creating 32.0.cil files and 32.0 prebuilt sepolicies.

Change-Id: Ib92095628d41d2409ba951e01f0abd201338b30d

append.sh

@@ -26,7 +26,7 @@
 # OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
 # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
-api_versions=(30.0 31.0)
+api_versions=(30.0 31.0 32.0)
 
 dirpath=$(pwd)
 

generic/prebuilts/api/32.0/private/app.te

@@ -0,0 +1,33 @@
+# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+get_prop(appdomain, vendor_persist_dpm_prop)
+get_prop(appdomain, vendor_persist_rcs_prop)
+
+# vendor_persist_camera_prop is not used by 3rd party apps, so don't
+# audit it to suppress the denials
+dontaudit appdomain vendor_persist_camera_prop:file r_file_perms;

generic/prebuilts/api/32.0/private/audioserver.te

@@ -0,0 +1,31 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+binder_call(audioserver,vendor_wfdservice);
+binder_call(audioserver,vendor_sys_sxrauxd);
+#allow access to ALSA MMAP FDs for AAudio API
+allow audioserver audio_service:service_manager find;

generic/prebuilts/api/32.0/private/bluetooth.te

@@ -0,0 +1,26 @@
+# Copyright (c) 2020-2021, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

generic/prebuilts/api/32.0/private/bt_logger.te

@@ -0,0 +1,42 @@
+# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_bt_logger, domain;
+type vendor_bt_logger_exec, system_file_type, exec_type, file_type;
+typeattribute  vendor_bt_logger  bluetoothdomain;
+typeattribute vendor_bt_logger coredomain;
+
+init_daemon_domain(vendor_bt_logger)
+bluetooth_domain(vendor_bt_logger)
+
+get_prop(vendor_bt_logger, bluetooth_prop)
+allow bluetooth vendor_bt_logger:unix_stream_socket connectto;
+allow vendor_bt_logger bluetooth:unix_stream_socket connectto;
+
+allow vendor_bt_logger bluetooth_data_file:dir search;
+allow vendor_bt_logger bluetooth_logs_data_file:dir rw_dir_perms;
+allow vendor_bt_logger bluetooth_logs_data_file:file create_file_perms;

generic/prebuilts/api/32.0/private/cameraserver.te

@@ -0,0 +1,30 @@
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+get_prop(cameraserver, vendor_persist_camera_prop)
+#access to cameraservice apis by faceauth
+hal_client_domain(cameraserver, hal_face)

generic/prebuilts/api/32.0/private/compat/26.0/26.0.compat.cil

@@ -0,0 +1 @@
+;; This file can't be empty

generic/prebuilts/api/32.0/private/compat/26.0/26.0.ignore.cil

@@ -0,0 +1,7 @@
+;;objects - a collection of types that have been introduced that have no
+;;   analogue in older policy.  Thus, we do not need to map these types to
+;;   previous ones.  Add here to pass checkapi tests.
+(type new_objects)
+(typeattribute new_objects)
+(typeattributeset new_objects
+  ( new_objects))

generic/prebuilts/api/32.0/private/compat/27.0/27.0.compat.cil

@@ -0,0 +1 @@
+;; This file can't be empty

generic/prebuilts/api/32.0/private/compat/27.0/27.0.ignore.cil

@@ -0,0 +1,7 @@
+;; new_objects - a collection of types that have been introduced that have no
+;;   analogue in older policy.  Thus, we do not need to map these types to
+;;   previous ones.  Add here to pass checkapi tests.
+(type new_objects)
+(typeattribute new_objects)
+(typeattributeset new_objects
+  ( new_objects))

generic/prebuilts/api/32.0/private/compat/28.0/28.0.compat.cil

@@ -0,0 +1 @@
+;; This file can't be empty

generic/prebuilts/api/32.0/private/compat/28.0/28.0.ignore.cil

@@ -0,0 +1,7 @@
+;; new_objects - a collection of types that have been introduced that have no
+;;   analogue in older policy.  Thus, we do not need to map these types to
+;;   previous ones.  Add here to pass checkapi tests.
+(type new_objects)
+(typeattribute new_objects)
+(typeattributeset new_objects
+  ( new_objects))

generic/prebuilts/api/32.0/private/compat/29.0/29.0.compat.cil

@@ -0,0 +1 @@
+;; This file can't be empty

generic/prebuilts/api/32.0/private/compat/29.0/29.0.ignore.cil

@@ -0,0 +1,7 @@
+;; new_objects - a collection of types that have been introduced that have no
+;;   analogue in older policy.  Thus, we do not need to map these types to
+;;   previous ones.  Add here to pass checkapi test
+(type new_objects)
+(typeattribute new_objects)
+(typeattributeset new_objects
+ ( new_objects))

generic/prebuilts/api/32.0/private/compat/30.0/30.0.cil

@@ -0,0 +1,60 @@
+(typeattributeset vendor_persist_camera_prop_30_0 (vendor_persist_camera_prop))
+(expandtypeattribute (vendor_persist_camera_prop_30_0) true)
+(typeattributeset vendor_usta_app_service_30_0 (vendor_usta_app_service))
+(expandtypeattribute (vendor_usta_app_service_30_0) true)
+(typeattributeset vendor_qvrd_30_0 (vendor_qvrd))
+(expandtypeattribute (vendor_qvrd_30_0) true)
+(typeattributeset vendor_qtelephony_30_0 (vendor_qtelephony))
+(expandtypeattribute (vendor_qtelephony_30_0) true)
+(typeattributeset vendor_qcc_trd_30_0 (vendor_qcc_trd))
+(expandtypeattribute (vendor_qcc_trd_30_0) true)
+(typeattributeset vendor_dataservice_app_30_0 (vendor_dataservice_app))
+(expandtypeattribute (vendor_dataservice_app_30_0) true)
+(typeattributeset vendor_seempd_30_0 (vendor_seempd))
+(expandtypeattribute (vendor_seempd_30_0) true)
+(typeattributeset vendor_qcc_utils_app_30_0 (vendor_qcc_utils_app))
+(expandtypeattribute (vendor_qcc_utils_app_30_0) true)
+(typeattributeset vendor_dpmtcm_socket_30_0 (vendor_dpmtcm_socket))
+(expandtypeattribute (vendor_dpmtcm_socket_30_0) true)
+(typeattributeset vendor_sys_video_prop_30_0 (vendor_sys_video_prop))
+(expandtypeattribute (vendor_sys_video_prop_30_0) true)
+(typeattributeset vendor_qcc_app_30_0 (vendor_qcc_app))
+(expandtypeattribute (vendor_qcc_app_30_0) true)
+(typeattributeset vendor_wfd_app_30_0 (vendor_wfd_app))
+(expandtypeattribute (vendor_wfd_app_30_0) true)
+(typeattributeset vendor_bt_prop_30_0 (vendor_bt_prop))
+(expandtypeattribute (vendor_bt_prop_30_0) true)
+(typeattributeset vendor_mmi_sys_30_0 (vendor_mmi_sys))
+(expandtypeattribute (vendor_mmi_sys_30_0) true)
+(typeattributeset vendor_qspmsvc_30_0 (vendor_qspmsvc))
+(expandtypeattribute (vendor_qspmsvc_30_0) true)
+(typeattributeset vendor_dpmd_30_0 (vendor_dpmd))
+(expandtypeattribute (vendor_dpmd_30_0) true)
+(typeattributeset vendor_qccsyshal_hwservice_30_0 (vendor_qccsyshal_hwservice))
+(expandtypeattribute (vendor_qccsyshal_hwservice_30_0) true)
+(typeattributeset vendor_vpsservice_30_0 (vendor_vpsservice))
+(expandtypeattribute (vendor_vpsservice_30_0) true)
+(typeattributeset vendor_wfdservice_30_0 (vendor_wfdservice))
+(expandtypeattribute (vendor_wfdservice_30_0) true)
+(typeattributeset vendor_hal_atfwd_hwservice_30_0 (vendor_hal_atfwd_hwservice))
+(expandtypeattribute (vendor_hal_atfwd_hwservice_30_0) true)
+(typeattributeset vendor_smcinvoke_device_30_0 (vendor_smcinvoke_device))
+(expandtypeattribute (vendor_smcinvoke_device_30_0) true)
+(typeattributeset vendor_persist_dpm_prop_30_0 (vendor_persist_dpm_prop))
+(expandtypeattribute (vendor_persist_dpm_prop_30_0) true)
+(typeattributeset vendor_dun-server_30_0 (vendor_dun-server))
+(expandtypeattribute (vendor_dun-server_30_0) true)
+(typeattributeset vendor_wlc_prop_30_0 (vendor_wlc_prop))
+(expandtypeattribute (vendor_wlc_prop_30_0) true)
+(typeattributeset vendor_elabel_data_file_30_0 (vendor_elabel_data_file))
+(expandtypeattribute (vendor_elabel_data_file_30_0) true)
+(typeattributeset vendor_fm_app_30_0 (vendor_fm_app))
+(expandtypeattribute (vendor_fm_app_30_0) true)
+(typeattributeset vendor_perfservice_30_0 (vendor_perfservice))
+(expandtypeattribute (vendor_perfservice_30_0) true)
+(typeattributeset vendor_sigmahal_hwservice_30_0 (vendor_sigmahal_hwservice))
+(expandtypeattribute (vendor_sigmahal_hwservice_30_0) true)
+(typeattributeset vendor_location_app_30_0 (vendor_location_app))
+(expandtypeattribute (vendor_location_app_30_0) true)
+(typeattributeset vendor_seempdw_socket_30_0 (vendor_seempdw_socket))
+(expandtypeattribute (vendor_seempdw_socket_30_0) true)

generic/prebuilts/api/32.0/private/compat/30.0/30.0.compat.cil

@@ -0,0 +1 @@
+;; This file can't be empty

generic/prebuilts/api/32.0/private/compat/30.0/30.0.ignore.cil

@@ -0,0 +1,17 @@
+;; new_objects - a collection of types that have been introduced that have no
+;;   analogue in older policy.  Thus, we do not need to map these types to
+;;   previous ones.  Add here to pass checkapi test
+(type new_objects)
+(typeattribute new_objects)
+(typeattributeset new_objects
+  ( new_objects
+    vendor_hal_displayconfig_service
+    vendor_hal_telephony_service
+    vendor_mm_parser_prop
+    vendor_persist_tcm_prop
+    vendor_persist_rcs_prop
+    vendor_qvirtmgr
+    vendor_qesdk_service
+    vendor_qcc_authmgr_app
+    vendor_qcc_netstat_app
+    vendor_qcc_lmtp_app))

