderscriptTestCases
-/vendor/lib(64)?/libRSDriver_adreno\.so     u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libCB\.so                  u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libllvm-qgl\.so            u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libbccQTI\.so              u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libllvm-qcom\.so           u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/librs_adreno\.so           u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/librs_adreno_sha1\.so      u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libqti-perfd-client\.so    u:object_r:same_process_hal_file:s0
-
-# TODO(b/36895509): remove the following 2 lines once this bug is resolved
-# needed by radio
-/vendor/lib(64)?/libimsmedia_jni\.so        u:object_r:same_process_hal_file:s0
-
-# libGLESv2_adreno depends on this
-/vendor/lib(64)?/libllvm-glnext\.so         u:object_r:same_process_hal_file:s0
-
-# libOpenCL and its dependencies
-/vendor/lib(64)?/libOpenCL\.so              u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libq3dtools_adreno\.so     u:object_r:same_process_hal_file:s0
-
-# Loaded by native loader (zygote) for all processes
-/vendor/lib(64)?/libadsprpc\.so             u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libcdsprpc\.so             u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libsdsprpc\.so             u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libmdsprpc\.so             u:object_r:same_process_hal_file:s0
-/vendor/lib/dsp/fastrpc_shell_0             u:object_r:same_process_hal_file:s0
-
-# Fastcv libs
-/vendor/lib(64)?/libfastcvdsp_stub\.so      u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libfastcvadsp_stub\.so     u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libfastcvopt\.so           u:object_r:same_process_hal_file:s0
-
-# data files
-/data/vendor/netmgr(/.*)?              u:object_r:vendor_netmgr_data_file:s0
-/data/vendor/netmgr/recovery(/.*)?     u:object_r:vendor_netmgr_recovery_data_file:s0
-/data/vendor/qmipriod(/.*)?            u:object_r:vendor_qmipriod_data_file:s0
-/data/vendor/shsusr(/.*)?              u:object_r:vendor_shsusr_data_file:s0
-/data/vendor/location(/.*)?            u:object_r:vendor_location_data_file:s0
-/data/vendor/camera(/.*)?              u:object_r:vendor_camera_data_file:s0
-/data/vendor/display(/.*)?             u:object_r:vendor_display_vendor_data_file:s0
-/data/vendor/nfc(/.*)?                 u:object_r:vendor_nfc_vendor_data_file:s0
-/data/vendor/radio(/.*)?               u:object_r:vendor_radio_vendor_data_file:s0
-/data/vendor/wifi/wlan_logs(/.*)?      u:object_r:vendor_wifi_vendor_log_data_file:s0
-/data/vendor/ramdump(/.*)?             u:object_r:vendor_ramdump_vendor_data_file:s0
-/data/vendor/ssrdump(/.*)?             u:object_r:vendor_ramdump_vendor_data_file:s0
-/data/vendor/modem_dump(/.*)?          u:object_r:vendor_modem_dump_file:s0
-/data/vendor/ipa(/.*)?                 u:object_r:vendor_ipa_vendor_data_file:s0
-/data/vendor/sensors(/.*)?             u:object_r:vendor_sensors_vendor_data_file:s0
-/data/vendor/port_bridge(/.*)?         u:object_r:vendor_port_bridge_data_file:s0
-/data/vendor/tloc(/.*)?                u:object_r:vendor_tlocd_data_file:s0
-/data/vendor/connectivity(/.*)?        u:object_r:vendor_cnd_data_file:s0
-/data/vendor/misc/qsee(/.*)?           u:object_r:vendor_data_qsee_file:s0
-/data/vendor/tui(/.*)?                 u:object_r:vendor_tui_data_file:s0
-/data/vendor/tzstorage(/.*)?           u:object_r:vendor_data_tzstorage_file:s0
-/data/vendor/tombstones(/.*)?       u:object_r:vendor_tombstone_data_file:s0
-/data/vendor/time(/.*)?                u:object_r:vendor_time_data_file:s0
-
-/data/vendor/mdmhelperdata(/.*)?       u:object_r:vendor_mdmhelperdata_data_file:s0
-/data/vendor/bluetooth(/.*)?           u:object_r:vendor_bt_data_file:s0
-# audio_data_file
-/data/vendor/audio(/.*)? u:object_r:vendor_audio_data_file:s0
-
-# /
-/tombstones                          u:object_r:rootfs:s0
-/vendor/dsp(/.*)?                    u:object_r:adsprpcd_file:s0
-/vendor/vm-system(/.*)?              u:object_r:vendor_vm_system_file:s0
-
-# /persist
-/mnt/vendor/persist/data(/.*)?       u:object_r:vendor_persist_data_file:s0
-/mnt/vendor/persist/display(/.*)?    u:object_r:vendor_persist_display_file:s0
-/mnt/vendor/persist/drm(/.*)?        u:object_r:vendor_persist_drm_file:s0
-/mnt/vendor/persist/elabel(/.*)?     u:object_r:vendor_persist_elabel_file:s0
-/mnt/vendor/persist/haptics(/.*)?    u:object_r:vendor_persist_haptics_file:s0
-/mnt/vendor/persist/hlos_rfs(/.*)?   u:object_r:vendor_persist_rfs_shared_hlos_file:s0
-/mnt/vendor/persist/rfs(/.*)?        u:object_r:vendor_persist_rfs_file:s0
-/mnt/vendor/persist/sensors(/.*)?    u:object_r:vendor_persist_sensors_file:s0
-/mnt/vendor/persist/time(/.*)?       u:object_r:vendor_persist_time_file:s0
-/mnt/vendor/persist/audio(/.*)?      u:object_r:vendor_persist_audio_file:s0
-/mnt/vendor/persist/feature_enabler_client(/.*)? u:object_r:vendor_persist_feature_enabler_file:s0
-
-# graphics device
-/dev/mdss_rotator                               u:object_r:graphics_device:s0
-/dev/dri/card0                                  u:object_r:graphics_device:s0
-/dev/dri/controlD64                             u:object_r:graphics_device:s0
-/dev/dri/renderD128                             u:object_r:graphics_device:s0
-
-#TODO: move this to genfs_context or target based file_context
-# sysfs_leds
-/sys/devices/platform/soc/[a-f0-9]+.qcom,spmi/spmi-0/spmi0-0[0-9]/[a-f0-9]+.qcom,spmi:qcom,[a-z0-9]+@[0-9]:qcom,haptics@c000/leds/vibrator(/.*)?   u:object_r:sysfs_leds:s0
-
-# vendor_sysfs_devfreq
-/sys/devices(/platform)?/soc/soc:qcom,l3-cpu[0-9]/devfreq/soc:qcom,l3-cpu[0-9](/.*)? u:object_r:vendor_sysfs_devfreq:s0
-
-#vendor_sysfs_data
-/sys/devices/virtual/xt_hardidletimer/timers(/.*)?                  u:object_r:vendor_sysfs_data:s0
-/sys/devices/virtual/xt_idletimer/timers(/.*)?                      u:object_r:vendor_sysfs_data:s0
-
-#persist_bluetooth_file
-/mnt/vendor/persist/bluetooth(/.*)?                                 u:object_r:vendor_persist_bluetooth_file:s0
-
-#power off alarm file
-/mnt/vendor/persist/alarm(/.*)?                                     u:object_r:vendor_persist_alarm_file:s0
-
-/(vendor|system/vendor)/bin/hbtp_daemon                             u:object_r:vendor_hbtp_exec:s0
-/(vendor|system/vendor)/bin/sscrpcd                                 u:object_r:vendor_sensors_exec:s0
-
-# vendor_sysfs_graphics
-/sys/class/graphics/fb0/mdp/caps                                    u:object_r:vendor_sysfs_graphics:s0
-/sys/class/thermal(/.*)?                                            u:object_r:sysfs_thermal:s0
-/sys/devices/virtual/graphics/fb([0-3])+/idle_time                  u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/dynamic_fps                u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/product_description        u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/vendor_name                u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/hdcp/tp                    u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/msm_fb_panel_status        u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/hpd                        u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/res_info                   u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/s3d_mode                   u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/msm_fb_panel_info          u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/msm_fb_type                u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/msm_fb_split               u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/show_blank_event           u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/bl_event                   u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/ad_event                   u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/ad_bl_event                u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/hist_event                 u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/vsync_event                u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/lineptr_event              u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/idle_notify                u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/msm_fb_thermal_level       u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/idle_power_collapse        u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/mode                       u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/name                       u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/connected                  u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/msm_cmd_autorefresh_en     u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/mdp/bw_mode_bitmap         u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/edid_modes                 u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/hdcp2p2(/.*)               u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/scan_info                  u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/edid_3d_modes              u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/msm_fb_dfps_mode           u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/msm_fb_src_split_info      u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/hdr_stream                 u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/cec(/.*)                   u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/msmfb_b10(/.*)             u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/modes                      u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/edid_raw_data              u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/packpattern                u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/dyn_pu                     u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/ad                         u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/graphics/fb([0-3])+/pp_bl_event                u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/rotator/mdss_rotator/caps                      u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/hdcp/msm_hdcp/min_level_change                 u:object_r:vendor_sysfs_graphics:s0
-/sys/class/lcd_bias/secure_mode                                     u:object_r:vendor_sysfs_graphics:s0
-/sys/class/leds/wled/secure_mode                                    u:object_r:vendor_sysfs_graphics:s0
-
-/sys/devices/platform/vfb.([0-3])+/graphics/fb([0-3])+/modes        u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/platform/vfb.([0-3])+/graphics/fb([0-3])+/mode         u:object_r:vendor_sysfs_graphics:s0
-/sys/module/drm/parameters/vblankoffdelay                           u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/platform/soc/[a-f0-9]+.qcom,mdss_mdp/drm/card([0-3])+/card([0-3])+-DSI-1/modes u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/platform/soc/[a-f0-9]+.qcom,mdss_mdp/drm/card([0-3])+/card([0-3])+-DSI-1/status u:object_r:vendor_sysfs_graphics:s0
-/sys/class/graphics/fb([0-3])+/mdp/caps                             u:object_r:vendor_sysfs_graphics:s0
-/sys/class/graphics/fb([0-3])+/ad                                   u:object_r:vendor_sysfs_graphics:s0
-/sys/devices(/platform)?/soc/[0-9a-f]+.qcom,spmi/spmi-[0-9]+/spmi[0-9]+-[0-9]+/[0-9a-f]+.qcom,spmi:qcom,pmi[0-9]+@[0-9]+:qcom,leds@[a-f0-9]+(/.*)? u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/platform/soc/ae00000.qcom,mdss_mdp/backlight(/.*)?     u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/virtual/switch/hdmi(/.*)?                              u:object_r:vendor_sysfs_graphics:s0
-/sys/devices(/platform)?/soc/[a-f0-9]+.qcom,mdss_mdp/[a-f0-9]+.qcom,mdss_mdp:qcom,mdss_fb_primary/leds/lcd-backlight(/.*)?   u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/soc.0/[a-f0-9]+.qcom,mdss_mdp/qcom,mdss_fb_primary.+[a-f0-9]/leds/lcd-backlight(/.*)?   u:object_r:vendor_sysfs_graphics:s0
-/sys/devices(/platform)?/soc/[a-f0-9]+.qcom,mdss_mdp/caps           u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/soc/[a-f0-9]+.qcom,mdss_mdp/bw_mode_bitmap             u:object_r:vendor_sysfs_graphics:s0
-/sys/devices(/platform)?/soc/[a-f0-9]+.qcom,mdss_mdp/bw_mode_bitmap             u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/soc.0/[a-f0-9]+.qcom,mdss_mdp/bw_mode_bitmap            u:object_r:vendor_sysfs_graphics:s0
-/sys/devices/soc.0/[a-f0-9]+.qcom,mdss_mdp/caps                      u:object_r:vendor_sysfs_graphics:s0
-/sys/devices(/platform)?/soc/[a-f0-9]+.qcom,mdss_cam/video4linux/video[0-33]/name(/.*)?   u:object_r:vendor_sysfs_graphics:s0
-/sys/devices(/platform)?/soc/[a-f0-9]+.qcom,mdss_rotator/video4linux/video[0-33]/name(/.*)?   u:object_r:vendor_sysfs_graphics:s0
-/sys/devices(/platform)?/soc/[a-f0-9]+.qcom,mdss_rotator/caps       u:object_r:vendor_sysfs_graphics:s0
-/sys/devices(/platform)?/soc/[a-f0-9]+.qcom,vidc/video4linux/video[0-33]/name(/.*)?   u:object_r:vendor_sysfs_graphics:s0
-/sys/devices(/platform)?/soc/[a-f0-9]+.qcom,cci/[a-f0-9]+.qcom,cci:qcom,camera@[0-2]/video4linux/video[0-33]/name(/.*)?   u:object_r:vendor_sysfs_graphics:s0
-
-/sys/devices(/platform)?/soc/[a-f0-9]+.sdhci/mmc_host/mmc0/clk_scaling(/.*)? u:object_r:vendor_sysfs_mmc_host:s0
-/sys/devices(/platform)?/soc/[a-f0-9]+.ufshc/clkscale_enable        u:object_r:vendor_sysfs_scsi_host:s0
-/sys/devices(/platform)?/soc/[a-f0-9]+/host0/scsi_host/host0(/.*)?  u:object_r:vendor_sysfs_scsi_host:s0
-/sys/devices(/platform)?/soc/[a-f0-9]+.ufshc/host0/target0:0:0/0:0:0:[0-9]+/scsi_generic(/.*)?     u:object_r:vendor_sysfs_scsi_target:s0
-/data/vendor/media(/.*)?                                            u:object_r:vendor_media_data_file:s0
-/data/vendor/mediadrm(/.*)?                                         u:object_r:vendor_mediadrm_vendor_data_file:s0
-/data/vendor/nnhal(/.*)?                                            u:object_r:vendor_hal_neuralnetworks_data_file:s0
-
-# Moved to target specfic folder so removing this from common file
-#/sys/devices(/platform)?/soc/[a-f0-9\.:]+,[a-f0-9\-\_]+/subsys[0-9]+/name u:object_r:vendor_sysfs_ssr:s0
-
-/sys/devices(/platform)?/soc/[a-f0-9]+.qcom,kgsl-3d0/kgsl/kgsl-3d0(/.*)? u:object_r:vendor_sysfs_kgsl:s0
-/sys/devices(/platform)?/soc/[a-f0-9]+.qcom,kgsl-3d0/devfreq/[a-f0-9]+.qcom,kgsl-3d0(/.*)? u:object_r:vendor_sysfs_kgsl:s0
-/sys/devices(/platform)?/soc/[a-f0-9]+.qcom,kgsl-3d0/kgsl/kgsl-3d0/gpu_model u:object_r:vendor_sysfs_kgsl_gpu_model:s0
-/sys/devices(/platform)?/soc/[a-f0-9]+.qcom,kgsl-3d0/kgsl/kgsl-3d0/gpuclk u:object_r:vendor_sysfs_kgsl_gpuclk:s0
-
-/sys/devices/soc/[a-f0-9]+.ssusb/power_supply/usb(/.*)?             u:object_r:vendor_sysfs_usb_supply:s0
-
-/data/(misc|vendor)/hbtp(/.*)?                                      u:object_r:vendor_hbtp_log_file:s0
-/vendor/etc/hbtp/*                                                  u:object_r:vendor_hbtp_cfg_file:s0
-
-/sys/devices/soc/qpnp-vadc-[0-9]+(/.*)?                             u:object_r:vendor_sysfs_vadc_dev:s0
-
-#Android NN Driver
-/vendor/bin/hw/android\.hardware\.neuralnetworks@1\.3-service-qti   u:object_r:vendor_hal_neuralnetworks_default_exec:s0
-
-/(vendor|system/vendor)/bin/init\.class_main\.sh        u:object_r:vendor_qti_init_shell_exec:s0
-/(vendor|system/vendor)/bin/init\.crda\.sh              u:object_r:vendor_qti_init_shell_exec:s0
-/(vendor|system/vendor)/bin/init\.mdm\.sh               u:object_r:vendor_qti_init_shell_exec:s0
-/(vendor|system/vendor)/bin/init\.qcom\.sh              u:object_r:vendor_qti_init_shell_exec:s0
-/(vendor|system/vendor)/bin/init\.qcom\.class_core\.sh  u:object_r:vendor_qti_init_shell_exec:s0
-/(vendor|system/vendor)/bin/init\.qcom\.coex\.sh        u:object_r:vendor_qti_init_shell_exec:s0
-/(vendor|system/vendor)/bin/init\.qcom\.crashdata\.sh   u:object_r:vendor_init-qcom-crashdata-sh_exec:s0
-/(vendor|system/vendor)/bin/init\.qcom\.debug\.sh       u:object_r:vendor_qti_init_shell_exec:s0
-/(vendor|system/vendor)/bin/init\.qcom\.debug-sdm660\.sh    u:object_r:vendor_qti_init_shell_exec:s0
-/(vendor|system/vendor)/bin/init\.qcom\.debug-sdm670\.sh    u:object_r:vendor_qti_init_shell_exec:s0
-/(vendor|system/vendor)/bin/init\.qcom\.early_boot\.sh  u:object_r:vendor_qti_init_shell_exec:s0
-/(vendor|system/vendor)/bin/init\.qcom\.efs\.sync\.sh   u:object_r:vendor_qti_init_shell_exec:s0
-/(vendor|system/vendor)/bin/init\.qcom\.post_boot\.sh   u:object_r:vendor_qti_init_shell_exec:s0
-/(vendor|system/vendor)/bin/init\.qti\.dcvs\.sh        u:object_r:vendor_init-qti-dcvs-sh_exec:s0
-/(vendor|system/vendor)/bin/init\.qcom\.sdio\.sh        u:object_r:vendor_qti_init_shell_exec:s0
-/(vendor|system/vendor)/bin/init\.qcom\.sensors\.sh     u:object_r:vendor_init-qcom-sensors-sh_exec:s0
-/(vendor|system/vendor)/bin/init\.qcom\.syspart_fixup\.sh   u:object_r:vendor_qti_init_shell_exec:s0
-/(vendor|system/vendor)/bin/init\.qcom\.usb\.sh         u:object_r:vendor_qti_init_shell_exec:s0
-/(vendor|system/vendor)/bin/init\.qcom\.wifi\.sh        u:object_r:vendor_qti_init_shell_exec:s0
-/(vendor|system/vendor)/bin/init\.qti\.ims\.sh          u:object_r:vendor_init-qti-ims-sh_exec:s0
-/(vendor|system/vendor)/bin/qca6234-service.sh          u:object_r:vendor_qti_init_shell_exec:s0
-/(vendor|system/vendor)/bin/init\.qti\.kernel\.sh       u:object_r:vendor_qti_init_shell_exec:s0
-/(vendor|system/vendor)/bin/init\.kernel\.post_boot\.sh       u:object_r:vendor_qti_init_shell_exec:s0
-/(vendor|system/vendor)/bin/init\.qti\.qcv\.sh          u:object_r:vendor_qti_init_shell_exec:s0
-
-#Limits sysfs node
-/sys/module/msm_isense_cdsp/data                        u:object_r:sysfs_thermal:s0
-
-/(vendor|system/vendor)/bin/vendor_modprobe\.sh        u:object_r:vendor_modinstall-sh_exec:s0

