Merge tag 'LA.UM.5.6.r1-06200-89xx.0' of https://source.codeaurora.org/quic/la/device/qcom/sepolicy into cm-14.1

"LA.UM.5.6.r1-06200-89xx.0"

Change-Id: Icd2461e1cdba6cca1d87e760997fd4d4e0a1fb7f

Android.mk

@@ -1,11 +1,10 @@
-# Board specific SELinux policy variable definitions
-ifeq ($(call is-vendor-board-platform,QCOM),true)
-LOCAL_PATH:= $(call my-dir)
-BOARD_SEPOLICY_DIRS := \
-       $(BOARD_SEPOLICY_DIRS) \
-       $(LOCAL_PATH) \
-       $(LOCAL_PATH)/common \
-       $(LOCAL_PATH)/test \
-       $(LOCAL_PATH)/$(TARGET_BOARD_PLATFORM)
-
-endif
+# Don't recurse into the platform makefiles. We don't care about them, and
+# we don't want to force a reset of BOARD_SEPOLICY_DIRS
+#
+# If you want to use these policies, add a
+# 
+# include device/qcom/sepolicy/sepolicy.mk
+#
+# to your device's BoardConfig. It is highly recommended that in case
+# you have your own BOARD_SEPOLICY_DIRS and BOARD_SEPOLICY_UNION declarations,
+# the inclusion happens _before_ those lines

apq8084/file.te

@@ -28,4 +28,3 @@
 # qca data file for apq8084
 type qca1530_data_file, file_type, data_file_type;
 type sysfs_qca1530, file_type;
-type qca1530_prop, file_type;

apq8084/qca1530.te

@@ -26,6 +26,7 @@
 
 type qca1530, domain, domain_deprecated;
 type qca1530_exec, exec_type, file_type;
+type qca1530_prop, property_type;
 net_domain(qca1530)
 init_daemon_domain(qca1530)
 
@@ -36,7 +37,6 @@ userdebug_or_eng(`
 
 qmux_socket(qca1530)
 wakelock_use(qca1530)
-unix_socket_connect(qca1530, property, init)
 
 # need to access sharemem log device for smem logs
 allow qca1530 smem_log_device:chr_file rw_file_perms;
@@ -68,7 +68,8 @@ allow qca1530 system_file:file x_file_perms;
 
 #Setting sys.qca1530 property in QCA1530 detect service
 #Setting system default properties on start command to system server
-allow qca1530 { qca1530_prop ctl_default_prop }:property_service set;
+set_prop(qca1530, qca1530_prop)
+set_prop(qca1530, ctl_default_prop)
 
 # Access to serial port conncting to QCA1530 chip
 allow qca1530 serial_device:chr_file rw_file_perms;

common/atfwd.te

@@ -14,7 +14,6 @@ binder_call(atfwd, servicemanager);
 r_dir_file(atfwd, sysfs_ssr);
 
 allow atfwd self:{ udp_socket socket } create_socket_perms;
-unix_socket_connect(atfwd, property, init);
 
-allow atfwd radio_prop:property_service set;
+set_prop(atfwd, radio_prop)
 allow atfwd atfwd_service:service_manager find;

common/attributes

@@ -26,4 +26,5 @@
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 # Domain type used for debugfs access
-attribute qti_debugfs_domain;
+# (moved to system/sepolicy)
+# attribute qti_debugfs_domain;

common/audioserver.te

@@ -86,3 +86,10 @@ use_per_mgr(audioserver);
 allow audioserver activity_service:service_manager find;
 set_prop(audioserver, dolby_prop)
 # DOLBY_END
+
+# for thermal sock files
+unix_socket_connect(audioserver, thermal, thermal-engine)
+
+# allow audioserver to write DTS files
+allow audioserver dts_data_file:dir rw_dir_perms;
+allow audioserver dts_data_file:file create_file_perms;

common/bluetooth.te

@@ -23,7 +23,7 @@ type fmhal_service, bluetoothdomain,  domain_deprecated;
 type fmhal_service_exec, exec_type, file_type;
 domain_auto_trans(init, fmhal_service_exec, bluetooth)
 
-allow bluetooth bluetooth_prop:property_service set;
+set_prop(bluetooth, bluetooth_prop)
 allow bluetooth sysfs:file w_file_perms;
 
 #Access to /data/media

common/bluetooth_loader.te

@@ -0,0 +1,40 @@
+# Bluetooth executables and scripts
+type bluetooth_loader, domain, domain_deprecated;
+type bluetooth_loader_exec, exec_type, file_type;
+
+# Start bdAddrLoader from init
+init_daemon_domain(bluetooth_loader)
+
+# Run init.qcom.bt.sh
+allow bluetooth_loader shell_exec:file { entrypoint getattr read };
+allow bluetooth_loader bluetooth_loader_exec:file { getattr open execute_no_trans };
+
+# init.qcom.bt.sh needs /system/bin/log access
+allow bluetooth_loader devpts:chr_file rw_file_perms;
+
+# Run hci_qcomm_init from init.qcom.bt.sh
+domain_auto_trans(bluetooth_loader, hci_attach_exec, hci_attach)
+allow hci_attach bluetooth_loader:fd use;
+
+# Set persist.service.bdroid.* and bluetooth.* property values
+set_prop(bluetooth_loader, bluetooth_prop)
+
+# Allow getprop/setprop for init.qcom.bt.sh
+allow bluetooth_loader system_file:file execute_no_trans;
+allow bluetooth_loader toolbox_exec:file rx_file_perms;
+
+# Allow hci_qcomm_init /persist/.bt_nv.bin access
+r_dir_file(bluetooth_loader, persist_file);
+allow bluetooth_loader bluetooth_data_file:file r_file_perms;
+
+# Access the smd device
+allow bluetooth_loader hci_attach_dev:chr_file rw_file_perms;
+
+# And qmuxd
+allow bluetooth_loader qmuxd_socket:dir { write add_name remove_name search };
+allow bluetooth_loader qmuxd_socket:sock_file { create setattr getattr write unlink };
+allow bluetooth_loader qmuxd:unix_stream_socket { connectto };
+
+userdebug_or_eng(`
+  diag_use(bluetooth_loader)
+')

common/cameraserver.te

@@ -45,8 +45,7 @@ allow cameraserver system_server:unix_stream_socket { read write };
 allow cameraserver sysfs:file r_file_perms;
 
 allow cameraserver persist_file:dir r_dir_perms;
-allow cameraserver camera_prop:property_service set;
-unix_socket_connect(cameraserver,property,init);
+set_prop(cameraserver, camera_prop)
 allow cameraserver self:socket create_socket_perms;
 allow cameraserver sensors_persist_file:dir r_dir_perms;
 allow cameraserver sensors_persist_file:file r_file_perms;

common/charger_monitor.te

@@ -14,4 +14,5 @@ allow charger_monitor{
 
 allow charger_monitor sysfs:file w_file_perms;
 allow charger_monitor sysfs_battery_supply:dir r_dir_perms;
+r_dir_file(charger_monitor, sysfs_dc_supply)
 r_dir_file(charger_monitor, sysfs_usb_supply)

common/cnd.te

@@ -40,8 +40,7 @@ allow cnd self:{
 allow cnd self:netlink_tcpdiag_socket nlmsg_read;
 
 # allow cnd to set system property
-allow cnd system_prop:property_service set;
-unix_socket_connect(cnd, property, init)
+set_prop(cnd, system_prop)
 
 # allow cnd to access cnd_data_file
 allow cnd cnd_data_file:file create_file_perms;

common/dpmd.te

@@ -36,13 +36,10 @@ allow dpmd self:capability {
 
 #socket, self
 allow dpmd smem_log_device:chr_file rw_file_perms;
-unix_socket_connect(dpmd, property, init)
 wakelock_use(dpmd)
 
-allow dpmd {
-    system_prop
-    ctl_default_prop
-}:property_service set;
+set_prop(dpmd, system_prop)
+set_prop(dpmd, ctl_default_prop)
 
 #misc.
 allow dpmd shell_exec:file rx_file_perms;

common/fidodaemon.te

@@ -17,9 +17,6 @@ binder_service(fidodaemon)
 #Allow fidodaemon to be registered with service manager
 allow fidodaemon fidodaemon_service:service_manager add;
 
-#Allow communication with init over property server
-unix_socket_connect(fidodaemon, property, init);
-
 #Allow access to tee device
 allow fidodaemon tee_device:chr_file rw_file_perms;
 

common/file.te

@@ -74,6 +74,7 @@ type sysfs_graphics, sysfs_type, fs_type;
 # USB/battery power supply type for hvdcp/quickcharge
 type sysfs_usb_supply, sysfs_type, fs_type;
 type sysfs_battery_supply, sysfs_type, fs_type;
+type sysfs_dc_supply, sysfs_type, fs_type;
 
 #Define the files written during the operation of mpdecision
 type sysfs_mpdecision, fs_type, sysfs_type;
@@ -190,13 +191,11 @@ type ssr_ramdump_data_file, file_type, data_file_type;
 
 # Regionalization files
 type regionalization_file, file_type;
+type regionalization_data_file, file_type, data_file_type;
 
 # /data/system/swap/swapfile - swapfile
 type swap_data_file, file_type, data_file_type;
 
-# dynamic nv files
-type dynamic_nv_data_file, file_type, data_file_type;
-
 # wififtmd socket file
 type wififtmd_socket, file_type;
 

common/file_contexts

@@ -9,6 +9,7 @@
 /dev/mhi_pipe_.*                                u:object_r:mhi_device:s0
 /dev/bhi                                        u:object_r:bhi_device:s0
 /dev/msm_.*                                     u:object_r:audio_device:s0
+/dev/i2c-6                                      u:object_r:audio_device:s0
 /dev/wcd_dsp0_control                           u:object_r:audio_device:s0
 /dev/wcd-dsp-glink                              u:object_r:audio_device:s0
 /dev/usf1                                       u:object_r:usf_device:s0
@@ -30,6 +31,7 @@
 /dev/sdsprpc-smd                                u:object_r:dsp_device:s0
 /dev/sensors                                    u:object_r:sensors_device:s0
 /dev/smd.*                                      u:object_r:smd_device:s0
+/dev/smd3                                       u:object_r:hci_attach_dev:s0
 /dev/smem_log                                   u:object_r:smem_log_device:s0
 /dev/ttyHSL0                                    u:object_r:console_device:s0
 /dev/ttyMSM0                                    u:object_r:console_device:s0
@@ -166,7 +168,7 @@
 /system/bin/netmgrd                             u:object_r:netmgrd_exec:s0
 /system/bin/qmuxd                               u:object_r:qmuxd_exec:s0
 /system/bin/port-bridge                         u:object_r:port-bridge_exec:s0
-/system/bin/sensors.qcom                        u:object_r:sensors_exec:s0
+/system/bin/sensors\.qcom                       u:object_r:sensors_exec:s0
 /system/bin/sns.*                               u:object_r:sensors_test_exec:s0
 /system/bin/test_diag                           u:object_r:diag_exec:s0
 /system/vendor/bin/thermal-engine               u:object_r:thermal-engine_exec:s0
@@ -246,13 +248,14 @@
 /system/bin/usf_sw_calib                        u:object_r:usf_exec:s0
 /system/bin/usf_pairing                         u:object_r:usf_exec:s0
 /system/bin/usf_tester                          u:object_r:usf_exec:s0
-/system/vendor/bin/RIDLClient.exe               u:object_r:RIDL_exec:s0
+/system/vendor/bin/RIDLClient\.exe              u:object_r:RIDL_exec:s0
 /system/vendor/bin/LKCore                       u:object_r:qti_logkit_exec:s0
 /system/bin/tbaseLoader                         u:object_r:tbaseLoader_exec:s0
 /system/bin/mcStarter                           u:object_r:mcStarter_exec:s0
 /system/bin/fstman                              u:object_r:fstman_exec:s0
 /system/vendor/bin/mdtpd                        u:object_r:mdtpdaemon_exec:s0
 /system/bin/wifi_ftmd                           u:object_r:wifi_ftmd_exec:s0
+/system/etc/init\.qcom\.bt\.sh                  u:object_r:bluetooth_loader_exec:s0
 