generic/prebuilts/api/32.0/private/compat/31.0/31.0.cil

@@ -0,0 +1,121 @@
+(typeattributeset vendor_persist_camera_prop_31_0 (vendor_persist_camera_prop))
+(expandtypeattribute (vendor_persist_camera_prop_31_0) true)
+(typeattribute vendor_persist_camera_prop_31_0)
+(typeattributeset vendor_usta_app_service_31_0 (vendor_usta_app_service))
+(expandtypeattribute (vendor_usta_app_service_31_0) true)
+(typeattribute vendor_usta_app_service_31_0)
+(typeattributeset vendor_qvrd_31_0 (vendor_qvrd))
+(expandtypeattribute (vendor_qvrd_31_0) true)
+(typeattribute vendor_qvrd_31_0)
+(typeattributeset vendor_qtelephony_31_0 (vendor_qtelephony))
+(expandtypeattribute (vendor_qtelephony_31_0) true)
+(typeattribute vendor_qtelephony_31_0)
+(typeattributeset vendor_qcc_trd_31_0 (vendor_qcc_trd))
+(expandtypeattribute (vendor_qcc_trd_31_0) true)
+(typeattribute vendor_qcc_trd_31_0)
+(typeattributeset vendor_dataservice_app_31_0 (vendor_dataservice_app))
+(expandtypeattribute (vendor_dataservice_app_31_0) true)
+(typeattribute vendor_dataservice_app_31_0)
+(typeattributeset vendor_seempd_31_0 (vendor_seempd))
+(expandtypeattribute (vendor_seempd_31_0) true)
+(typeattribute vendor_seempd_31_0)
+(typeattributeset vendor_qcc_authmgr_app_31_0 (vendor_qcc_authmgr_app))
+(expandtypeattribute (vendor_qcc_authmgr_app_31_0) true)
+(typeattribute vendor_qcc_authmgr_app_31_0)
+(typeattributeset vendor_qcc_lmtp_app_31_0 (vendor_qcc_lmtp_app))
+(expandtypeattribute (vendor_qcc_lmtp_app_31_0) true)
+(typeattribute vendor_qcc_lmtp_app_31_0)
+(typeattributeset vendor_qcc_utils_app_31_0 (vendor_qcc_utils_app))
+(expandtypeattribute (vendor_qcc_utils_app_31_0) true)
+(typeattribute vendor_qcc_utils_app_31_0)
+(typeattributeset vendor_qvirtmgr_31_0 (vendor_qvirtmgr))
+(expandtypeattribute (vendor_qvirtmgr_31_0) true)
+(typeattribute vendor_qvirtmgr_31_0)
+(typeattributeset vendor_dpmtcm_socket_31_0 (vendor_dpmtcm_socket))
+(expandtypeattribute (vendor_dpmtcm_socket_31_0) true)
+(typeattribute vendor_dpmtcm_socket_31_0)
+(typeattributeset vendor_sys_video_prop_31_0 (vendor_sys_video_prop))
+(expandtypeattribute (vendor_sys_video_prop_31_0) true)
+(typeattribute vendor_sys_video_prop_31_0)
+(typeattributeset vendor_qcc_app_31_0 (vendor_qcc_app))
+(expandtypeattribute (vendor_qcc_app_31_0) true)
+(typeattribute vendor_qcc_app_31_0)
+(typeattributeset vendor_wfd_app_31_0 (vendor_wfd_app))
+(expandtypeattribute (vendor_wfd_app_31_0) true)
+(typeattribute vendor_wfd_app_31_0)
+(typeattributeset vendor_bt_prop_31_0 (vendor_bt_prop))
+(expandtypeattribute (vendor_bt_prop_31_0) true)
+(typeattribute vendor_bt_prop_31_0)
+(typeattributeset vendor_mmi_sys_31_0 (vendor_mmi_sys))
+(expandtypeattribute (vendor_mmi_sys_31_0) true)
+(typeattribute vendor_mmi_sys_31_0)
+(typeattributeset vendor_qspmsvc_31_0 (vendor_qspmsvc))
+(expandtypeattribute (vendor_qspmsvc_31_0) true)
+(typeattribute vendor_qspmsvc_31_0)
+(typeattributeset vendor_dpmd_31_0 (vendor_dpmd))
+(expandtypeattribute (vendor_dpmd_31_0) true)
+(typeattribute vendor_dpmd_31_0)
+(typeattributeset vendor_qccsyshal_hwservice_31_0 (vendor_qccsyshal_hwservice))
+(expandtypeattribute (vendor_qccsyshal_hwservice_31_0) true)
+(typeattribute vendor_qccsyshal_hwservice_31_0)
+(typeattributeset vendor_vpsservice_31_0 (vendor_vpsservice))
+(expandtypeattribute (vendor_vpsservice_31_0) true)
+(typeattribute vendor_vpsservice_31_0)
+(typeattributeset vendor_wfdservice_31_0 (vendor_wfdservice))
+(expandtypeattribute (vendor_wfdservice_31_0) true)
+(typeattribute vendor_wfdservice_31_0)
+(typeattributeset vendor_hal_atfwd_hwservice_31_0 (vendor_hal_atfwd_hwservice))
+(expandtypeattribute (vendor_hal_atfwd_hwservice_31_0) true)
+(typeattribute vendor_hal_atfwd_hwservice_31_0)
+(typeattributeset vendor_smcinvoke_device_31_0 (vendor_smcinvoke_device))
+(expandtypeattribute (vendor_smcinvoke_device_31_0) true)
+(typeattribute vendor_smcinvoke_device_31_0)
+(typeattributeset vendor_persist_rcs_prop_31_0 (vendor_persist_rcs_prop))
+(expandtypeattribute (vendor_persist_rcs_prop_31_0) true)
+(typeattribute vendor_persist_rcs_prop_31_0)
+(typeattributeset vendor_persist_tcm_prop_31_0 (vendor_persist_tcm_prop))
+(expandtypeattribute (vendor_persist_tcm_prop_31_0) true)
+(typeattribute vendor_persist_tcm_prop_31_0)
+(typeattributeset vendor_persist_dpm_prop_31_0 (vendor_persist_dpm_prop))
+(expandtypeattribute (vendor_persist_dpm_prop_31_0) true)
+(typeattribute vendor_persist_dpm_prop_31_0)
+(typeattributeset vendor_dun-server_31_0 (vendor_dun-server))
+(expandtypeattribute (vendor_dun-server_31_0) true)
+(typeattribute vendor_dun-server_31_0)
+(typeattributeset vendor_qesdk_service_31_0 (vendor_qesdk_service))
+(expandtypeattribute (vendor_qesdk_service_31_0) true)
+(typeattribute vendor_qesdk_service_31_0)
+(typeattributeset vendor_mm_parser_prop_31_0 (vendor_mm_parser_prop))
+(expandtypeattribute (vendor_mm_parser_prop_31_0) true)
+(typeattribute vendor_mm_parser_prop_31_0)
+(typeattributeset vendor_hal_displayconfig_service_31_0 (vendor_hal_displayconfig_service))
+(expandtypeattribute (vendor_hal_displayconfig_service_31_0) true)
+(typeattribute vendor_hal_displayconfig_service_31_0)
+(typeattributeset vendor_hal_telephony_service_31_0 (vendor_hal_telephony_service))
+(expandtypeattribute (vendor_hal_telephony_service_31_0) true)
+(typeattribute vendor_hal_telephony_service_31_0)
+(typeattributeset vendor_qcc_netstat_app_31_0 (vendor_qcc_netstat_app))
+(expandtypeattribute (vendor_qcc_netstat_app_31_0) true)
+(typeattribute vendor_qcc_netstat_app_31_0)
+(typeattributeset vendor_wlc_prop_31_0 (vendor_wlc_prop))
+(expandtypeattribute (vendor_wlc_prop_31_0) true)
+(typeattribute vendor_wlc_prop_31_0)
+(typeattributeset vendor_elabel_data_file_31_0 (vendor_elabel_data_file))
+(expandtypeattribute (vendor_elabel_data_file_31_0) true)
+(typeattribute vendor_elabel_data_file_31_0)
+(typeattributeset vendor_fm_app_31_0 (vendor_fm_app))
+(expandtypeattribute (vendor_fm_app_31_0) true)
+(typeattribute vendor_fm_app_31_0)
+(typeattributeset vendor_perfservice_31_0 (vendor_perfservice))
+(expandtypeattribute (vendor_perfservice_31_0) true)
+(typeattribute vendor_perfservice_31_0)
+(typeattributeset vendor_sigmahal_hwservice_31_0 (vendor_sigmahal_hwservice))
+(expandtypeattribute (vendor_sigmahal_hwservice_31_0) true)
+(typeattribute vendor_sigmahal_hwservice_31_0)
+(typeattributeset vendor_location_app_31_0 (vendor_location_app))
+(expandtypeattribute (vendor_location_app_31_0) true)
+(typeattribute vendor_location_app_31_0)
+(typeattributeset vendor_seempdw_socket_31_0 (vendor_seempdw_socket))
+(expandtypeattribute (vendor_seempdw_socket_31_0) true)
+(typeattribute vendor_seempdw_socket_31_0)
+

generic/prebuilts/api/32.0/private/compat/31.0/31.0.compat.cil

@@ -0,0 +1 @@
+;; This file can't be empty

generic/prebuilts/api/32.0/private/compat/31.0/31.0.ignore.cil

@@ -0,0 +1,8 @@
+;; new_objects - a collection of types that have been introduced that have no
+;;   analogue in older policy.  Thus, we do not need to map these types to
+;;   previous ones.  Add here to pass checkapi test
+(type new_objects)
+(typeattribute new_objects)
+(typeattributeset new_objects
+  ( new_objects
+    vendor_wlc_public_prop))

generic/prebuilts/api/32.0/private/dataservice_app.te

@@ -0,0 +1,55 @@
+# Copyright (c) 2017-2019, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+typeattribute vendor_dataservice_app coredomain;
+typeattribute vendor_dataservice_app mlstrustedsubject;
+app_domain(vendor_dataservice_app)
+net_domain(vendor_dataservice_app)
+
+add_service(vendor_dataservice_app, vendor_cne_service)
+add_service(vendor_dataservice_app, vendor_dpmservice)
+add_service(vendor_dataservice_app, uce_service)
+allow vendor_dataservice_app {
+  app_api_service
+  system_api_service
+  audioserver_service
+  radio_service
+}:service_manager find;
+
+allow vendor_dataservice_app radio_data_file:dir create_dir_perms;
+allow vendor_dataservice_app radio_data_file:{ file lnk_file } create_file_perms;
+
+hwbinder_use(vendor_dataservice_app)
+
+add_service(vendor_dataservice_app, vendor_dpmservice)
+allow vendor_dataservice_app system_app_data_file:dir create_dir_perms;
+allow vendor_dataservice_app vendor_dpmd_socket:sock_file write;
+allow vendor_dataservice_app vendor_dpmd_data_file:dir rw_dir_perms;
+allow vendor_dataservice_app vendor_dpmd_data_file:file create_file_perms;
+unix_socket_connect(vendor_dataservice_app,vendor_dpmd,vendor_dpmd);
+set_prop(vendor_dataservice_app, vendor_persist_dpm_prop)
+set_prop(vendor_dataservice_app, vendor_persist_rcs_prop)

generic/prebuilts/api/32.0/private/device.te

@@ -0,0 +1,30 @@
+# Copyright (c) 2015, 2017, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+#Define smd7 device
+type vendor_smd7_device, dev_type;

generic/prebuilts/api/32.0/private/domain.te

@@ -0,0 +1,29 @@
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+get_prop(domain, vendor_exported_system_prop)
+get_prop(domain, vendor_exported_odm_prop)

generic/prebuilts/api/32.0/private/dpmd.te

@@ -0,0 +1,75 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+typeattribute vendor_dpmd coredomain;
+typeattribute vendor_dpmd mlstrustedsubject;
+type vendor_dpmd_exec, exec_type, system_file_type, file_type;
+
+init_daemon_domain(vendor_dpmd)
+
+net_domain(vendor_dpmd)
+
+allow vendor_dpmd {
+    vendor_dpmd_exec
+    system_file
+}:file x_file_perms;
+
+allow vendor_dpmd vendor_dpmd_data_file:file create_file_perms;
+allow vendor_dpmd vendor_dpmd_data_file:dir create_dir_perms;
+r_dir_file(vendor_dpmd,proc_net)
+
+allow vendor_dpmd self:capability {
+    setuid
+    net_raw
+    net_admin
+};
+
+allow vendor_dpmd netutils_wrapper:process sigkill;
+allow vendor_dpmd self:capability2 wake_alarm;
+
+r_dir_file(vendor_dpmd, appdomain)
+
+wakelock_use(vendor_dpmd)
+allow vendor_dpmd shell_exec:file rx_file_perms;
+dontaudit vendor_dpmd self:capability sys_module;
+set_prop(vendor_dpmd, vendor_persist_dpm_prop)
+get_prop(vendor_dpmd, vendor_persist_dpm_prop)
+#allow vendor_dpmd to create socket
+allow vendor_dpmd self:socket create_socket_perms_no_ioctl;
+allow vendor_dpmd self:{ netlink_socket netlink_generic_socket } create_socket_perms_no_ioctl;
+vendor_dpmd_socket_perm(priv_app)
+vendor_dpmd_socket_perm(system_server)
+vendor_dpmd_socket_perm(system_app)
+vendor_dpmd_socket_perm(untrusted_app)
+vendor_dpmd_socket_perm(untrusted_app_25)
+vendor_dpmd_socket_perm(platform_app)
+#allow vendor_dpmd to write to /proc/net/sys
+allow vendor_dpmd proc_net:file write;
+#self kill rule to kill vendor_dpmd child process which executes iptable commands
+allow vendor_dpmd self:capability kill;
+set_prop(vendor_dpmd, ctl_dpmd_prop)

generic/prebuilts/api/32.0/private/dun-server.te

@@ -0,0 +1,40 @@
+# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_dun-server_exec, system_file_type, exec_type, file_type;
+typeattribute  vendor_dun-server  bluetoothdomain;
+typeattribute vendor_dun-server coredomain;
+
+allow bluetooth vendor_dun-server:unix_stream_socket connectto;
+allow vendor_dun-server {
+    serial_device
+    vendor_smd7_device
+}:chr_file rw_file_perms;
+
+init_daemon_domain(vendor_dun-server)
+
+bluetooth_domain(vendor_dun-server)

generic/prebuilts/api/32.0/private/file.te

@@ -0,0 +1,35 @@
+# Copyright (c) 2015, 2017-2018, 2020-2021 The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_seemp_data_file, core_data_file_type, data_file_type, file_type;
+type vendor_dpmd_socket, file_type, coredomain_socket;
+type vendor_dpmd_data_file, file_type, data_file_type, core_data_file_type;
+type vendor_dpmwrapper_socket, file_type, coredomain_socket, mlstrustedobject;
+type vendor_qcc_data_file, file_type, data_file_type, core_data_file_type;
+type vendor_qcc_app_socket, file_type, mlstrustedobject, coredomain_socket;
+type vendor_sys_sxrauxd_data_file, file_type, data_file_type, core_data_file_type;
+type vendor_sys_sxrauxd_socket, file_type, coredomain_socket;

