From 1c5a88def6f146310a561f1622a614205a0d2a1c Mon Sep 17 00:00:00 2001
From: quic_farenl <quic_farenl@quicinc.com>
Date: Fri, 6 Jan 2023 18:15:51 +0800
Subject: [PATCH 1/4] AKS: sepolicy for gamepad

Change-Id: I8d0ece364154a09f6cb41780163e71e9ae10c416
---
 generic/prebuilts/api/31.0/public/attributes | 5 +++++
 generic/prebuilts/api/32.0/public/attributes | 5 +++++
 generic/private/te_macros                    | 8 ++++++++
 generic/private/untrusted_app.te             | 3 +++
 generic/private/untrusted_app_25.te          | 3 +++
 generic/private/untrusted_app_27.te          | 3 +++
 generic/private/untrusted_app_29.te          | 3 +++
 generic/private/untrusted_app_30.te          | 5 ++++-
 generic/public/attributes                    | 5 +++++
 9 files changed, 39 insertions(+), 1 deletion(-)
 mode change 100755 => 100644 generic/private/untrusted_app.te
 mode change 100755 => 100644 generic/private/untrusted_app_25.te
 mode change 100755 => 100644 generic/private/untrusted_app_27.te
 mode change 100755 => 100644 generic/private/untrusted_app_29.te

diff --git a/generic/prebuilts/api/31.0/public/attributes b/generic/prebuilts/api/31.0/public/attributes
index 50639992..ceccecbd 100644
--- a/generic/prebuilts/api/31.0/public/attributes
+++ b/generic/prebuilts/api/31.0/public/attributes
@@ -283,3 +283,8 @@ attribute vendor_sys_sxrauxservice_qti_socket_client;
 attribute vendor_hal_mwqemadapter_qti;
 attribute vendor_hal_mwqemadapter_qti_client;
 attribute vendor_hal_mwqemadapter_qti_server;
+
+#attributes for aks gamepad hal
+attribute hal_gamepad;
+attribute hal_gamepad_client;
+attribute hal_gamepad_server;
\ No newline at end of file
diff --git a/generic/prebuilts/api/32.0/public/attributes b/generic/prebuilts/api/32.0/public/attributes
index 50639992..ceccecbd 100644
--- a/generic/prebuilts/api/32.0/public/attributes
+++ b/generic/prebuilts/api/32.0/public/attributes
@@ -283,3 +283,8 @@ attribute vendor_sys_sxrauxservice_qti_socket_client;
 attribute vendor_hal_mwqemadapter_qti;
 attribute vendor_hal_mwqemadapter_qti_client;
 attribute vendor_hal_mwqemadapter_qti_server;
+
+#attributes for aks gamepad hal
+attribute hal_gamepad;
+attribute hal_gamepad_client;
+attribute hal_gamepad_server;
\ No newline at end of file
diff --git a/generic/private/te_macros b/generic/private/te_macros
index 350e9122..1ed36049 100644
--- a/generic/private/te_macros
+++ b/generic/private/te_macros
@@ -41,3 +41,11 @@ define(`qesdk_app_access', `
 hal_client_domain($1, vendor_hal_qesdhal)
 ')
 #####################################
+
+#####################################
+# aksgamepad_app_access(clientdomain)
+# allow hal_gamepad to use
+define(`aksgamepad_app_access', `
+hal_client_domain($1, hal_gamepad)
+')
+#####################################
diff --git a/generic/private/untrusted_app.te b/generic/private/untrusted_app.te
old mode 100755
new mode 100644
index e8be4e89..8daee800
--- a/generic/private/untrusted_app.te
+++ b/generic/private/untrusted_app.te
@@ -41,3 +41,6 @@ hal_client_domain(untrusted_app, vendor_hal_dspmanager)
 