generic/vendor/common/fsck.te

@@ -1,29 +0,0 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
-
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#    * Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-# copyright notice, this list of conditions and the following
-# disclaimer in the documentation and/or other materials provided
-# with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-# contributors may be used to endorse or promote products derived
-# from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-
-allow fsck vendor_persist_block_device:blk_file rw_file_perms;

generic/vendor/common/genfs_contexts

@@ -1,144 +0,0 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-genfscon proc /debug/fwdump                           u:object_r:vendor_proc_wifi_dbg:s0
-genfscon proc /debugdriver/driverdump                 u:object_r:vendor_proc_wifi_dbg:s0
-genfscon proc /ath_pktlog/cld                         u:object_r:vendor_proc_wifi_dbg:s0
-genfscon proc /shs                                    u:object_r:vendor_proc_shs:s0
-
-genfscon sysfs /android_touch                         u:object_r:vendor_sysfs_touch:s0
-genfscon sysfs /devices/virtual/input/ftm4_touch      u:object_r:vendor_sysfs_touch:s0
-
-#genfscon sysfs /class/rfkill/rfkill0/state            u:object_r:sysfs_bluetooth_writable:s0
-genfscon sysfs /kernel/irq_helper/irq_blacklist_on    u:object_r:vendor_sysfs_irqbalance:s0
-
-genfscon sysfs /kernel/wcd_cpe0                                         u:object_r:vendor_sysfs_audio:s0
-genfscon sysfs /class/uio                                               u:object_r:sysfs_uio:s0
-genfscon sysfs /devices/soc/soc:bt_wcn3990                              u:object_r:sysfs_bluetooth_writable:s0
-genfscon sysfs /class/devfreq                                           u:object_r:vendor_sysfs_devfreq:s0
-genfscon sysfs /devices/platform/soc/soc:qcom,cpubw/devfreq 		u:object_r:vendor_sysfs_devfreq:s0
-genfscon sysfs /devices/platform/soc/soc:qcom,memlat-cpu0/devfreq 	u:object_r:vendor_sysfs_devfreq:s0
-genfscon sysfs /devices/platform/soc/soc:qcom,memlat-cpu2/devfreq 	u:object_r:vendor_sysfs_devfreq:s0
-genfscon sysfs /devices/platform/soc/soc:qcom,memlat-cpu4/devfreq 	u:object_r:vendor_sysfs_devfreq:s0
-genfscon sysfs /devices/platform/soc/soc:qcom,memlat-cpu6/devfreq 	u:object_r:vendor_sysfs_devfreq:s0
-genfscon sysfs /devices/platform/soc/soc:qcom,l3-cpu0/devfreq 		u:object_r:vendor_sysfs_devfreq:s0
-genfscon sysfs /devices/platform/soc/soc:qcom,l3-cpu2/devfreq 		u:object_r:vendor_sysfs_devfreq:s0
-genfscon sysfs /devices/platform/soc/soc:qcom,l3-cpu4/devfreq 		u:object_r:vendor_sysfs_devfreq:s0
-genfscon sysfs /devices/platform/soc/soc:qcom,l3-cpu6/devfreq		u:object_r:vendor_sysfs_devfreq:s0
-genfscon sysfs /devices/platform/soc/soc:qcom,mincpubw/devfreq		u:object_r:vendor_sysfs_devfreq:s0
-genfscon sysfs /devices/platform/soc/soc:qcom,llccbw/devfreq 		u:object_r:vendor_sysfs_devfreq:s0
-genfscon sysfs /devices/soc/soc:qcom,cpubw/devfreq 			u:object_r:vendor_sysfs_devfreq:s0
-genfscon sysfs /devices/soc/soc:qcom,memlat-cpu0/devfreq 		u:object_r:vendor_sysfs_devfreq:s0
-genfscon sysfs /devices/soc/soc:qcom,memlat-cpu2/devfreq 		u:object_r:vendor_sysfs_devfreq:s0
-genfscon sysfs /devices/soc/soc:qcom,memlat-cpu4/devfreq 		u:object_r:vendor_sysfs_devfreq:s0
-genfscon sysfs /devices/soc/soc:qcom,memlat-cpu6/devfreq 		u:object_r:vendor_sysfs_devfreq:s0
-genfscon sysfs /devices/soc/soc:qcom,mincpubw/devfreq 			u:object_r:vendor_sysfs_devfreq:s0
-genfscon sysfs /devices/platform/soc/ae00000.qcom.qcom,mdss_mdp/caps             u:object_r:vendor_sysfs_mdss_mdp_caps:s0
-genfscon sysfs /devices/platform/soc/c17a000.i2c/i2c-6/6-005a/leds               u:object_r:sysfs_leds:s0
-genfscon sysfs /devices/platform/soc/c1b5000.i2c/i2c-7/7-0030/leds               u:object_r:sysfs_leds:s0
-genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/c900000.qcom,mdss_mdp:qcom,mdss_fb_primary/leds u:object_r:sysfs_leds:s0
-genfscon sysfs /devices/platform/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pmi8998@3:qcom,leds@d000/leds u:object_r:sysfs_leds:s0
-genfscon sysfs /devices/platform/soc/soc:qcom,ipa_fws@1e08000                    u:object_r:vendor_sysfs_data:s0
-genfscon sysfs /devices/platform/soc/0.qcom,rmtfs_sharedmem/uio		u:object_r:vendor_sysfs_uio_file:s0
-genfscon sysfs /devices/platform/soc/soc:fp_fpc1020                              u:object_r:vendor_sysfs_fingerprint:s0
-genfscon sysfs /devices/virtual/wahoo_laser                             u:object_r:vendor_sysfs_laser:s0
-genfscon sysfs /module/cpu_boost                                        u:object_r:vendor_sysfs_cpu_boost:s0
-genfscon sysfs /devices/virtual/thermal                                 u:object_r:sysfs_thermal:s0
-genfscon sysfs /class/thermal                                           u:object_r:sysfs_thermal:s0
-genfscon sysfs /class/lcd_bias                                          u:object_r:vendor_sysfs_lcd:s0
-genfscon sysfs /module/msm_thermal                                      u:object_r:sysfs_thermal:s0
-genfscon sysfs /devices/platform/battery_current_limit                  u:object_r:sysfs_thermal:s0
-genfscon sysfs /module/diagchar/parameters/timestamp_switch             u:object_r:vendor_sysfs_timestamp_switch:s0
-genfscon sysfs /module/msm_performance                                  u:object_r:vendor_sysfs_msm_perf:s0
-genfscon sysfs /module/lpm_levels                                       u:object_r:vendor_sysfs_msm_power:s0
-genfscon sysfs /module/lpm_stats                                        u:object_r:vendor_sysfs_msm_stats:s0
-genfscon sysfs /devices/virtual/graphics/fb0                            u:object_r:vendor_sysfs_graphics:s0
-genfscon sysfs /devices/virtual/graphics/fb1                            u:object_r:vendor_sysfs_graphics:s0
-genfscon sysfs /devices/soc/8c0000.qcom,msm-cam                         u:object_r:vendor_sysfs_camera:s0
-genfscon sysfs /devices/soc0                                            u:object_r:vendor_sysfs_soc:s0
-genfscon sysfs /devices/soc/caa0000.qcom,jpeg                           u:object_r:vendor_sysfs_camera:s0
-genfscon sysfs /devices/soc/caa4000.qcom,fd                             u:object_r:vendor_sysfs_camera:s0
-genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-02/800f000.qcom,spmi:qcom,pmi8998@2:qpnp,fg/power_supply/bms/capacity               u:object_r:sysfs_batteryinfo:s0
-genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-02/800f000.qcom,spmi:qcom,pmi8998@2:qcom,qpnp-smb2/power_supply/battery/capacity    u:object_r:sysfs_batteryinfo:s0
-genfscon sysfs /bus/msm_subsys                                          u:object_r:vendor_sysfs_ssr:s0
-genfscon sysfs /module/subsystem_restart                                u:object_r:vendor_sysfs_msm_subsys_restart:s0
-genfscon sysfs /kernel/boot_adsp/boot                                   u:object_r:vendor_sysfs_boot_adsp:s0
-genfscon sysfs /kernel/boot_slpi                                        u:object_r:vendor_sysfs_slpi:s0
-genfscon sysfs /devices/soc/c1b7000.i2c/i2c-9/9-0008                    u:object_r:vendor_sysfs_easel:s0
-genfscon sysfs /class/typec                                             u:object_r:vendor_sysfs_usb_c:s0
-genfscon sysfs /class/typec/usbc0                                       u:object_r:vendor_sysfs_usb_c:s0
-genfscon sysfs /devices/soc/a800000.ssusb/a800000.dwc3/xhci-hcd.0.auto/usb1 u:object_r:vendor_sysfs_usb_device:s0
-genfscon sysfs /devices/soc/a800000.ssusb/a800000.dwc3/xhci-hcd.0.auto/usb2 u:object_r:vendor_sysfs_usb_device:s0
-genfscon sysfs /devices/platform/soc/a600000.ssusb/mode                 u:object_r:vendor_sysfs_usb_device:s0
-genfscon sysfs /devices/platform/soc/a800000.ssusb/mode                 u:object_r:vendor_sysfs_usb_device:s0
-
-genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-02/800f000.qcom,spmi:qcom,pmi8998@2:qcom,usb-pdphy@1700/usbpd0/typec     u:object_r:vendor_sysfs_usb_c:s0
-genfscon sysfs /module/diagchar                                         u:object_r:vendor_sysfs_diag:s0
-
-genfscon sysfs /devices/virtual/kgsl                                           u:object_r:vendor_sysfs_kgsl:s0
-genfscon sysfs /class/kgsl                                                     u:object_r:vendor_sysfs_kgsl:s0
-genfscon sysfs /devices/virtual/kgsl/kgsl/proc                            u:object_r:vendor_sysfs_kgsl_proc:s0
-genfscon sysfs /devices/virtual/workqueue/kgsl-events/cpumask                  u:object_r:vendor_sysfs_kgsl:s0
-genfscon sysfs /devices/virtual/workqueue/kgsl-events/nice                     u:object_r:vendor_sysfs_kgsl:s0
-genfscon sysfs /devices/virtual/workqueue/kgsl-workqueue/cpumask               u:object_r:vendor_sysfs_kgsl:s0
-genfscon sysfs /devices/virtual/workqueue/kgsl-workqueue/nice                  u:object_r:vendor_sysfs_kgsl:s0
-
-genfscon sysfs /module/drm/parameters/vblankoffdelay                           u:object_r:vendor_sysfs_graphics:s0
-
-genfscon sysfs /class/sensors u:object_r:vendor_sysfs_sensors:s0
-genfscon sysfs /bus/esoc u:object_r:vendor_sysfs_esoc:s0
-
-genfscon sysfs /devices/soc/soc:hbtp/secure_touch                           u:object_r:vendor_hbtp_kernel_sysfs:s0
-genfscon sysfs /devices/soc/soc:hbtp/secure_touch_enable                    u:object_r:vendor_hbtp_kernel_sysfs:s0
-genfscon sysfs /devices/soc/soc:hbtp/secure_touch_userspace             u:object_r:vendor_hbtp_kernel_sysfs:s0
-genfscon sysfs /kernel/hbtp/display_pwr                                     u:object_r:vendor_hbtp_kernel_sysfs:s0
-
-genfscon sysfs /devices/virtual/net/bond0/bonding/queue_id u:object_r:vendor_sysfs_bond0:s0
-genfscon sysfs /devices/virtual/net/bond0/queues/rx-0/rps_cpus u:object_r:vendor_sysfs_bond0:s0
-
-genfscon sysfs /firmware/devicetree/base/cpus u:object_r:sysfs_devices_system_cpu:s0
-
-genfscon sysfs /bus/spmi/devices u:object_r:vendor_sysfs_spmi_dev:s0
-
-genfscon sysfs /power/mem_sleep u:object_r:vendor_sysfs_suspend:s0
-genfscon sysfs /kernel/boot_adsp/ssr                                   u:object_r:vendor_sysfs_adsp_ssr:s0
-
-genfscon debugfs /kgsl/proc                           u:object_r:vendor_debugfs_kgsl:s0
-genfscon debugfs /clk/debug_suspend                   u:object_r:vendor_debugfs_clk:s0
-genfscon debugfs /wlan0                               u:object_r:vendor_debugfs_wlan:s0
-
-genfscon debugfs /rpm_stats                           u:object_r:vendor_debugfs_rpm:s0
-genfscon debugfs /rpm_master_stats                    u:object_r:vendor_debugfs_rpm:s0
-genfscon debugfs /ion                                 u:object_r:vendor_debugfs_ion:s0
-genfscon debugfs /ipc_logging                         u:object_r:vendor_debugfs_ipc:s0
-genfscon debugfs /system_stats                        u:object_r:vendor_debugfs_rpm:s0
-genfscon debugfs /tcpm/usbpd0                         u:object_r:vendor_debugfs_usb:s0
-genfscon debugfs /pd_engine/usbpd0                    u:object_r:vendor_debugfs_usb:s0
-genfscon debugfs /ipc_logging/smblib/log              u:object_r:vendor_debugfs_usb:s0
-genfscon debugfs /msm_ipc_router                      u:object_r:vendor_debugfs_ipc:s0
-genfscon debugfs /mdp                                 u:object_r:vendor_debugfs_mdp:s0
-genfscon debugfs /rmt_storage                         u:object_r:vendor_debugfs_rmt_storage:s0
-genfscon debugfs /icnss                               u:object_r:vendor_debugfs_icnss:s0