generic/prebuilts/api/32.0/private/file_contexts

@@ -0,0 +1,69 @@
+# Copyright (c) 2018-2021, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+/data/misc/elabel(/.*)?         u:object_r:vendor_elabel_data_file:s0
+/data/misc/seemp(/.*)?          u:object_r:vendor_seemp_data_file:s0
+
+/(product|system/product)/etc/init\.qcom\.testscripts\.sh         u:object_r:qti-testscripts_exec:s0
+
+/storage/emulated(/.*)?         u:object_r:media_rw_data_file:s0
+
+####### device files ##############
+/dev/smd7                                       u:object_r:vendor_smd7_device:s0
+
+####### dev/socket files ##########
+/dev/socket/seempdw                             u:object_r:vendor_seempdw_socket:s0
+/dev/socket/dpmd                                u:object_r:vendor_dpmd_socket:s0
+/dev/socket/tcm                                 u:object_r:vendor_dpmtcm_socket:s0
+/dev/socket/tcmd                                u:object_r:vendor_dpmtcm_socket:s0
+/dev/socket/qdma_app(/.*)?                      u:object_r:vendor_qcc_app_socket:s0
+
+####### system file ###############
+/system/bin/seempd                              u:object_r:vendor_seempd_exec:s0
+/(system_ext|system/system_ext)/bin/dpmd        u:object_r:vendor_dpmd_exec:s0
+/(system_ext|system/system_ext)/bin/tcmd        u:object_r:vendor_tcmd_exec:s0
+/system/bin/vpsservice                          u:object_r:vendor_vpsservice_exec:s0
+
+####### system_ext file ###############
+/(system_ext|system/system_ext)/bin/dun-server  u:object_r:vendor_dun-server_exec:s0
+/(system_ext|system/system_ext)/bin/bt_logger   u:object_r:vendor_bt_logger_exec:s0
+/(system_ext|system/system_ext)/bin/perfservice u:object_r:vendor_perfservice_exec:s0
+/(system_ext|system/system_ext)/bin/qdtservice  u:object_r:vendor_qdtservice_exec:s0
+/(system|system_ext|system/system_ext)/bin/(wfdservice|wfdservice64)           u:object_r:vendor_wfdservice_exec:s0
+/(system|system_ext|system/system_ext)/bin/(sigma_miracasthalservice|sigma_miracasthalservice64) u:object_r:vendor_sigmahal_qti_exec:s0
+/(system_ext|system/system_ext)/bin/qccsyshalservice  u:object_r:vendor_qccsyshal_qti_exec:s0
+/(system_ext|system/system_ext)/bin/qccsyshal@1\.1-service u:object_r:vendor_qccsyshal_qti_exec:s0
+/(system_ext|system/system_ext)/bin/mmi         u:object_r:vendor_mmi_sys_exec:s0
+/(system_ext|system/system_ext)/bin/mmi_diag    u:object_r:vendor_mmi_sys_exec:s0
+/(system_ext|system/system_ext)/bin/qspmsvc           u:object_r:vendor_qspmsvc_exec:s0
+/(system_ext|system/system_ext)/bin/perfetto_dump\.sh           u:object_r:vendor_perfetto_dump_exec:s0
+/(system_ext|system/system_ext)/bin/qxrsplitauxservice  u:object_r:vendor_sys_sxrauxd_exec:s0
+
+####### data files ################
+/data/dpm(/.*)?                                 u:object_r:vendor_dpmd_data_file:s0
+/data/nfc(/.*)?                                 u:object_r:nfc_data_file:s0
+/data/misc/qdma(/.*)?                           u:object_r:vendor_qcc_data_file:s0
+/data/misc/sxraux(/.*)?                         u:object_r:vendor_sys_sxrauxd_data_file:s0

generic/prebuilts/api/32.0/private/fm_app.te

@@ -0,0 +1,40 @@
+# Copyright (c) 2020, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+typeattribute vendor_fm_app coredomain;
+app_domain(vendor_fm_app)
+
+hal_client_domain(vendor_fm_app, vendor_hal_fm);
+hal_client_domain(vendor_fm_app, vendor_hal_btconfigstore);
+hal_client_domain(vendor_fm_app, vendor_hal_qspmhal);
+hal_client_domain(vendor_fm_app, vendor_hal_perf);
+
+binder_call(vendor_fm_app, gpuservice)
+allow vendor_fm_app radio_service:service_manager find;
+allow vendor_fm_app audioserver_service:service_manager find;
+allow vendor_fm_app mediaserver_service:service_manager find;
+allow vendor_fm_app app_api_service:service_manager find;

generic/prebuilts/api/32.0/private/gmscore_app.te

@@ -0,0 +1,28 @@
+# Copyright (c) 2021, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+unix_socket_connect(gmscore_app, vendor_dpmtcm, vendor_tcmd)

generic/prebuilts/api/32.0/private/hal_qccsyshalservice.te

@@ -0,0 +1,61 @@
+# Copyright (c) 2020-2021 The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_qccsyshal_qti, domain, coredomain, mlstrustedsubject;
+type vendor_qccsyshal_qti_exec, system_file_type , exec_type, file_type;
+
+hal_server_domain(vendor_qccsyshal_qti, vendor_qccsyshal);
+
+#Add hwservice related rules
+hal_attribute_hwservice(vendor_qccsyshal, vendor_qccsyshal_hwservice);
+
+#Allow for transition from init domain to qccsyshal
+init_daemon_domain(vendor_qccsyshal_qti)
+
+#Allow the interaction with servicemanager
+binder_use(vendor_qccsyshal_qti)
+
+#Allow hwbinder call from hal client to server
+binder_call(vendor_qccsyshal_client, vendor_qccsyshal_server)
+binder_call(vendor_qccsyshal_server, vendor_qccsyshal_client)
+
+allow vendor_qccsyshal_client vendor_qccsyshal_hwservice:hwservice_manager find;
+
+# allow access to qdma dropbox (/data/misc/qdma)
+allow vendor_qccsyshal_qti vendor_qcc_data_file:dir create_dir_perms;
+allow vendor_qccsyshal_qti vendor_qcc_data_file:file create_file_perms;
+
+# allow access to vendor_qcc_app_socket
+unix_socket_connect(vendor_qccsyshal_qti, vendor_qcc_app, vendor_qcc_app)
+allow vendor_qccsyshal_qti vendor_qcc_app_socket:dir r_dir_perms;
+allow vendor_qccsyshal_qti vendor_qcc_app_socket:sock_file rw_file_perms;
+
+userdebug_or_eng(`
+  allow vendor_qccsyshal_qti vendor_qcc_lmtp_app:unix_stream_socket connectto;
+')
+
+allow vendor_qccsyshal_qti vendor_qcc_netstat_app:unix_stream_socket connectto;

generic/prebuilts/api/32.0/private/hwservice_contexts

@@ -0,0 +1,29 @@
+# Copyright (c) 2019-2020, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED"AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+vendor.qti.hardware.sigma_miracast::Isigma_miracast             u:object_r:vendor_sigmahal_hwservice:s0
+vendor.qti.hardware.qccsyshal::IQccsyshal                       u:object_r:vendor_qccsyshal_hwservice:s0

generic/prebuilts/api/32.0/private/ioctl_defines

@@ -0,0 +1,34 @@
+# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#    * Redistributions of source code must retain the above copyright
+#      notice, this list of conditions and the following disclaimer.
+#    * Redistributions in binary form must reproduce the above
+#      copyright notice, this list of conditions and the following
+#      disclaimer in the documentation and/or other materials provided
+#      with the distribution.
+#    * Neither the name of The Linux Foundation nor the names of its
+#      contributors may be used to endorse or promote products derived
+#      from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# socket ioctls defined in the kernel in include/uapi/linux/msm_ipc.h
+define(`IPC_ROUTER_IOCTL_GET_VERSION', `0x0000c300')
+define(`IPC_ROUTER_IOCTL_GET_MTU', `0x0000c301')
+define(`IPC_ROUTER_IOCTL_LOOKUP_SERVER', `0x0000c302')
+define(`IPC_ROUTER_IOCTL_GET_CURR_PKT_SIZE', `0x0000c303')
+define(`IPC_ROUTER_IOCTL_BIND_CONTROL_PORT', `0x0000c304')
+define(`IPC_ROUTER_IOCTL_CONFIG_SEC_RULES', `0x0000c305')

generic/prebuilts/api/32.0/private/ioctl_macros

@@ -0,0 +1,35 @@
+# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#    * Redistributions of source code must retain the above copyright
+#      notice, this list of conditions and the following disclaimer.
+#    * Redistributions in binary form must reproduce the above
+#      copyright notice, this list of conditions and the following
+#      disclaimer in the documentation and/or other materials provided
+#      with the distribution.
+#    * Neither the name of The Linux Foundation nor the names of its
+#      contributors may be used to endorse or promote products derived
+#      from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+define(`msm_sock_ipc_ioctls_system', `{
+IPC_ROUTER_IOCTL_GET_VERSION
+IPC_ROUTER_IOCTL_GET_MTU
+IPC_ROUTER_IOCTL_LOOKUP_SERVER
+IPC_ROUTER_IOCTL_GET_CURR_PKT_SIZE
+IPC_ROUTER_IOCTL_BIND_CONTROL_PORT
+IPC_ROUTER_IOCTL_CONFIG_SEC_RULES
+}')

generic/prebuilts/api/32.0/private/kernel.te

@@ -0,0 +1,29 @@
+# Copyright (c) 2021, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# Access tracefs instances
+allow kernel debugfs_tracing_instances:dir search;

generic/prebuilts/api/32.0/private/location_app.te

@@ -0,0 +1,56 @@
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# generic/vendor_location_app.te - sepolicy rules for qti value added location apps
+# that will be part of system image. Eg: XT app.
+
+app_domain(vendor_location_app)
+binder_use(vendor_location_app)
+hal_client_domain(vendor_location_app, hal_gnss)
+
+net_domain(vendor_location_app)
+
+#Permissions for JDWP
+userdebug_or_eng(`
+  allow vendor_location_app { adbd su }:unix_stream_socket connectto;
+')
+
+allow vendor_location_app app_api_service:service_manager find;
+
+allow vendor_location_app system_app_data_file:dir create_dir_perms;
+allow vendor_location_app system_app_data_file:file create_file_perms;
+
+allow vendor_location_app radio_service:service_manager find;
+
+unix_socket_connect(vendor_location_app, vendor_dpmtcm, vendor_dpmd);
+unix_socket_connect(vendor_location_app, vendor_dpmtcm, vendor_tcmd);
+
+get_prop(vendor_location_app, radio_cdma_ecm_prop)
+
+allow vendor_location_app cgroup:file rw_file_perms;
+
+unix_socket_send(vendor_location_app, vendor_seempdw, vendor_seempd);

generic/prebuilts/api/32.0/private/mediaextractor.te

@@ -0,0 +1,29 @@
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+get_prop(mediaextractor, vendor_mm_parser_prop);
+get_prop(mediaextractor, vendor_mm_osal_prop);

generic/prebuilts/api/32.0/private/mediaprovider.te

@@ -0,0 +1,30 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+allow mediaprovider vendor_dpmtcm_socket:sock_file w_file_perms;
+allow mediaprovider vendor_dpmd:unix_stream_socket connectto;
+unix_socket_connect(mediaprovider, vendor_dpmtcm, vendor_tcmd);

generic/prebuilts/api/32.0/private/mediaserver.te

@@ -0,0 +1,31 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+unix_socket_send(mediaserver, vendor_seempdw, vendor_seempd)
+
+get_prop(mediaserver, vendor_mm_video_prop)
+get_prop(mediaserver, vendor_sys_video_prop)

generic/prebuilts/api/32.0/private/mmi_sys.te

@@ -0,0 +1,45 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+typeattribute vendor_mmi_sys coredomain;
+type vendor_mmi_sys_exec, system_file_type, exec_type, file_type;
+
+#init
+init_daemon_domain(vendor_mmi_sys)
+
+#Allow mmi to use IPC
+binder_call(vendor_mmi_sys,surfaceflinger)
+binder_use(vendor_mmi_sys)
+
+#mmi_sys
+allow vendor_mmi_sys ion_device:chr_file r_file_perms;
+allow vendor_mmi_sys surfaceflinger_service:service_manager find;
+hal_client_domain(vendor_mmi_sys, hal_graphics_allocator)
+allow vendor_mmi_sys vendor_mmi_sys_exec:file execute_no_trans;
+
+allow vendor_mmi_sys gpu_device:chr_file rw_file_perms;
+allow vendor_mmi_sys kmsg_device:chr_file w_file_perms;

generic/prebuilts/api/32.0/private/mstatservice_app.te

@@ -0,0 +1,35 @@
+# Copyright (c) 2021, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_mstatservice_app, domain;
+typeattribute vendor_mstatservice_app coredomain;
+app_domain(vendor_mstatservice_app)
+hal_client_domain(vendor_mstatservice_app, vendor_hal_mstatservice_qti)
+hal_client_domain(vendor_mstatservice_app, vendor_hal_perf)
+
+allow vendor_mstatservice_app radio_service:service_manager find;
+allow vendor_mstatservice_app app_api_service:service_manager find;

generic/prebuilts/api/32.0/private/network_stack.te

@@ -0,0 +1,28 @@
+# Copyright (c) 2021, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+unix_socket_connect(network_stack, vendor_dpmtcm, vendor_tcmd)

generic/prebuilts/api/32.0/private/perfservice.te

@@ -0,0 +1,35 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#    * Redistributions of source code must retain the above copyright
+#      notice, this list of conditions and the following disclaimer.
+#    * Redistributions in binary form must reproduce the above
+#      copyright notice, this list of conditions and the following
+#      disclaimer in the documentation and/or other materials provided
+#      with the distribution.
+#    * Neither the name of The Linux Foundation nor the names of its
+#      contributors may be used to endorse or promote products derived
+#      from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_perfservice_exec, exec_type, system_file_type, file_type;
+
+init_daemon_domain(vendor_perfservice)
+
+add_service(vendor_perfservice, vendor_perf_service);
+binder_use(vendor_perfservice);
+binder_call(vendor_perfservice, system_server);
+binder_service(vendor_perfservice);