 ###################################
 # sysfs files
@@ -265,6 +268,9 @@
 /sys/devices/msm_otg/power_supply/usb(/.*)?                         u:object_r:sysfs_usb_supply:s0
 /sys/devices/platform/battery_current_limit                         u:object_r:sysfs_thermal:s0
 /sys/devices/qpnp-charger.*/power_supply/battery(/.*)?              u:object_r:sysfs_battery_supply:s0
+/sys/devices/qpnp-smbcharger-*/power_supply/battery(/.*)?           u:object_r:sysfs_battery_supply:s0
+/sys/devices/qpnp-charger-*/power_supply/dc(/.*)?                   u:object_r:sysfs_dc_supply:s0
+/sys/devices/qpnp-smbcharger-*/power_supply/dc(/.*)?                u:object_r:sysfs_dc_supply:s0
 /sys/devices/system/cpu/cpu0/rq-stats/*                             u:object_r:sysfs_rqstats:s0
 /sys/devices/virtual/graphics/fb([0-2])+/idle_time                  u:object_r:sysfs_graphics:s0
 /sys/devices/virtual/graphics/fb([0-2])+/dynamic_fps                u:object_r:sysfs_graphics:s0
@@ -310,11 +316,13 @@
 /data/rfs.*                                                         u:object_r:rfs_file:s0
 /data/hlos_rfs(/.*)?                                                u:object_r:rfs_shared_hlos_file:s0
 /data/camera(/.*)?                                                  u:object_r:camera_socket:s0
+/data/fdAlbum                                                       u:object_r:camera_data_file:s0
 /data/misc/stargate(/.*)?                                           u:object_r:qfp-daemon_data_file:s0
 /data/system/sensors(/.*)?                                          u:object_r:sensors_data_file:s0
 /data/time(/.*)?                                                    u:object_r:time_data_file:s0
 /data/nfc(/.*)?                                                     u:object_r:nfc_data_file:s0
 /data/system/perfd(/.*)?                                            u:object_r:mpctl_data_file:s0
+/data/misc/perfd(/.*)?                                              u:object_r:mpctl_socket:s0
 /data/misc/iop(/.*)?                                                u:object_r:iop_data_file:s0
 /data/misc/display(/.*)?                                            u:object_r:display_misc_file:s0
 /data/misc/ipa(/.*)?                                                u:object_r:ipacm_data_file:s0
@@ -343,14 +351,15 @@
 /data/misc/qti-logkit/socket-privileged(/.*)?                       u:object_r:qti_logkit_priv_socket:s0
 /data/misc/qti-logkit/socket-public(/.*)?                           u:object_r:qti_logkit_pub_socket:s0
 /data/system/swap(/.*)?                                             u:object_r:swap_data_file:s0
-/data/misc/wifi/nvbin(/.*)?                                         u:object_r:dynamic_nv_data_file:s0
 /data/misc/wifi/wigig_sockets(/.*)?                                 u:object_r:wpa_socket:s0
 /data/misc/wifi/wigig_sockets/wpa_ctrl.*                            u:object_r:system_wpa_socket:s0
-
+/data/app-regional(/.*)?                                            u:object_r:regionalization_data_file:s0
 ###################################
 # persist files
 #
 /persist(/.*)?                                                      u:object_r:persist_file:s0
+/persist/\.bt_nv\.bin                                               u:object_r:bluetooth_data_file:s0
+/persist/\.genmac                                                   u:object_r:wifi_data_file:s0
 /persist/bluetooth(/.*)?                                            u:object_r:persist_bluetooth_file:s0
 /persist/drm(/.*)?                                                  u:object_r:persist_drm_file:s0
 /persist/sensors(/.*)?                                              u:object_r:sensors_persist_file:s0

common/gatekeeperd.te

@@ -0,0 +1,2 @@
+# allow gatekeeperd to open firmware images (ex. kmota)
+r_dir_file(gatekeeperd, firmware_file)

common/healthd.te

@@ -1,4 +1,5 @@
 r_dir_file(healthd, sysfs_battery_supply)
+r_dir_file(healthd, sysfs_dc_supply)
 r_dir_file(healthd, sysfs_usb_supply)
 r_dir_file(healthd, sysfs_thermal);
 r_dir_file(healthd, persist_file);

common/hvdcp.te

@@ -9,11 +9,13 @@ init_daemon_domain(hvdcp)
 allow hvdcp hvdcp_device:chr_file rw_file_perms;
 allow hvdcp {
     sysfs_battery_supply
+    sysfs_dc_supply
     sysfs_usb_supply
 }:dir r_dir_perms;
 
 allow hvdcp {
     sysfs_battery_supply
+    sysfs_dc_supply
     sysfs_usb_supply
     sysfs
 }:file rw_file_perms;

common/ims.te

@@ -37,14 +37,11 @@ unix_socket_connect(ims, netd, netd)
 # Talk to qumuxd via ims_socket
 unix_socket_connect(ims, ims, qmuxd)
 
-# Talk to init via property_socket
-unix_socket_connect(ims, property, init)
-
 #Add connectionmanager service
 allow ims imscm_service:service_manager add;
 
 # Set property to start imsdata_daemon and ims_rtp_daemon
-allow ims qcom_ims_prop:property_service set;
+set_prop(ims, qcom_ims_prop)
 
 # permissions needed for IMS to connect and interact with WPA supplicant
 unix_socket_send(ims, wpa, wpa)

common/init_shell.te

@@ -58,55 +58,57 @@ allow qti_init_shell self:capability {
 # rmnet_mux_prop - Needed to set persist.rmnet.mux property
 # sys_usb_controller_prop - Needed to set sys.usb.controller property
 # sys_usb_configfs_prop - Needed to set sys.usb.configfs property
-allow qti_init_shell {
-    system_prop
-    freq_prop
-    perfd_prop
-    gamed_prop
-    mpdecision_prop
-    bluetooth_prop
-    config_prop
-    sensors_prop
-    msm_irqbalance_prop
-    ipacm_prop
-    ipacm-diag_prop
-    qti_prop
-    ctl_rildaemon_prop
-    uicc_prop
-    ctl_qmuxd_prop
-    ctl_netmgrd_prop
-    ctl_port-bridge_prop
-    sdm_idle_time_prop
-    sf_lcd_density_prop
-    opengles_prop
-    mdm_helper_prop
-    fm_prop
-    usf_prop
-    qemu_hw_mainkeys_prop
-    alarm_boot_prop
-    boot_animation_prop
-    debug_gralloc_prop
-    # Needed for starting console in userdebug mode
-    userdebug_or_eng(`ctl_console_prop coresight_prop')
-    rmnet_mux_prop
-    ctl_hbtp_prop
-    #Needed for starting vm_bms executable post-boot
-    vm_bms_prop
-    sys_usb_controller_prop
-    sys_usb_configfs_prop
-    #Needed for setting hwui properties in post_boot
-    hwui_prop
-    graphics_vulkan_prop
-}:property_service set;
+set_prop(qti_init_shell, system_prop)
+set_prop(qti_init_shell, freq_prop)
+set_prop(qti_init_shell, perfd_prop)
+set_prop(qti_init_shell, gamed_prop)
+set_prop(qti_init_shell, mpdecision_prop)
+set_prop(qti_init_shell, bluetooth_prop)
+set_prop(qti_init_shell, config_prop)
+set_prop(qti_init_shell, sensors_prop)
+set_prop(qti_init_shell, msm_irqbalance_prop)
+set_prop(qti_init_shell, ipacm_prop)
+set_prop(qti_init_shell, ipacm-diag_prop)
+set_prop(qti_init_shell, qti_prop)
+set_prop(qti_init_shell, ctl_rildaemon_prop)
+set_prop(qti_init_shell, uicc_prop)
+set_prop(qti_init_shell, ctl_qmuxd_prop)
+set_prop(qti_init_shell, ctl_netmgrd_prop)
+set_prop(qti_init_shell, ctl_port-bridge_prop)
+set_prop(qti_init_shell, sdm_idle_time_prop)
+set_prop(qti_init_shell, sf_lcd_density_prop)
+set_prop(qti_init_shell, opengles_prop)
+set_prop(qti_init_shell, mdm_helper_prop)
+set_prop(qti_init_shell, fm_prop)
+set_prop(qti_init_shell, usf_prop)
+set_prop(qti_init_shell, qemu_hw_mainkeys_prop)
+set_prop(qti_init_shell, alarm_boot_prop)
+set_prop(qti_init_shell, boot_animation_prop)
+set_prop(qti_init_shell, debug_gralloc_prop)
+# Needed for starting console in userdebug mode
+userdebug_or_eng(`
+set_prop(qti_init_shell, ctl_console_prop)
+set_prop(qti_init_shell, coresight_prop)
+')
+set_prop(qti_init_shell, rmnet_mux_prop)
+set_prop(qti_init_shell, ctl_hbtp_prop)
+#Needed for starting vm_bms executable post-boot
+set_prop(qti_init_shell, vm_bms_prop)
+set_prop(qti_init_shell, sys_usb_controller_prop)
+set_prop(qti_init_shell, sys_usb_configfs_prop)
+#Needed for setting hwui properties in post_boot
+set_prop(qti_init_shell, hwui_prop)
+#Needed for setting bservice in post_boot
+set_prop(qti_init_shell, bservice_prop)
+#Needed for setting Delayed Service Reschedule in post_boot
+set_prop(qti_init_shell, reschedule_service_prop)
+set_prop(qti_init_shell, graphics_vulkan_prop)
 
 allow qti_init_shell efs_boot_dev:blk_file r_file_perms;
 
 # For hci_comm_init
 allow qti_init_shell { serial_device userdebug_or_eng(`qdss_device') }:chr_file rw_file_perms;
 
-# Allow property changes
-unix_socket_connect(qti_init_shell, property, init)
-
 allow qti_init_shell {
     sysfs
     sysfs_devices_system_cpu

common/iop.te

@@ -41,7 +41,8 @@ r_dir_file( dumpstate, appdomain );
 r_dir_file( dumpstate, apk_data_file );
 
 #Create a socket for receiving info from IOP
-allow dumpstate iop_socket:sock_file rw_file_perms;
+type_transition dumpstate iop_data_file:sock_file iop_socket "iop";
+allow dumpstate iop_socket:sock_file { create_file_perms unlink };
 
 #default_values file
 allow dumpstate iop_data_file:dir rw_dir_perms;

common/ipacm.te

@@ -36,3 +36,8 @@ allow ipacm ipacm:{
 # Allow creating and modifying the PID file
 allow ipacm ipacm_data_file:dir w_dir_perms;
 allow ipacm ipacm_data_file:file create_file_perms;
+
+# Allow execution of 'ip neighbor change' command in shell
+allow ipacm system_file:file rx_file_perms;
+allow ipacm shell_exec:file rx_file_perms;
+allow ipacm ipacm:netlink_route_socket nlmsg_write;

common/keystore.te

@@ -1,2 +1,5 @@
 # Allow keystore to operate using qseecom_device
 allow keystore tee_device:chr_file rw_file_perms;
+
+# Allow keystore to search and get keymaste.mdt
+r_dir_file(keystore, firmware_file)

common/location.te

@@ -62,7 +62,7 @@ allow location persist_file:dir r_dir_perms;
 netmgr_socket(location);
 
 #Allow access to properties
-set_prop(location, location_prop);
+set_prop(location, location_prop)
 