 # allow app to be a client of QSPM HAL
 hal_client_domain(untrusted_app, vendor_hal_qspmhal)
+
+# allow app to be a client of AKS Gamepad HAL
+hal_client_domain(untrusted_app, hal_gamepad)
diff --git a/generic/private/untrusted_app_25.te b/generic/private/untrusted_app_25.te
old mode 100755
new mode 100644
index cc19e2f6..352bf238
--- a/generic/private/untrusted_app_25.te
+++ b/generic/private/untrusted_app_25.te
@@ -29,3 +29,6 @@ qesdk_app_access(untrusted_app_25);
 
 # allow app to be a client of DSP HAL
 hal_client_domain(untrusted_app_25, vendor_hal_dspmanager)
+
+# allow app to be a client of AKS Gamepad HAL
+hal_client_domain(untrusted_app_25, hal_gamepad)
\ No newline at end of file
diff --git a/generic/private/untrusted_app_27.te b/generic/private/untrusted_app_27.te
old mode 100755
new mode 100644
index f39c92fb..83d6946b
--- a/generic/private/untrusted_app_27.te
+++ b/generic/private/untrusted_app_27.te
@@ -32,3 +32,6 @@ qesdk_app_access(untrusted_app_27);
 
 # allow app to be a client of DSP HAL
 hal_client_domain(untrusted_app_27, vendor_hal_dspmanager)
+
+# allow app to be a client of AKS Gamepad HAL
+hal_client_domain(untrusted_app_27, hal_gamepad)
\ No newline at end of file
diff --git a/generic/private/untrusted_app_29.te b/generic/private/untrusted_app_29.te
old mode 100755
new mode 100644
index 87e5da60..a451d06f
--- a/generic/private/untrusted_app_29.te
+++ b/generic/private/untrusted_app_29.te
@@ -31,3 +31,6 @@ typeattribute untrusted_app_29 vendor_hal_sxrservice_qti_socket_fd_use_client;
 
 # allow app to be a client of DSP HAL
 hal_client_domain(untrusted_app_29, vendor_hal_dspmanager)
+
+# allow app to be a client of AKS Gamepad HAL
+hal_client_domain(untrusted_app_29, hal_gamepad)
diff --git a/generic/private/untrusted_app_30.te b/generic/private/untrusted_app_30.te
index 6291c43c..07410d54 100644
--- a/generic/private/untrusted_app_30.te
+++ b/generic/private/untrusted_app_30.te
@@ -34,4 +34,7 @@ qesdk_app_access(untrusted_app_30);
 hal_client_domain(untrusted_app_30, vendor_hal_qspmhal)
 
 # allow app to be a client of DSP HAL
-hal_client_domain(untrusted_app_30, vendor_hal_dspmanager)
\ No newline at end of file
+hal_client_domain(untrusted_app_30, vendor_hal_dspmanager)
+
+# allow app to be a client of AKS Gamepad HAL
+hal_client_domain(untrusted_app_30, hal_gamepad)
\ No newline at end of file
diff --git a/generic/public/attributes b/generic/public/attributes
index 3ddec19a..60641be0 100644
--- a/generic/public/attributes
+++ b/generic/public/attributes
@@ -303,3 +303,8 @@ attribute vendor_hal_minkipc_server;
 
 #custom hal server domain attribute
 attribute system_halserverdomain;
+
+#attributes for aks gamepad hal
+attribute hal_gamepad;
+attribute hal_gamepad_client;
+attribute hal_gamepad_server;
\ No newline at end of file

From 1f3a299ed65f3b9d0bd66b66d8bc5f4d29549e8e Mon Sep 17 00:00:00 2001
From: Samyak Jain <quic_samyjain@quicinc.com>
Date: Wed, 26 Apr 2023 17:06:48 +0530
Subject: [PATCH 2/4] Add rules to allow to set property