generic/prebuilts/api/32.0/private/platform_app.te

@@ -0,0 +1,60 @@
+# Copyright (c) 2015, 2017-2019, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#allow platform_app to read vendor_camera_prop
+get_prop(platform_app, vendor_persist_camera_prop)
+# Allow cneservice to be found
+allow platform_app vendor_cne_service:service_manager find;
+
+# Allow vendor_dpmservice to be found
+allow platform_app vendor_dpmservice:service_manager find;
+allow platform_app { vendor_dpmd_socket vendor_dpmtcm_socket }:sock_file w_file_perms;
+allow platform_app vendor_dpmd:unix_stream_socket connectto;
+userdebug_or_eng(`
+  r_dir_file(platform_app, vendor_seemp_data_file)
+  allow platform_app vendor_seemp_data_file: file w_file_perms;
+')
+allow platform_app vendor_color_service:service_manager find;
+# WigigSettings need to read persist.vendor.wigig.icon.disable
+get_prop(platform_app, vendor_wigig_core_prop)
+# SVA app and OEM voice activation app need to find soundtrigger_middleware_service
+allow platform_app soundtrigger_middleware_service:service_manager find;
+
+# allow platform_app access to Workload Classifier Property
+set_prop(platform_app, vendor_wlc_prop);
+
+#allow platform_app to interact with wificfr hal
+hal_client_domain(platform_app, hal_wificfr)
+#allow platform_app to interact with wpa_supplicant
+# adding typeattribute instead of macro because hal_wifi_supplicant has already
+# been defined
+typeattribute platform_app hal_wifi_supplicant_client;
+
+#SystemUI needs to access the property ril.cdma.inecmmode
+get_prop(platform_app, radio_cdma_ecm_prop)
+
+unix_socket_connect(platform_app, vendor_dpmtcm, vendor_tcmd);

generic/prebuilts/api/32.0/private/priv_app.te

@@ -0,0 +1,35 @@
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+get_prop(priv_app, vendor_persist_camera_prop)
+get_prop(priv_app, radio_cdma_ecm_prop)
+allow priv_app vendor_dpmtcm_socket:sock_file w_file_perms;
+allow priv_app vendor_dpmd:unix_stream_socket connectto;
+# QVA app need to find soundtrigger_middleware_service
+allow priv_app soundtrigger_middleware_service:service_manager find;
+
+unix_socket_connect(priv_app, vendor_dpmtcm, vendor_tcmd);

generic/prebuilts/api/32.0/private/property.te

@@ -0,0 +1,50 @@
+# Copyright (c) 2019-2021, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# QCV: define property type vendor_exported_system_prop
+# and vendor_exported_odm_prop
+vendor_restricted_prop(vendor_exported_system_prop);
+vendor_restricted_prop(vendor_exported_odm_prop);
+
+#mm-osal
+system_internal_prop(vendor_mm_osal_prop)
+system_internal_prop(vendor_mm_video_prop)
+
+#WiFi Display
+system_internal_prop(vendor_wfd_service_prop)
+system_internal_prop(vendor_wfd_sys_debug_prop)
+# WIGIG
+system_internal_prop(vendor_wigig_core_prop)
+system_internal_prop(vendor_fst_prop)
+system_internal_prop(ctl_dpmd_prop)
+system_internal_prop(ctl_tcmd_prop)
+
+#XRCB property
+system_internal_prop(vendor_xrcb_prop)
+
+#bootreceiver property
+system_public_prop(vendor_bootreceiver_prop)

generic/prebuilts/api/32.0/private/property_contexts

@@ -0,0 +1,96 @@
+# Copyright (c) 2017, 2019, 2021 The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+ro.vendor.qti.va_aosp.support       u:object_r:vendor_exported_system_prop:s0 exact bool
+ro.vendor.qti.va_odm.support       u:object_r:vendor_exported_odm_prop:s0 exact bool
+ro.vendor.perf.scroll_opt        u:object_r:vendor_exported_system_prop:s0 exact bool
+ro.vendor.perf.scroll_opt.heavy_app        u:object_r:vendor_exported_system_prop:s0 exact int
+ro.netflix.bsp_rev                         u:object_r:vendor_exported_system_prop:s0 exact string
+
+persist.vendor.dpm.                        u:object_r:vendor_persist_dpm_prop:s0
+persist.vendor.rcs.                        u:object_r:vendor_persist_rcs_prop:s0
+persist.vendor.tcmd.                       u:object_r:vendor_persist_tcm_prop:s0
+persist.vendor.btstack                     u:object_r:bluetooth_prop:s0
+persist.vendor.bluetooth.emailaccountcount u:object_r:bluetooth_prop:s0
+persist.vendor.bt.a2dp                     u:object_r:bluetooth_prop:s0
+persist.vendor.bt_logger.                  u:object_r:bluetooth_prop:s0
+persist.vendor.service.bt.                 u:object_r:bluetooth_prop:s0
+ro.vendor.btstack.                         u:object_r:bluetooth_prop:s0
+vendor.pts.                                u:object_r:bluetooth_prop:s0
+vendor.bt.pts.                             u:object_r:bluetooth_prop:s0
+vendor.bluetooth.                          u:object_r:bluetooth_prop:s0
+vendor.camera.aux.packagelist              u:object_r:vendor_persist_camera_prop:s0
+persist.vendor.camera.privapp.list         u:object_r:vendor_persist_camera_prop:s0
+
+#mm-parser
+vendor.mm.enable.qcom_parser       u:object_r:vendor_mm_parser_prop:s0
+vendor.qcom_parser.                u:object_r:vendor_mm_parser_prop:s0
+#mm-osal
+vendor.debug.mmosal.config         u:object_r:vendor_mm_osal_prop:s0
+
+#perf
+vendor.perf.workloadclassifier.enable      u:object_r:vendor_wlc_prop:s0
+persist.vendor.build.date.utc              u:object_r:vendor_wlc_prop:s0
+vendor.mpctl.init.complete                 u:object_r:vendor_wlc_public_prop:s0
+
+#mm-video
+persist.vendor.debug.av.logs.lvl          u:object_r:debug_prop:s0
+persist.vendor.debug.en.drpcrpt           u:object_r:vendor_mm_video_prop:s0
+persist.vendor.media.hls.                 u:object_r:vendor_mm_video_prop:s0
+persist.vendor.sys.media.rtp-ports        u:object_r:vendor_mm_video_prop:s0
+vendor.encoder.video.profile              u:object_r:vendor_mm_video_prop:s0
+vendor.sys.media.target.version           u:object_r:vendor_sys_video_prop:s0
+vendor.sys.video.disable.ubwc             u:object_r:vendor_sys_video_prop:s0
+vendor.sys.media.target.qssi              u:object_r:vendor_sys_video_prop:s0
+
+#Wifi Display
+vendor.wfdservice                         u:object_r:vendor_wfd_service_prop:s0
+persist.vendor.debug.wfd.wfdsvc           u:object_r:vendor_wfd_sys_debug_prop:s0
+persist.vendor.debug.wfdcdbg              u:object_r:vendor_wfd_sys_debug_prop:s0
+persist.vendor.debug.wfdcdbgv             u:object_r:vendor_wfd_sys_debug_prop:s0
+persist.vendor.sys.debug.mux.             u:object_r:vendor_wfd_sys_debug_prop:s0
+persist.vendor.sys.debug.rtp.             u:object_r:vendor_wfd_sys_debug_prop:s0
+persist.vendor.sys.debug.wfd.             u:object_r:vendor_wfd_sys_debug_prop:s0
+
+# WIGIG
+persist.vendor.wigig.                      u:object_r:vendor_wigig_core_prop:s0
+persist.vendor.fst.                        u:object_r:vendor_fst_prop:s0
+persist.dpm.feature                        u:object_r:vendor_persist_dpm_prop:s0
+ctl.stop$dpmd                              u:object_r:ctl_dpmd_prop:s0
+ctl.stop$tcmd                              u:object_r:ctl_tcmd_prop:s0
+
+# Beluga
+ro.vendor.beluga.p                         u:object_r:vendor_exported_system_prop:s0
+ro.vendor.beluga.c                         u:object_r:vendor_exported_system_prop:s0
+ro.vendor.beluga.s                         u:object_r:vendor_exported_system_prop:s0
+ro.vendor.beluga.t                         u:object_r:vendor_exported_system_prop:s0
+
+#XRCB prop
+vendor.xrcb.                               u:object_r:vendor_xrcb_prop:s0
+
+# bootreceiver config props
+ro.vendor.bootreceiver.enable              u:object_r:vendor_bootreceiver_prop:s0 exact bool

generic/prebuilts/api/32.0/private/qcc_app.te

@@ -0,0 +1,66 @@
+# Copyright (c) 2020 The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+typeattribute vendor_qcc_app mlstrustedsubject;
+
+app_domain(vendor_qcc_app)
+net_domain(vendor_qcc_app)
+binder_use(vendor_qcc_app)
+
+allow vendor_qcc_app radio_service:service_manager find;
+# for vendor_perf_service
+allow vendor_qcc_app app_api_service:service_manager find;
+
+# allow access to qdma dropbox (/data/misc/qdma)
+allow vendor_qcc_app vendor_qcc_data_file:dir create_dir_perms;
+allow vendor_qcc_app vendor_qcc_data_file:file create_file_perms;
+
+# allow access to socket
+unix_socket_connect(vendor_qcc_app, vendor_dpmtcm, vendor_dpmd)
+unix_socket_connect(vendor_qcc_app, vendor_dpmtcm, vendor_tcmd)
+# allow access to mediadrmserver for qdmastats/wvstats
+allow vendor_qcc_app mediadrmserver_service:service_manager find;
+
+# allow vendor_qcc_app to access system_app_data_file
+# necessary for read and write /data/user_de/0/com.---.qti.qdma subdirectory.
+allow vendor_qcc_app system_data_file:dir search;
+allow vendor_qcc_app system_app_data_file:dir create_dir_perms;
+allow vendor_qcc_app system_app_data_file:file create_file_perms;
+
+allow vendor_qcc_app user_profile_root_file:dir search;
+
+# allow cgroup access
+allow vendor_qcc_app cgroup:file rw_file_perms;
+
+#allow mediametrics_service
+allow vendor_qcc_app mediametrics_service:service_manager find;
+
+# Allow read-write permissions to qdma sockets under vendor_qcc_app_socket.
+allow vendor_qcc_app vendor_qcc_app_socket:dir rw_dir_perms;
+allow vendor_qcc_app vendor_qcc_app_socket:sock_file create_file_perms;
+
+

generic/prebuilts/api/32.0/private/qcc_authmgr_app.te

@@ -0,0 +1,35 @@
+# Copyright (c) 2021, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+typeattribute vendor_qcc_authmgr_app coredomain;
+
+app_domain(vendor_qcc_authmgr_app)
+binder_use(vendor_qcc_authmgr_app)
+
+hal_client_domain(vendor_qcc_authmgr_app, vendor_hal_qccvndhal);
+hal_client_domain(vendor_qcc_authmgr_app, vendor_hal_perf);
+allow vendor_qcc_authmgr_app {app_api_service}:service_manager find;

generic/prebuilts/api/32.0/private/qcc_lmtp_app.te

@@ -0,0 +1,63 @@
+# Copyright (c) 2017-2020, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+userdebug_or_eng(`
+  typeattribute vendor_qcc_lmtp_app mlstrustedsubject;
+  app_domain(vendor_qcc_lmtp_app)
+  net_domain(vendor_qcc_lmtp_app)
+  binder_use(vendor_qcc_lmtp_app)
+
+  hal_client_domain(vendor_qcc_lmtp_app, vendor_hal_perf);
+
+  allow vendor_qcc_lmtp_app {activity_service}:service_manager find;
+
+  allow vendor_qcc_lmtp_app location_service:service_manager find;
+  allow vendor_qcc_lmtp_app app_api_service:service_manager find;
+
+  # for vendor_perf_service
+  allow vendor_qcc_lmtp_app vendor_perf_service:service_manager find;
+
+  # allow access to socket
+  unix_socket_connect(vendor_qcc_lmtp_app, vendor_dpmtcm, vendor_dpmd)
+  unix_socket_connect(vendor_qcc_lmtp_app, vendor_dpmtcm, vendor_tcmd)
+  # allow access to qcc dropbox
+  allow vendor_qcc_lmtp_app vendor_qcc_data_file:dir create_dir_perms;
+  allow vendor_qcc_lmtp_app vendor_qcc_data_file:file create_file_perms;
+
+  # allow vendor_qcc_lmtp_app to access system_app_data_file
+  # necessary for read and write /data/data subdirectory
+  allow vendor_qcc_lmtp_app system_app_data_file:dir create_dir_perms;
+  allow vendor_qcc_lmtp_app system_app_data_file:file create_file_perms;
+  allow vendor_qcc_lmtp_app system_data_file:dir search;
+
+  # Allow read-write permissions to qdma sockets under vendor_qcc_app_socket.
+  unix_socket_connect(vendor_qcc_lmtp_app, vendor_qcc_app, vendor_qcc_app)
+  allow vendor_qcc_lmtp_app vendor_qcc_app_socket:dir rw_dir_perms;
+  allow vendor_qcc_lmtp_app vendor_qcc_app_socket:sock_file create_file_perms;
+
+  allow vendor_qcc_lmtp_app app_api_service:service_manager find;
+')