 #diag
 userdebug_or_eng(`

common/logdumpd.te

@@ -31,8 +31,7 @@ type logdumpd_exec, exec_type, file_type;
 init_daemon_domain(logdumpd)
 
 # To set ctl property
-unix_socket_connect(logdumpd, property, init)
-allow logdumpd ctl_default_prop:property_service set;
+set_prop(logdumpd, ctl_default_prop)
 
 userdebug_or_eng(`
 #logcat

common/mediaserver.te

@@ -34,6 +34,7 @@ binder_call(mediaserver, poweroffhandler);
 allow mediaserver mpctl_socket:dir r_dir_perms;
 unix_socket_send(mediaserver, mpctl, mpdecision)
 unix_socket_connect(mediaserver, mpctl, mpdecision)
+unix_socket_connect(mediaserver, thermal, thermal-engine)
 
 # access to perflock
 allow mediaserver mpctl_socket:dir r_dir_perms;
@@ -58,7 +59,7 @@ allow mediaserver audio_pp_data_file:dir rw_dir_perms;
 allow mediaserver audio_pp_data_file:file create_file_perms;
 
 #Allow mediaserver to set camera  properties
-allow mediaserver camera_prop:property_service set;
+set_prop(mediaserver, camera_prop)
 
 #allow mediaserver to access wfdservice
 binder_call(mediaserver, wfdservice)
@@ -70,3 +71,7 @@ r_dir_file(mediaserver, adsprpcd_file);
 binder_call(mediaserver, bootanim);
 
 allow mediaserver surfaceflinger:unix_stream_socket rw_socket_perms;
+
+# Allow mediaserver to search and get the widevine, playready firmwares
+allow mediaserver firmware_file:dir search;
+allow mediaserver firmware_file:file { read getattr open };

common/mm-pp-daemon.te

@@ -24,7 +24,7 @@ allow mm-pp-daemon sensors_device:chr_file r_file_perms;
 allow mm-pp-daemon sensors_socket:sock_file rw_file_perms;
 allow mm-pp-daemon sensors:unix_stream_socket connectto;
 
-allow mm-pp-daemon system_prop:property_service set;
+set_prop(mm-pp-daemon, system_prop)
 
 # Allow service manager to find surface flinger service,
 # sensorservice service, permission_service, and power service (for
@@ -45,7 +45,7 @@ userdebug_or_eng(`
   allow mm-pp-daemon self:process ptrace;
 
   # This allows pp-daemon to set debug property
-  allow mm-pp-daemon debug_prop:property_service set;
+  set_prop(mm-pp-daemon, debug_prop)
 
   # This allow pp-daemon access to diag
   diag_use(mm-pp-daemon)
@@ -56,7 +56,6 @@ userdebug_or_eng(`
 allow mm-pp-daemon sysfs:file rw_file_perms;
 
 # Allow socket calls in pp-daemon
-unix_socket_connect(mm-pp-daemon, property, init)
 unix_socket_connect(mm-pp-daemon, pps, init)
 
 allow mm-pp-daemon init:unix_stream_socket { listen accept };

common/mm-qcamerad.te

@@ -16,11 +16,12 @@ userdebug_or_eng(`
   allow mm-qcamerad camera_data_file:file create_file_perms;
 
   # mm-qcamerad needs to set persist.camera. property
-  allow mm-qcamerad camera_prop:property_service set;
-
+  set_prop(mm-qcamerad, camera_prop)
 ')
 
 #Communicate with user land process through domain socket
+type_transition mm-qcamerad system_data_file:sock_file camera_socket "cam_socket1";
+type_transition mm-qcamerad system_data_file:sock_file camera_socket "cam_socket2";
 allow mm-qcamerad camera_socket:sock_file { create unlink write };
 allow mm-qcamerad camera_socket:dir w_dir_perms;
 unix_socket_connect(mm-qcamerad, sensors, sensors)
@@ -60,7 +61,6 @@ allow mm-qcamerad graphics_device:dir r_dir_perms;
 
 #Allow access to /dev/graphics/fb* for screen capture
 allow mm-qcamerad graphics_device:chr_file rw_file_perms;
-unix_socket_connect(mm-qcamerad, property, init)
 
 #Allow camera work normally in FFBM
 binder_call(mm-qcamerad, mmi);
@@ -69,3 +69,7 @@ binder_call(mm-qcamerad, mmi);
 allow mm-qcamerad input_device:dir r_dir_perms;
 allow mm-qcamerad input_device:chr_file r_file_perms;
 allow mm-qcamerad sysfs:file rw_file_perms;
+
+# /data/fdAlbum
+type_transition mm-qcamerad system_data_file:file camera_data_file "fdAlbum";
+allow mm-qcamerad camera_data_file:file create_file_perms;

common/mmi.te

@@ -28,11 +28,10 @@ allow mmi mmi_data_file:dir rw_dir_perms;
 allow mmi mmi_data_file:file create_file_perms;
 
 #socket
-unix_socket_connect(mmi, property, init)
 allow mmi socket_device:dir w_dir_perms;
 
 #allow mmi set system prop,sensor need write persist
-allow mmi powerctl_prop:property_service set;
+set_prop(mmi, powerctl_prop)
 allow mmi persist_file:dir r_dir_perms;
 allow mmi sensors_persist_file:dir create_dir_perms;
 allow mmi sensors_persist_file:file create_file_perms;
@@ -53,13 +52,13 @@ allow mmi audio_device:chr_file rw_file_perms;
 #FM case
 allow mmi fm_radio_device:chr_file r_file_perms;
 allow mmi fm_data_file:file r_file_perms;
-allow mmi fm_prop:property_service set;
-allow mmi ctl_default_prop:property_service set;
+set_prop(mmi, fm_prop)
+set_prop(mmi, ctl_default_prop)
 
 #bluetooth case
 allow mmi bluetooth_data_file:dir rw_dir_perms;
 allow mmi bluetooth_data_file:file create_file_perms;
-allow mmi bluetooth_prop:property_service set;
+set_prop(mmi, bluetooth_prop)
 allow mmi smd_device:chr_file rw_file_perms;
 allow mmi persist_bluetooth_file:file r_file_perms;
 allow mmi wcnss_filter:unix_stream_socket connectto;
@@ -93,7 +92,7 @@ allow mmi nfc_data_file:file create_file_perms;
 qmux_socket(mmi);
 
 #allow mmi access chgdiabled prop
-allow mmi chgdiabled_prop:property_service set;
+set_prop(mmi, chgdiabled_prop)
 
 #Allow mmi operate on surfaceflinger
 allow mmi surfaceflinger:fd use;
@@ -120,7 +119,7 @@ unix_socket_connect(mmi, netmgrd, netmgrd);
 net_domain(mmi);
 
 #allow mmi access boot mode switch
-allow mmi boot_mode_prop:property_service set;
+set_prop(mmi, boot_mode_prop)
 #diag
 userdebug_or_eng(`
     diag_use(mmi)

common/mpdecision.te

@@ -41,5 +41,4 @@ allow mpdecision mpctl_data_file:file create_file_perms;
 r_dir_file(mpdecision, system_server)
 
 #mpdecision set properties
-unix_socket_connect(mpdecision, property, init)
-allow mpdecision mpdecision_prop:property_service set;
+set_prop(mpdecision, mpdecision_prop)

common/netd.te

@@ -19,7 +19,7 @@ allow netd ipacm_data_file:file r_file_perms;
 allowxperm netd self: { unix_stream_socket } ioctl priv_sock_ioctls;
 
 # needed for netd to start FST Manager via system property
-allow netd netd_prop:property_service set;
+set_prop(netd, netd_prop)
 
 allow netd self:capability fsetid;
 allow netd hostapd:unix_dgram_socket sendto;

common/netmgrd.te

@@ -32,7 +32,6 @@ allow netmgrd netmgrd:netlink_xfrm_socket { create_socket_perms nlmsg_write nlms
 allow netmgrd netmgrd:netlink_socket { write read create bind };
 allow netmgrd netmgrd:socket { create ioctl };
 allow netmgrd netmgrd:netlink_route_socket { setopt getattr write nlmsg_write };
-unix_socket_connect(netmgrd, property, init)
 allow netmgrd self:netlink_generic_socket create_socket_perms;
 allow netmgrd self:netlink_tcpdiag_socket { create_socket_perms nlmsg_read nlmsg_write };
 
@@ -45,9 +44,10 @@ allow netmgrd { proc_net sysfs }:file w_file_perms;
 
 #Allow address configuration
 #Allow setting of DNS and GW Android properties
-allow netmgrd { system_prop net_radio_prop }:property_service set;
+set_prop(netmgrd, system_prop)
+set_prop(netmgrd, net_radio_prop)
 
-allow netmgrd xlat_prop:property_service set;
+set_prop(netmgrd, xlat_prop)
 
 #Allow execution of commands in shell
 allow netmgrd system_file:file x_file_perms;

common/nqnfcinfo.te

@@ -33,7 +33,7 @@ init_daemon_domain(nqnfcinfo)
 
 r_dir_file(nqnfcinfo, sysfs_socinfo);
 
-set_prop(nqnfcinfo, nfc_nq_prop);
+set_prop(nqnfcinfo, nfc_nq_prop)
 
 # Access device nodes inside /dev/nq-nci
 allow nqnfcinfo nfc_device:chr_file rw_file_perms;

common/perfd.te

@@ -14,7 +14,8 @@ allow perfd {
 allow perfd self:{ netlink_kobject_uevent_socket socket} create_socket_perms;
 
 # mpctl socket
-allow perfd mpctl_socket:sock_file rw_file_perms;
+allow perfd mpctl_socket:dir rw_dir_perms;
+allow perfd mpctl_socket:sock_file create_file_perms;
 
 # default_values file
 allow perfd mpctl_data_file:dir rw_dir_perms;
@@ -47,6 +48,7 @@ allow perfd {
     system_app
     wfdservice
     mediaserver
+    mediacodec
     thermal-engine
     surfaceflinger
     appdomain

common/property.te

@@ -94,6 +94,12 @@ type alarm_instance_prop, property_type, core_property_type;
 #HWUI property
 type hwui_prop, property_type, core_property_type;
 
+#Bservice property
+type bservice_prop, property_type, core_property_type;
+
+#Delayed Service Reschedule property
+type reschedule_service_prop, property_type, core_property_type;
+
 type graphics_vulkan_prop, property_type, core_property_type;
 #boot mode property
 type boot_mode_prop, property_type;

common/property_contexts

@@ -1,3 +1,4 @@
+# Copyright (c) 2014 - 2016, The Linux Foundation. All rights reserved.
 # Copyright (c) 2015-2016 Dolby Laboratories, Inc. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -24,7 +25,6 @@
 
 wc_transport.              u:object_r:bluetooth_prop:s0
 sys.usb_uicc.              u:object_r:uicc_prop:s0
-dolby.audio.               u:object_r:audio_prop:s0
 persist.bluetooth.         u:object_r:bluetooth_prop:s0
 sys.ims.                   u:object_r:qcom_ims_prop:s0
 hw.fm.                     u:object_r:fm_prop:s0
@@ -84,6 +84,10 @@ ro.alarm_handled           u:object_r:alarm_handled_prop:s0
 ro.alarm_instance          u:object_r:alarm_instance_prop:s0
 #HWUI Property
 ro.hwui.texture_cache_size u:object_r:hwui_prop:s0
+#Bservice Property
+ro.sys.fw.bservice_ u:object_r:bservice_prop:s0
+#Delayed Service Restart Property
+ro.am.reschedule_service u:object_r:reschedule_service_prop:s0
 persist.graphics.vulkan.disable     u:object_r:graphics_vulkan_prop:s0
 #boot mode property
 sys.boot_mode              u:object_r:boot_mode_prop:s0

common/qcomsysd.te

@@ -21,7 +21,7 @@ allow qcomsysd sysfs_socinfo:file w_file_perms;
 allow qcomsysd self:capability { dac_override sys_boot };
 use_per_mgr(qcomsysd);
 #allow qcomsysd access boot mode switch
-set_prop(qcomsysd, boot_mode_prop);
+set_prop(qcomsysd, boot_mode_prop)
 