generic/vendor/common/hal_alarm_qti_default.te

@@ -1,36 +0,0 @@
-# Copyright (c) 2017, 2019 The Linux Foundation. All rights reserved.
-
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#    * Redistributions of source code must retain the above copyright
-#      notice, this list of conditions and the following disclaimer.
-#    * Redistributions in binary form must reproduce the above
-#      copyright notice, this list of conditions and the following
-#      disclaimer in the documentation and/or other materials provided
-#      with the distribution.
-#    * Neither the name of The Linux Foundation nor the names of its
-#      contributors may be used to endorse or promote products derived
-#      from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-type vendor_hal_alarm_qti_default, domain;
-
-hal_server_domain(vendor_hal_alarm_qti_default,  vendor_hal_alarm_qti)
-
-type vendor_hal_alarm_qti_default_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(vendor_hal_alarm_qti_default)
-
-allow vendor_hal_alarm_qti_default rtc_device:chr_file r_file_perms;

generic/vendor/common/hal_atfwd.te

@@ -1,30 +0,0 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-
-binder_call(vendor_atfwd, vendor_qtelephony);
-allow vendor_atfwd vendor_hal_atfwd_hwservice:hwservice_manager find;

generic/vendor/common/hal_audio_default.te

@@ -1,61 +0,0 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-userdebug_or_eng(`
-  allow hal_audio vendor_diag_device:chr_file rw_file_perms;
-  allow hal_audio_default debugfs:dir r_dir_perms;
-')
-
-hal_client_domain(hal_audio_default, vendor_hal_perf)
-hal_client_domain(hal_audio_default, hal_power)
-
-# read-only permission to obtain the calibration data
-r_dir_file(hal_audio_default, vendor_persist_audio_file);
-allow hal_audio_default mnt_vendor_file:dir search;
-
-#Allow access to firmware
-allow hal_audio firmware_file:dir r_dir_perms;
-allow hal_audio firmware_file:file r_file_perms;
-
-# Allow hal_audio to read soundcard state under /proc/asound
-allow hal_audio vendor_proc_audiod:file r_file_perms;
-
-allow hal_audio_default vendor_audio_data_file:dir rw_dir_perms;
-allow hal_audio_default vendor_audio_data_file:file create_file_perms;
-
-#Allow hal audio to use Binder IPC
-vndbinder_use(hal_audio)
-
-#allow acess to wcd_cpe
-allow hal_audio vendor_sysfs_audio:file rw_file_perms;
-allow hal_audio vendor_sysfs_audio:dir r_dir_perms ;
-
-# audio properties
-get_prop(hal_audio, vendor_audio_prop)
-
-#to read bluetooth prop
-get_prop(hal_audio, vendor_bluetooth_prop)

generic/vendor/common/hal_bluetooth_default.te

@@ -1,61 +0,0 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-allow hal_bluetooth_default vendor_bt_device:chr_file rw_file_perms;
-
-# talk to system_server to set priority
-allow hal_bluetooth fwk_scheduler_hwservice:hwservice_manager find;
-allow hal_bluetooth system_server:binder call;
-
-# bluetooth properties
-set_prop(hal_bluetooth, vendor_bluetooth_prop)
-
-#For bluetooth firmware
-r_dir_file(hal_bluetooth_default, bt_firmware_file)
-
-allow hal_bluetooth_default vendor_persist_bluetooth_file:dir rw_dir_perms;
-allow hal_bluetooth_default vendor_persist_bluetooth_file:file create_file_perms;
-#For QMI socket
-allow hal_bluetooth_default self:{ qipcrtr_socket } create_socket_perms_no_ioctl;
-
-userdebug_or_eng(`
-diag_use(hal_bluetooth)
-allow hal_bluetooth_default vendor_ramdump_vendor_data_file:file create_file_perms;
-allow hal_bluetooth_default vendor_ramdump_vendor_data_file:dir create_dir_perms;
-
-allow hal_bluetooth_default proc_sysrq:file rw_file_perms;
-
-allow hal_bluetooth_default vendor_debugfs_ipc:file rw_file_perms;
-allow hal_bluetooth_default vendor_debugfs_ipc:dir  rw_dir_perms;
-allow hal_bluetooth_default vendor_bt_data_file:dir ra_dir_perms;
-allow hal_bluetooth_default vendor_bt_data_file:file create_file_perms;
-allow hal_bluetooth_default self:{ socket } create_socket_perms_no_ioctl;
-')
-
-r_dir_file(hal_bluetooth_default, mnt_vendor_file)
-
-# Access lbsoc_helper to bluetooth
-use_libsoc_helper(hal_bluetooth_default)

generic/vendor/common/hal_bootctl.te

@@ -1,75 +0,0 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-# These are the permissions required to use the boot_control HAL implemented
-# here: hardware/qcom/bootctrl/boot_control.c
-
-# Getting and setting GPT attributes for the bootloader iterates over all the
-# partition names in the block_device directory /dev/block/.../by-name
-allow hal_bootctl block_device:dir r_dir_perms;
-
-#Opening /dev directory from bootctl to query /dev/ufs-bsg* filename
-allow hal_bootctl device:dir r_dir_perms;
-# Edit the attributes stored in the GPT.
-allow hal_bootctl vendor_gpt_block_device:blk_file rw_file_perms;
-allow hal_bootctl root_block_device:blk_file rw_file_perms;
-
-# Allow boot_control_hal to get attributes on all the A/B partitions.
-allow hal_bootctl boot_block_device:blk_file rw_file_perms;
-allow hal_bootctl vendor_ab_block_device:blk_file getattr;
-allow hal_bootctl vendor_xbl_block_device:blk_file getattr;
-allow hal_bootctl vendor_modem_block_device:blk_file getattr;
-allow hal_bootctl system_block_device:blk_file getattr;
-allow hal_bootctl vendor_custom_ab_block_device:blk_file getattr;
-allow hal_bootctl vendor_ab_block_device:blk_file getattr;
-allow hal_bootctl recovery_block_device:blk_file getattr;
-allow hal_bootctl vendor_mdtp_device:blk_file getattr;
-allow hal_bootctl_server misc_block_device:blk_file rw_file_perms;
-
-# Access /dev/sgN or /dev/ufs-bsg* devices (generic SCSI) to write the
-# A/B slot selection for the XBL partition. Allow also to issue a
-# UFS_IOCTL_QUERY or SG_IO ioctl.
-allow hal_bootctl vendor_sg_device:chr_file rw_file_perms;
-allow hal_bootctl vendor_bsg_device:chr_file rw_file_perms;
-
-# The sys_rawio denial message is benign, and shows up due to a capability()
-# call made by the scsi driver to check for CAP_SYS_RAWIO. Not having this
-# does not result in a error
-dontaudit hal_bootctl self:capability sys_rawio;
-
-
-#scsi driver does a capability check (CAP_SYS_RAWIO) when bootctl does
-# an ioctl to /dev/ufs-bsg .Adding this rule to avoid ioctl error.
-allow hal_bootctl_server self:capability { sys_rawio };
-# Read the sysfs to lookup what /dev/sgN device
-# corresponds to the XBL partitions.
-allow hal_bootctl vendor_sysfs_scsi_target:dir r_dir_perms;
-
-# Write to the XBL devices.
-allow hal_bootctl vendor_xbl_block_device:blk_file rw_file_perms;
-
-# Read dir permission for dt_firmware
-allow hal_bootctl sysfs_dt_firmware_android:dir r_dir_perms;

generic/vendor/common/hal_camera.te

@@ -1,70 +0,0 @@
-# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-# This is needed to get priority for Camera process
-allow hal_camera self:capability sys_nice;
-
-# This is mandatory to open Camera Service
-hal_client_domain(hal_camera_default, hal_graphics_allocator)
-
-# This is needed to get performance boost
-hal_client_domain(hal_camera_default, vendor_hal_perf)
-
-set_prop(hal_camera, vendor_camera_prop)
-
-# ignore spurious denial
-dontaudit hal_camera graphics_device:dir search;
-
-allow hal_camera vendor_camera_data_file:dir rw_dir_perms;
-allow hal_camera vendor_camera_data_file:file create_file_perms;
-unix_socket_connect(hal_camera, vendor_thermal, vendor_thermal-engine)
-
-userdebug_or_eng(`
-  allow hal_camera vendor_diag_device:chr_file rw_file_perms;
-')
-
-# access hexagon
-allow hal_camera vendor_qdsp_device:chr_file r_file_perms;
-
-#Allow camera to access synx device
-allow hal_camera vendor_synx_device:chr_file rw_file_perms;
-
-#needed for full_treble
-hal_client_domain(hal_camera_default, hal_graphics_composer)
-
-r_dir_file(hal_camera_default, vendor_sysfs_graphics)
-
-#allow camera to access /dsp
-r_dir_file(hal_camera, adsprpcd_file);
-#allow camera to access adsprpc_prop
-get_prop(hal_camera, vendor_adsprpc_prop)
-
-# This is needed to access GPU
-allow hal_camera_default gpu_device:chr_file rw_file_perms;
-
-# Postproc Service
-hal_attribute_hwservice(hal_camera, vendor_hal_camera_postproc_hwservice);

generic/vendor/common/hal_contexthub.te

@@ -1,29 +0,0 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
-
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#    * Redistributions of source code must retain the above copyright
-#      notice, this list of conditions and the following disclaimer.
-#    * Redistributions in binary form must reproduce the above
-#      copyright notice, this list of conditions and the following
-#      disclaimer in the documentation and/or other materials provided
-#      with the distribution.
-#    * Neither the name of The Linux Foundation nor the names of its
-#      contributors may be used to endorse or promote products derived
-#      from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-# Allow context hub HAL to communicate with daemon via socket
-unix_socket_connect(hal_contexthub, vendor_chre, vendor_chre)