generic/prebuilts/api/32.0/private/qcc_netstat_app.te

@@ -0,0 +1,39 @@
+# Copyright (c) 2021, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+typeattribute vendor_qcc_netstat_app coredomain;
+
+app_domain(vendor_qcc_netstat_app)
+net_domain(vendor_qcc_netstat_app)
+binder_use(vendor_qcc_netstat_app)
+
+hal_client_domain(vendor_qcc_netstat_app, vendor_hal_qccvndhal);
+hal_client_domain(vendor_qcc_netstat_app, vendor_hal_perf);
+allow vendor_qcc_netstat_app {app_api_service}:service_manager find;
+
+# Allow read-write permissions to qdma sockets under vendor_qcc_app_socket.
+unix_socket_connect(vendor_qcc_netstat_app, vendor_qcc_app, vendor_qcc_app)

generic/prebuilts/api/32.0/private/qcc_trd.te

@@ -0,0 +1,28 @@
+# Copyright (c) 2020 The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+hal_client_domain(vendor_qcc_trd, vendor_qccsyshal);

generic/prebuilts/api/32.0/private/qcc_utils_app.te

@@ -0,0 +1,49 @@
+# Copyright (c) 2017-2020, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+typeattribute vendor_qcc_utils_app mlstrustedsubject;
+
+app_domain(vendor_qcc_utils_app)
+net_domain(vendor_qcc_utils_app)
+binder_use(vendor_qcc_utils_app)
+
+allow vendor_qcc_utils_app { app_api_service radio_service }:service_manager find;
+
+# allow access to qcc dropbox
+allow vendor_qcc_utils_app vendor_qcc_data_file:dir create_dir_perms;
+allow vendor_qcc_utils_app vendor_qcc_data_file:file create_file_perms;
+
+# allow vendor_qcc_utils_app to access system_app_data_file
+# necessary for read and write /data/data subdirectory
+allow vendor_qcc_utils_app system_app_data_file:dir create_dir_perms;
+allow vendor_qcc_utils_app system_app_data_file:file create_file_perms;
+
+# allow cgroup access
+allow vendor_qcc_utils_app cgroup:file rw_file_perms;
+
+# for aws iot mqtt
+allow vendor_qcc_utils_app self: udp_socket create_socket_perms_no_ioctl;

generic/prebuilts/api/32.0/private/qdtservice.te

@@ -0,0 +1,37 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#    * Redistributions of source code must retain the above copyright
+#      notice, this list of conditions and the following disclaimer.
+#    * Redistributions in binary form must reproduce the above
+#      copyright notice, this list of conditions and the following
+#      disclaimer in the documentation and/or other materials provided
+#      with the distribution.
+#    * Neither the name of The Linux Foundation nor the names of its
+#      contributors may be used to endorse or promote products derived
+#      from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_qdtservice_exec, exec_type, system_file_type, file_type;
+type vendor_qdtservice, domain, coredomain;
+
+init_daemon_domain(vendor_qdtservice)
+
+add_service(vendor_qdtservice, vendor_qdt_service);
+binder_use(vendor_qdtservice);
+binder_service(vendor_qdtservice);
+
+hal_client_domain(vendor_qdtservice, vendor_hal_perf)

generic/prebuilts/api/32.0/private/qesdkSystem.te

@@ -0,0 +1,39 @@
+# Copyright (c) 2021, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_qesdk_app, domain;
+typeattribute vendor_qesdk_app coredomain;
+typeattribute vendor_qesdk_app mlstrustedsubject;
+app_domain(vendor_qesdk_app)
+#allow vendor_qesdk_app to access vendor_hal_qesdhal
+qesdk_app_access(vendor_qesdk_app);
+allow vendor_qesdk_app system_data_file:dir search;
+allow vendor_qesdk_app system_app_data_file:dir { getattr search };
+allow vendor_qesdk_app user_profile_root_file:dir search;
+allow vendor_qesdk_app app_api_service:service_manager find;
+hal_client_domain(vendor_qesdk_app, vendor_hal_perf)
+add_service(vendor_qesdk_app, vendor_qesdk_service);

generic/prebuilts/api/32.0/private/qspmsvc.te

@@ -0,0 +1,36 @@
+# Copyright (c) 2019-2020, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#    * Redistributions of source code must retain the above copyright
+#      notice, this list of conditions and the following disclaimer.
+#    * Redistributions in binary form must reproduce the above
+#      copyright notice, this list of conditions and the following
+#      disclaimer in the documentation and/or other materials provided
+#      with the distribution.
+#    * Neither the name of The Linux Foundation nor the names of its
+#      contributors may be used to endorse or promote products derived
+#      from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+typeattribute vendor_qspmsvc coredomain;
+type vendor_qspmsvc_exec, exec_type, system_file_type, file_type;
+
+init_daemon_domain(vendor_qspmsvc)
+add_service(vendor_qspmsvc, vendor_qspmsvc_service);
+binder_use(vendor_qspmsvc);
+binder_call(vendor_qspmsvc, system_server);
+binder_service(vendor_qspmsvc);
+hal_client_domain(vendor_qspmsvc, hal_thermal)

generic/prebuilts/api/32.0/private/qtelephony.te

@@ -0,0 +1,50 @@
+# Copyright (c) 2017-2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# qti telephony apps, such as AtFwd and FastDormancy
+typeattribute vendor_qtelephony coredomain;
+
+app_domain(vendor_qtelephony)
+net_domain(vendor_qtelephony)
+
+hwbinder_use(vendor_qtelephony);
+get_prop(vendor_qtelephony, hwservicemanager_prop);
+add_hwservice(vendor_qtelephony, vendor_hal_atfwd_hwservice);
+
+userdebug_or_eng(`
+    hal_client_domain( vendor_qtelephony, vendor_hal_diaghal)
+')
+
+allow vendor_qtelephony { cameraserver_service mediaextractor_service mediaserver_service mediametrics_service radio_service drmserver_service audioserver_service}:service_manager find;
+allow vendor_qtelephony system_api_service:service_manager find;
+allow vendor_qtelephony app_api_service:service_manager find;
+
+allow vendor_qtelephony vendor_dpmtcm_socket:sock_file write;
+
+allow vendor_qtelephony vendor_dpmd:unix_stream_socket connectto;
+
+hal_client_domain(vendor_qtelephony, hal_telephony)

generic/prebuilts/api/32.0/private/qti-testscripts.te

@@ -0,0 +1,100 @@
+# Copyright (c) 2015,2017 The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#as the exec is defined in file_context  it is hitting build
+# error in user build  so moving out of the macro
+type qti-testscripts_exec, system_file_type, exec_type, file_type;
+userdebug_or_eng(`
+  type qti-testscripts, domain, mlstrustedsubject;
+  typeattribute  qti-testscripts coredomain;
+  permissive qti-testscripts;
+  init_daemon_domain(qti-testscripts)
+
+  #this is shell scripts and need /system/bin/sh
+  allow qti-testscripts shell_exec:file rx_file_perms;
+  #super_user - start
+  # Add qti-testscripts to various domains
+  net_domain(qti-testscripts)
+
+  dontaudit qti-testscripts self:capability_class_set *;
+  dontaudit qti-testscripts kernel:security *;
+  dontaudit qti-testscripts kernel:system *;
+  dontaudit qti-testscripts self:memprotect *;
+  dontaudit qti-testscripts domain:process *;
+  dontaudit qti-testscripts domain:fd *;
+  dontaudit qti-testscripts domain:dir *;
+  dontaudit qti-testscripts domain:lnk_file *;
+  dontaudit qti-testscripts domain:{ fifo_file file } *;
+  dontaudit qti-testscripts domain:socket_class_set *;
+  dontaudit qti-testscripts domain:ipc_class_set *;
+  dontaudit qti-testscripts domain:key *;
+  dontaudit qti-testscripts fs_type:filesystem *;
+  dontaudit qti-testscripts {fs_type dev_type file_type}:dir_file_class_set *;
+  dontaudit qti-testscripts node_type:node *;
+  dontaudit qti-testscripts node_type:{ tcp_socket udp_socket rawip_socket } *;
+  dontaudit qti-testscripts netif_type:netif *;
+  dontaudit qti-testscripts port_type:socket_class_set *;
+  dontaudit qti-testscripts port_type:{ tcp_socket dccp_socket } *;
+  dontaudit qti-testscripts domain:peer *;
+  dontaudit qti-testscripts domain:binder *;
+  dontaudit qti-testscripts property_type:property_service *;
+  dontaudit qti-testscripts property_type:file *;
+  dontaudit qti-testscripts service_manager_type:service_manager *;
+  dontaudit qti-testscripts keystore:keystore_key *;
+ # dontaudit qti-testscripts domain:debuggerd *;
+  dontaudit qti-testscripts domain:drmservice *;
+  dontaudit qti-testscripts unlabeled:filesystem *;
+  #super_user - end
+
+  #Added below rule in same file to keep all debug policies
+  #under one common file.
+
+  # All domains can read proc enrty of qti-testscripts
+  # r_dir_file(domain, qti-testscripts)
+  # r_dir_file(qti-testscripts, domain)
+  
+# allow adbd qti-testscripts:process dyntransition;
+  #allow { domain -mediaextractor -mediacodec } qti-testscripts:unix_stream_socket connectto;
+  allow domain qti-testscripts:fd use;
+  allow { domain -app_zygote -mediaextractor -hal_omx_server -hal_configstore_server } qti-testscripts:unix_stream_socket { getattr getopt read write shutdown };
+#  binder_call({ domain -init -netd }, qti-testscripts)
+  allow domain qti-testscripts:fifo_file { write getattr };
+  allow domain qti-testscripts:process sigchld;
+  binder_use(qti-testscripts)
+  allow platform_app qti-testscripts:unix_stream_socket { read write connectto};
+  allow system_app qti-testscripts:unix_stream_socket { read write connectto};
+  allow system_server qti-testscripts:binder { transfer call };
+  allow untrusted_app_25 qti-testscripts:binder  { transfer call };
+  allow priv_app qti-testscripts:binder { transfer call };
+  allow surfaceflinger qti-testscripts:binder { transfer call };
+  allow system_server qti-testscripts:fifo_file read;
+  binder_call(platform_app, qti-testscripts)
+  binder_call(system_app, qti-testscripts)
+
+# allow lmkd to kill tasks with positive oom_score_adj under memory pressure
+  allow lmkd qti-testscripts:process { setsched sigkill };
+')

generic/prebuilts/api/32.0/private/radio.te

@@ -0,0 +1,33 @@
+# Copyright (c) 2018, 2020, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+hwbinder_use(radio)
+allow radio mediaextractor_service:service_manager find;
+
+userdebug_or_eng(`
+  unix_socket_send(radio,vendor_seempdw, vendor_seempd)
+')

generic/prebuilts/api/32.0/private/seapp_contexts

@@ -0,0 +1,82 @@
+# Copyright (c) 2019-2021, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#Add new domain for DataServices
+# Needed for CNEService , uceShimService and other connectivity services
+user=radio seinfo=platform name=.dataservices domain=vendor_dataservice_app type=radio_data_file
+
+# AtFwd app
+user=_app seinfo=platform name=com.qualcomm.telephony domain=vendor_qtelephony type=app_data_file levelFrom=all
+
+#Add new domain for ims app
+user=_app seinfo=platform name=org.codeaurora.ims isPrivApp=true domain=vendor_qtelephony type=app_data_file levelFrom=all
+
+
+# QtiTelephonyService app
+user=_app seinfo=platform name=com.qualcomm.qti.telephonyservice domain=vendor_qtelephony type=app_data_file levelFrom=all
+
+#Add new domain for qti value added Location apps
+user=_app seinfo=platform name=com.qualcomm.location.XT isPrivApp=true domain=vendor_location_app type=app_data_file
+user=_app seinfo=platform name=com.qualcomm.location.XT.setup isPrivApp=true domain=vendor_location_app type=app_data_file
+user=_app seinfo=platform name=com.qualcomm.location isPrivApp=true domain=vendor_location_app type=app_data_file
+user=_app seinfo=platform name=com.qualcomm.wfd.service:wfd_service domain=vendor_wfd_app type=app_data_file levelfrom=all
+user=_app seinfo=platform name=com.qualcomm.wfd.client domain=vendor_wfd_app type=app_data_file levelfrom=all
+user=_app seinfo=platform name=com.qualcomm.qti.ssmeditor domain=vendor_qconfig_app type=app_data_file levelfrom=all
+
+#Add new domain for QCC
+user=system seinfo=platform name=com.qualcomm.qti.qdma isPrivApp=true domain=vendor_qcc_app type=system_app_data_file
+#Add new domain for QCCLMTP
+user=system seinfo=platform name=com.qualcomm.qti.qcclmtp isPrivApp=true domain=vendor_qcc_lmtp_app type=system_app_data_file
+#Add new domain for QCCNetstat
+user=_app seinfo=platform name=com.qualcomm.qti.qccnetstat domain=vendor_qcc_netstat_app type=app_data_file levelFrom=all
+#Add new domain for QCCAuthMgr
+user=_app seinfo=platform name=com.qualcomm.qti.qccauthmgr domain=vendor_qcc_authmgr_app type=app_data_file levelFrom=all
+#Add new domain for QCC-Utils
+user=system seinfo=platform name=com.qualcomm.qti.qdmautils isPrivApp=true domain=vendor_qcc_utils_app type=system_app_data_file
+# Add new domain for FM app
+user=_app seinfo=platform name=com.caf.fmradio domain=vendor_fm_app type=app_data_file levelFrom=all
+
+#Add new domain for secure camera service app
+user=_app seinfo=platform name=com.qualcomm.qti.seccamservice:remote domain=vendor_seccam_app type=app_data_file
+
+#Add ExtTelephonyService to vendor_qtelephony
+user=_app seinfo=platform name=com.qti.phone domain=vendor_qtelephony type=app_data_file levelFrom=all
+
+#Add new domain for Voice Activation app
+user=_app seinfo=platform name=com.qualcomm.qti.sva domain=vendor_voiceui_app type=app_data_file levelFrom=all
+
+# qc mStat app
+user=_app seinfo=platform name=com.qti.qualcomm.mstatssystemservice domain=vendor_mstatservice_app type=app_data_file levelFrom=all
+
+#Add new domain for QESDK_APP
+user=system seinfo=platform name=vendor.qti.qesdk.sysservice isPrivApp=true domain=vendor_qesdk_app type=system_app_data_file
+
+#Add new domain for workloadclassifier
+user=_app seinfo=platform name=com.qualcomm.qti.workloadclassifier domain=vendor_wlc_app type=app_data_file levelFrom=all
+
+#Add new domain for xrcb app
+user=_app seinfo=platform name=com.qualcomm.qti.xrcb domain=vendor_xrcb_app type=app_data_file levelFrom=all

