Merge tag 'LA.UM.9.14.r1-24200-LAHAINA.QSSI13.0' into staging/lineage-21.0_merge-LA.UM.9.14.r1-24200-LAHAINA.QSSI13.0

"LA.UM.9.14.r1-24200-LAHAINA.QSSI13.0"

# By Neelu Maheshwari (3) and others
# Via Gerrit - the friendly Code Review server (3) and others
* tag 'LA.UM.9.14.r1-24200-LAHAINA.QSSI13.0':
  Sepolicy_vndr : Allow vendor_init to access properties.
  Sepolicy_vndr : Allow access to LED devices sysfs
  Allow dumpstate to make binder calls with rild
  sepolicy : add permissions for extcon file
  sepolicy_vndr: lahaina: Label device wakeup nodes - Label the nodes listed by SuspendSepolicyTests.sh
  Sepolicy: Add the rules to run the UAC/UVC enforced
  sepolicy_vndr: Add rule to allow graphics_composer to find qspm hal
  Allow wcnss service to access hal perf service

Change-Id: Ie2224e17c0aa4b5a04b343f408d849de9e2e8638

generic/vendor/common/hal_graphics_composer_default.te

@@ -87,6 +87,9 @@ unix_socket_connect(hal_graphics_composer_default, vendor_qdcmsocket, vendor_qdc
 #allow composer to find hal_perf
 hal_client_domain(hal_graphics_composer_default, vendor_hal_perf);
 
+#allow composer to find hal_qspmhal
+hal_client_domain(hal_graphics_composer_default, vendor_hal_qspmhal);
+
 # Allow access to qipcrtr_socket
 # Remove this when QMI service moves to pfmd
 allow hal_graphics_composer self:{ socket qipcrtr_socket } create_socket_perms;

legacy/vendor/common/dumpstate.te

@@ -42,3 +42,4 @@ allow dumpstate debugfs_mmc:dir search;
 
 binder_call(dumpstate, hal_light_default)
 binder_call(dumpstate, hal_power_default)
+binder_call(dumpstate, rild)

qva/vendor/bengal/init.te

@@ -0,0 +1,4 @@
+# Copyright (c) 2024 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+allow init vendor_sysfs_graphics:lnk_file r_file_perms;

qva/vendor/common/dumpstate.te

@@ -48,3 +48,4 @@ binder_call(dumpstate, hal_light_default)
 binder_call(dumpstate, hal_power_default)
 binder_call(dumpstate, vendor_sxrd_vndr)
 binder_call(dumpstate, vendor_qvrd_vndr)
+binder_call(dumpstate, rild)

qva/vendor/common/property_contexts

@@ -32,6 +32,7 @@ persist.vendor.cnd.               u:object_r:vendor_cnd_vendor_prop:s0
 ctl.vendor.dataadpl                          u:object_r:vendor_dataadpl_prop:s0
 vendor.spcom.                                u:object_r:vendor_spcomlib_prop:s0
 persist.vendor.bt.soc.scram_freqs            u:object_r:vendor_bluetooth_prop:s0
+persist.vendor.bt.a2dp_offload_cap           u:object_r:vendor_bluetooth_prop:s0
 ctl.vendor.mdm_helper                        u:object_r:vendor_mdm_helper_prop:s0
 ctl.vendor.hvdcp_opti                        u:object_r:vendor_hvdcp_opti_prop:s0
 

qva/vendor/common/vendor_init.te

@@ -51,6 +51,7 @@ set_prop(vendor_init, vendor_mpctl_prop)
 
 userdebug_or_eng(`
   set_prop(vendor_init, vendor_audio_debug_prop)
+  get_prop(vendor_init, persist_debug_prop)
 ')
 
 set_prop(vendor_init, vendor_disable_spu_prop)

qva/vendor/common/wcnss_service.te

@@ -39,3 +39,6 @@ allow vendor_wcnss_service vendor_wifi_vendor_wpa_socket:sock_file create_file_p
 allow vendor_wcnss_service vendor_wifi_vendor_wpa_socket:sock_file rw_file_perms;
 allow vendor_wcnss_service vendor_wifi_vendor_wpa_socket:file create_file_perms;
 allow vendor_wcnss_service vendor_wifi_vendor_wpa_socket:file rw_file_perms;
+
+# allow vendor_wcnss_service vendor_hal_perf_hwservice:hwservice_manager find
+hal_client_domain(vendor_wcnss_service, vendor_hal_perf)

qva/vendor/kona/file_contexts

@@ -31,9 +31,6 @@
 
 /(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.face@1\.0-service    u:object_r:vendor_biometricsface_exec:s0
 