generic/vendor/common/hal_display_color.te

@@ -1,56 +0,0 @@
-# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
-
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#    * Redistributions of source code must retain the above copyright
-#      notice, this list of conditions and the following disclaimer.
-#    * Redistributions in binary form must reproduce the above
-#      copyright notice, this list of conditions and the following
-#      disclaimer in the documentation and/or other materials provided
-#      with the distribution.
-#    * Neither the name of The Linux Foundation nor the names of its
-#      contributors may be used to endorse or promote products derived
-#      from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-# Define domain
-type vendor_hal_display_color_default, domain;
-hal_server_domain(vendor_hal_display_color_default, vendor_hal_display_color)
-type vendor_hal_display_color_default_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(vendor_hal_display_color_default)
-
-# Allow hwbinder call from hal client to server
-binder_call(vendor_hal_display_color_client, vendor_hal_display_color_server)
-binder_call(platform_app, vendor_hal_display_color_server)
-
-# Add hwservice related rules
-add_hwservice(vendor_hal_display_color_server, vendor_hal_display_color_hwservice)
-allow vendor_hal_display_color_client vendor_hal_display_color_hwservice:hwservice_manager find;
-allow platform_app vendor_hal_display_color_hwservice:hwservice_manager find;
-
-# Rule for display color to access graphics composer process
-unix_socket_connect(vendor_hal_display_color, vendor_pps, hal_graphics_composer_default);
-
-# Rule for vndbinder usage
-allow vendor_hal_display_color vendor_qdisplay_service:service_manager find;
-vndbinder_use(vendor_hal_display_color);
-binder_call(vendor_hal_display_color, hal_graphics_composer)
-
-#Add rules for postproc hal
-add_hwservice(vendor_hal_display_color_server, vendor_hal_display_postproc_hwservice)
-allow vendor_hal_display_postproc_client vendor_hal_display_postproc_hwservice:hwservice_manager find;
-
-# Set vendor_qdcmss property
-set_prop(vendor_hal_display_color, vendor_qdcmss_prop);

generic/vendor/common/hal_drm_default.te

@@ -1,27 +0,0 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-allow hal_drm_default vndbinder_device:chr_file rw_file_perms;

generic/vendor/common/hal_drm_widevine.te

@@ -1,49 +0,0 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
-
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#    * Redistributions of source code must retain the above copyright
-#      notice, this list of conditions and the following disclaimer.
-#    * Redistributions in binary form must reproduce the above
-#      copyright notice, this list of conditions and the following
-#      disclaimer in the documentation and/or other materials provided
-#      with the distribution.
-#    * Neither the name of The Linux Foundation nor the names of its
-#      contributors may be used to endorse or promote products derived
-#      from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-# define SELinux domain
-type vendor_hal_drm_widevine, domain;
-hal_server_domain(vendor_hal_drm_widevine, hal_drm)
-
-type vendor_hal_drm_widevine_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(vendor_hal_drm_widevine)
-
-allow vendor_hal_drm_widevine mediacodec:fd use;
-allow vendor_hal_drm_widevine { appdomain -isolated_app }:fd use;
-allow vendor_hal_drm_widevine vendor_qce_device:chr_file rw_file_perms;
-
-#Allow access to smcinvoke device
-allow vendor_hal_drm_widevine vendor_smcinvoke_device:chr_file rw_file_perms;
-
-# The QTI DRM-HAL implementation uses a vendor-binder service provided
-# by the HWC HAL.
-vndbinder_use(vendor_hal_drm_widevine);
-allow vendor_hal_drm_widevine vendor_qdisplay_service:service_manager { find };
-#binder_call(vendor_hal_drm_widevine, hal_graphics_composer)
-hal_client_domain(vendor_hal_drm_widevine, hal_graphics_composer);
-allow vendor_hal_drm_widevine vendor_mediadrm_vendor_data_file:dir create_dir_perms;
-allow vendor_hal_drm_widevine vendor_mediadrm_vendor_data_file:file create_file_perms;

generic/vendor/common/hal_gatekeeper_qti.te

@@ -1,35 +0,0 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-type vendor_hal_gatekeeper_qti, domain;
-hal_server_domain(vendor_hal_gatekeeper_qti, hal_gatekeeper)
-
-type vendor_hal_gatekeeper_qti_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(vendor_hal_gatekeeper_qti)
-
-dontaudit vendor_hal_gatekeeper_qti firmware_file:dir search;
-
-get_prop(vendor_hal_gatekeeper_qti, vendor_tee_listener_prop)

generic/vendor/common/hal_gnss_qti.te

@@ -1,64 +0,0 @@
-# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-# generic/vendor_hal_gnss_qti.te - generic sepolicy rules for vendor_location hidl
-
-type vendor_hal_gnss_qti, domain;
-hal_server_domain(vendor_hal_gnss_qti, hal_gnss)
-
-type vendor_hal_gnss_qti_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(vendor_hal_gnss_qti)
-
-# vendor binder
-use_vendor_per_mgr(vendor_hal_gnss_qti)
-
-# /data/vendor/vendor_location
-allow vendor_hal_gnss_qti vendor_location_data_file:fifo_file { open read setattr write };
-allow vendor_hal_gnss_qti vendor_location_data_file:dir create_dir_perms;
-allow vendor_hal_gnss_qti vendor_location_data_file:file create_file_perms;
-
-# /dev/socket/vendor_location
-allow vendor_hal_gnss_qti vendor_location_socket:sock_file create_file_perms;
-allow vendor_hal_gnss_qti vendor_location_socket:dir rw_dir_perms;
-allow vendor_hal_gnss_qti vendor_location:unix_stream_socket connectto;
-allow vendor_hal_gnss_qti vendor_location:unix_dgram_socket sendto;
-
-# Allow Gnss HAL to get updates from health hal
-hal_client_domain(vendor_hal_gnss_qti, hal_health)
-
-# Most HALs are not allowed to use network sockets. QTI library
-# libqdi is used across multiple processes which are clients of
-# netmgrd including the GNSS HAL. libqdi first attempts to get the network
-# interface using an IOCTL on a UDP INET socket, which isn't allowed here.
-# If that fails, it falls back to using libc's if_nameindex() which requires
-# a netlink route socket, which HALs may use. Due to the initial
-# attempt to use a UDP socket, we still see a selinux denial,
-# but it is safe to ignore.
-# TODO (b/37730994) Remove udp_socket requirement from
-# libqdi and have all its clients use netlink route
-# sockets.
-dontaudit vendor_hal_gnss_qti self:udp_socket create;

generic/vendor/common/hal_graphics_composer_default.te

@@ -1,91 +0,0 @@
-# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-# Binder access (for display.qservice)
-vndbinder_use(hal_graphics_composer_default)
-hal_client_domain(hal_graphics_composer_default, hal_graphics_allocator);
-allow hal_graphics_composer_default vendor_qdisplay_service:service_manager { add find };
-
-allow hal_graphics_composer_default vendor_persist_display_file:dir search;
-allow hal_graphics_composer_default vendor_persist_display_file:file r_file_perms;
-
-# Allow reading/writing to '/mnt/vendor/persist/display/*'
-allow hal_graphics_composer_default vendor_persist_display_file:dir rw_dir_perms;
-allow hal_graphics_composer_default vendor_persist_display_file:file create_file_perms;
-
-allow hal_graphics_composer vendor_sysfs_graphics:dir r_dir_perms;
-allow hal_graphics_composer vendor_sysfs_graphics:file rw_file_perms;
-allow hal_graphics_composer_default mnt_vendor_file:dir search;
-
-allow hal_graphics_composer oemfs:dir r_dir_perms;
-
-get_prop(hal_graphics_composer, vendor_display_prop)
-
-allow hal_graphics_composer_default hal_graphics_mapper_hwservice:hwservice_manager find;
-
-r_dir_file(hal_graphics_composer_default, sysfs_leds)
-
-# TODO(b/37666508): Remove the following line upon resolution of the bug
-allow hal_graphics_composer_default video_device:chr_file rw_file_perms;
-allow hal_graphics_composer_default graphics_device:chr_file rw_file_perms;
-
-# HWC_UeventThread
-allow hal_graphics_composer_default self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
-
-# Allow ion_device read/write permission
-allow hal_graphics_composer_default ion_device:chr_file rw_file_perms;
-
-# Access /sys/devices/virtual/graphics/fb0
-r_dir_file(hal_graphics_composer_default, sysfs_type)
-
-# Allow reading/writing to '/data/vendor/display/*'
-allow hal_graphics_composer_default vendor_display_vendor_data_file:dir create_dir_perms;
-allow hal_graphics_composer_default vendor_display_vendor_data_file:file create_file_perms;
-
-userdebug_or_eng(`
-        allow hal_graphics_composer_default vendor_debugfs_mdp:dir r_dir_perms;
-        allow hal_graphics_composer_default vendor_debugfs_mdp:file r_file_perms;
-')
-
-userdebug_or_eng(`
-    # Allow read to /sys/kernel/debug/*
-    allow hal_graphics_composer vendor_qti_display_debugfs:dir r_dir_perms;
-    allow hal_graphics_composer vendor_qti_display_debugfs:file r_file_perms;
-    allow hal_graphics_composer_default vendor_qti_display_debugfs:dir r_dir_perms;
-    allow hal_graphics_composer_default vendor_qti_display_debugfs:file r_file_perms;
-')
-
-# Allow sensor service access
-allow hal_graphics_composer fwk_sensor_hwservice:hwservice_manager find;
-binder_call(hal_graphics_composer, system_server)
-
-# allow composer to register display config
-add_hwservice(hal_graphics_composer_server, vendor_hal_display_config_hwservice);
-# allow composer client to find display config service.
-allow hal_graphics_composer_client vendor_hal_display_config_hwservice:hwservice_manager find;
-
-# Allow qdcmss socket access
-unix_socket_connect(hal_graphics_composer_default, vendor_qdcmsocket, vendor_qdcm-ss)

generic/vendor/common/hal_health.te

@@ -1,36 +0,0 @@
-# Copyright (c) 2017-2018, The Linux Foundation. All rights reserved.
-
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#    * Redistributions of source code must retain the above copyright
-#      notice, this list of conditions and the following disclaimer.
-#    * Redistributions in binary form must reproduce the above
-#      copyright notice, this list of conditions and the following
-#      disclaimer in the documentation and/or other materials provided
-#      with the distribution.
-#    * Neither the name of The Linux Foundation nor the names of its
-#      contributors may be used to endorse or promote products derived
-#      from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-r_dir_file(hal_health, vendor_sysfs_battery_supply);
-r_dir_file(hal_health, vendor_sysfs_usb_supply);
-
-allow hal_health hal_health_default:dir search;
-
-allow hal_health {
-    vendor_sysfs_battery_supply
-    vendor_sysfs_usb_supply
-}:file rw_file_perms;

generic/vendor/common/hal_imsrtp.te

@@ -1,52 +0,0 @@
-# Copyright (c) 2018,2020 The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#vendor_ims rtp service
-type vendor_hal_imsrtp, domain;
-type vendor_hal_imsrtp_exec, exec_type, vendor_file_type, file_type;
-
-# Started by init
-init_daemon_domain(vendor_hal_imsrtp)
-net_domain(vendor_hal_imsrtp)
-
-hwbinder_use(vendor_hal_imsrtp)
-get_prop(vendor_hal_imsrtp, hwservicemanager_prop)
-add_hwservice(vendor_hal_imsrtp, vendor_hal_imsrtp_hwservice)
-
-allow vendor_hal_imsrtp self: qipcrtr_socket  create_socket_perms_no_ioctl;
-unix_socket_connect(vendor_hal_imsrtp, vendor_ims, vendor_ims)
-
-allow vendor_hal_imsrtp vendor_sysfs_timestamp_switch:file r_file_perms;
-
-allow vendor_hal_imsrtp self:capability net_bind_service;
-
-allow vendor_hal_imsrtp vendor_sysfs_timestamp_switch:file r_file_perms;
-allow vendor_hal_imsrtp ion_device:chr_file r_file_perms;
-allow vendor_hal_imsrtp vendor_sysfs_data:file r_file_perms;
-r_dir_file(vendor_hal_imsrtp, vendor_sysfs_diag)
-
-get_prop(vendor_hal_imsrtp, vendor_ims_prop)
-binder_call(vendor_hal_imsrtp, vendor_qtelephony)

generic/vendor/common/hal_neuralnetworks.te

@@ -1,47 +0,0 @@
-# Copyright (c) 2019, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-type vendor_hal_neuralnetworks_default, domain;
-hal_server_domain(vendor_hal_neuralnetworks_default, hal_neuralnetworks)
-hal_client_domain(vendor_hal_neuralnetworks_default, hal_graphics_allocator)
-
-type vendor_hal_neuralnetworks_default_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(vendor_hal_neuralnetworks_default)
-
-allow vendor_hal_neuralnetworks_default fwk_sensor_hwservice:hwservice_manager find;
-allow vendor_hal_neuralnetworks_default vendor_qdsp_device:chr_file r_file_perms;
-allow vendor_hal_neuralnetworks_default vendor_xdsp_device:chr_file r_file_perms;
-allow vendor_hal_neuralnetworks_default ion_device:chr_file r_file_perms;
-
-allow vendor_hal_neuralnetworks_default app_data_file:file { read getattr map };
-allow vendor_hal_neuralnetworks_default shell_data_file:file { read getattr map };
-allow vendor_hal_neuralnetworks_default vendor_hal_neuralnetworks_data_file:dir create_dir_perms;
-allow vendor_hal_neuralnetworks_default vendor_hal_neuralnetworks_data_file:{ file fifo_file } create_file_perms;
-allow vendor_hal_neuralnetworks_default gpu_device:chr_file rw_file_perms;
-allow vendor_hal_neuralnetworks_default vendor_npu_device:chr_file r_file_perms;
-
-r_dir_file(vendor_hal_neuralnetworks_default, adsprpcd_file)