generic/prebuilts/api/32.0/private/seccam_app.te

@@ -0,0 +1,38 @@
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#    * Redistributions of source code must retain the above copyright
+#      notice, this list of conditions and the following disclaimer.
+#    * Redistributions in binary form must reproduce the above
+#      copyright notice, this list of conditions and the following
+#      disclaimer in the documentation and/or other materials provided
+#      with the distribution.
+#    * Neither the name of The Linux Foundation nor the names of its
+#      contributors may be used to endorse or promote products derived
+#      from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_seccam_app, domain;
+app_domain(vendor_seccam_app)
+net_domain(vendor_seccam_app)
+
+hal_client_domain(vendor_seccam_app, vendor_hal_qteeconnector);
+
+allow vendor_seccam_app app_data_file:dir create_dir_perms;
+allow vendor_seccam_app app_data_file:file create_file_perms;
+allow vendor_seccam_app { activity_service app_api_service } :service_manager find;
+allow vendor_seccam_app self:qipcrtr_socket create_socket_perms_no_ioctl;
+typeattribute vendor_seccam_app hal_graphics_composer_client;

generic/prebuilts/api/32.0/private/seempd.te

@@ -0,0 +1,46 @@
+# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+typeattribute vendor_seempd coredomain;
+typeattribute vendor_seempd mlstrustedsubject;
+type vendor_seempd_exec, exec_type, system_file_type, file_type;
+
+init_daemon_domain(vendor_seempd)
+
+binder_use(vendor_seempd)
+binder_call(vendor_seempd, system_server)
+binder_call(vendor_seempd, appdomain)
+
+allow vendor_seempd vendor_MinkBinderSvc:service_manager { find };
+
+add_service(vendor_seempd, vendor_seemp_service)
+
+allow vendor_seempd self:binder call;
+allow vendor_seempd ion_device:chr_file r_file_perms;
+
+#Allow search access in seemp_data_file
+allow vendor_seempd vendor_seemp_data_file:dir search;

generic/prebuilts/api/32.0/private/service.te

@@ -0,0 +1,41 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+type vendor_cne_service,                 service_manager_type;
+type vendor_seemp_service,               service_manager_type;
+type vendor_dpmservice,                  service_manager_type;
+type vendor_MinkBinderSvc,               app_api_service, service_manager_type;
+type vendor_perf_service,         app_api_service, service_manager_type;
+type vendor_qdt_service,                 app_api_service, service_manager_type;
+type vendor_izat_service,                app_api_service, system_api_service, service_manager_type;
+type vendor_color_service,               service_manager_type;
+type vendor_wfdservice_service,          service_manager_type;
+type vendor_wigigp2p_service,            app_api_service, system_server_service, service_manager_type;
+type vendor_wigig_service,               app_api_service, system_server_service, service_manager_type;
+type vendor_vps_service,          app_api_service, service_manager_type;
+type vendor_qspmsvc_service,             app_api_service, service_manager_type;
+type vendor_qvirtmgr_service,            service_manager_type;
+

generic/prebuilts/api/32.0/private/service_contexts

@@ -0,0 +1,51 @@
+# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+cneservice                                           u:object_r:vendor_cne_service:s0
+com.qualcomm.qti.ustaservice.USTAServiceImpl         u:object_r:vendor_usta_app_service:s0
+dpmservice                                     u:object_r:vendor_dpmservice:s0
+MinkBinderSvc                                  u:object_r:vendor_MinkBinderSvc:s0
+vendor.perfservice                             u:object_r:vendor_perf_service:s0
+vendor.qdtservice                              u:object_r:vendor_qdt_service:s0
+sms-sec                                        u:object_r:radio_service:s0
+extphone                                       u:object_r:radio_service:s0
+qti.radio.extphone                             u:object_r:radio_service:s0
+com.qualcomm.location.izat.IzatService         u:object_r:vendor_izat_service:s0
+qti.security.seempspa                          u:object_r:vendor_seemp_service:s0
+vendor.audio.vrservice                         u:object_r:audioserver_service:s0
+com.qti.snapdragon.sdk.display.IColorService   u:object_r:vendor_color_service:s0
+wfdservice                                     u:object_r:vendor_wfdservice_service:s0
+wfdservice64                                   u:object_r:vendor_wfdservice_service:s0
+wigigp2p                                       u:object_r:vendor_wigigp2p_service:s0
+wigig                                          u:object_r:vendor_wigig_service:s0
+display.smomoservice                           u:object_r:surfaceflinger_service:s0
+vendor.vpsservice                              u:object_r:vendor_vps_service:s0
+vendor.qspmsvc                                 u:object_r:vendor_qspmsvc_service:s0
+nfc_settings                                   u:object_r:nfc_service:s0
+nfc.st_ext                                     u:object_r:nfc_service:s0
+vendor.qti.gnss.ILocAidlGnss/default           u:object_r:hal_gnss_service:s0
+vendor.qvirtmgr                                u:object_r:vendor_qvirtmgr_service:s0
+vendor.qti.qesdsys.IQesdSys/default            u:object_r:vendor_qesdk_service:s0

generic/prebuilts/api/32.0/private/sigma-hal.te

@@ -0,0 +1,50 @@
+# Copyright (c) 2019 The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_sigmahal_qti, domain, coredomain;
+type vendor_sigmahal_qti_exec, system_file_type , exec_type, file_type;
+
+hal_server_domain(vendor_sigmahal_qti,vendor_sigmahal);
+hal_attribute_hwservice(vendor_sigmahal, vendor_sigmahal_hwservice);
+
+#Allow for transition from init domain to vendor_sigmahal_qti
+init_daemon_domain(vendor_sigmahal_qti);
+
+#Allow the interaction with servicemanager
+binder_use(vendor_sigmahal_qti)
+
+#Allow the interaction with wfdservice
+binder_call(vendor_sigmahal_qti,vendor_wfdservice);
+
+#Allow access to vendor_wfdservice_service,audioserver_service,surfaceflinger_service to interact with vendor_sigmahal_qti
+allow vendor_sigmahal_qti {vendor_wfdservice_service audioserver_service surfaceflinger_service}:service_manager find;
+
+#Allow vendor_sigmahal_qti to interact with audio_server
+binder_call(vendor_sigmahal_qti,audioserver);
+
+#Allow vendor_sigmahal_qti to interact with surface flinger
+binder_call(vendor_sigmahal_qti,surfaceflinger);

generic/prebuilts/api/32.0/private/smart_trace.te

@@ -0,0 +1,49 @@
+# Copyright (c) 2021, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_perfetto_dump, domain, coredomain;
+type vendor_perfetto_dump_exec, system_file_type, exec_type, file_type;
+
+init_daemon_domain(vendor_perfetto_dump)
+userdebug_or_eng(`
+  set_prop(vendor_perfetto_dump, system_prop)
+  allow vendor_perfetto_dump perfetto_traces_data_file:dir rw_dir_perms;
+  allow vendor_perfetto_dump perfetto_traces_data_file:file { rw_file_perms unlink };
+  allow vendor_perfetto_dump shell_exec:file { rx_file_perms entrypoint };
+  allow vendor_perfetto_dump toolbox_exec:file rx_file_perms;
+  allow vendor_perfetto_dump perfetto_exec:file rx_file_perms;
+  allow vendor_perfetto_dump perfetto:fd use;
+  allow vendor_perfetto_dump shell:fd use;
+  allow vendor_perfetto_dump shell:fifo_file { read write };
+
+  # Allow the service to create new files within /data/misc/perfetto-traces.
+  allow vendor_perfetto_dump perfetto_traces_data_file:file create_file_perms;
+  allow vendor_perfetto_dump perfetto_traces_data_file:dir rw_dir_perms;
+  allow traced vendor_perfetto_dump:fd use;
+  allow vendor_perfetto_dump traced_consumer_socket:sock_file { write read };
+  allow vendor_perfetto_dump traced:unix_stream_socket connectto;
+')

generic/prebuilts/api/32.0/private/surfaceflinger.te

@@ -0,0 +1,32 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+binder_call(surfaceflinger, vendor_wfdservice);
+allow surfaceflinger vendor_hal_displayconfig_service:service_manager find;
+
+#Allow access to limits_hwservice
+hal_client_domain(surfaceflinger, vendor_hal_limits)

generic/prebuilts/api/32.0/private/sxrauxd.te

@@ -0,0 +1,50 @@
+# Copyright (c) 2021 The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+type vendor_sys_sxrauxd, domain;
+typeattribute vendor_sys_sxrauxd coredomain;
+typeattribute vendor_sys_sxrauxd vendor_hal_sxrservice_qti_socket_fd_use_client;
+type vendor_sys_sxrauxd_exec, system_file_type, exec_type, file_type;
+
+init_daemon_domain(vendor_sys_sxrauxd)
+
+allow vendor_sys_sxrauxd vendor_sys_sxrauxservice_qti_socket_client:unix_stream_socket { getopt read setopt shutdown write };
+# Allow access to our socket
+allow vendor_sys_sxrauxd vendor_sys_sxrauxd_socket:sock_file rw_file_perms;
+
+# Allow access to sxrservice
+hal_client_domain(vendor_sys_sxrauxd, vendor_hal_sxrservice_qti);
+
+#Allow access to Audio Flinger APIs
+binder_call(vendor_sys_sxrauxd, audioserver);
+allow vendor_sys_sxrauxd audioserver_service : service_manager find;
+
+# Allow interracting with vendor_sxrauxd directory
+allow vendor_sys_sxrauxd vendor_sys_sxrauxd_data_file:dir create_dir_perms;
+allow vendor_sys_sxrauxd vendor_sys_sxrauxd_data_file:file create_file_perms;
+
+#allow binder use for checking permissions
+binder_use(vendor_sys_sxrauxd)

generic/prebuilts/api/32.0/private/system_app.te

@@ -0,0 +1,49 @@
+# Copyright (c) 2015, 2017, 2019-2020, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# access to seemp folder
+allow system_app vendor_seemp_data_file:dir r_dir_perms;
+allow system_app vendor_seemp_data_file:{ file fifo_file } rw_file_perms;
+binder_call(system_app, vendor_seempd)
+
+allow system_app vendor_dpmtcm_socket:sock_file w_file_perms;
+allow system_app vendor_dpmd:unix_stream_socket connectto;
+allow system_app vendor_color_service:service_manager add;
+get_prop(system_app, bluetooth_prop);
+# allow system_app to interact with smcinvoke daemon
+#binder_call(system_app, smcinvoke_daemon)
+
+# allow system_app access to Workload Classifier Property
+set_prop(system_app, vendor_wlc_prop);
+
+# allow system_app access to wigig Property
+get_prop(system_app, vendor_wigig_core_prop);
+
+#allow system_app to access faceauth
+hal_client_domain(system_app, hal_face)
+
+unix_socket_connect(system_app, vendor_dpmtcm, vendor_tcmd);

