Merge 6f68a803eb on remote branch

Change-Id: I6dea49853525da383085cce2826bf5a5e2372249

SEPolicy.mk

@@ -1,22 +1,22 @@
 # Board specific SELinux policy variable definitions
 ifeq ($(call is-vendor-board-platform,QCOM),true)
 SEPOLICY_PATH:= device/qcom/sepolicy
-BOARD_PLAT_PUBLIC_SEPOLICY_DIR := \
-    $(BOARD_PLAT_PUBLIC_SEPOLICY_DIR) \
+SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS := \
+    $(SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS) \
     $(SEPOLICY_PATH)/generic/public \
     $(SEPOLICY_PATH)/generic/public/attribute
 
-BOARD_PLAT_PRIVATE_SEPOLICY_DIR := \
-    $(BOARD_PLAT_PRIVATE_SEPOLICY_DIR) \
+SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS := \
+    $(SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS) \
     $(SEPOLICY_PATH)/generic/private
 
-BOARD_PLAT_PUBLIC_SEPOLICY_DIR := \
-    $(BOARD_PLAT_PUBLIC_SEPOLICY_DIR) \
+SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS := \
+    $(SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS) \
     $(SEPOLICY_PATH)/qva/public \
     $(SEPOLICY_PATH)/qva/public/attribute
 
-BOARD_PLAT_PRIVATE_SEPOLICY_DIR := \
-    $(BOARD_PLAT_PRIVATE_SEPOLICY_DIR) \
+SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS := \
+    $(SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS) \
     $(SEPOLICY_PATH)/qva/private
 
 #once all the services are moved to Product /ODM above lines will be removed.

legacy/vendor/common/bluetooth.te

@@ -49,7 +49,7 @@ allow bluetooth {
     serial_device
     #BT needes read and write on smd device node
     smd_device
-    bt_device
+    vendor_bt_device
 }:chr_file rw_file_perms;
 
 

legacy/vendor/common/device.te

@@ -163,7 +163,7 @@ type avtimer_device, dev_type;
 type at_device, dev_type;
 
 #define Bluetooth device
-type bt_device, dev_type;
+type vendor_bt_device, dev_type;
 
 #define Wlan device
 type wlan_device, dev_type;

legacy/vendor/common/file_contexts

@@ -54,7 +54,7 @@
 /dev/spdaemon_ssr                               u:object_r:spdaemon_ssr_device:s0
 /dev/qsee_ipc_irq_spss                          u:object_r:qsee_ipc_irq_spss_device:s0
 /dev/radio0                                     u:object_r:fm_radio_device:s0
-/dev/btpower                                    u:object_r:bt_device:s0
+/dev/btpower                                    u:object_r:vendor_bt_device:s0
 /dev/rtc0                                       u:object_r:rtc_device:s0
 /dev/sdsprpc-smd                                u:object_r:dsp_device:s0
 /dev/sensors                                    u:object_r:sensors_device:s0

legacy/vendor/common/hal_bluetooth_qti.te

@@ -55,7 +55,7 @@ allow hal_bluetooth_qti vendor_bt_data_file:file create_file_perms;
 #bt power node access
 allow hal_bluetooth {
     smd_device
-    bt_device
+    vendor_bt_device
 }:chr_file rw_file_perms;
 
 #diag access

legacy/vendor/common/seapp_contexts

@@ -67,3 +67,6 @@ user=_app seinfo=platform name=com.qti.phone domain=vendor_qtelephony type=app_d
 
 #allow embms msdc app to access embmssl hal
 user=_app seinfo=platform name=com.qti.ltebc domain=vendor_embmssl_app type=app_data_file levelFrom=all
+
+#Add new domain for trustzone access app
+user=_app seinfo=platform name=com.qualcomm.qti.qms.service.trustzoneaccess domain=vendor_tzas_app type=app_data_file levelfrom=all

legacy/vendor/common/system_server.te

@@ -86,7 +86,7 @@ allow system_server {
     serial_device
     smd_device
     #allow access to power control ANT chip
-    bt_device
+    vendor_bt_device
 }:chr_file rw_file_perms;
 
 hal_client_domain(system_server, hal_dataconnection_qti)

legacy/vendor/common/tzas_app.te

@@ -0,0 +1,14 @@
+# Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+type vendor_tzas_app, domain;
+
+app_domain(vendor_tzas_app)
+net_domain(vendor_tzas_app)
+
+unix_socket_connect(vendor_tzas_app, ssgtzd, ssgtzd)
+
+binder_call(vendor_tzas_app,hal_perf_default)
+allow vendor_tzas_app app_api_service:service_manager find;
+allow vendor_tzas_app hal_perf_hwservice:hwservice_manager find;
+