generic/vendor/common/hal_qdutils_disp_qti.te

@@ -1,42 +0,0 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-type vendor_hal_qdutils_disp_qti, domain;
-hal_server_domain(vendor_hal_qdutils_disp_qti, vendor_hal_qdutils_disp)
-
-type vendor_hal_qdutils_disp_qti_exec, exec_type, file_type, vendor_file_type;
-init_daemon_domain(vendor_hal_qdutils_disp_qti)
-
-binder_call(vendor_hal_qdutils_disp_client, vendor_hal_qdutils_disp_server)
-binder_call(vendor_hal_qdutils_disp_server, vendor_hal_qdutils_disp_client)
-
-add_hwservice(vendor_hal_qdutils_disp_server, vendor_hal_qdutils_disp_hwservice)
-allow vendor_hal_qdutils_disp_client vendor_hal_qdutils_disp_hwservice:hwservice_manager find;
-vndbinder_use(vendor_hal_qdutils_disp_qti);
-allow vendor_hal_qdutils_disp_qti vendor_qdisplay_service:service_manager find;
-#hal_client_domain(vendor_hal_qdutils_disp_qti, hal_display_config);
-hal_client_domain(vendor_hal_qdutils_disp_qti, hal_graphics_composer);

generic/vendor/common/hal_rcsservice.te

@@ -1,71 +0,0 @@
-# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-type vendor_hal_rcsservice, domain;
-type vendor_hal_rcsservice_exec, exec_type, vendor_file_type, file_type;
-
-# Started by init
-init_daemon_domain(vendor_hal_rcsservice)
-net_domain(vendor_hal_rcsservice)
-
-
-get_prop(vendor_hal_rcsservice, vendor_ims_prop)
-set_prop(vendor_hal_rcsservice, vendor_ims_prop)
-
-# To register imsrcsd to hwBinder
-hwbinder_use(vendor_hal_rcsservice)
-# add IUceSerive and IService to Hidl interface
-add_hwservice(vendor_hal_rcsservice, vendor_hal_imsrcsd_hwservice)
-add_hwservice(vendor_hal_rcsservice, vendor_hal_imscallinfo_hwservice)
-#add imsfactory to HIDl interface
-add_hwservice(vendor_hal_rcsservice, vendor_hal_imsfactory_hwservice)
-
-get_prop(vendor_hal_rcsservice, hwservicemanager_prop)
-
-allow vendor_hal_rcsservice vendor_sysfs_timestamp_switch:file r_file_perms;
-allow vendor_hal_rcsservice vendor_sysfs_data:file r_file_perms;
-allow vendor_hal_rcsservice self: { socket qipcrtr_socket } create_socket_perms_no_ioctl;
-#required for socket creation
-unix_socket_connect(vendor_hal_rcsservice, vendor_ims, vendor_ims)
-
-# imsrcsd to bind with UceShimService.apk
-binder_call(vendor_hal_rcsservice, vendor_dataservice_app)
-
-# imsrcsd needs read/write access to devpts
-allow vendor_hal_rcsservice devpts:chr_file rw_file_perms;
-
-# allow imsrcsd capabilities
-wakelock_use(vendor_hal_rcsservice)
-allow vendor_hal_rcsservice self:capability net_bind_service;
-allow vendor_hal_rcsservice self:capability2 wake_alarm;
-
-#diag
-userdebug_or_eng(`
-  diag_use(vendor_hal_rcsservice)
-  binder_call(vendor_hal_rcsservice, radio)
-')
-
-set_prop(vendor_hal_rcsservice, vendor_ctl_vendor_imsrcsservice_prop)

generic/vendor/common/hal_sensors_default.te

@@ -1,65 +0,0 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-# read factory calibration and sensor configuration data
-allow hal_sensors_default mnt_vendor_file:dir search;
-r_dir_file(hal_sensors_default, vendor_persist_sensors_file)
-get_prop(hal_sensors_default, vendor_sensors_prop)
-
-# Access to tests from userdebug/eng builds
-userdebug_or_eng(`
-  diag_use(hal_sensors_default)
-  get_prop(hal_sensors_default, vendor_sensors_dbg_prop)
-  allow hal_sensors_default vendor_sysfs_timestamp_switch:file r_file_perms;
-')
-
-allow hal_sensors_default vendor_qdsp_device:chr_file r_file_perms;
-allow hal_sensors_default vendor_xdsp_device:chr_file r_file_perms;
-
-allow hal_sensors vendor_sysfs_data:file r_file_perms;
-allow hal_sensors vendor_sysfs_sensors:dir r_dir_perms;
-allow hal_sensors vendor_sysfs_sensors:file rw_file_perms;
-allow hal_sensors vendor_sysfs_sensors:lnk_file read;
-
-#following to set the ssr
-allow hal_sensors_default vendor_sysfs_slpi:dir search;
-allow hal_sensors_default vendor_sysfs_slpi:file w_file_perms;
-allow hal_sensors_default vendor_sysfs_adsp_ssr:file w_file_perms;
-
-allow hal_sensors_default vendor_persist_sensors_file:dir rw_dir_perms;
-allow hal_sensors_default vendor_persist_sensors_file:file create_file_perms;
-allow hal_sensors_default mnt_vendor_file:dir rw_dir_perms;
-allow hal_sensors_default mnt_vendor_file:file create_file_perms;
-
-#interact with the sensors low power island (SLPI) CPU
-allow hal_sensors_default self:{ socket qipcrtr_socket } create_socket_perms;
-allowxperm hal_sensors_default self:{ socket qipcrtr_socket } ioctl msm_sock_ipc_ioctls;
-
-allow hal_sensors_default system_server:fd use;
-hal_client_domain(hal_sensors_default, hal_graphics_allocator)
-
-# allow to read adsprpc related properties
-get_prop(hal_sensors_default, vendor_adsprpc_prop)

generic/vendor/common/hal_telephony.te

@@ -1,28 +0,0 @@
-#Copyright (c) 2018, The Linux Foundation. All rights reserved.
-#
-#Redistribution and use in source and binary forms, with or without
-#modification, are permitted provided that the following conditions are
-#met:
-#    * Redistributions of source code must retain the above copyright
-#      notice, this list of conditions and the following disclaimer.
-#    * Redistributions in binary form must reproduce the above
-#      copyright notice, this list of conditions and the following
-#      disclaimer in the documentation and/or other materials provided
-#      with the distribution.
-#    * Neither the name of The Linux Foundation nor the names of its
-#      contributors may be used to endorse or promote products derived
-#      from this software without specific prior written permission.
-#
-#THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-#WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-#MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-#ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-#BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-#CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-#SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-#BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-#WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-#IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-set_prop(hal_telephony_server, vendor_radio_prop);

generic/vendor/common/hal_tetheroffload_default.te

@@ -1,40 +0,0 @@
-# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
-
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#    * Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-# copyright notice, this list of conditions and the following
-# disclaimer in the documentation and/or other materials provided
-# with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-# contributors may be used to endorse or promote products derived
-# from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-allow hal_tetheroffload_default vendor_ipa_dev:chr_file rw_file_perms;
-allow hal_tetheroffload_default vendor_ipacm_socket:sock_file w_file_perms;
-
-allow hal_tetheroffload_default vendor_ipa_vendor_data_file:dir w_dir_perms;
-allow hal_tetheroffload_default vendor_ipa_vendor_data_file:file create_file_perms;
-
-#add_hwservice(hal_tetheroffload_default, hal_tetheroffload_hwservice)
-
-#diag
-userdebug_or_eng(`
-    r_dir_file(hal_tetheroffload_default, vendor_sysfs_diag)
-    allow hal_tetheroffload_default vendor_sysfs_timestamp_switch:file r_file_perms;
-')

generic/vendor/common/hal_thermal_default.te

@@ -1,28 +0,0 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-allow hal_thermal_default sysfs_thermal:lnk_file read;
-allow hal_thermal_default proc_stat:file { getattr open read };

generic/vendor/common/hal_trustedui_qti.te

@@ -1,51 +0,0 @@
-# Copyright (c) 2019, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-type vendor_hal_trustedui_qti, domain;
-hal_server_domain(vendor_hal_trustedui_qti, vendor_hal_trustedui)
-
-type vendor_hal_trustedui_qti_exec, exec_type, file_type, vendor_file_type;
-init_daemon_domain(vendor_hal_trustedui_qti)
-
-binder_call(vendor_hal_trustedui_client, vendor_hal_trustedui_server)
-binder_call(vendor_hal_trustedui_server, vendor_hal_trustedui_client)
-
-hal_attribute_hwservice(vendor_hal_trustedui, vendor_hal_trustedui_hwservice)
-
-hal_client_domain(vendor_hal_trustedui_qti, hal_graphics_allocator);
-hal_client_domain(vendor_hal_trustedui_qti, hal_graphics_composer);
-hal_client_domain(vendor_hal_trustedui_qti, vendor_hal_systemhelper);
-
-allow vendor_hal_trustedui_qti vendor_sysfs_sectouch:file rw_file_perms;
-allow vendor_hal_trustedui_qti vendor_tui_data_file:file rw_file_perms;
-allow vendor_hal_trustedui_qti vendor_tui_data_file:dir r_dir_perms;
-
-allow vendor_hal_trustedui_qti ion_device:chr_file r_file_perms;
-allow vendor_hal_trustedui_qti surfaceflinger:fd use;
-
-allow vendor_hal_trustedui_qti tee_device:chr_file rw_file_perms;
-binder_call(vendor_hal_trustedui_qti, vendor_systemhelper_app)

generic/vendor/common/hal_tui_comm_qti.te

@@ -1,39 +0,0 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-type vendor_hal_tui_comm_qti, domain;
-hal_server_domain(vendor_hal_tui_comm_qti, vendor_hal_tui_comm)
-
-type vendor_hal_tui_comm_qti_exec, exec_type, file_type, vendor_file_type;
-init_daemon_domain(vendor_hal_tui_comm_qti)
-
-binder_call(vendor_hal_tui_comm_client, vendor_hal_tui_comm_server)
-binder_call(vendor_hal_tui_comm_server, vendor_hal_tui_comm_client)
-
-add_hwservice(vendor_hal_tui_comm_server, vendor_hal_tui_comm_hwservice)
-allow vendor_hal_tui_comm_client vendor_hal_tui_comm_hwservice:hwservice_manager find;
-hal_client_domain(vendor_hal_tui_comm_qti, hal_graphics_allocator);

generic/vendor/common/hal_usb_default.te

@@ -1,31 +0,0 @@
-# Copyright (c) 2017, 2019 The Linux Foundation. All rights reserved.
-
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#    * Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-# copyright notice, this list of conditions and the following
-# disclaimer in the documentation and/or other materials provided
-# with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-# contributors may be used to endorse or promote products derived
-# from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-allow hal_usb_default vendor_sysfs_usbpd_device:dir r_dir_perms;
-allow hal_usb_default vendor_sysfs_usbpd_device:lnk_file r_file_perms;
-allow hal_usb_default vendor_sysfs_usbpd_device:file rw_file_perms;
-r_dir_file(hal_usb_default, vendor_sysfs_usb_supply);

generic/vendor/common/hal_vibrator_default.te

@@ -1,32 +0,0 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-r_dir_file(hal_vibrator_default, sysfs_leds)
-allow hal_vibrator_default sysfs_leds:file rw_file_perms;
-
-# read-only permission to obtain the calibration data
-r_dir_file(hal_vibrator_default, vendor_persist_haptics_file)
-allow hal_vibrator_default mnt_vendor_file:dir search;

generic/vendor/common/hal_wifi.te

@@ -1,53 +0,0 @@
-#Copyright (c) 2017, The Linux Foundation. All rights reserved.
-#
-#Redistribution and use in source and binary forms, with or without
-#modification, are permitted provided that the following conditions are
-#met:
-#    * Redistributions of source code must retain the above copyright
-#      notice, this list of conditions and the following disclaimer.
-#    * Redistributions in binary form must reproduce the above
-#      copyright notice, this list of conditions and the following
-#      disclaimer in the documentation and/or other materials provided
-#      with the distribution.
-#    * Neither the name of The Linux Foundation nor the names of its
-#      contributors may be used to endorse or promote products derived
-#      from this software without specific prior written permission.
-#
-#THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-#WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-#MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-#ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-#BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-#CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-#SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-#BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-#WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-#IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-#
-
-# allow hal_wifi to write into /proc/debugdriver/driverdump
-r_dir_file(hal_wifi_default, vendor_proc_wifi_dbg)
-
-# write to files owned by location daemon
-allow hal_wifi_default vendor_location_socket:dir search;
-allow hal_wifi_default vendor_location:unix_dgram_socket sendto;
-
-# Connect to vendor_location via vendor_location socket.
-unix_socket_connect(hal_wifi, vendor_location, vendor_location)
-
-allow hal_wifi_default vendor_wifihal_socket:dir rw_dir_perms;
-allow hal_wifi_default vendor_wifihal_socket:sock_file create_file_perms;
-
-# Write wlan driver/fw version into property
-set_prop(hal_wifi_default, vendor_wifi_version)
-
-# allow hal_wifi to write into /proc/sys/net/ipv4
-allow hal_wifi proc_net:file write;
-
-# allow hal_wifi to write into /data/vendor/tombstones/wifi
-userdebug_or_eng(`
-  allow hal_wifi_server vendor_tombstone_data_file:dir rw_dir_perms;
-  allow hal_wifi_server vendor_tombstone_data_file:file create_file_perms;
-')

generic/vendor/common/hal_wifi_default.te

@@ -1,28 +0,0 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
-
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#    * Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-# copyright notice, this list of conditions and the following
-# disclaimer in the documentation and/or other materials provided
-# with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-# contributors may be used to endorse or promote products derived
-# from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-allow hal_wifi vendor_wlan_device:chr_file rw_file_perms;