generic/prebuilts/api/32.0/private/system_server.te

@@ -0,0 +1,73 @@
+# Copyright (c) 2015,2017,2019,2021 The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED"AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+add_service(system_server, vendor_izat_service)
+
+# Ant ipc
+hal_client_domain(system_server,hal_bluetooth);
+
+allow system_server vendor_seempdw_socket:sock_file write;
+
+binder_call(system_server, vendor_seempd)
+unix_socket_send(system_server, vendor_seempdw, vendor_seempd)
+
+unix_socket_connect(system_server, vendor_dpmd, vendor_dpmd);
+allow system_server { vendor_dpmd_socket vendor_dpmtcm_socket }:sock_file w_file_perms;
+
+allow system_server vendor_dpmd_data_file:dir create_dir_perms;
+allow system_server vendor_dpmd_data_file:file create_file_perms;
+
+#Allow system_server to add and find perf service
+#add_service(system_server, vendor_perf_service);
+allow system_server vendor_perf_service:service_manager find;
+
+#Allow system_server to add and find vps service
+allow system_server vendor_vps_service:service_manager find;
+
+#Allow for access to WFD specific debug properties
+binder_call(system_server, vendor_wfdservice);
+userdebug_or_eng(`
+  get_prop(system_server, vendor_wfd_sys_debug_prop)
+')
+# Allow system server to access fst,wigig system properties
+set_prop(system_server, vendor_wigig_core_prop)
+set_prop(system_server, vendor_fst_prop)
+
+# Allow system server to access for dpm
+get_prop(system_server, vendor_persist_dpm_prop)
+
+#Allow system_server to add and find qspmsvc service
+allow system_server vendor_qspmsvc_service:service_manager find;
+
+#Allow system server to access /dev/binderfs/binder_logs for binder info
+userdebug_or_eng(`
+allow system_server binderfs_logs:dir r_dir_perms;
+allow system_server binderfs_logs:file r_file_perms;
+')
+
+# Allow system server to access for rcs service
+get_prop(system_server, vendor_persist_rcs_prop)

generic/prebuilts/api/32.0/private/tcmd.te

@@ -0,0 +1,42 @@
+# Copyright (c) 2021, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#tcmd as domain
+type vendor_tcmd,domain;
+typeattribute vendor_tcmd mlstrustedsubject;
+typeattribute vendor_tcmd coredomain;
+
+type vendor_tcmd_exec, exec_type, system_file_type, file_type;
+
+init_daemon_domain(vendor_tcmd)
+
+set_prop(vendor_tcmd, vendor_persist_tcm_prop)
+#allow vendor_tcmd to create socket
+allow vendor_tcmd self:socket create_socket_perms_no_ioctl;
+set_prop(vendor_tcmd, ctl_tcmd_prop)
+
+hal_client_domain(vendor_tcmd,vendor_hal_dpmapiservice_qti);

generic/prebuilts/api/32.0/private/te_macros

@@ -0,0 +1,43 @@
+# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#####################################
+# vendor_dpmd_socket_perm(clientdomain)
+# allow vendor_dpmd to use inet socket created by app.
+define(`vendor_dpmd_socket_perm', `
+allow vendor_dpmd $1:fd use;
+allow vendor_dpmd $1:tcp_socket rw_socket_perms;
+')
+#####################################
+
+#####################################
+# qesdk_app_access(clientdomain)
+# allow vendor_hal_qesdhal to use
+define(`qesdk_app_access', `
+hal_client_domain($1, vendor_hal_qesdhal)
+')
+#####################################

generic/prebuilts/api/32.0/private/untrusted_app.te

@@ -0,0 +1,37 @@
+# Copyright (c) 2015, 2017, 2021, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+unix_socket_connect(untrusted_app,vendor_dpmtcm, vendor_dpmd);
+allow untrusted_app vendor_dpmtcm_socket:sock_file w_file_perms;
+allow untrusted_app vendor_dpmd:unix_stream_socket connectto;
+userdebug_or_eng(`
+  r_dir_file(untrusted_app, vendor_seemp_data_file)
+  allow untrusted_app vendor_seemp_data_file: file w_file_perms;
+')
+qesdk_app_access(untrusted_app);
+typeattribute untrusted_app vendor_hal_qvrservice_qti_socket_fd_use_client;
+typeattribute untrusted_app vendor_hal_sxrservice_qti_socket_fd_use_client;

generic/prebuilts/api/32.0/private/untrusted_app_25.te

@@ -0,0 +1,28 @@
+# Copyright (c) 2021, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+qesdk_app_access(untrusted_app_25);

generic/prebuilts/api/32.0/private/untrusted_app_27.te

@@ -0,0 +1,31 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+unix_socket_connect(untrusted_app_27,vendor_dpmtcm, vendor_dpmd);
+allow untrusted_app_27 vendor_dpmtcm_socket:sock_file w_file_perms;
+allow untrusted_app_27 vendor_dpmd:unix_stream_socket connectto;
+qesdk_app_access(untrusted_app_27);

generic/prebuilts/api/32.0/private/untrusted_app_29.te

@@ -0,0 +1,30 @@
+# Copyright (c) 2021, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+qesdk_app_access(untrusted_app_29);
+typeattribute untrusted_app_29 vendor_hal_qvrservice_qti_socket_fd_use_client;
+typeattribute untrusted_app_29 vendor_hal_sxrservice_qti_socket_fd_use_client;

generic/prebuilts/api/32.0/private/untrusted_app_all.te

@@ -0,0 +1,29 @@
+# Copyright (c) 2019,2021, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+unix_socket_connect(untrusted_app_all, vendor_dpmtcm, vendor_dpmd)
+unix_socket_connect(untrusted_app_all, vendor_dpmtcm, vendor_tcmd)

generic/prebuilts/api/32.0/private/vendor_hal_perf_allows.te

@@ -0,0 +1,29 @@
+# Copyright (c) 2021, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+hal_client_domain(permissioncontroller_app, vendor_hal_perf);
+hal_client_domain(gmscore_app, vendor_hal_perf);

generic/prebuilts/api/32.0/private/vendor_init.te

@@ -0,0 +1,32 @@
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# QCV:vendor_init settable for vendor_exported_system_prop
+set_prop(vendor_init, vendor_exported_system_prop)
+# QCV:vendor_init settable for vendor_exported_odm_prop
+set_prop(vendor_init, vendor_exported_odm_prop)
+set_prop(vendor_init, vendor_bootreceiver_prop)

generic/prebuilts/api/32.0/private/vendor_qconfig_app.te

@@ -0,0 +1,35 @@
+# Copyright (c) 2020, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#    * Redistributions of source code must retain the above copyright
+#      notice, this list of conditions and the following disclaimer.
+#    * Redistributions in binary form must reproduce the above
+#      copyright notice, this list of conditions and the following
+#      disclaimer in the documentation and/or other materials provided
+#      with the distribution.
+#    * Neither the name of The Linux Foundation nor the names of its
+#      contributors may be used to endorse or promote products derived
+#      from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_qconfig_app, domain;
+typeattribute vendor_qconfig_app coredomain;
+
+app_domain(vendor_qconfig_app)
+binder_use(vendor_qconfig_app)
+
+allow vendor_qconfig_app app_api_service:service_manager find;
+hal_client_domain(vendor_qconfig_app, vendor_hal_qconfig)

generic/prebuilts/api/32.0/private/vendor_wlc_app.te

@@ -0,0 +1,39 @@
+# Copyright (c) 2021, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_wlc_app, domain;
+typeattribute vendor_wlc_app coredomain;
+app_domain(vendor_wlc_app)
+
+allow vendor_wlc_app {
+app_api_service
+}:service_manager find;
+hal_client_domain(vendor_wlc_app, vendor_hal_perf)
+
+set_prop(vendor_wlc_app, vendor_wlc_prop);
+get_prop(vendor_wlc_app, build_bootimage_prop);
+get_prop(vendor_wlc_app, vendor_wlc_public_prop);

generic/prebuilts/api/32.0/private/voiceui_app.te

@@ -0,0 +1,44 @@
+# Copyright (c) 2021 The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_voiceui_app, domain, coredomain;
+typeattribute vendor_voiceui_app hal_audio_client;
+app_domain(vendor_voiceui_app)
+binder_use(vendor_voiceui_app)
+hal_client_domain(vendor_voiceui_app, vendor_hal_perf);
+
+# allow access to app_api_service
+allow vendor_voiceui_app { app_api_service }:service_manager find;
+
+# allow access media extractor service to vendor_voiceui_app
+allow vendor_voiceui_app { mediaextractor_service }:service_manager find;
+
+# allow access soundtrigger service and mediaserver service to vendor_voiceui_app
+allow vendor_voiceui_app { mediametrics_service mediaserver_service soundtrigger_middleware_service }:service_manager find;
+
+# allow access audiosever service to vendor_voiceui_app
+allow vendor_voiceui_app audioserver_service:service_manager find;

generic/prebuilts/api/32.0/private/vpsservice.te

@@ -0,0 +1,45 @@
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#    * Redistributions of source code must retain the above copyright
+#      notice, this list of conditions and the following disclaimer.
+#    * Redistributions in binary form must reproduce the above
+#      copyright notice, this list of conditions and the following
+#      disclaimer in the documentation and/or other materials provided
+#      with the distribution.
+#    * Neither the name of The Linux Foundation nor the names of its
+#      contributors may be used to endorse or promote products derived
+#      from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+typeattribute vendor_vpsservice coredomain;
+type vendor_vpsservice_exec, system_file_type, exec_type, file_type;
+
+init_daemon_domain(vendor_vpsservice)
+
+add_service(vendor_vpsservice, vendor_vps_service)
+binder_use(vendor_vpsservice);
+binder_call(vendor_vpsservice, system_server);
+binder_service(vendor_vpsservice);
+
+hal_client_domain(vendor_vpsservice, hal_graphics_composer)
+hal_client_domain(vendor_vpsservice, hal_graphics_allocator)
+allow vendor_vpsservice surfaceflinger:binder call;
+allow vendor_vpsservice surfaceflinger:fd use;
+allow vendor_vpsservice ion_device:chr_file { open read };
+allow vendor_vpsservice media_rw_data_file:dir create_dir_perms;
+allow vendor_vpsservice media_rw_data_file:file create_file_perms;
+allow vendor_vpsservice gpu_device:chr_file rw_file_perms;

generic/prebuilts/api/32.0/private/wfd_app.te

@@ -0,0 +1,59 @@
+# Copyright (c) 2020 The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+typeattribute vendor_wfd_app coredomain;
+
+app_domain(vendor_wfd_app)
+
+net_domain(vendor_wfd_app)
+
+set_prop(vendor_wfd_app, vendor_wfd_service_prop);
+userdebug_or_eng(`
+    get_prop(vendor_wfd_app, vendor_wfd_sys_debug_prop);
+#Access to MM-OSAL debug prop for parser debugging on WFD sink
+    get_prop(vendor_wfd_app, vendor_mm_osal_prop);
+#Allow access to logmask file in /data/
+    allow vendor_wfd_app system_data_file:file r_file_perms;
+')
+binder_call(vendor_wfd_app, vendor_wfdservice)
+
+# allow access to read video SKU property for WFD sink
+get_prop(vendor_wfd_app, vendor_sys_video_prop)
+
+allow vendor_wfd_app {
+  vendor_wfdservice_service
+  audioserver_service
+  mediaserver_service
+  mediadrmserver_service
+  app_api_service
+  vendor_perf_service
+  mediametrics_service
+}:service_manager find;
+
+# Access to /data/media for debug dump
+allow vendor_wfd_app media_rw_data_file:dir create_dir_perms;
+allow vendor_wfd_app media_rw_data_file:file create_file_perms;

generic/prebuilts/api/32.0/private/wfdservice.te

@@ -0,0 +1,74 @@
+# Copyright (c) 2017, 2019-2020 The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+typeattribute vendor_wfdservice coredomain;
+type vendor_wfdservice_exec, system_file_type , exec_type, file_type;
+
+#Allow for transition from init domain to vendor_wfdservice
+init_daemon_domain(vendor_wfdservice)
+
+#Inherit base socket permissions from netd domain
+net_domain(vendor_wfdservice)
+
+#Allow vendor_wfdservice to use Binder IPC
+binder_use(vendor_wfdservice)
+
+#Allow for interaction with Display HAL
+binder_call(vendor_wfdservice, surfaceflinger)
+
+#Allow apps to interact with vendor_wfdservice
+binder_call(vendor_wfdservice, vendor_wfd_app)
+
+#Allow access to Audio Flinger APIs
+binder_call(vendor_wfdservice, audioserver)
+
+#Allow access to Permission Controller in System Server
+binder_call(vendor_wfdservice, system_server)
+
+#Allow vendor_wfdservice to be registered with service manager
+add_service(vendor_wfdservice, vendor_wfdservice_service)
+
+#Allow access to read mmosal_logmask file in /data partition
+userdebug_or_eng(`
+  allow vendor_wfdservice system_data_file:file r_file_perms;
+')
+
+# Allow access to mediaserver, surfaceflinger and permissionmanager for interaction of vendor_wfdservice
+allow vendor_wfdservice {audioserver_service permission_service surfaceflinger_service}: service_manager find;
+
+hal_client_domain(vendor_wfdservice, hal_graphics_allocator);
+
+hal_client_domain(vendor_wfdservice, hal_graphics_composer);
+
+#Allow ion device access
+allow vendor_wfdservice ion_device:chr_file r_file_perms;
+
+#Allow source to access video UBWC property(for display config)
+get_prop(vendor_wfdservice, vendor_sys_video_prop)
+
+#Allow the interaction with vendor_sigmahal_qti
+binder_call(vendor_wfdservice,vendor_sigmahal_qti);