Change-Id: I56fac5f23a27a3a71ef700569cd9c9429785ff15
---
 generic/private/property_contexts | 1 +
 generic/private/xrcb_app.te       | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)
 mode change 100755 => 100644 generic/private/property_contexts

diff --git a/generic/private/property_contexts b/generic/private/property_contexts
old mode 100755
new mode 100644
index f150685c..fb349668
--- a/generic/private/property_contexts
+++ b/generic/private/property_contexts
@@ -94,6 +94,7 @@ ro.vendor.beluga.t                         u:object_r:vendor_exported_system_pro
 
 #XRCB prop
 vendor.xrcb.                               u:object_r:vendor_xrcb_prop:s0
+vendor.sxrauxd                             u:object_r:vendor_xrcb_prop:s0
 
 # bootreceiver config props
 ro.vendor.bootreceiver.enable              u:object_r:vendor_bootreceiver_prop:s0 exact bool
diff --git a/generic/private/xrcb_app.te b/generic/private/xrcb_app.te
index 1fbadc83..ff8555ed 100644
--- a/generic/private/xrcb_app.te
+++ b/generic/private/xrcb_app.te
@@ -35,4 +35,4 @@ hal_client_domain(vendor_xrcb_app, vendor_hal_qvrservice_qti);
 hal_client_domain(vendor_xrcb_app, vendor_hal_sxrservice_qti);
 hal_client_domain(vendor_xrcb_app, vendor_hal_perf);
 allow vendor_xrcb_app app_api_service:service_manager find;
-get_prop(vendor_xrcb_app, vendor_xrcb_prop);
+set_prop(vendor_xrcb_app, vendor_xrcb_prop);

From 920ceae22f94da8448cbd153a8da09ed8dd81516 Mon Sep 17 00:00:00 2001
From: "PavanKumar S.R" <quic_pavasr@quicinc.com>
Date: Thu, 4 May 2023 16:01:30 +0530
Subject: [PATCH 3/4] hwbinder permission for qti testscript for diag binary.

Change-Id: Idd85226905128e661bbf1b2676a40d5727a77bf4
---
 generic/private/qti-testscripts.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/generic/private/qti-testscripts.te b/generic/private/qti-testscripts.te
index 4bdbb836..24682972 100644
--- a/generic/private/qti-testscripts.te
+++ b/generic/private/qti-testscripts.te
@@ -97,4 +97,7 @@ userdebug_or_eng(`
 
 # allow lmkd to kill tasks with positive oom_score_adj under memory pressure
   allow lmkd qti-testscripts:process { setsched sigkill };
+
+  hal_client_domain(qti-testscripts, vendor_hal_diaghal);
+  hwbinder_use(qti-testscripts)
 ')

From c9d7ea895c96ca0f4e300c7cac1268cadc966c20 Mon Sep 17 00:00:00 2001
From: Yashaswini Guvvala <quic_yguvvala@quicinc.com>
Date: Tue, 16 May 2023 12:21:57 +0530
Subject: [PATCH 4/4] sepolicy: add the attributes corresponding to the
 umdservice

Change-Id: I1102eda821c08084eccbdd2162b68989aed7c628
---
 generic/public/attributes | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/generic/public/attributes b/generic/public/attributes
index 60641be0..75571df5 100644
--- a/generic/public/attributes
+++ b/generic/public/attributes
@@ -278,6 +278,10 @@ attribute hal_wificfr;
 attribute hal_wificfr_client;
 attribute hal_wificfr_server;
 
+attribute vendor_hal_umd;
+attribute vendor_hal_umd_client;
+attribute vendor_hal_umd_server;
+
 attribute vendor_hal_sxrservice_qti;
 attribute vendor_hal_sxrservice_qti_client;
 attribute vendor_hal_sxrservice_qti_server;
@@ -307,4 +311,4 @@ attribute system_halserverdomain;
 #attributes for aks gamepad hal
 attribute hal_gamepad;
 attribute hal_gamepad_client;
-attribute hal_gamepad_server;
\ No newline at end of file
+attribute hal_gamepad_server;