generic/vendor/common/hal_wifi_hostapd.te

@@ -1,32 +0,0 @@
-#Copyright (c) 2017-2018, The Linux Foundation. All rights reserved.
-#
-#Redistribution and use in source and binary forms, with or without
-#modification, are permitted provided that the following conditions are
-#met:
-#    * Redistributions of source code must retain the above copyright
-#      notice, this list of conditions and the following disclaimer.
-#    * Redistributions in binary form must reproduce the above
-#      copyright notice, this list of conditions and the following
-#      disclaimer in the documentation and/or other materials provided
-#      with the distribution.
-#    * Neither the name of The Linux Foundation nor the names of its
-#      contributors may be used to endorse or promote products derived
-#      from this software without specific prior written permission.
-#
-#THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-#WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-#MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-#ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-#BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-#CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-#SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-#BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-#WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-#IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-#
-
-userdebug_or_eng(`
-allow hal_wifi_hostapd vendor_wifi_vendor_log_data_file:dir search;
-')

generic/vendor/common/hal_wifi_supplicant.te

@@ -1,43 +0,0 @@
-#Copyright (c) 2017-2020, The Linux Foundation. All rights reserved.
-#
-#Redistribution and use in source and binary forms, with or without
-#modification, are permitted provided that the following conditions are
-#met:
-#    * Redistributions of source code must retain the above copyright
-#      notice, this list of conditions and the following disclaimer.
-#    * Redistributions in binary form must reproduce the above
-#      copyright notice, this list of conditions and the following
-#      disclaimer in the documentation and/or other materials provided
-#      with the distribution.
-#    * Neither the name of The Linux Foundation nor the names of its
-#      contributors may be used to endorse or promote products derived
-#      from this software without specific prior written permission.
-#
-#THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-#WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-#MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-#ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-#BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-#CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-#SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-#BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-#WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-#IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-#
-
-# Allow access to create socket and ioctl.
-allow hal_wifi_supplicant_default self:socket create_socket_perms;
-# ioctlcmd=c304, c302
-allowxperm hal_wifi_supplicant_default self:socket ioctl msm_sock_ipc_ioctls;
-
-allow hal_wifi_supplicant_default wpa_data_file:dir create_dir_perms;
-allow hal_wifi_supplicant_default wpa_data_file:dir w_dir_perms;
-allow hal_wifi_supplicant_default wpa_data_file:file create_file_perms;
-# Permission for wpa socket which IMS use to communicate
-# # Allow wpa_supplicant to send back wifi information to cnd
-allow hal_wifi_supplicant_default { vendor_cnd vendor_ims vendor_mutualex}:unix_dgram_socket sendto;
-# # Allow wpa_supplicant to send back wifi information to vendor_location
-allow hal_wifi_supplicant_default vendor_location:unix_dgram_socket sendto;
-

generic/vendor/common/hbtp.te

@@ -1,83 +0,0 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-# Policies for vendor_hbtp (host based touch processing)
-type vendor_hbtp, domain;
-type vendor_hbtp_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(vendor_hbtp)
-hal_server_domain(vendor_hbtp, vendor_hal_hbtp)
-# Allow access for /dev/vendor_hbtp_input and /dev/jdi-bu21150
-allow vendor_hbtp { vendor_hbtp_device vendor_qdsp_device vendor_dsp_device vendor_bu21150_device vendor_xdsp_device }:chr_file rw_file_perms;
-
-allow vendor_hbtp vendor_hbtp_log_file:dir rw_dir_perms;
-allow vendor_hbtp vendor_hbtp_log_file:file create_file_perms;
-
-allow vendor_hbtp vendor_hbtp_cfg_file:dir r_dir_perms;
-allow vendor_hbtp vendor_hbtp_cfg_file:file r_file_perms;
-
-allow vendor_hbtp firmware_file:dir r_dir_perms;
-allow vendor_hbtp firmware_file:file r_file_perms;
-
-allow vendor_hbtp vendor_firmware_file:dir r_dir_perms;
-allow vendor_hbtp vendor_firmware_file:file r_file_perms;
-
-allow vendor_hbtp vendor_sysfs_usb_supply:file r_file_perms;
-allow vendor_hbtp vendor_sysfs_usb_supply:dir r_dir_perms;
-
-allow vendor_hbtp vendor_hbtp_kernel_sysfs:file rw_file_perms;
-
-allow vendor_hbtp vendor_sysfs_graphics:file r_file_perms;
-allow vendor_hbtp vendor_sysfs_graphics:dir r_dir_perms;
-
-allow vendor_hbtp vendor_sysfs_battery_supply:file r_file_perms;
-allow vendor_hbtp vendor_sysfs_battery_supply:dir r_dir_perms;
-
-allow vendor_hbtp ion_device:chr_file r_file_perms;
-
-allow vendor_hbtp self:netlink_kobject_uevent_socket { create read setopt bind };
-
-# Allow the service to access wakelock sysfs
-allow vendor_hbtp sysfs_wake_lock:file r_file_perms;
-
-# Allow the service to change to system from root
-allow vendor_hbtp self:capability { setgid setuid sys_nice };
-
-# Allow load touch driver as touchPD
-r_dir_file(vendor_hbtp, adsprpcd_file)
-#allow the service to read adsprpc_prop
-get_prop(vendor_hbtp, vendor_adsprpc_prop)
-
-# Allow the service to access wakelock capability
-wakelock_use(vendor_hbtp)
-
-# Allow hwbinder call from hal client to server and vice-versa
-binder_call(vendor_hal_hbtp_client, vendor_hal_hbtp_server)
-binder_call(vendor_hal_hbtp_server, vendor_hal_hbtp_client)
-
-# Allow hwservice related rules
-add_hwservice(vendor_hal_hbtp_server, vendor_hal_hbtp_hwservice)
-allow vendor_hal_hbtp_client vendor_hal_hbtp_hwservice:hwservice_manager find;
-hal_client_domain(vendor_hbtp, hal_allocator);

generic/vendor/common/healthd.te

@@ -1,35 +0,0 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-allow healthd self:capability2 wake_alarm;
-r_dir_file(healthd, vendor_sysfs_battery_supply)
-r_dir_file(healthd, vendor_sysfs_usb_supply)
-r_dir_file(healthd, sysfs_thermal);
-
-allow healthd {
-    vendor_sysfs_battery_supply
-    vendor_sysfs_usb_supply
-}:file rw_file_perms;

generic/vendor/common/hwservice.te

@@ -1,44 +0,0 @@
-# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-type vendor_hal_cne_hwservice, hwservice_manager_type, protected_hwservice;
-type vendor_hal_cacert_hwservice, hwservice_manager_type, protected_hwservice;
-type vendor_hal_dataconnection_hwservice, hwservice_manager_type, protected_hwservice;
-type vendor_hal_iwlan_hwservice, hwservice_manager_type, protected_hwservice;
-type vendor_hal_display_config_hwservice, hwservice_manager_type, protected_hwservice;
-type vendor_hal_imsrcsd_hwservice, hwservice_manager_type, protected_hwservice;
-type vendor_hal_imsrtp_hwservice, hwservice_manager_type, protected_hwservice;
-type vendor_hal_imscallinfo_hwservice, hwservice_manager_type, protected_hwservice;
-type vendor_hal_ipacm_hwservice, hwservice_manager_type, protected_hwservice;
-type vendor_hal_hbtp_hwservice, hwservice_manager_type, protected_hwservice;
-type vendor_hal_perf_hwservice, hwservice_manager_type, protected_hwservice;
-type vendor_hal_tui_comm_hwservice, hwservice_manager_type, protected_hwservice;
-type vendor_hal_qdutils_disp_hwservice, hwservice_manager_type, protected_hwservice;
-type vendor_hal_trustedui_hwservice, hwservice_manager_type, protected_hwservice;
-type vendor_hal_display_color_hwservice, hwservice_manager_type, protected_hwservice;
-type vendor_hal_display_postproc_hwservice, hwservice_manager_type, protected_hwservice;
-type vendor_hal_capabilityconfigstore_qti_hwservice, hwservice_manager_type, protected_hwservice;
-type vendor_hal_camera_postproc_hwservice, hwservice_manager_type, protected_hwservice;

generic/vendor/common/hwservice_contexts

@@ -1,64 +0,0 @@
-# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-com.qualcomm.qti.ant::IAntHci                                   u:object_r:hal_bluetooth_hwservice:s0
-com.dsi.ant::IAnt                                               u:object_r:hal_bluetooth_hwservice:s0
-vendor.qti.hardware.data.iwlan::IIWlan                          u:object_r:vendor_hal_iwlan_hwservice:s0
-com.qualcomm.qti.uceservice::IUceService                        u:object_r:vendor_hal_imsrcsd_hwservice:s0
-com.qualcomm.qti.imscmservice::IImsCmService                    u:object_r:vendor_hal_imsrcsd_hwservice:s0
-vendor.qti.ims.callinfo::IService                               u:object_r:vendor_hal_imscallinfo_hwservice:s0
-vendor.qti.imsrtpservice::IRTPService                          u:object_r:vendor_hal_imsrtp_hwservice:s0
-vendor.qti.data.factory::IFactory                               u:object_r:vendor_hal_datafactory_hwservice:s0
-vendor.qti.ims.factory::IImsFactory                             u:object_r:vendor_hal_imsfactory_hwservice:s0
-vendor.qti.hardware.data.connection::IDataConnection            u:object_r:vendor_hal_dataconnection_hwservice:s0
-vendor.qti.hardware.cacert::IService                            u:object_r:vendor_hal_cacert_hwservice:s0
-vendor.display.config::IDisplayConfig                           u:object_r:vendor_hal_display_config_hwservice:s0
-vendor.display.color::IDisplayColor                             u:object_r:vendor_hal_display_color_hwservice:s0
-vendor.display.postproc::IDisplayPostproc                       u:object_r:vendor_hal_display_postproc_hwservice:s0
-vendor.qti.hardware.data.iwlan::IIWlan                          u:object_r:vendor_hal_iwlan_hwservice:s0
-vendor.qti.hardware.capabilityconfigstore::ICapabilityConfigStore     u:object_r:vendor_hal_capabilityconfigstore_qti_hwservice:s0
-vendor.qti.hardware.improvetouch.touchcompanion::ITouchCompanion       u:object_r:vendor_hal_hbtp_hwservice:s0
-vendor.qti.hardware.improvetouch.gesturemanager::IGestureManager       u:object_r:vendor_hal_hbtp_hwservice:s0
-vendor.qti.hardware.improvetouch.blobmanager::IBlobManager             u:object_r:vendor_hal_hbtp_hwservice:s0
-vendor.qti.hardware.perf::IPerf                                 u:object_r:vendor_hal_perf_hwservice:s0
-vendor.qti.hardware.radio.atcmdfwd::IAtCmdFwd                   u:object_r:vendor_hal_atfwd_hwservice:s0
-vendor.qti.hardware.radio.qcrilhook::IQtiOemHook                u:object_r:hal_telephony_hwservice:s0
-vendor.qti.hardware.radio.am::IQcRilAudio                       u:object_r:hal_telephony_hwservice:s0
-vendor.qti.hardware.radio.internal.deviceinfo::IDeviceInfo      u:object_r:hal_telephony_hwservice:s0
-vendor.qti.hardware.radio.lpa::IUimLpa                          u:object_r:hal_telephony_hwservice:s0
-vendor.qti.hardware.radio.ims::IImsRadio                        u:object_r:hal_telephony_hwservice:s0
-vendor.qti.hardware.radio.uim::IUim                             u:object_r:hal_telephony_hwservice:s0
-vendor.qti.hardware.radio.uim_remote_client::IUimRemoteServiceClient u:object_r:hal_telephony_hwservice:s0
-vendor.qti.hardware.radio.uim_remote_server::IUimRemoteServiceServer u:object_r:hal_telephony_hwservice:s0
-vendor.qti.hardware.display.allocator::IQtiAllocator         u:object_r:hal_graphics_allocator_hwservice:s0
-vendor.qti.hardware.display.composer::IQtiComposer           u:object_r:hal_graphics_composer_hwservice:s0
-vendor.qti.hardware.tui_comm::ITuiComm                       u:object_r:vendor_hal_tui_comm_hwservice:s0
-vendor.qti.hardware.qdutils_disp::IQdutilsDisp               u:object_r:vendor_hal_qdutils_disp_hwservice:s0
-vendor.qti.hardware.trustedui::ITrustedUI                 u:object_r:vendor_hal_trustedui_hwservice:s0
-vendor.qti.hardware.trustedui::ITrustedInput              u:object_r:vendor_hal_trustedui_hwservice:s0
-android.hardware.media.c2::IConfigurable                     u:object_r:hal_codec2_hwservice:s0
-vendor.qti.hardware.display.mapper::IQtiMapper               u:object_r:hal_graphics_mapper_hwservice:s0
-vendor.qti.hardware.camera.postproc::IPostProcService        u:object_r:vendor_hal_camera_postproc_hwservice:s0

generic/vendor/common/ims.te

@@ -1,63 +0,0 @@
-# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-type vendor_ims, domain;
-type vendor_ims_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(vendor_ims)
-net_domain(vendor_ims)
-
-get_prop(vendor_ims, hwservicemanager_prop)
-set_prop(vendor_ims, vendor_ims_prop)
-get_prop(vendor_ims, vendor_ims_prop)
-get_prop(vendor_ims, vendor_cnd_prop)
-
-allow vendor_ims vendor_sysfs_timestamp_switch:file r_file_perms;
-allow vendor_ims vendor_sysfs_data:file r_file_perms;
-
-allow vendor_ims self:capability net_bind_service;
-
-allow vendor_ims ion_device:chr_file r_file_perms;
-
-unix_socket_connect(vendor_ims, vendor_cnd, vendor_cnd)
-
-allow vendor_ims self:socket create_socket_perms_no_ioctl;
-allow vendor_ims vendor_ims_socket:sock_file write;
-allow vendor_ims self:{ qipcrtr_socket } create_socket_perms_no_ioctl;
-allow vendor_ims self:{ netlink_generic_socket } create_socket_perms_no_ioctl;
-netmgr_socket(vendor_ims);
-allowxperm vendor_ims self:udp_socket ioctl RMNET_IOCTL_EXTENDED;
-allow vendor_ims self:tipc_socket { create_socket_perms_no_ioctl };
-
-#diag
-userdebug_or_eng(`
-    diag_use(vendor_ims)
-')
-
-hwbinder_use(vendor_ims)
-allow vendor_ims vendor_hal_cne_hwservice:hwservice_manager find;
-allow vendor_ims vendor_hal_datafactory_hwservice:hwservice_manager find;
-binder_call(vendor_ims, vendor_cnd)