generic/prebuilts/api/32.0/private/wificond.te

@@ -0,0 +1,29 @@
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#    * Redistributions of source code must retain the above copyright
+#      notice, this list of conditions and the following disclaimer.
+#    * Redistributions in binary form must reproduce the above
+#      copyright notice, this list of conditions and the following
+#      disclaimer in the documentation and/or other materials provided
+#      with the distribution.
+#    * Neither the name of The Linux Foundation nor the names of its
+#      contributors may be used to endorse or promote products derived
+#      from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#allow wificond to read FST properties
+get_prop(wificond, vendor_fst_prop);

generic/prebuilts/api/32.0/private/xrcb_app.te

@@ -0,0 +1,38 @@
+# Copyright (c) 2021 The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_xrcb_app,domain;
+typeattribute vendor_xrcb_app coredomain;
+typeattribute vendor_xrcb_app vendor_hal_qvrservice_qti_socket_client;
+typeattribute vendor_xrcb_app vendor_hal_sxrservice_qti_socket_client;
+app_domain(vendor_xrcb_app);
+
+hal_client_domain(vendor_xrcb_app, vendor_hal_qvrservice_qti);
+hal_client_domain(vendor_xrcb_app, vendor_hal_sxrservice_qti);
+hal_client_domain(vendor_xrcb_app, vendor_hal_perf);
+allow vendor_xrcb_app app_api_service:service_manager find;
+get_prop(vendor_xrcb_app, vendor_xrcb_prop);

generic/prebuilts/api/32.0/private/zygote.te

@@ -0,0 +1,31 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED"AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+unix_socket_send(zygote, vendor_seempdw, vendor_seempd)
+
+get_prop(zygote, vendor_persist_dpm_prop)
+get_prop(zygote, vendor_sys_video_prop)

generic/prebuilts/api/32.0/public/attributes

@@ -0,0 +1,285 @@
+# Copyright (c) 2016-2020, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+attribute vendor_hal_hbtp;
+attribute vendor_hal_hbtp_client;
+attribute vendor_hal_hbtp_server;
+
+attribute vendor_hal_qdutils_disp;
+attribute vendor_hal_qdutils_disp_client;
+attribute vendor_hal_qdutils_disp_server;
+
+attribute vendor_hal_trustedui;
+attribute vendor_hal_trustedui_client;
+attribute vendor_hal_trustedui_server;
+
+attribute vendor_hal_tui_comm;
+attribute vendor_hal_tui_comm_client;
+attribute vendor_hal_tui_comm_server;
+
+attribute vendor_hal_display_color;
+attribute vendor_hal_display_color_client;
+attribute vendor_hal_display_color_server;
+
+attribute vendor_hal_display_postproc;
+attribute vendor_hal_display_postproc_client;
+attribute vendor_hal_display_postproc_server;
+
+attribute vendor_hal_display_demura;
+attribute vendor_hal_display_demura_client;
+attribute vendor_hal_display_demura_server;
+
+# All types in /mnt/vendor/persist
+attribute vendor_persist_type;
+
+attribute vendor_hal_capabilityconfigstore_qti;
+attribute vendor_hal_capabilityconfigstore_qti_client;
+attribute vendor_hal_capabilityconfigstore_qti_server;
+
+attribute vendor_hal_dataconnection_qti;
+attribute vendor_hal_dataconnection_qti_client;
+attribute vendor_hal_dataconnection_qti_server;
+
+attribute vendor_hal_embmssl;
+attribute vendor_hal_embmssl_client;
+attribute vendor_hal_embmssl_server;
+
+attribute vendor_hal_dspmanager;
+attribute vendor_hal_dspmanager_client;
+attribute vendor_hal_dspmanager_server;
+
+attribute vendor_hal_diaghal;
+attribute vendor_hal_diaghal_client;
+attribute vendor_hal_diaghal_server;
+
+attribute vendor_hal_perf;
+attribute vendor_hal_perf_client;
+attribute vendor_hal_perf_server;
+
+attribute vendor_sigmahal;
+attribute vendor_sigmahal_server;
+attribute vendor_sigmahal_client;
+
+attribute vendor_qccsyshal;
+attribute vendor_qccsyshal_server;
+attribute vendor_qccsyshal_client;
+
+attribute vendor_hal_spu;
+attribute vendor_hal_spu_client;
+attribute vendor_hal_spu_server;
+
+attribute vendor_hal_qspmhal;
+attribute vendor_hal_qspmhal_client;
+attribute vendor_hal_qspmhal_server;
+
+#attributes for qesdhal
+attribute vendor_hal_qesdhal;
+attribute vendor_hal_qesdhal_client;
+attribute vendor_hal_qesdhal_server;
+
+attribute vendor_hal_btconfigstore;
+attribute vendor_hal_btconfigstore_client;
+attribute vendor_hal_btconfigstore_server;
+
+attribute vendor_hal_fm;
+attribute vendor_hal_fm_client;
+attribute vendor_hal_fm_server;
+
+attribute vendor_hal_qteeconnector;
+attribute vendor_hal_qteeconnector_client;
+attribute vendor_hal_qteeconnector_server;
+
+attribute vendor_hal_eid;
+attribute vendor_hal_eid_client;
+attribute vendor_hal_eid_server;
+
+attribute vendor_hal_alarm_qti;
+attribute vendor_hal_alarm_qti_client;
+attribute vendor_hal_alarm_qti_server;
+
+attribute vendor_hal_iop;
+attribute vendor_hal_iop_client;
+attribute vendor_hal_iop_server;
+
+attribute vendor_hal_soter;
+attribute vendor_hal_soter_client;
+attribute vendor_hal_soter_server;
+
+attribute vendor_hal_sensorscalibrate_qti;
+attribute vendor_hal_sensorscalibrate_qti_client;
+attribute vendor_hal_sensorscalibrate_qti_server;
+
+attribute vendor_hal_scve;
+attribute vendor_hal_scve_client;
+attribute vendor_hal_scve_server;
+
+attribute vendor_hal_pasrmanager;
+attribute vendor_hal_pasrmanager_client;
+attribute vendor_hal_pasrmanager_server;
+
+attribute vendor_hal_qseecom;
+attribute vendor_hal_qseecom_client;
+attribute vendor_hal_qseecom_server;
+
+attribute vendor_hal_secureprocessor;
+attribute vendor_hal_secureprocessor_client;
+attribute vendor_hal_secureprocessor_server;
+
+attribute vendor_hal_seccam;
+attribute vendor_hal_seccam_client;
+attribute vendor_hal_seccam_server;
+
+attribute vendor_wifidisplayhalservice;
+attribute vendor_wifidisplayhalservice_client;
+attribute vendor_wifidisplayhalservice_server;
+
+attribute vendor_hal_vpp;
+attribute vendor_hal_vpp_client;
+attribute vendor_hal_vpp_server;
+
+attribute vendor_hal_qconfig;
+attribute vendor_hal_qconfig_client;
+attribute vendor_hal_qconfig_server;
+
+attribute vendor_hal_esepowermanager;
+attribute vendor_hal_esepowermanager_client;
+attribute vendor_hal_esepowermanager_server;
+
+attribute vendor_hal_factory_qti;
+attribute vendor_hal_factory_qti_client;
+attribute vendor_hal_factory_qti_server;
+
+attribute vendor_hal_cvp;
+attribute vendor_hal_cvp_client;
+attribute vendor_hal_cvp_server;
+
+attribute vendor_hal_wigig;
+attribute vendor_hal_wigig_client;
+attribute vendor_hal_wigig_server;
+
+attribute vendor_hal_wigig_npt;
+attribute vendor_hal_wigig_npt_client;
+attribute vendor_hal_wigig_npt_server;
+
+attribute vendor_hal_fstman;
+attribute vendor_hal_fstman_client;
+attribute vendor_hal_fstman_server;
+
+attribute vendor_hal_wifilearner;
+attribute vendor_hal_wifilearner_client;
+attribute vendor_hal_wifilearner_server;
+
+attribute vendor_hal_srvctracker;
+attribute vendor_hal_srvctracker_client;
+attribute vendor_hal_srvctracker_server;
+
+attribute vendor_spunvm_file_type;
+
+attribute vendor_hal_bluetooth_dun;
+attribute vendor_hal_bluetooth_dun_client;
+attribute vendor_hal_bluetooth_dun_server;
+
+attribute vendor_hal_qccvndhal;
+attribute vendor_hal_qccvndhal_client;
+attribute vendor_hal_qccvndhal_server;
+
+attribute vendor_qtiloopback;
+attribute vendor_qtiloopback_server;
+attribute vendor_qtiloopback_client;
+
+attribute vendor_hal_debugutils;
+attribute vendor_hal_debugutils_client;
+attribute vendor_hal_debugutils_server;
+
+attribute vendor_hal_wifimyftm;
+attribute vendor_hal_wifimyftm_client;
+attribute vendor_hal_wifimyftm_server;
+
+attribute vendor_hal_mem_pasrmanager;
+attribute vendor_hal_mem_pasrmanager_client;
+attribute vendor_hal_mem_pasrmanager_server;
+
+attribute vendor_agmservice;
+attribute vendor_agmservice_client;
+attribute vendor_agmservice_server;
+
+attribute vendor_hal_limits;
+attribute vendor_hal_limits_client;
+attribute vendor_hal_limits_server;
+
+attribute vendor_hal_poweroptservice;
+attribute vendor_hal_poweroptservice_client;
+attribute vendor_hal_poweroptservice_server;
+
+attribute vendor_hal_dpmapiservice_qti;
+attribute vendor_hal_dpmapiservice_qti_client;
+attribute vendor_hal_dpmapiservice_qti_server;
+
+attribute vendor_hal_dpmqmiservice_qti;
+attribute vendor_hal_dpmqmiservice_qti_client;
+attribute vendor_hal_dpmqmiservice_qti_server;
+
+attribute vendor_hal_imsfactory;
+attribute vendor_hal_imsfactory_client;
+attribute vendor_hal_imsfactory_server;
+
+attribute vendor_hal_mstatservice_qti;
+attribute vendor_hal_mstatservice_qti_client;
+attribute vendor_hal_mstatservice_qti_server;
+
+attribute vendor_hal_datafactory_qti;
+attribute vendor_hal_datafactory_qti_client;
+attribute vendor_hal_datafactory_qti_server;
+
+attribute vendor_hal_cacertservice_qti;
+attribute vendor_hal_cacertservice_qti_client;
+attribute vendor_hal_cacertservice_qti_server;
+
+attribute vendor_hal_iwlanservice_qti;
+attribute vendor_hal_iwlanservice_qti_client;
+attribute vendor_hal_iwlanservice_qti_server;
+
+attribute vendor_hal_qvrservice_qti;
+attribute vendor_hal_qvrservice_qti_client;
+attribute vendor_hal_qvrservice_qti_server;
+attribute vendor_hal_qvrservice_qti_socket_client;
+attribute vendor_hal_qvrservice_qti_socket_fd_use_client;
+
+attribute hal_wificfr;
+attribute hal_wificfr_client;
+attribute hal_wificfr_server;
+
+attribute vendor_hal_sxrservice_qti;
+attribute vendor_hal_sxrservice_qti_client;
+attribute vendor_hal_sxrservice_qti_server;
+attribute vendor_hal_sxrservice_qti_socket_client;
+attribute vendor_hal_sxrservice_qti_socket_fd_use_client;
+attribute vendor_sys_sxrauxservice_qti_socket_client;
+
+attribute vendor_hal_mwqemadapter_qti;
+attribute vendor_hal_mwqemadapter_qti_client;
+attribute vendor_hal_mwqemadapter_qti_server;

generic/prebuilts/api/32.0/public/dataservice_app.te

@@ -0,0 +1,27 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+type vendor_dataservice_app, domain;

generic/prebuilts/api/32.0/public/device.te

@@ -0,0 +1,28 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED"AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_smcinvoke_device, dev_type;

generic/prebuilts/api/32.0/public/domain.te

@@ -0,0 +1,28 @@
+# Copyright (c) 2017-2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_qtelephony, domain;

generic/prebuilts/api/32.0/public/dpmd.te

@@ -0,0 +1,28 @@
+# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_dpmd,domain;

generic/prebuilts/api/32.0/public/dun-server.te

@@ -0,0 +1,28 @@
+# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_dun-server, domain;

generic/prebuilts/api/32.0/public/file.te

@@ -0,0 +1,31 @@
+# Copyright (c) 2015, 2017-2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+type vendor_elabel_data_file, file_type, data_file_type, core_data_file_type;
+
+type vendor_dpmtcm_socket, file_type, coredomain_socket, mlstrustedobject;
+type vendor_seempdw_socket, file_type, mlstrustedobject, coredomain_socket;
+type vendor_qesdk_service, service_manager_type;

generic/prebuilts/api/32.0/public/fm_app.te

@@ -0,0 +1,28 @@
+# Copyright (c) 2020, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_fm_app, domain;

generic/prebuilts/api/32.0/public/hwservice.te

@@ -0,0 +1,29 @@
+# Copyright (c) 2018-2020, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+type vendor_hal_atfwd_hwservice, coredomain_hwservice, hwservice_manager_type, protected_hwservice;
+type vendor_sigmahal_hwservice, hwservice_manager_type, protected_hwservice;
+type vendor_qccsyshal_hwservice, hwservice_manager_type, protected_hwservice, coredomain_hwservice;