 #diag
 userdebug_or_eng(`

common/qmuxd.te

@@ -6,6 +6,7 @@ init_daemon_domain(qmuxd)
 userdebug_or_eng(`
   domain_auto_trans(shell, qmuxd_exec, qmuxd)
   domain_auto_trans(adbd, qmuxd_exec, qmuxd)
+  diag_use(qmuxd)
 ')
 
 #Allow qmuxd to operate on various qmux device sockets

common/qseecomd.te

@@ -56,10 +56,9 @@ binder_call(tee, surfaceflinger)
 binder_use(tee)
 
 allow tee system_app:unix_dgram_socket sendto;
-unix_socket_connect(tee, property, init)
 
 # allow qseecom access to set system property
-allow tee system_prop:property_service set;
+set_prop(tee, system_prop)
 
 userdebug_or_eng(`
   allow tee su:unix_dgram_socket sendto;
@@ -67,9 +66,6 @@ userdebug_or_eng(`
   #allow tee shell_data_file:dir search;
 ')
 
-# allow qseecom access to set system property
-allow tee system_prop:property_service set;
-
 #allow access to qfp-daemon
 allow tee qfp-daemon_data_file:dir create_dir_perms;
 allow tee qfp-daemon_data_file:file create_file_perms;

common/qseeproxy.te

@@ -46,9 +46,6 @@ allow qseeproxy qseeproxy_service:service_manager add;
 #Allow qseeproxy to use system_server via binder to check caller identity
 binder_call(qseeproxy, system_server)
 
-#Allow communication with init over property server
-unix_socket_connect(qseeproxy, property, init);
-
 #Allow access to tee device
 allow qseeproxy tee_device:chr_file rw_file_perms;
 

common/qti-logkit.te

@@ -65,6 +65,9 @@ userdebug_or_eng(`
   allow qti_logkit self:packet_socket create_socket_perms;
   allow qti_logkit self:capability net_raw;
   diag_use(qti_logkit)
+
+  # QDSS support
+  allow qti_logkit qdss_device:chr_file r_file_perms;
 ')
 
 binder_use(qti_logkit)

common/recovery.te

@@ -17,4 +17,10 @@ recovery_only(`
     allow recovery sg_device:chr_file rw_file_perms;
     allow recovery self:capability sys_rawio;
     allow recovery sg_device:chr_file ioctl;
+    # Enable adb on configfs devices
+    allow recovery configfs:file rw_file_perms;
+    allow recovery configfs:dir rw_dir_perms;
+    set_prop(recovery, ffs_prop)
+    get_prop(recovery, sys_usb_controller_prop)
+    get_prop(recovery, boot_mode_prop)
 ')

common/ridl.te

@@ -75,8 +75,7 @@ allow RIDL cache_recovery_file:dir rw_dir_perms;
 allow RIDL cache_recovery_file:file create_file_perms;
 
 # reboot recovery
-allow RIDL powerctl_prop:property_service set;
-unix_socket_connect(RIDL, property, init)
+set_prop(RIDL, powerctl_prop)
 
 # ANR
 allow RIDL anr_data_file:dir r_dir_perms;

common/rmt_storage.te

@@ -22,8 +22,7 @@ allow rmt_storage self:capability {
 };
 
 #For set the ctl properties
-unix_socket_connect(rmt_storage, property, init)
-allow rmt_storage ctl_default_prop:property_service set;
+set_prop(rmt_storage, ctl_default_prop)
 
 #For Wakelocks
 wakelock_use(rmt_storage)

common/service_contexts

@@ -59,3 +59,4 @@ wigig                                          u:object_r:wigig_service:s0
 # DOLBY_START
 media.dolby_memoryservice                      u:object_r:audioserver_service:s0
 # DOLBY_END
+enrichrcsservice                               u:object_r:radio_service:s0

common/system_app.te

@@ -28,11 +28,9 @@ r_dir_file(system_app, fm_data_file);
 r_dir_file(system_app, bluetooth_data_file);
 r_dir_file(system_app, bt_firmware_file);
 
-allow system_app {
-    ctl_default_prop
-    fm_prop
-    usf_prop
-}:property_service set;
+set_prop(system_app, ctl_default_prop)
+set_prop(system_app, fm_prop)
+set_prop(system_app, usf_prop)
 
 allow system_app {
     atfwd_service
@@ -64,6 +62,9 @@ userdebug_or_eng(`
   allow system_app tombstone_data_file:dir r_dir_perms;
   allow system_app tombstone_data_file:file r_file_perms;
   diag_use(system_app)
+
+  # allow to read ssr ramdump
+  allow system_app ssr_ramdump_data_file:dir r_dir_perms;
 ')
 
 allow system_app cnd_data_file:dir w_dir_perms;
@@ -86,7 +87,7 @@ allow system_app usf_data_file:dir rw_dir_perms;
 allow system_app usf_data_file:{ file lnk_file } create_file_perms;
 
 #access to wifi_ftmd
-allow system_app wififtmd_prop:property_service set;
+set_prop(system_app, wififtmd_prop)
 unix_socket_send(system_app, wififtmd, wifi_ftmd)
 
 # allow system_app to interact with dtseagleservice
@@ -140,7 +141,7 @@ allow system_app qti_logkit_priv_socket:sock_file r_file_perms;
 allow system_app wcnss_service_exec:file rx_file_perms;
 
 # bugreport
-allow system_app ctl_dumpstate_prop:property_service set;
+set_prop(system_app, ctl_dumpstate_prop)
 unix_socket_connect(system_app, dumpstate, dumpstate)
 
 # allow gba auth service to add itself as system service

common/system_server.te

@@ -37,16 +37,16 @@ allow system_server {
 allow system_server qtitetherservice_service:service_manager find;
 
 #For ANT tty communication and to set wc_transport prop
-allow system_server {
-    bluetooth_prop
-    usf_prop
-    alarm_handled_prop
-    alarm_instance_prop
-}:property_service set;
+set_prop(system_server, bluetooth_prop)
+set_prop(system_server, usf_prop)
+set_prop(system_server, alarm_handled_prop)
+set_prop(system_server, alarm_instance_prop)
 
 # required for ANT App to connectto wcnss_filter sockets
 allow system_server bluetooth:unix_stream_socket connectto;
 # access to iop
+allow system_server iop_socket:dir r_dir_perms;
+allow system_server iop_data_file:dir r_dir_perms;
 unix_socket_send(system_server, iop, dumpstate)
 unix_socket_connect(system_server, iop, dumpstate)
 
@@ -68,7 +68,7 @@ allow system_server location_data_file:dir create_dir_perms;
 allow system_server { location_app_data_file mdtp_svc_app_data_file } :file rw_file_perms;
 allow system_server { location_app_data_file mdtp_svc_app_data_file } :dir r_dir_perms;
 allow system_server location_socket:sock_file create_file_perms;
-allow system_server location_prop:property_service set;
+set_prop(system_server, location_prop)
 
 #For wifistatemachine
 allow system_server kernel:key search;
@@ -142,13 +142,13 @@ allow system_server iqfp_service:service_manager find;
 unix_socket_send(system_server, seempdw, seempd)
 
 # For shutdown animation
-allow system_server ctl_bootanim_prop:property_service set;
+set_prop(system_server, ctl_bootanim_prop)
 
 # allow tethering to access dhcp leases
 r_dir_file(system_server, dhcp_data_file)
 
 # Allow system server to set fst system properties
-allow system_server fst_prop:property_service set;
+set_prop(system_server, fst_prop)
 
 #allow access to fingerprintd data file
 allow system_server fingerprintd_data_file:file { r_file_perms unlink };

common/thermal-engine.te

@@ -49,6 +49,12 @@ unix_socket_connect(thermal-engine, mpctl, mpdecision)
 #This is to allow access to uio device
 allow thermal-engine uio_device:chr_file rw_file_perms;
 
+#Label the thermal sockets correctly
+type_transition thermal-engine socket_device:sock_file thermal_socket;
+
 userdebug_or_eng(`
   diag_use(thermal-engine)
 ')
+
+# To get GPU frequencies
+allow thermal-engine sysfs_kgsl:file r_file_perms;

common/ueventd.te

@@ -9,6 +9,7 @@ r_dir_file(ueventd, wifi_data_file)
 
 allow ueventd {
     sysfs_battery_supply
+    sysfs_dc_supply
     sysfs_thermal
     sysfs_usb_supply
     sysfs_socinfo

common/untrusted_app.te

@@ -5,6 +5,16 @@ unix_socket_connect(untrusted_app, mpctl, mpdecision)
 # diag device node access is restricted to untrusted_app
 neverallow untrusted_app diag_device:chr_file rw_file_perms;
 
+# allow apps to read battery status
+allow untrusted_app sysfs_battery_supply:dir r_dir_perms;
+allow untrusted_app sysfs_battery_supply:file r_file_perms;
+
+# allow apps to read charging status
+allow untrusted_app sysfs_dc_supply:dir r_dir_perms;
+allow untrusted_app sysfs_dc_supply:file r_file_perms;
+allow untrusted_app sysfs_usb_supply:dir r_dir_perms;
+allow untrusted_app sysfs_usb_supply:file r_file_perms;
+
 # test apps needs to communicate with imscm
 # using binder call
 userdebug_or_eng(`

common/usb_uicc_daemon.te

@@ -7,8 +7,6 @@ init_daemon_domain(usb_uicc_daemon)
 
 allow usb_uicc_daemon self:socket create_socket_perms;
 allow usb_uicc_daemon usb_uicc_device:chr_file rw_file_perms;
-allow usb_uicc_daemon uicc_prop:property_service set;
+set_prop(usb_uicc_daemon, uicc_prop)
 allow usb_uicc_daemon sysfs_usb_uicc:file rw_file_perms;
 allow usb_uicc_daemon sysfs_usb_uicc:dir rw_dir_perms;
-
-unix_socket_connect(usb_uicc_daemon, property, init)

common/usf.te

@@ -25,7 +25,5 @@ r_dir_file(usf, persist_file)
 r_dir_file(usf, persist_usf_file)
 
 # Properties
-allow usf { ctl_default_prop usf_prop }:property_service set;
-
-# Sockets
-unix_socket_connect(usf, property, init);
+set_prop(usf, ctl_default_prop)
+set_prop(usf, usf_prop)

common/wcnss_filter.te

@@ -41,7 +41,7 @@ allow wcnss_filter {
 
 #wakelock policy
 wakelock_use(wcnss_filter);
-set_prop(wcnss_filter, bluetooth_prop);
+set_prop(wcnss_filter, bluetooth_prop)
 
 #For bluetooth firmware
 r_dir_file(wcnss_filter, bt_firmware_file)
@@ -50,8 +50,8 @@ r_dir_file(wcnss_filter, bt_firmware_file)
 allow wcnss_filter bluetooth_data_file:dir create_dir_perms;
 allow wcnss_filter bluetooth_data_file:notdevfile_class_set create_file_perms;
 
-allow wcnss_filter persist_bluetooth_file:dir r_dir_perms;
-allow wcnss_filter persist_bluetooth_file:file r_file_perms;
+allow wcnss_filter persist_bluetooth_file:dir r_dir_perms;
+allow wcnss_filter persist_bluetooth_file:file r_file_perms;
 allow wcnss_filter persist_file:dir r_dir_perms;
 
 #diag

common/wcnss_service.te

@@ -4,7 +4,6 @@ type wcnss_service_exec, exec_type, file_type;
 init_daemon_domain(wcnss_service)
 net_domain(wcnss_service)
 