generic/vendor/common/imshelper_app.te

@@ -1,37 +0,0 @@
-# Copyright (c) 2019, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-type vendor_imshelper_app, domain;
-app_domain(vendor_imshelper_app);
-unix_socket_connect(vendor_imshelper_app, vendor_ims, vendor_ims)
-allow vendor_imshelper_app app_api_service:service_manager find;
-
-#allow qsee_svc_app vendor_imshelper_app_data_file:dir create_dir_perms;
-#allow qsee_svc_app vendor_imshelper_app_data_file:file create_file_perms;
-
-allow vendor_imshelper_app system_app_data_file:dir { getattr search };
-allow vendor_imshelper_app vendor_radio_data_file:dir { getattr search };

generic/vendor/common/init-qcom-crashdata-sh.te

@@ -1,37 +0,0 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
-
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#    * Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-# copyright notice, this list of conditions and the following
-# disclaimer in the documentation and/or other materials provided
-# with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-# contributors may be used to endorse or promote products derived
-# from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-type vendor_init-qcom-crashdata-sh, domain;
-type vendor_init-qcom-crashdata-sh_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(vendor_init-qcom-crashdata-sh)
-
-allow vendor_init-qcom-crashdata-sh vendor_shell_exec:file rx_file_perms;
-allow vendor_init-qcom-crashdata-sh vendor_toolbox_exec:file rx_file_perms;
-
-set_prop(vendor_init-qcom-crashdata-sh, vendor_crash_cnt_prop)
-set_prop(vendor_init-qcom-crashdata-sh, vendor_crash_detect_prop)

generic/vendor/common/init-qcom-sensors-sh.te

@@ -1,43 +0,0 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
-
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#    * Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-# copyright notice, this list of conditions and the following
-# disclaimer in the documentation and/or other materials provided
-# with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-# contributors may be used to endorse or promote products derived
-# from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-type vendor_init-qcom-sensors-sh, domain;
-type vendor_init-qcom-sensors-sh_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(vendor_init-qcom-sensors-sh)
-
-allow vendor_init-qcom-sensors-sh vendor_shell_exec:file rx_file_perms;
-allow vendor_init-qcom-sensors-sh vendor_toolbox_exec:file rx_file_perms;
-
-r_dir_file(vendor_init-qcom-sensors-sh, mnt_vendor_file)
-r_dir_file(vendor_init-qcom-sensors-sh, vendor_persist_sensors_file)
-
-allow vendor_init-qcom-sensors-sh vendor_persist_sensors_file:file setattr;
-allow vendor_init-qcom-sensors-sh vendor_persist_sensors_file:dir setattr;
-allow vendor_init-qcom-sensors-sh sensors_device:chr_file r_file_perms;
-
-set_prop(vendor_init-qcom-sensors-sh, vendor_sensors_prop)

generic/vendor/common/init-qti-ims-sh.te

@@ -1,40 +0,0 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
-
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#    * Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-# copyright notice, this list of conditions and the following
-# disclaimer in the documentation and/or other materials provided
-# with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-# contributors may be used to endorse or promote products derived
-# from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-type vendor_init-qti-ims-sh, domain;
-type vendor_init-qti-ims-sh_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(vendor_init-qti-ims-sh)
-
-allow vendor_init-qti-ims-sh vendor_shell_exec:file rx_file_perms;
-allow vendor_init-qti-ims-sh vendor_toolbox_exec:file rx_file_perms;
-
-set_prop(vendor_init-qti-ims-sh, vendor_ims_prop)
-get_prop(vendor_init-qti-ims-sh, vendor_ims_prop)
-
-# for ro.build.product
-get_prop(vendor_init-qti-ims-sh, exported2_default_prop)

generic/vendor/common/init.te

@@ -1,83 +0,0 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-allow init {
-    adsprpcd_file
-    cache_file
-    mnt_vendor_file
-    storage_file
-    vendor_vm_system_file
-}:dir mounton;
-
-# symlink /sdcard to backing block
-allow init tmpfs:lnk_file create;
-
-allow init tty_device:chr_file rw_file_perms;
-
-allow init mnt_vendor_file:dir mounton;
-
-allow init vendor_ab_block_device:lnk_file relabelto;
-
-#Allow init to mount non-hlos partitions in A/B builds
-allow init { bt_firmware_file vendor_firmware_file  firmware_file } :dir mounton;
-
-allow init { bt_firmware_file firmware_file }:filesystem  { relabelfrom  mount };
-allow { bt_firmware_file firmware_file  }self:filesystem associate;
-
-dontaudit init kernel:system module_request;
-
-allow init sysfs_leds:lnk_file r_file_perms;
-
-allow init socket_device:sock_file create_file_perms;
-
-#Needed for restorecon. Init already has these permissions
-#for generic block devices, but is unable to access those
-#which have a custom lable added by us.
-allow init {
-    vendor_custom_ab_block_device
-    boot_block_device
-    vendor_xbl_block_device
-    vendor_ssd_block_device
-    vendor_modem_block_device
-    vendor_mdtp_device
-    vendor_vm_data_block_device
-}:{ blk_file lnk_file } relabelto;
-
-#Allow /sys access to write zram disksize
-allow init sysfs_zram:dir r_dir_perms;
-allow init sysfs_zram:file r_file_perms;
-
-allow init vendor_sysfs_boot_adsp:file w_file_perms;
-
-allow init bt_firmware_file:filesystem getattr;
-allow init firmware_file:filesystem getattr;
-
-# Search and write access for vendor_sysfs_graphics for backlight in recovery
-recovery_only(`
-allow init vendor_sysfs_graphics:file w_file_perms;
-allow init vendor_sysfs_graphics:dir search;
-allow init vendor_sysfs_usb_device:file w_file_perms;
-')

generic/vendor/common/init_shell.te

@@ -1,187 +0,0 @@
-# Copyright (c) 2018-2020, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-# Restricted domain for shell processes spawned by init.
-# Normally these are shell commands or scripts invoked via sh
-# from an init*.rc file.  No service should ever run in this domain.
-type vendor_qti_init_shell, domain;
-type vendor_qti_init_shell_exec, exec_type, vendor_file_type,file_type;
-
-init_daemon_domain(vendor_qti_init_shell)
-
-domain_auto_trans(init, vendor_shell_exec, vendor_qti_init_shell)
-
-# For executing init shell scripts (init.qcom.early_boot.sh)
-allow vendor_qti_init_shell vendor_qti_init_shell_exec:file { rx_file_perms entrypoint };
-#execute init scripts
-allow vendor_qti_init_shell vendor_shell_exec:file {rx_file_perms entrypoint };
-allow vendor_qti_init_shell vendor_toolbox_exec:file  rx_file_perms;
-
-# For getting idle_time value
-# this is needed for dynamic_fps and bw_mode_bitmap
-allow vendor_qti_init_shell vendor_sysfs_graphics:file {rw_file_perms setattr};
-
-allow vendor_qti_init_shell mnt_vendor_file:dir w_dir_perms;
-allow vendor_qti_init_shell mnt_vendor_file:file create_file_perms;
-allow vendor_qti_init_shell vendor_smd_device:chr_file rw_file_perms;
-
-# Run helpers from / or /system without changing domain.
-allow vendor_qti_init_shell { rootfs vendor_shell_exec }:file execute_no_trans;
-
-allow vendor_qti_init_shell gpu_device:chr_file getattr;
-
-allow vendor_qti_init_shell vendor_sysfs_cpu_boost:dir r_dir_perms;
-allow vendor_qti_init_shell vendor_sysfs_cpu_boost:file rw_file_perms;
-
-# for insmod of iris ko, this is needed.
-# fowner and fsetid are needed for chmod display nodes.
-allow vendor_qti_init_shell self:capability {
-    sys_module
-    net_admin
-    chown
-    fowner
-    fsetid
-    sys_admin
-};
-
-set_prop(vendor_qti_init_shell, vendor_ctl_netmgrd_prop)
-set_prop(vendor_qti_init_shell, vendor_ctl_port-bridge_prop)
-set_prop(vendor_qti_init_shell, vendor_ctl_qcrild_prop)
-set_prop(vendor_qti_init_shell, vendor_ipacm-diag_prop)
-set_prop(vendor_qti_init_shell, vendor_ipacm_prop)
-set_prop(vendor_qti_init_shell, vendor_msm_irqbalance_prop)
-set_prop(vendor_qti_init_shell, vendor_dataqti_prop)
-set_prop(vendor_qti_init_shell, vendor_display_prop)
-set_prop(vendor_qti_init_shell, vendor_alarm_boot_prop)
-set_prop(vendor_qti_init_shell, vendor_gralloc_prop)
-set_prop(vendor_qti_init_shell, vendor_usb_prop)
-set_prop(vendor_qti_init_shell, vendor_system_prop)
-set_prop(vendor_qti_init_shell, vendor_mpctl_prop)
-set_prop(vendor_qti_init_shell, vendor_radio_prop)
-set_prop(vendor_qti_init_shell, vendor_audio_prop)
-get_prop(vendor_qti_init_shell, exported3_radio_prop)
-set_prop(vendor_qti_init_shell, vendor_gpu_prop)
-set_prop(vendor_qti_init_shell, vendor_sensors_prop)
-
-allow vendor_qti_init_shell {
-    sysfs_devices_system_cpu
-    sysfs_lowmemorykiller
-    vendor_sysfs_mmc_host
-    vendor_sysfs_process_reclaim
-}:file w_file_perms;
-
-r_dir_file(vendor_qti_init_shell, sysfs_type)
-r_dir_file(vendor_qti_init_shell, vendor_sysfs_devfreq)
-allow vendor_qti_init_shell vendor_sysfs_devfreq:file w_file_perms;
-allow vendor_qti_init_shell vendor_sysfs_soc:file write;
-allow vendor_qti_init_shell sysfs:{ dir file lnk_file } relabelfrom;
-allow vendor_qti_init_shell sysfs_devices_system_cpu: { dir file lnk_file } relabelto;
-
-# To start sensors for DSPS enabled platforms
-r_dir_file(vendor_qti_init_shell, mnt_vendor_file)
-r_dir_file(vendor_qti_init_shell, vendor_persist_bluetooth_file)
-
-allow vendor_qti_init_shell { proc proc_net}:file write;
-allow vendor_qti_init_shell proc_net:file r_file_perms;
-
-allow vendor_qti_init_shell graphics_device:dir create_dir_perms;
-allow vendor_qti_init_shell graphics_device:lnk_file create_file_perms;
-
-#insmod of ko from scripts need kernel key search
-allow vendor_qti_init_shell kernel:key search;
-
-allow vendor_qti_init_shell cgroup:dir add_name;
-
-# To allow copy for mbn files
-r_dir_file(vendor_qti_init_shell, firmware_file)
-
-# /dev/block/zram0
-allow vendor_qti_init_shell block_device:dir r_dir_perms;
-allow vendor_qti_init_shell swap_block_device:blk_file rw_file_perms;
-
-#For configfs permission
-allow vendor_qti_init_shell configfs:dir r_dir_perms;
-allow vendor_qti_init_shell configfs:file rw_file_perms;
-
-#Allow /sys access to write zram disksize
-allow vendor_qti_init_shell sysfs_zram:dir r_dir_perms;
-allow vendor_qti_init_shell sysfs_zram:file rw_file_perms;
-
-# To get GPU frequencies  and set attributes
-allow vendor_qti_init_shell vendor_sysfs_kgsl:file { r_file_perms setattr };
-
-allow vendor_qti_init_shell proc:file r_file_perms;
-allow vendor_qti_init_shell rootfs:file r_file_perms;
-
-allow vendor_qti_init_shell vendor_radio_vendor_data_file:dir create_dir_perms;
-allow vendor_qti_init_shell vendor_radio_vendor_data_file:file create_file_perms;
-
-allow vendor_qti_init_shell vendor_mbn_data_file:dir create_dir_perms;
-allow vendor_qti_init_shell vendor_mbn_data_file:file create_file_perms;
-
-set_prop(vendor_qti_init_shell, vendor_ctl_vendor_hbtp_prop)
-
-# rules for vm_bms
-allow vendor_qti_init_shell {
-    vendor_sysfs_battery_supply
-    vendor_sysfs_usb_supply
-    vendor_sysfs_usbpd_device
-}:dir r_dir_perms;
-
-allow vendor_qti_init_shell {
-    vendor_sysfs_battery_supply
-    vendor_sysfs_usb_supply
-    vendor_sysfs_usbpd_device
-}:file rw_file_perms;
-
-allow vendor_qti_init_shell vendor_sysfs_battery_supply:file setattr;
-allow vendor_qti_init_shell vendor_sysfs_usb_supply:file setattr;
-allow vendor_qti_init_shell vendor_sysfs_usbpd_device:file setattr;
-
-allow vendor_qti_init_shell sysfs_devices_system_cpu:file w_file_perms;
-
-allow vendor_qti_init_shell vendor_sysfs_msm_power:file rw_file_perms;
-
-allow vendor_qti_init_shell vendor_msm_irqbalanced_exec:file getattr;
-
-set_prop(vendor_qti_init_shell, vendor_alarm_boot_prop)
-
-set_prop(vendor_qti_init_shell, vendor_wifi_prop)
-
-# To read /proc/meminfo
-allow vendor_qti_init_shell proc_meminfo:file r_file_perms;
-
-allow vendor_qti_init_shell vendor_sysfs_suspend:file w_file_perms;
-
-# Set ro.vendor.qti.soc_id to soc_id in QCV init script
-set_prop(vendor_qti_init_shell, vendor_soc_id_prop);
-# Set ro.vendor.qti.soc_name to soc_name in QCV init script
-set_prop(vendor_qti_init_shell, vendor_soc_name_prop);
-
-# Get persist.console.silent.config for kernel console log level
-get_prop(vendor_qti_init_shell, vendor_console_log_level_prop)
-
-set_prop(vendor_qti_init_shell,vendor_dcvs_prop)