-#umd_service
-/vendor/bin/hw/vendor\.qti\.hardware\.umd@1\.0-service   u:object_r:vendor_hal_umd_qti_exec:s0
-
 # nordic node file
 /(vendor|system/vendor)/bin/hw/vendor\.shadowcreator\.hardware\.nordic@1\.0-service u:object_r:vendor_hal_nordic_default_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.kineticsxr\.hardware\.nordic@1\.0-service u:object_r:vendor_hal_nordic_default_exec:s0

qva/vendor/kona/hwservice.te

@@ -3,4 +3,3 @@
 
 # hal nordic hwservice
 type vendor_hal_nordic_hwservice, hwservice_manager_type,protected_hwservice;
-type vendor_hal_umd_hwservice, hwservice_manager_type;

qva/vendor/kona/hwservice_contexts

@@ -4,4 +4,3 @@
 # hal nordic hwservice
 vendor.kineticsxr.hardware.nordic::INordic    u:object_r:vendor_hal_nordic_hwservice:s0
 vendor.shadowcreator.hardware.nordic::INordic    u:object_r:vendor_hal_nordic_hwservice:s0
-vendor.qti.hardware.umd::IUMDAdaptor    u:object_r:vendor_hal_umd_hwservice:s0

qva/vendor/kona/umdservice.te

@@ -1,18 +0,0 @@
-# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
-# SPDX-License-Identifier: BSD-3-Clause-Clear
-
-#Define domain
-type vendor_hal_umd_qti, domain;
-type vendor_hal_umd_qti_exec, file_type, vendor_file_type, exec_type;
-
-#Allow for transition from init domain to umdservice
-init_daemon_domain(vendor_hal_umd_qti)
-
-#Allow a base set of permissions required
-hal_server_domain(vendor_hal_umd_qti, vendor_hal_umd)
-binder_call(vendor_hal_umd_client, vendor_hal_umd_server)
-binder_call(vendor_hal_umd_server, vendor_hal_umd_client)
-
-#Ability for domain to get vendor_hal_umd_hwservice to hwservice_manager
-#and find it
-hal_attribute_hwservice(vendor_hal_umd, vendor_hal_umd_hwservice)

qva/vendor/lahaina/file_contexts

@@ -25,37 +25,9 @@
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
+# Changes from Qualcomm Innovation Center are provided under the following license:
 # Copyright (c) 2022-2023 Qualcomm Innovation Center, Inc. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted (subject to the limitations in the
-# disclaimer below) provided that the following conditions are met:
-#
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#
-#     * Neither the name of Qualcomm Innovation Center, Inc. nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# NO EXPRESS OR IMPLIED LICENSES TO ANY PARTY'S PATENT RIGHTS ARE
-# GRANTED BY THIS LICENSE. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT
-# HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-# IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
-# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
-# GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
-# IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
-# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
 
 /(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.face@1\.0-service    u:object_r:vendor_biometricsface_exec:s0
 
@@ -81,3 +53,9 @@
 
 #aidirector
 /dev/snd/controlC0  u:object_r:vendor_aid_audio_device:s0
+
+#umd_service
+/vendor/bin/hw/vendor\.qti\.hardware\.umd@1\.0-service                             u:object_r:vendor_hal_umd_qti_exec:s0
+
+#uac
+/dev/snd/pcmC[1-9].*  u:object_r:vendor_pcm_device:s0

qva/vendor/lahaina/genfs_contexts

@@ -25,6 +25,10 @@
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
+#Changes from Qualcomm Innovation Center, Inc. are provided under the following license:
+#Copyright (c) 2024 Qualcomm Innovation Center, Inc. All rights reserved.
+#SPDX-License-Identifier: BSD-3-Clause-Clear
+
 #net sysfs
 genfscon sysfs /devices/platform/soc/1c00000.qcom,pcie/pci0000:00/0000:00:00.0/0000:01:00.0/net u:object_r:sysfs_net:s0
 
@@ -34,3 +38,12 @@ genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-08/c440000.q
 #Modem & ADSP related wakeup nodes.
 genfscon sysfs /devices/platform/soc/4080000.qcom,mss/subsys3/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/3700000.qcom,lpass/subsys4/wakeup u:object_r:sysfs_wakeup:s0
+
+#wakeup nodes listed from SuspendSepolicyTests.sh
+genfscon sysfs /devices/platform/soc/soc:qcom,wpss@8a00000/subsys3/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/3700000.qcom,lpass/subsys5/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/990000.qcom,qup_uart/wakeup u:object_r:sysfs_wakeup:s0
+
+#HDMI nodes
+genfscon sysfs /devices/platform/soc/soc:qcom,msm-ext-disp/extcon/extcon0/cable.1/ u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,msm-ext-disp/extcon/extcon1/cable.1/ u:object_r:vendor_sysfs_graphics:s0