-unix_socket_connect(wcnss_service, property, init)
 allow wcnss_service wcnss_device:chr_file rw_file_perms;
 
 qmux_socket(wcnss_service);
@@ -12,9 +11,8 @@ qmux_socket(wcnss_service);
 allow wcnss_service wifi_data_file:dir w_dir_perms;
 allow wcnss_service wifi_data_file:file create_file_perms;
 
-allow wcnss_service system_prop:property_service set;
-allow wcnss_service persist_file:dir r_dir_perms;
-qmux_socket(wcnss_service);
+set_prop(wcnss_service, system_prop)
+allow wcnss_service persist_file:dir create_dir_perms;
 
 allow wcnss_service self:socket create_socket_perms;
 allow wcnss_service smem_log_device:chr_file rw_file_perms;
@@ -32,6 +30,7 @@ allow wcnss_service self:netlink_generic_socket create_socket_perms;
 allow wcnss_service firmware_file:dir r_dir_perms;
 allow wcnss_service firmware_file:file r_file_perms;
 allow wcnss_service sysfs:file w_file_perms;
+allow wcnss_service storage_file:dir search;
 
 # allow access to netd
 unix_socket_connect(wcnss_service, netd, netd)
@@ -41,9 +40,9 @@ allow wcnss_service fuse:dir create_dir_perms;
 allow wcnss_service fuse:file create_file_perms;
 allow wcnss_service vfat:dir create_dir_perms;
 allow wcnss_service vfat:file create_file_perms;
+
+# needed for wlan dynamic nv feature
 allow wcnss_service persist_file:file { rw_file_perms setattr };
-allow wcnss_service dynamic_nv_data_file:file r_file_perms;
-allow wcnss_service dynamic_nv_data_file:dir r_dir_perms;
 
 # This is needed for ptt_socket app to write logs file collected to sdcard
 r_dir_file(wcnss_service, storage_file)
@@ -53,3 +52,5 @@ diag_use(wcnss_service)
 
 binder_use(wcnss_service)
 use_per_mgr(wcnss_service)
+
+type_transition wcnss_service persist_file:file wifi_data_file ".genmac";

common/wfdservice.te

@@ -42,9 +42,6 @@ allow wfdservice graphics_device:chr_file rw_file_perms;
 #Allow access to encoder for YUV statistics
 allow wfdservice gpu_device:chr_file rw_file_perms;
 
-#Allow communication with init over property server
-unix_socket_connect(wfdservice, property, init);
-
 #Allow access to /dev/video/* devices for encoding/decoding
 allow wfdservice video_device:chr_file rw_file_perms;
 allow wfdservice video_device:dir r_dir_perms;

common/wifi_ftmd.te

@@ -31,6 +31,5 @@ init_daemon_domain(wifi_ftmd)
 
 net_domain(wifi_ftmd)
 
-set_prop(wifi_ftmd,wififtmd_prop);
+set_prop(wifi_ftmd, wififtmd_prop)
 allow wifi_ftmd self:capability net_admin;
-allow wifi_ftmd wififtmd_prop:property_service set;

msm8226/file_contexts

@@ -27,6 +27,8 @@
 ###################################
 # Primary storage device nodes
 #
+/dev/block/platform/msm_sdcc\.1/by-name/boot                  u:object_r:boot_block_device:s0
+/dev/block/platform/msm_sdcc\.1/by-name/recovery              u:object_r:recovery_block_device:s0
 /dev/block/platform/msm_sdcc\.1/by-name/fsg                   u:object_r:modem_efs_partition_device:s0
 /dev/block/platform/msm_sdcc\.1/by-name/fsc                   u:object_r:modem_efs_partition_device:s0
 /dev/block/platform/msm_sdcc\.1/by-name/modemst1              u:object_r:modem_efs_partition_device:s0
@@ -35,5 +37,6 @@
 /dev/block/platform/msm_sdcc\.1/by-name/misc                  u:object_r:misc_block_device:s0
 /dev/block/platform/msm_sdcc\.1/by-name/userdata              u:object_r:userdata_block_device:s0
 /dev/block/platform/msm_sdcc\.1/by-name/logdump               u:object_r:logdump_partition:s0
+/dev/block/platform/msm_sdcc\.1/by-name/cache                 u:object_r:cache_block_device:s0
 /dev/block/mmcblk0                                            u:object_r:root_block_device:s0
 /dev/block/mmcblk0rpmb                                        u:object_r:rpmb_device:s0

msm8909/file_contexts

@@ -27,24 +27,27 @@
 ###################################
 # Primary storage device nodes
 #
-/dev/block/platform/soc.0/7824900.sdhci/by-name/fsg                   u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc.0/7824900.sdhci/by-name/fsc                   u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc.0/7824900.sdhci/by-name/modemst1              u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc.0/7824900.sdhci/by-name/modemst2              u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc.0/7824900.sdhci/by-name/ssd                   u:object_r:ssd_device:s0
-/dev/block/platform/soc.0/7824900.sdhci/by-name/misc                  u:object_r:misc_block_device:s0
-/dev/block/platform/soc.0/7824900.sdhci/by-name/userdata              u:object_r:userdata_block_device:s0
-/dev/block/platform/soc.0/7824900.sdhci/by-name/logdump               u:object_r:logdump_partition:s0
-/dev/block/platform/soc.0/7824900.sdhci/by-name/config                u:object_r:frp_block_device:s0
+/dev/block/platform/soc\.0/7824900\.sdhci/by-name/boot                u:object_r:boot_block_device:s0
+/dev/block/platform/soc\.0/7824900\.sdhci/by-name/recovery            u:object_r:recovery_block_device:s0
+/dev/block/platform/soc\.0/7824900\.sdhci/by-name/fsg                 u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc\.0/7824900\.sdhci/by-name/fsc                 u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc\.0/7824900\.sdhci/by-name/modemst1            u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc\.0/7824900\.sdhci/by-name/modemst2            u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc\.0/7824900\.sdhci/by-name/ssd                 u:object_r:ssd_device:s0
+/dev/block/platform/soc\.0/7824900\.sdhci/by-name/misc                u:object_r:misc_block_device:s0
+/dev/block/platform/soc\.0/7824900\.sdhci/by-name/userdata            u:object_r:userdata_block_device:s0
+/dev/block/platform/soc\.0/7824900\.sdhci/by-name/logdump             u:object_r:logdump_partition:s0
+/dev/block/platform/soc\.0/7824900\.sdhci/by-name/cache               u:object_r:cache_block_device:s0
+/dev/block/platform/soc\.0/7824900\.sdhci/by-name/config              u:object_r:frp_block_device:s0
 /dev/block/mmcblk0                                                    u:object_r:root_block_device:s0
 /dev/block/mmcblk0rpmb                                                u:object_r:rpmb_device:s0
 
 # for wear we are still using soc not soc.0
-/dev/block/platform/soc/7824900.sdhci/by-name/fsg                   u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/fsc                   u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/modemst1              u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/modemst2              u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/ssd                   u:object_r:ssd_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/misc                  u:object_r:misc_block_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/userdata              u:object_r:userdata_block_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/logdump               u:object_r:logdump_partition:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/fsg                  u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/fsc                  u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/modemst1             u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/modemst2             u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/ssd                  u:object_r:ssd_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/misc                 u:object_r:misc_block_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/userdata             u:object_r:userdata_block_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/logdump              u:object_r:logdump_partition:s0

msm8909/idmap.te

@@ -0,0 +1,30 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#for oemfs
+allow idmap oemfs:file r_file_perms;
+allow idmap oemfs:dir r_dir_perms;

msm8909/platform_app.te

@@ -0,0 +1,29 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#for oemfs
+allow platform_app oemfs:lnk_file { read getattr };

msm8909/priv_app.te

@@ -0,0 +1,29 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#for oemfs
+allow priv_app oemfs:lnk_file { read getattr };

msm8909/system_app.te

@@ -0,0 +1,29 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#for oemfs
+allow system_app oemfs:lnk_file { read getattr };

msm8909/untrusted_app.te

@@ -0,0 +1,32 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+# for oemfs
+allow untrusted_app oemfs:lnk_file { read getattr };
+#for regionalization data file
+allow untrusted_app regionalization_data_file:file r_file_perms;

msm8909/zygote.te

@@ -29,3 +29,4 @@
 allow zygote persist_file:dir r_dir_perms;
 allow zygote regionalization_file:dir r_dir_perms;
 allow zygote regionalization_file:file r_file_perms;
+r_dir_file(zygote,oemfs);

msm8916/file_contexts

@@ -28,18 +28,19 @@
 ###################################
 # Primary storage device nodes
 #
-/dev/block/platform/soc.0/7824900.sdhci/by-name/fsg                   u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc.0/7824900.sdhci/by-name/fsc                   u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc.0/7824900.sdhci/by-name/modemst1              u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc.0/7824900.sdhci/by-name/modemst2              u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc.0/7824900.sdhci/by-name/ssd                   u:object_r:ssd_device:s0
-/dev/block/platform/soc.0/7824900.sdhci/by-name/misc                  u:object_r:misc_block_device:s0
-/dev/block/platform/soc.0/7824900.sdhci/by-name/userdata              u:object_r:userdata_block_device:s0
-/dev/block/platform/soc.0/7824900.sdhci/by-name/logdump               u:object_r:logdump_partition:s0
-/dev/block/platform/soc.0/7824900.sdhci/by-name/config                u:object_r:frp_block_device:s0
+/dev/block/platform/soc\.0/7824900\.sdhci/by-name/fsg                 u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc\.0/7824900\.sdhci/by-name/fsc                 u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc\.0/7824900\.sdhci/by-name/modemst1            u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc\.0/7824900\.sdhci/by-name/modemst2            u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc\.0/7824900\.sdhci/by-name/ssd                 u:object_r:ssd_device:s0
+/dev/block/platform/soc\.0/7824900\.sdhci/by-name/misc                u:object_r:misc_block_device:s0
+/dev/block/platform/soc\.0/7824900\.sdhci/by-name/userdata            u:object_r:userdata_block_device:s0
+/dev/block/platform/soc\.0/7824900\.sdhci/by-name/logdump             u:object_r:logdump_partition:s0
+/dev/block/platform/soc\.0/7824900\.sdhci/by-name/config              u:object_r:frp_block_device:s0
 /dev/block/mmcblk0                                                    u:object_r:root_block_device:s0
 /dev/block/mmcblk0rpmb                                                u:object_r:rpmb_device:s0
-/dev/block/platform/soc.0/7824900.sdhci/by-name/boot                  u:object_r:boot_block_device:s0
-/dev/block/platform/soc.0/7824900.sdhci/by-name/recovery              u:object_r:recovery_block_device:s0
-/dev/block/platform/soc.0/7824900.sdhci/by-name/system                u:object_r:system_block_device:s0
-/dev/block/platform/soc.0/7824900.sdhci/by-name/cache                 u:object_r:cache_block_device:s0
+/dev/block/platform/soc\.0/7824900\.sdhci/by-name/frp                 u:object_r:frp_block_device:s0
+/dev/block/platform/soc\.0/7824900\.sdhci/by-name/boot                u:object_r:boot_block_device:s0
+/dev/block/platform/soc\.0/7824900\.sdhci/by-name/recovery            u:object_r:recovery_block_device:s0
+/dev/block/platform/soc\.0/7824900\.sdhci/by-name/system              u:object_r:system_block_device:s0
+/dev/block/platform/soc\.0/7824900\.sdhci/by-name/cache               u:object_r:cache_block_device:s0

msm8916/init_shell.te

@@ -27,6 +27,4 @@
 
 # media_codecs_eld_prop - to choose target specific media_codecs.xml
 # media_settings_xml_prop - to choose target specific media_profiles.xml
-allow qti_init_shell {
-    media_msm8939hw_prop
-}:property_service set;
+set_prop(qti_init_shell, media_msm8939hw_prop)

msm8937/file_contexts

@@ -32,24 +32,24 @@
 /dev/block/mmcblk0rpmb                                              u:object_r:rpmb_device:s0
 