generic/vendor/common/ioctl_defines

@@ -1,39 +0,0 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-# socket ioctls
-define(`RMNET_IOCTL_EXTENDED', `0x000089FD')
-
-# socket ioctls defined in the kernel in include/uapi/linux/msm_ipc.h
-define(`IPC_ROUTER_IOCTL_GET_VERSION', `0x0000c300')
-define(`IPC_ROUTER_IOCTL_GET_MTU', `0x0000c301')
-define(`IPC_ROUTER_IOCTL_LOOKUP_SERVER', `0x0000c302')
-define(`IPC_ROUTER_IOCTL_GET_CURR_PKT_SIZE', `0x0000c303')
-define(`IPC_ROUTER_IOCTL_BIND_CONTROL_PORT', `0x0000c304')
-define(`IPC_ROUTER_IOCTL_CONFIG_SEC_RULES', `0x0000c305')
-
-#mmc ioctls defined in the kernel in include/uapi/linux/mmc/ioctl.h
-define(`MMC_IOC_MULTI_CMD', `0xc008b301')

generic/vendor/common/ioctl_macros

@@ -1,93 +0,0 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
-
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#    * Redistributions of source code must retain the above copyright
-#      notice, this list of conditions and the following disclaimer.
-#    * Redistributions in binary form must reproduce the above
-#      copyright notice, this list of conditions and the following
-#      disclaimer in the documentation and/or other materials provided
-#      with the distribution.
-#    * Neither the name of The Linux Foundation nor the names of its
-#      contributors may be used to endorse or promote products derived
-#      from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-define(`gpu_ioctls', `{
-IOCTL_KGSL_DEVICE_GETPROPERTY
-IOCTL_KGSL_DEVICE_WAITTIMESTAMP_CTXTID
-IOCTL_KGSL_DRAWCTXT_CREATE
-IOCTL_KGSL_DRAWCTXT_DESTROY
-IOCTL_KGSL_MAP_USER_MEM
-IOCTL_KGSL_SHAREDMEM_FREE
-IOCTL_KGSL_SETPROPERTY
-IOCTL_KGSL_TIMESTAMP_EVENT
-IOCTL_KGSL_PERFCOUNTER_GET
-IOCTL_KGSL_PERFCOUNTER_PUT
-IOCTL_KGSL_SYNCSOURCE_CREATE
-IOCTL_KGSL_SYNCSOURCE_DESTROY
-IOCTL_KGSL_SYNCSOURCE_CREATE_FENCE
-IOCTL_KGSL_SYNCSOURCE_SIGNAL_FENCE
-IOCTL_KGSL_GPUOBJ_ALLOC
-IOCTL_KGSL_GPUOBJ_FREE
-IOCTL_KGSL_GPUOBJ_INFO
-IOCTL_KGSL_GPUOBJ_IMPORT
-IOCTL_KGSL_GPUOBJ_SYNC
-IOCTL_KGSL_GPU_COMMAND
-}')
-
-define(`msm_sock_ipc_ioctls', `{
-IPC_ROUTER_IOCTL_GET_VERSION
-IPC_ROUTER_IOCTL_GET_MTU
-IPC_ROUTER_IOCTL_LOOKUP_SERVER
-IPC_ROUTER_IOCTL_GET_CURR_PKT_SIZE
-IPC_ROUTER_IOCTL_BIND_CONTROL_PORT
-IPC_ROUTER_IOCTL_CONFIG_SEC_RULES
-}')
-
-define(`msm_sock_qrtr_ioctls', `{
-TIOCOUTQ
-}')
-
-define(`rmnet_sock_ioctls', `{
-SIOCDEVPRIVATE_1
-SIOCDEVPRIVATE_2
-SIOCDEVPRIVATE_3
-SIOCDEVPRIVATE_4
-SIOCDEVPRIVATE_5
-SIOCDEVPRIVATE_6
-SIOCDEVPRIVATE_7
-SIOCDEVPRIVATE_8
-SIOCDEVPRIVATE_9
-SIOCDEVPRIVATE_A
-SIOCDEVPRIVATE_B
-SIOCDEVPRIVATE_C
-SIOCDEVPRIVATE_D
-}')
-
-define(`wlan_sock_ioctls', `{
-SIOCSIWPRIV
-SIOCIWFIRSTPRIV_15
-}')
-
-define(`lowi_server_ioctls', `{
-SIOCGIFINDEX
-SIOCGIFHWADDR
-SIOCGIFFLAGS
-SIOCIWFIRSTPRIV_05
-SIOCIWFIRSTPRIV_11
-SIOCIWFIRSTPRIV_13
-SIOCDEVPRIVATE_1
-}')

generic/vendor/common/ipacm.te

@@ -1,69 +0,0 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-# General definitions
-type vendor_ipacm, domain;
-type vendor_ipacm-diag, domain;
-type vendor_ipacm_exec, exec_type, vendor_file_type, file_type;
-type vendor_ipacm-diag_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(vendor_ipacm)
-init_daemon_domain(vendor_ipacm-diag)
-
-# associate netdomain to use for accessing internet sockets
-net_domain(vendor_ipacm)
-
-hal_server_domain(vendor_ipacm, hal_tetheroffload)
-
-userdebug_or_eng(`
-    # Allow using the logging file between vendor_ipacm and vendor_ipacm-diag
-    unix_socket_send(vendor_ipacm, vendor_ipacm, vendor_ipacm-diag)
-')
-
-# Allow operations with /dev/ipa, /dev/wwan_ioctl and /dev/ipaNatTable
-allow hal_tetheroffload vendor_ipa_dev:chr_file rw_file_perms;
-
-# Allow UDP socket create and ioctl
-allow hal_tetheroffload self:udp_socket create_socket_perms;
-allowxperm vendor_ipacm self:udp_socket ioctl SIOCGIFNAME;
-
-# Allow receiving NETLINK messages
-allow hal_tetheroffload self:netlink_route_socket { nlmsg_read nlmsg_readpriv create_socket_perms_no_ioctl };
-
-
-# Allow receiving NETLINK messages
-allow hal_tetheroffload self:{
-    netlink_socket
-    # Allow querying the network stack via IOCTLs
-    netlink_generic_socket
-} create_socket_perms_no_ioctl;
-
-# Allow creating and modifying the PID file
-allow hal_tetheroffload vendor_ipa_vendor_data_file:dir w_dir_perms;
-allow hal_tetheroffload vendor_ipa_vendor_data_file:file create_file_perms;
-
-# To register vendor_ipacm to hwbinder
-#add_hwservice(vendor_ipacm, hal_vendor_ipacm_hwservice)
-#binder_call(vendor_ipacm, system_server)

generic/vendor/common/irsc_util.te

@@ -1,33 +0,0 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-type vendor_irsc_util, domain;
-type vendor_irsc_util_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(vendor_irsc_util)
-
-allow vendor_irsc_util self:socket create_socket_perms;
-allowxperm vendor_irsc_util self:socket ioctl msm_sock_ipc_ioctls;

generic/vendor/common/kernel.te

@@ -1,43 +0,0 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-# for diag over socket
-userdebug_or_eng(`
-  allow kernel self:socket create;
-  allow kernel self:qipcrtr_socket create;
-  allow kernel vendor_debugfs_wlan:dir search;
-  allow kernel vendor_debugfs_ipc:dir search;
-  allow kernel debugfs_mmc:dir search;
-')
-
-# Access firmware_file
-r_dir_file(kernel, firmware_file)
-
-
-# access vendor_firmware_file
-r_dir_file(kernel, vendor_firmware_file)
-
-dontaudit kernel kernel:system module_request;

generic/vendor/common/location.te

@@ -1,99 +0,0 @@
-# Copyright (c) 2018-2020, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-# generic/vendor_location.te - sepolicy rules for generic vendor_location modules
-
-# loc_launcher service
-# which launches various other services supporting GPS & Wifi-RTT (LOWI) vendor_location
-type vendor_location, domain;
-type vendor_location_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(vendor_location)
-
-allow vendor_location self:capability { setgid setuid };
-
-hwbinder_use(vendor_location)
-
-get_prop(vendor_location, hwservicemanager_prop)
-get_prop(vendor_location, vendor_cnd_prop)
-#xtra-daemon access to qcc properties
-get_prop(vendor_location, vendor_qcc_prop)
-
-allow vendor_location fwk_sensor_hwservice:hwservice_manager find;
-binder_call(vendor_location, system_server)
-binder_call(vendor_location, vendor_cnd)
-
-# Enable standard network access (for XTRA download)
-net_domain(vendor_location)
-
-# required for xtra-daemon, slim-daemon.
-allow vendor_location self:qipcrtr_socket create_socket_perms_no_ioctl;
-
-dontaudit vendor_location kernel:system module_request;
-
-# execute permission for vendor_location daemons in /vendor/bin/
-allow vendor_location vendor_location_exec:file rx_file_perms;
-
-# /data/vendor/vendor_location
-allow vendor_location vendor_location_data_file:dir create_dir_perms;
-allow vendor_location vendor_location_data_file:file create_file_perms;
-
-# /dev/socket/vendor_location
-allow vendor_location vendor_location_socket:sock_file create_file_perms;
-allow vendor_location vendor_location_socket:dir rw_dir_perms;
-
-allow vendor_location vendor_hal_gnss_qti:unix_dgram_socket sendto;
-
-# permission for read execute vendor_location daemons in userdebug mode.
-userdebug_or_eng(`
-  allow shell vendor_location_exec:file rx_file_perms;
-')
-
-## lowi-server
-##############
-# some additional network access
-allow vendor_location self:netlink_generic_socket create_socket_perms_no_ioctl;
-allow vendor_location self:netlink_socket create_socket_perms_no_ioctl;
-allowxperm vendor_location self:udp_socket ioctl lowi_server_ioctls;
-allow vendor_location hal_wifi:unix_stream_socket { read write };
-
-# /data/vendor/wifi
-allow vendor_location vendor_wifi_vendor_data_file:dir search;
-
-# /data/vendor/wifi/wpa
-allow vendor_location wpa_data_file:dir rw_dir_perms;
-allow vendor_location wpa_data_file:sock_file create_file_perms;
-allow vendor_location hal_wifi_supplicant_default:unix_dgram_socket sendto;
-
-# /dev/socket/wifihal
-allow vendor_location vendor_wifihal_socket:dir search;
-unix_socket_send(vendor_location, vendor_wifihal,  hal_wifi_default);
-
-## xtra-daemon
-##############
-allow vendor_location {vendor_hal_cacert_hwservice vendor_hal_datafactory_hwservice vendor_hal_cne_hwservice}:hwservice_manager find;
-binder_call(vendor_location, vendor_qtidataservices_app)

generic/vendor/common/mdm_helper.te

@@ -1,74 +0,0 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-#Policy for vendor_mdm_helper
-#vendor_mdm_helper - vendor_mdm_helper domain
-type vendor_mdm_helper, domain;
-type vendor_mdm_helper_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(vendor_mdm_helper);
-
-#block_suspend capability is needed by kickstart(ks)
-wakelock_use(vendor_mdm_helper)
-
-#Needed to power on the peripheral
-allow vendor_mdm_helper vendor_ssr_device:chr_file r_file_perms;
-
-#Needed to access the esoc device to control the mdm
-allow vendor_mdm_helper vendor_esoc_device:dir r_dir_perms;
-allow vendor_mdm_helper vendor_esoc_device:chr_file rw_file_perms;
-
-#Needed in order to run kickstart
-allow vendor_mdm_helper vendor_shell_exec:file rx_file_perms;
-allow vendor_mdm_helper vendor_mdm_helper_exec :file x_file_perms;
-
-#Rampdump config
-#
-# User variant
-#   Probe for write access to vendor tombstones as the
-#   presense of tombstones on subsystem does not correlate
-#   to Android user/userdebug config
-allow vendor_mdm_helper vendor_tombstone_data_file:dir r_dir_perms;
-dontaudit vendor_mdm_helper vendor_tombstone_data_file:dir write;
-# Userdebug/eng variant
-userdebug_or_eng(`
-allow vendor_mdm_helper vendor_tombstone_data_file:dir create_dir_perms;
-allow vendor_mdm_helper vendor_tombstone_data_file:file create_file_perms;
-')
-#Ramdump config END
-
-#Needed to kill its own forked process on efs sync
-allow vendor_mdm_helper self:capability kill;
-
-#Needed by ks in order to access the efs sync partitions.
-allow vendor_mdm_helper block_device:dir r_dir_perms;
-allow vendor_mdm_helper vendor_efs_boot_dev:blk_file rw_file_perms;
-
-#Needed in order to access the firmware partition
-r_dir_file(vendor_mdm_helper, firmware_file)
-
-#Needed to allow boot over PCIe
-allow vendor_mdm_helper vendor_mhi_device:chr_file rw_file_perms;

generic/vendor/common/mediacodec.te

@@ -1,39 +0,0 @@
-# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-allow mediacodec system_file:dir r_dir_perms;
-
-userdebug_or_eng(`
-  allow mediacodec dumpstate:fd use;
-')
-#Allow mediacodec to access vendor_media_data_file files
-allow mediacodec vendor_media_data_file:dir create_dir_perms;
-allow mediacodec vendor_media_data_file:file create_file_perms;
-
-#Allow mediacodec to access configstore
-hal_client_domain(mediacodec, vendor_hal_capabilityconfigstore_qti)
-#allow mediacodec to read adsprpc_prop
-get_prop(mediacodec, vendor_adsprpc_prop)

generic/vendor/common/msm_irqbalanced.te

@@ -1,40 +0,0 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-type vendor_msm_irqbalanced, domain;
-type vendor_msm_irqbalanced_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(vendor_msm_irqbalanced)
-
-allow vendor_msm_irqbalanced cgroup:dir { create add_name };
-allow vendor_msm_irqbalanced { proc sysfs_devices_system_cpu }:file w_file_perms;
-
-# access smp_affinity
-allow vendor_msm_irqbalanced proc:file r_file_perms;
-allow vendor_msm_irqbalanced proc_interrupts:file r_file_perms;
-allow vendor_msm_irqbalanced proc_stat:file r_file_perms;
-# irq_blacklist_on
-allow vendor_msm_irqbalanced vendor_sysfs_irqbalance:file r_file_perms;