qva/vendor/lahaina/hal_audio_default.te

@@ -3,3 +3,6 @@
 
 #Allow audio hal access to aid audio node
 allow hal_audio_default vendor_aid_audio_device:chr_file rw_file_perms;
+
+#Allow audio hal to communicate to usb pcm node
+allow hal_audio_default vendor_pcm_device:chr_file rw_file_perms;

qva/vendor/lahaina/hal_camera.te

@@ -8,3 +8,7 @@ typeattribute hal_camera_default hal_audio_client;
 allow hal_camera_default vendor_aid_audio_device:chr_file rw_file_perms;
 allow hal_camera_default audio_device:dir r_dir_perms;
 get_prop(hal_camera_default, vendor_audio_prop)
+
+#Allow camera to read vendor_umd_prop and binder call vendor_hal_umd_qti
+get_prop(hal_camera_default, vendor_umd_prop)
+binder_call(vendor_hal_umd_qti, hal_camera_default);

qva/vendor/lahaina/hwservice.te

@@ -25,4 +25,10 @@
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
+# Changes from Qualcomm Innovation Center are provided under the following license:
+
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
 type vendor_hal_eid_hwservice, hwservice_manager_type, protected_hwservice;
+type vendor_hal_umd_hwservice, hwservice_manager_type, protected_hwservice;

qva/vendor/lahaina/hwservice_contexts

@@ -25,4 +25,10 @@
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
+# Changes from Qualcomm Innovation Center are provided under the following license:
+
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
 vendor.qti.hardware.eid::IEid                                u:object_r:vendor_hal_eid_hwservice:s0
+vendor.qti.hardware.umd::IUMDAdaptor                         u:object_r:vendor_hal_umd_hwservice:s0

qva/vendor/lahaina/platform_app.te

@@ -0,0 +1,7 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+#allow platform_app to read vendor_umd_prop
+get_prop(platform_app, vendor_umd_prop)
+
+hal_client_domain(platform_app, vendor_hal_umd)

qva/vendor/lahaina/property.te

@@ -34,3 +34,6 @@ vendor_internal_prop(vendor_face3d_producer_prop);
 
 # properties for eSE-StrongBox
 vendor_internal_prop(vendor_ese_strongbox_prop);
+
+#umd property
+vendor_restricted_prop(vendor_umd_prop);

qva/vendor/lahaina/property_contexts

@@ -35,3 +35,7 @@ persist.vendor.biometricsface.pr u:object_r:vendor_face3d_producer_prop:s0
 # eSE-StrongBox
 ctl.start$vendor.ese-strongbox_4_1           u:object_r:vendor_ese_strongbox_prop:s0
 ctl.stop$vendor.ese-strongbox_4_1            u:object_r:vendor_ese_strongbox_prop:s0
+
+#umd
+persist.vendor.umdadaptor.mode               u:object_r:vendor_umd_prop:s0
+persist.vendor.umd.                          u:object_r:vendor_umd_prop:s0

qva/vendor/lahaina/umdservice.te

@@ -0,0 +1,43 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+#Define domain
+type vendor_hal_umd_qti, domain;
+type vendor_hal_umd_qti_exec, file_type, vendor_file_type, exec_type;
+
+type vendor_pcm_device, dev_type;
+
+typeattribute vendor_hal_umd_qti hal_camera_client;
+typeattribute vendor_hal_umd_qti hal_audio_client;
+
+#Allow for transition from init domain to umdservice
+init_daemon_domain(vendor_hal_umd_qti)
+
+#Allow a base set of permissions required
+hal_server_domain(vendor_hal_umd_qti, vendor_hal_umd)
+binder_call(vendor_hal_umd_client, vendor_hal_umd_server)
+binder_call(vendor_hal_umd_server, vendor_hal_umd_client)
+
+#Ability for domain to get vendor_hal_umd_hwservice to hwservice_manager
+#and find it
+hal_attribute_hwservice(vendor_hal_umd, vendor_hal_umd_hwservice)
+
+#Allow a base set of permissions for the domain to be the client of hal_graphics_allocator
+hal_client_domain(vendor_hal_umd_qti, hal_graphics_allocator)
+
+allow vendor_hal_umd_qti video_device:chr_file rw_file_perms;
+
+#Allow the domain to access the properties required
+get_prop(vendor_hal_umd_qti, vendor_umd_prop)
+get_prop(vendor_hal_umd_qti, vendor_video_prop)
+
+#Allow the domain to access the uvent socket and the audio device
+allow vendor_hal_umd_qti self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
+allow vendor_hal_umd_qti vendor_pcm_device:chr_file rw_file_perms;
+allow vendor_hal_umd_qti audio_device:dir r_dir_perms;
+
+#Allow the domain to access the configfs file and dir
+allow vendor_hal_umd_qti configfs:file r_file_perms;
+allow vendor_hal_umd_qti configfs:dir r_dir_perms;
+
+allow vendor_hal_umd_qti ion_device:chr_file r_file_perms;