 #Using soc instead of soc.0 for 3.18 kernel
-/dev/block/platform/soc/7824900.sdhci/by-name/fsg                   u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/fsc                   u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/modemst1              u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/modemst2              u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/ssd                   u:object_r:ssd_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/misc                  u:object_r:misc_block_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/system                u:object_r:system_block_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/userdata              u:object_r:userdata_block_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/dip                   u:object_r:dip_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/mdtp                  u:object_r:mdtp_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/config                u:object_r:frp_block_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/boot                  u:object_r:boot_block_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/recovery              u:object_r:recovery_block_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/cache                 u:object_r:cache_block_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/logdump               u:object_r:logdump_partition:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/fsg                  u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/fsc                  u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/modemst1             u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/modemst2             u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/ssd                  u:object_r:ssd_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/misc                 u:object_r:misc_block_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/system               u:object_r:system_block_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/userdata             u:object_r:userdata_block_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/dip                  u:object_r:dip_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/mdtp                 u:object_r:mdtp_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/config               u:object_r:frp_block_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/boot                 u:object_r:boot_block_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/recovery             u:object_r:recovery_block_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/cache                u:object_r:cache_block_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/logdump              u:object_r:logdump_partition:s0
 
 
 
 #rawdump partition
-/dev/block/platform/soc/7824900.sdhci/by-name/rawdump               u:object_r:rawdump_block_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/rawdump              u:object_r:rawdump_block_device:s0
 /sys/kernel/dload/emmc_dload                                        u:object_r:sysfs_emmc_dload:s0

msm8937/untrusted_app.te

@@ -28,3 +28,5 @@
 
 # for oemfs
 allow untrusted_app oemfs:lnk_file { read getattr };
+#for regionalization data file
+allow untrusted_app regionalization_data_file:file r_file_perms;

msm8952/file_contexts

@@ -28,31 +28,31 @@
 ###################################
 # Primary storage device nodes
 #
-/dev/block/platform/soc.0/7824900.sdhci/by-name/fsg                   u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc.0/7824900.sdhci/by-name/fsc                   u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc.0/7824900.sdhci/by-name/modemst1              u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc.0/7824900.sdhci/by-name/modemst2              u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc.0/7824900.sdhci/by-name/ssd                   u:object_r:ssd_device:s0
-/dev/block/platform/soc.0/7824900.sdhci/by-name/misc                  u:object_r:misc_block_device:s0
-/dev/block/platform/soc.0/7824900.sdhci/by-name/system                u:object_r:system_block_device:s0
-/dev/block/platform/soc.0/7824900.sdhci/by-name/userdata              u:object_r:userdata_block_device:s0
-/dev/block/platform/soc.0/7824900.sdhci/by-name/dip                   u:object_r:dip_device:s0
-/dev/block/platform/soc.0/7824900.sdhci/by-name/mdtp                  u:object_r:mdtp_device:s0
+/dev/block/platform/soc\.0/7824900\.sdhci/by-name/fsg                 u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc\.0/7824900\.sdhci/by-name/fsc                 u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc\.0/7824900\.sdhci/by-name/modemst1            u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc\.0/7824900\.sdhci/by-name/modemst2            u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc\.0/7824900\.sdhci/by-name/ssd                 u:object_r:ssd_device:s0
+/dev/block/platform/soc\.0/7824900\.sdhci/by-name/misc                u:object_r:misc_block_device:s0
+/dev/block/platform/soc\.0/7824900\.sdhci/by-name/system              u:object_r:system_block_device:s0
+/dev/block/platform/soc\.0/7824900\.sdhci/by-name/userdata            u:object_r:userdata_block_device:s0
+/dev/block/platform/soc\.0/7824900\.sdhci/by-name/dip                 u:object_r:dip_device:s0
+/dev/block/platform/soc\.0/7824900\.sdhci/by-name/mdtp                u:object_r:mdtp_device:s0
 /dev/block/mmcblk0                                                    u:object_r:root_block_device:s0
 /dev/block/mmcblk0rpmb                                                u:object_r:rpmb_device:s0
-/dev/block/platform/soc.0/7824900.sdhci/by-name/config                u:object_r:frp_block_device:s0
-/dev/block/platform/soc.0/7824900.sdhci/by-name/logdump               u:object_r:logdump_partition:s0
+/dev/block/platform/soc\.0/7824900\.sdhci/by-name/config              u:object_r:frp_block_device:s0
+/dev/block/platform/soc\.0/7824900\.sdhci/by-name/logdump             u:object_r:logdump_partition:s0
 
 #Using soc instead of soc.0 to make it compatable with 3.18 kernel
 
-/dev/block/platform/soc/7824900.sdhci/by-name/fsg                   u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/fsc                   u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/modemst1              u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/modemst2              u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/ssd                   u:object_r:ssd_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/misc                  u:object_r:misc_block_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/system                u:object_r:system_block_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/userdata              u:object_r:userdata_block_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/dip                   u:object_r:dip_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/mdtp                  u:object_r:mdtp_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/logdump               u:object_r:logdump_partition:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/fsg                  u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/fsc                  u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/modemst1             u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/modemst2             u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/ssd                  u:object_r:ssd_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/misc                 u:object_r:misc_block_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/system               u:object_r:system_block_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/userdata             u:object_r:userdata_block_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/dip                  u:object_r:dip_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/mdtp                 u:object_r:mdtp_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/logdump              u:object_r:logdump_partition:s0

msm8952/init_shell.te

@@ -28,11 +28,9 @@
 # media_codecs_eld_prop - to choose target specific media_codecs.xml
 # media_settings_xml_prop - to choose target specific media_profiles.xml
 # media_msm8956_version_prop - to choose target version specific media_codecs.xml
-allow qti_init_shell {
-    media_msm8956hw_prop
-    media_settings_xml_prop
-    media_msm8956_version_prop
-}:property_service set;
+set_prop(qti_init_shell, media_msm8956hw_prop)
+set_prop(qti_init_shell, media_settings_xml_prop)
+set_prop(qti_init_shell, media_msm8956_version_prop)
 
 # For regionalization
 allow qti_init_shell regionalization_file:dir r_dir_perms;

msm8952/system_server.te

@@ -25,6 +25,11 @@
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
+# Allow access to /proc/PID
+allow system_server appdomain:dir r_dir_perms;
+allow system_server appdomain:file rw_file_perms;
+
+
 # For Regionalization service
 allow system_server regionalization_service:service_manager { add find };
 allow system_server regionalization_file:file rw_file_perms;

msm8952/wfdservice.te

@@ -0,0 +1,29 @@
+# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#    * Redistributions of source code must retain the above copyright
+#      notice, this list of conditions and the following disclaimer.
+#    * Redistributions in binary form must reproduce the above
+#      copyright notice, this list of conditions and the following
+#      disclaimer in the documentation and/or other materials provided
+#      with the distribution.
+#    * Neither the name of The Linux Foundation nor the names of its
+#      contributors may be used to endorse or promote products derived
+#      from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#Allow wfdservice to read media_msm8956hw property file
+allow wfdservice media_msm8956hw_prop:file r_file_perms;

msm8953/file_contexts

@@ -32,22 +32,22 @@
 /dev/block/mmcblk0rpmb                                              u:object_r:rpmb_device:s0
 
 #Using soc instead of soc.0 for 3.18 kernel
-/dev/block/platform/soc/7824900.sdhci/by-name/fsg                   u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/fsc                   u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/modemst1              u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/modemst2              u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/ssd                   u:object_r:ssd_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/misc                  u:object_r:misc_block_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/system                u:object_r:system_block_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/userdata              u:object_r:userdata_block_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/dip                   u:object_r:dip_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/mdtp                  u:object_r:mdtp_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/config                u:object_r:frp_block_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/logdump               u:object_r:logdump_partition:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/boot                  u:object_r:boot_block_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/recovery              u:object_r:recovery_block_device:s0
-/dev/block/platform/soc/7824900.sdhci/by-name/cache                 u:object_r:cache_block_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/fsg                  u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/fsc                  u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/modemst1             u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/modemst2             u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/ssd                  u:object_r:ssd_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/misc                 u:object_r:misc_block_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/system               u:object_r:system_block_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/userdata             u:object_r:userdata_block_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/dip                  u:object_r:dip_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/mdtp                 u:object_r:mdtp_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/config               u:object_r:frp_block_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/logdump              u:object_r:logdump_partition:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/boot                 u:object_r:boot_block_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/recovery             u:object_r:recovery_block_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/cache                u:object_r:cache_block_device:s0
 
 #rawdump partition
-/dev/block/platform/soc/7824900.sdhci/by-name/rawdump               u:object_r:rawdump_block_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/rawdump              u:object_r:rawdump_block_device:s0
 /sys/kernel/dload/emmc_dload                                        u:object_r:sysfs_emmc_dload:s0

msm8953/init_shell.te

@@ -1,4 +1,4 @@
-# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+# Copyright (c) 2016-2017, The Linux Foundation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are
@@ -25,6 +25,12 @@
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
+# media_codecs_eld_prop - to choose target specific media_codecs.xml
+# media_settings_xml_prop - to choose target specific media_profiles.xml
+# media_msm8956_version_prop - to choose target version specific media_codecs.xml
+set_prop(qti_init_shell, media_settings_xml_prop)
+set_prop(qti_init_shell, media_msm8953_version_prop)
+
 # For regionalization
 allow qti_init_shell regionalization_file:dir r_dir_perms;
 allow qti_init_shell regionalization_file:file create_file_perms;

msm8953/mediaserver.te

@@ -0,0 +1,29 @@
+# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+allow mediaserver media_settings_xml_prop:file r_file_perms;
+allow mediaserver media_msm8953_version_prop:file r_file_perms;

msm8953/property.te

@@ -0,0 +1,30 @@
+# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#properites for init.qcom.sh script
+type media_settings_xml_prop, property_type;
+type media_msm8953_version_prop, property_type;

msm8953/property_contexts

@@ -0,0 +1,29 @@
+# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+media.settings.xml         u:object_r:media_settings_xml_prop:s0
+media.msm8953.version      u:object_r:media_msm8953_version_prop:s0

msm8953/untrusted_app.te

@@ -28,3 +28,5 @@
 
 # for oemfs
 allow untrusted_app oemfs:lnk_file { read getattr };
+#for regionalization data file
+allow untrusted_app regionalization_data_file:file r_file_perms;

msm8953/zygote.te

@@ -1,4 +1,4 @@
-# Copyright (c) 2016, The Linux Foundation. All rights reserved.
+# Copyright (c) 2016-2017, The Linux Foundation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are
@@ -31,3 +31,5 @@ allow zygote regionalization_file:dir r_dir_perms;
 allow zygote regionalization_file:file r_file_perms;
 allow zygote oemfs:dir r_dir_perms;
 allow zygote oemfs:file r_file_perms;
+
+allow zygote media_settings_xml_prop:file r_file_perms;

msm8960/file_contexts

@@ -5,22 +5,30 @@
 /dev/msm_rotator                                u:object_r:graphics_device:s0
 /dev/mdp_arb                                    u:object_r:graphics_device:s0
 /dev/mdm                                        u:object_r:mdm_device:s0
-/dev/block/bootdevice/by-name/m9kefs1           u:object_r:efs_boot_dev:s0
-/dev/block/bootdevice/by-name/m9kefs2           u:object_r:efs_boot_dev:s0
-/dev/block/bootdevice/by-name/m9kefs3           u:object_r:efs_boot_dev:s0
-/dev/block/bootdevice/by-name/m9kefsc           u:object_r:efs_boot_dev:s0
-/dev/gss                                        u:object_r:gss_device:s0
-/dev/block/platform/msm_sdcc.1/by-name/fsg      u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/msm_sdcc.1/by-name/modemst1 u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/msm_sdcc.1/by-name/modemst2 u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/msm_sdcc.1/by-name/ssd      u:object_r:ssd_device:s0
-/dev/block/platform/msm_sdcc.1/by-name/boot     u:object_r:boot_block_device:s0
-/dev/block/platform/msm_sdcc.1/by-name/recovery      u:object_r:recovery_block_device:s0
-/dev/block/platform/msm_sdcc.1/by-name/cache    u:object_r:cache_block_device:s0
-/dev/block/platform/msm_sdcc.1/by-name/system   u:object_r:system_block_device:s0
-/dev/block/platform/msm_sdcc.1/by-name/logdump  u:object_r:logdump_partition:s0
-/dev/block/mmcblk0                              u:object_r:root_block_device:s0
 /dev/socket/mpdecision                          u:object_r:mpdecision_socket:s0
+
+###################################
+# Block devices
+#
+/dev/block/mmcblk0                              u:object_r:root_block_device:s0
+/dev/block/mmcblk0rpmb                          u:object_r:rpmb_device:s0
+/dev/block/platform/msm_sdcc\.1/by-name/boot    u:object_r:boot_block_device:s0
+/dev/block/platform/msm_sdcc\.1/by-name/cache   u:object_r:cache_block_device:s0
+/dev/block/platform/msm_sdcc\.1/by-name/fsg     u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/msm_sdcc\.1/by-name/fsc     u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/msm_sdcc\.1/by-name/logdump u:object_r:logdump_partition:s0
+/dev/block/platform/msm_sdcc\.1/by-name/m9kefs1 u:object_r:efs_boot_dev:s0
+/dev/block/platform/msm_sdcc\.1/by-name/m9kefs2 u:object_r:efs_boot_dev:s0
+/dev/block/platform/msm_sdcc\.1/by-name/m9kefs3 u:object_r:efs_boot_dev:s0
+/dev/block/platform/msm_sdcc\.1/by-name/m9kefsc u:object_r:efs_boot_dev:s0
+/dev/block/platform/msm_sdcc\.1/by-name/misc    u:object_r:misc_block_device:s0
+/dev/block/platform/msm_sdcc\.1/by-name/modemst1    u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/msm_sdcc\.1/by-name/modemst2    u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/msm_sdcc\.1/by-name/recovery    u:object_r:recovery_block_device:s0
+/dev/block/platform/msm_sdcc\.1/by-name/ssd     u:object_r:ssd_device:s0
+/dev/block/platform/msm_sdcc\.1/by-name/system  u:object_r:system_block_device:s0
+/dev/block/platform/msm_sdcc\.1/by-name/userdata    u:object_r:userdata_block_device:s0
+
 ###################################
 # System files
 #
@@ -28,7 +36,6 @@
 /system/bin/thermal-engine                      u:object_r:thermal-engine_exec:s0
 /system/bin/qcks                                u:object_r:mdm_helper_exec:s0
 /system/bin/efks                                u:object_r:mdm_helper_exec:s0
-/system/bin/DR_AP_Service                       u:object_r:location_exec:s0
 
 ###################################
 # Data files

msm8960/init_shell.te

@@ -27,6 +27,4 @@
 
 #For property starting with hw
 #ctl_thermal-engine_prop - for access the thermal-engine
-allow qti_init_shell {
-   ctl_thermal-engine_prop
-}:property_service set;
+set_prop(qti_init_shell, ctl_thermal-engine_prop)

msm8974/file_contexts

@@ -27,6 +27,8 @@
 ###################################
 # Primary storage device nodes
 #
+/dev/block/platform/msm_sdcc\.1/by-name/boot                  u:object_r:boot_block_device:s0
+/dev/block/platform/msm_sdcc\.1/by-name/recovery              u:object_r:recovery_block_device:s0
 /dev/block/platform/msm_sdcc\.1/by-name/fsg                   u:object_r:modem_efs_partition_device:s0
 /dev/block/platform/msm_sdcc\.1/by-name/fsc                   u:object_r:modem_efs_partition_device:s0
 /dev/block/platform/msm_sdcc\.1/by-name/modemst1              u:object_r:modem_efs_partition_device:s0
@@ -35,5 +37,6 @@
 /dev/block/platform/msm_sdcc\.1/by-name/misc                  u:object_r:misc_block_device:s0
 /dev/block/platform/msm_sdcc\.1/by-name/userdata              u:object_r:userdata_block_device:s0
 /dev/block/platform/msm_sdcc\.1/by-name/logdump               u:object_r:logdump_partition:s0
+/dev/block/platform/msm_sdcc\.1/by-name/cache                 u:object_r:cache_block_device:s0
 /dev/block/mmcblk0                                            u:object_r:root_block_device:s0
 /dev/block/mmcblk0rpmb                                        u:object_r:rpmb_device:s0

msm8976/file_contexts

@@ -26,5 +26,5 @@
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 #rawdump partition
-/dev/block/platform/soc/7824900.sdhci/by-name/rawdump               u:object_r:rawdump_block_device:s0
+/dev/block/platform/soc/7824900\.sdhci/by-name/rawdump              u:object_r:rawdump_block_device:s0
 /sys/kernel/dload/emmc_dload                                        u:object_r:sysfs_emmc_dload:s0

msm8992/file_contexts

@@ -27,17 +27,17 @@
 ###################################
 # Dev block nodes
 #
-/dev/block/platform/soc.0/f9824900.sdhci/by-name/fsc                                u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc.0/f9824900.sdhci/by-name/fsg                                u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc.0/f9824900.sdhci/by-name/modemst1                           u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc.0/f9824900.sdhci/by-name/modemst2                           u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc.0/f9824900.sdhci/by-name/ssd                                u:object_r:ssd_device:s0
-/dev/block/platform/soc.0/f9824900.sdhci/by-name/misc                               u:object_r:misc_block_device:s0
-/dev/block/platform/soc.0/f9824900.sdhci/by-name/userdata                           u:object_r:userdata_block_device:s0
-/dev/block/platform/soc.0/f9824900.sdhci/by-name/boot                               u:object_r:boot_block_device:s0
-/dev/block/platform/soc.0/f9824900.sdhci/by-name/recovery                           u:object_r:recovery_block_device:s0
-/dev/block/platform/soc.0/f9824900.sdhci/by-name/cache                              u:object_r:cache_block_device:s0
-/dev/block/platform/soc.0/f9824900.sdhci/by-name/config                             u:object_r:frp_block_device:s0
-/dev/block/platform/soc.0/f9824900.sdhci/by-name/logdump                            u:object_r:logdump_partition:s0
+/dev/block/platform/soc\.0/f9824900\.sdhci/by-name/fsc                              u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc\.0/f9824900\.sdhci/by-name/fsg                              u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc\.0/f9824900\.sdhci/by-name/modemst1                         u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc\.0/f9824900\.sdhci/by-name/modemst2                         u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc\.0/f9824900\.sdhci/by-name/ssd                              u:object_r:ssd_device:s0
+/dev/block/platform/soc\.0/f9824900\.sdhci/by-name/misc                             u:object_r:misc_block_device:s0
+/dev/block/platform/soc\.0/f9824900\.sdhci/by-name/userdata                         u:object_r:userdata_block_device:s0
+/dev/block/platform/soc\.0/f9824900\.sdhci/by-name/boot                             u:object_r:boot_block_device:s0
+/dev/block/platform/soc\.0/f9824900\.sdhci/by-name/recovery                         u:object_r:recovery_block_device:s0
+/dev/block/platform/soc\.0/f9824900\.sdhci/by-name/cache                            u:object_r:cache_block_device:s0
+/dev/block/platform/soc\.0/f9824900\.sdhci/by-name/config                           u:object_r:frp_block_device:s0
+/dev/block/platform/soc\.0/f9824900\.sdhci/by-name/logdump                          u:object_r:logdump_partition:s0
 /dev/block/mmcblk0rpmb                                                              u:object_r:rpmb_device:s0
 /dev/block/mmcblk0                                                                  u:object_r:root_block_device:s0

msm8994/file_contexts

@@ -32,30 +32,30 @@
 /dev/block/mmcblk0                                                                  u:object_r:root_block_device:s0
 
 # UFS devices
-/dev/block/platform/soc.0/fc594000.ufshc/by-name/fsc                                u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc.0/fc594000.ufshc/by-name/fsg                                u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc.0/fc594000.ufshc/by-name/modemst1                           u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc.0/fc594000.ufshc/by-name/modemst2                           u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc.0/fc594000.ufshc/by-name/ssd                                u:object_r:ssd_device:s0
-/dev/block/platform/soc.0/fc594000.ufshc/by-name/misc                               u:object_r:misc_block_device:s0
-/dev/block/platform/soc.0/fc594000.ufshc/by-name/userdata                           u:object_r:userdata_block_device:s0
-/dev/block/platform/soc.0/fc594000.ufshc/by-name/boot                               u:object_r:boot_block_device:s0
-/dev/block/platform/soc.0/fc594000.ufshc/by-name/recovery                           u:object_r:recovery_block_device:s0
-/dev/block/platform/soc.0/fc594000.ufshc/by-name/cache                              u:object_r:cache_block_device:s0
-/dev/block/platform/soc.0/fc594000.ufshc/by-name/frp                                u:object_r:frp_block_device:s0
-/dev/block/platform/soc.0/fc594000.ufshc/by-name/logdump                            u:object_r:logdump_partition:s0
+/dev/block/platform/soc\.0/fc594000\.ufshc/by-name/fsc                              u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc\.0/fc594000\.ufshc/by-name/fsg                              u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc\.0/fc594000\.ufshc/by-name/modemst1                         u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc\.0/fc594000\.ufshc/by-name/modemst2                         u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc\.0/fc594000\.ufshc/by-name/ssd                              u:object_r:ssd_device:s0
+/dev/block/platform/soc\.0/fc594000\.ufshc/by-name/misc                             u:object_r:misc_block_device:s0
+/dev/block/platform/soc\.0/fc594000\.ufshc/by-name/userdata                         u:object_r:userdata_block_device:s0
+/dev/block/platform/soc\.0/fc594000\.ufshc/by-name/boot                             u:object_r:boot_block_device:s0
+/dev/block/platform/soc\.0/fc594000\.ufshc/by-name/recovery                         u:object_r:recovery_block_device:s0
+/dev/block/platform/soc\.0/fc594000\.ufshc/by-name/cache                            u:object_r:cache_block_device:s0
+/dev/block/platform/soc\.0/fc594000\.ufshc/by-name/frp                              u:object_r:frp_block_device:s0
+/dev/block/platform/soc\.0/fc594000\.ufshc/by-name/logdump                          u:object_r:logdump_partition:s0
 
 
 # eMMC devices
-/dev/block/platform/soc.0/f9824900.sdhci/by-name/fsc                                u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc.0/f9824900.sdhci/by-name/fsg                                u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc.0/f9824900.sdhci/by-name/modemst1                           u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc.0/f9824900.sdhci/by-name/modemst2                           u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc.0/f9824900.sdhci/by-name/ssd                                u:object_r:ssd_device:s0
-/dev/block/platform/soc.0/f9824900.sdhci/by-name/misc                               u:object_r:misc_block_device:s0
-/dev/block/platform/soc.0/f9824900.sdhci/by-name/userdata                           u:object_r:userdata_block_device:s0
-/dev/block/platform/soc.0/f9824900.sdhci/by-name/boot                               u:object_r:boot_block_device:s0
-/dev/block/platform/soc.0/f9824900.sdhci/by-name/recovery                           u:object_r:recovery_block_device:s0
-/dev/block/platform/soc.0/f9824900.sdhci/by-name/cache                              u:object_r:cache_block_device:s0
-/dev/block/platform/soc.0/f9824900.sdhci/by-name/config                             u:object_r:frp_block_device:s0
-/dev/block/platform/soc.0/f9824900.sdhci/by-name/logdump                            u:object_r:logdump_partition:s0
+/dev/block/platform/soc\.0/f9824900\.sdhci/by-name/fsc                              u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc\.0/f9824900\.sdhci/by-name/fsg                              u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc\.0/f9824900\.sdhci/by-name/modemst1                         u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc\.0/f9824900\.sdhci/by-name/modemst2                         u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc\.0/f9824900\.sdhci/by-name/ssd                              u:object_r:ssd_device:s0
+/dev/block/platform/soc\.0/f9824900\.sdhci/by-name/misc                             u:object_r:misc_block_device:s0
+/dev/block/platform/soc\.0/f9824900\.sdhci/by-name/userdata                         u:object_r:userdata_block_device:s0
+/dev/block/platform/soc\.0/f9824900\.sdhci/by-name/boot                             u:object_r:boot_block_device:s0
+/dev/block/platform/soc\.0/f9824900\.sdhci/by-name/recovery                         u:object_r:recovery_block_device:s0
+/dev/block/platform/soc\.0/f9824900\.sdhci/by-name/cache                            u:object_r:cache_block_device:s0
+/dev/block/platform/soc\.0/f9824900\.sdhci/by-name/config                           u:object_r:frp_block_device:s0
+/dev/block/platform/soc\.0/f9824900\.sdhci/by-name/logdump                          u:object_r:logdump_partition:s0

msm8996/file_contexts

@@ -33,50 +33,50 @@
 /dev/block/mmcblk0                                                              u:object_r:root_block_device:s0
 
 # UFS devices
-/dev/block/platform/soc/624000.ufshc/by-name/fsc                                u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc/624000.ufshc/by-name/fsg                                u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc/624000.ufshc/by-name/modemst1                           u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc/624000.ufshc/by-name/modemst2                           u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc/624000.ufshc/by-name/ssd                                u:object_r:ssd_device:s0
-/dev/block/platform/soc/624000.ufshc/by-name/misc                               u:object_r:misc_block_device:s0
-/dev/block/platform/soc/624000.ufshc/by-name/rpm                                u:object_r:rpmb_device:s0
-/dev/block/platform/soc/624000.ufshc/by-name/system                             u:object_r:system_block_device:s0
-/dev/block/platform/soc/624000.ufshc/by-name/userdata                           u:object_r:userdata_block_device:s0
-/dev/block/platform/soc/624000.ufshc/by-name/msadp                              u:object_r:mba_debug_dev:s0
-/dev/block/platform/soc/624000.ufshc/by-name/dip                                u:object_r:dip_device:s0
-/dev/block/platform/soc/624000.ufshc/by-name/mdtp                               u:object_r:mdtp_device:s0
-/dev/block/platform/soc/624000.ufshc/by-name/boot                               u:object_r:boot_block_device:s0
-/dev/block/platform/soc/624000.ufshc/by-name/recovery                           u:object_r:recovery_block_device:s0
-/dev/block/platform/soc/624000.ufshc/by-name/cache                              u:object_r:cache_block_device:s0
-/dev/block/platform/soc/624000.ufshc/by-name/frp                                u:object_r:frp_block_device:s0
-/dev/block/platform/soc/624000.ufshc/by-name/mdm1m9kefs1                        u:object_r:efs_boot_dev:s0
-/dev/block/platform/soc/624000.ufshc/by-name/mdm1m9kefs2                        u:object_r:efs_boot_dev:s0
-/dev/block/platform/soc/624000.ufshc/by-name/mdm1m9kefs3                        u:object_r:efs_boot_dev:s0
-/dev/block/platform/soc/624000.ufshc/by-name/mdm1m9kefsc                        u:object_r:efs_boot_dev:s0
-/dev/block/platform/soc/624000.ufshc/by-name/logdump                            u:object_r:logdump_partition:s0
+/dev/block/platform/soc/624000\.ufshc/by-name/fsc                               u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/624000\.ufshc/by-name/fsg                               u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/624000\.ufshc/by-name/modemst1                          u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/624000\.ufshc/by-name/modemst2                          u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/624000\.ufshc/by-name/ssd                               u:object_r:ssd_device:s0
+/dev/block/platform/soc/624000\.ufshc/by-name/misc                              u:object_r:misc_block_device:s0
+/dev/block/platform/soc/624000\.ufshc/by-name/rpm                               u:object_r:rpmb_device:s0
+/dev/block/platform/soc/624000\.ufshc/by-name/system                            u:object_r:system_block_device:s0
+/dev/block/platform/soc/624000\.ufshc/by-name/userdata                          u:object_r:userdata_block_device:s0
+/dev/block/platform/soc/624000\.ufshc/by-name/msadp                             u:object_r:mba_debug_dev:s0
+/dev/block/platform/soc/624000\.ufshc/by-name/dip                               u:object_r:dip_device:s0
+/dev/block/platform/soc/624000\.ufshc/by-name/mdtp                              u:object_r:mdtp_device:s0
+/dev/block/platform/soc/624000\.ufshc/by-name/boot                              u:object_r:boot_block_device:s0
+/dev/block/platform/soc/624000\.ufshc/by-name/recovery                          u:object_r:recovery_block_device:s0
+/dev/block/platform/soc/624000\.ufshc/by-name/cache                             u:object_r:cache_block_device:s0
+/dev/block/platform/soc/624000\.ufshc/by-name/frp                               u:object_r:frp_block_device:s0
+/dev/block/platform/soc/624000\.ufshc/by-name/mdm1m9kefs1                       u:object_r:efs_boot_dev:s0
+/dev/block/platform/soc/624000\.ufshc/by-name/mdm1m9kefs2                       u:object_r:efs_boot_dev:s0
+/dev/block/platform/soc/624000\.ufshc/by-name/mdm1m9kefs3                       u:object_r:efs_boot_dev:s0
+/dev/block/platform/soc/624000\.ufshc/by-name/mdm1m9kefsc                       u:object_r:efs_boot_dev:s0
+/dev/block/platform/soc/624000\.ufshc/by-name/logdump                           u:object_r:logdump_partition:s0
 
 # eMMC devices
-/dev/block/platform/soc/7464900.sdhci/by-name/fsc                               u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc/7464900.sdhci/by-name/fsg                               u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc/7464900.sdhci/by-name/modemst1                          u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc/7464900.sdhci/by-name/modemst2                          u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc/7464900.sdhci/by-name/ssd                               u:object_r:ssd_device:s0
-/dev/block/platform/soc/7464900.sdhci/by-name/misc                              u:object_r:misc_block_device:s0
-/dev/block/platform/soc/7464900.sdhci/by-name/rpm                               u:object_r:rpmb_device:s0
-/dev/block/platform/soc/7464900.sdhci/by-name/system                            u:object_r:system_block_device:s0
-/dev/block/platform/soc/7464900.sdhci/by-name/userdata                          u:object_r:userdata_block_device:s0
-/dev/block/platform/soc/7464900.sdhci/by-name/msadp                             u:object_r:mba_debug_dev:s0
-/dev/block/platform/soc/7464900.sdhci/by-name/dip                               u:object_r:dip_device:s0
-/dev/block/platform/soc/7464900.sdhci/by-name/mdtp                              u:object_r:mdtp_device:s0
-/dev/block/platform/soc/7464900.sdhci/by-name/boot                              u:object_r:boot_block_device:s0
-/dev/block/platform/soc/7464900.sdhci/by-name/recovery                          u:object_r:recovery_block_device:s0
-/dev/block/platform/soc/7464900.sdhci/by-name/cache                             u:object_r:cache_block_device:s0
-/dev/block/platform/soc/7464900.sdhci/by-name/frp                               u:object_r:frp_block_device:s0
-/dev/block/platform/soc/7464900.sdhci/by-name/mdm1m9kefs1                       u:object_r:efs_boot_dev:s0
-/dev/block/platform/soc/7464900.sdhci/by-name/mdm1m9kefs2                       u:object_r:efs_boot_dev:s0
-/dev/block/platform/soc/7464900.sdhci/by-name/mdm1m9kefs3                       u:object_r:efs_boot_dev:s0
-/dev/block/platform/soc/7464900.sdhci/by-name/mdm1m9kefsc                       u:object_r:efs_boot_dev:s0
-/dev/block/platform/soc/7464900.sdhci/by-name/logdump                           u:object_r:logdump_partition:s0
+/dev/block/platform/soc/7464900\.sdhci/by-name/fsc                              u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/7464900\.sdhci/by-name/fsg                              u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/7464900\.sdhci/by-name/modemst1                         u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/7464900\.sdhci/by-name/modemst2                         u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/7464900\.sdhci/by-name/ssd                              u:object_r:ssd_device:s0
+/dev/block/platform/soc/7464900\.sdhci/by-name/misc                             u:object_r:misc_block_device:s0
+/dev/block/platform/soc/7464900\.sdhci/by-name/rpm                              u:object_r:rpmb_device:s0
+/dev/block/platform/soc/7464900\.sdhci/by-name/system                           u:object_r:system_block_device:s0
+/dev/block/platform/soc/7464900\.sdhci/by-name/userdata                         u:object_r:userdata_block_device:s0
+/dev/block/platform/soc/7464900\.sdhci/by-name/msadp                            u:object_r:mba_debug_dev:s0
+/dev/block/platform/soc/7464900\.sdhci/by-name/dip                              u:object_r:dip_device:s0
+/dev/block/platform/soc/7464900\.sdhci/by-name/mdtp                             u:object_r:mdtp_device:s0
+/dev/block/platform/soc/7464900\.sdhci/by-name/boot                             u:object_r:boot_block_device:s0
+/dev/block/platform/soc/7464900\.sdhci/by-name/recovery                         u:object_r:recovery_block_device:s0
+/dev/block/platform/soc/7464900\.sdhci/by-name/cache                            u:object_r:cache_block_device:s0
+/dev/block/platform/soc/7464900\.sdhci/by-name/frp                              u:object_r:frp_block_device:s0
+/dev/block/platform/soc/7464900\.sdhci/by-name/mdm1m9kefs1                      u:object_r:efs_boot_dev:s0
+/dev/block/platform/soc/7464900\.sdhci/by-name/mdm1m9kefs2                      u:object_r:efs_boot_dev:s0
+/dev/block/platform/soc/7464900\.sdhci/by-name/mdm1m9kefs3                      u:object_r:efs_boot_dev:s0
+/dev/block/platform/soc/7464900\.sdhci/by-name/mdm1m9kefsc                      u:object_r:efs_boot_dev:s0
+/dev/block/platform/soc/7464900\.sdhci/by-name/logdump                          u:object_r:logdump_partition:s0
 
 ###################################
 # Dev socket nodes
@@ -96,7 +96,7 @@
 #
 /sys/devices/virtual/graphics/fb([0-2])+/lineptr_value                          u:object_r:sysfs_graphics:s0
 
-/sys/devices/soc/b00000.qcom,kgsl-3d0/kgsl/kgsl-3d0/gpu_available_frequencies   u:object_r:sysfs_kgsl:s0
+/sys/devices/soc/b00000\.qcom,kgsl-3d0/kgsl/kgsl-3d0/gpu_available_frequencies  u:object_r:sysfs_kgsl:s0
 
 ###################################
 # data files
@@ -106,5 +106,5 @@
 /data/misc/qvr(/.*)?       u:object_r:qvrd_data_file:s0
 
 #rawdump partition
-/dev/block/platform/soc/7464900.sdhci/by-name/rawdump                           u:object_r:rawdump_block_device:s0
+/dev/block/platform/soc/7464900\.sdhci/by-name/rawdump                          u:object_r:rawdump_block_device:s0
 /sys/kernel/dload/emmc_dload                                                    u:object_r:sysfs_emmc_dload:s0

msm8996/init_shell.te

@@ -25,4 +25,4 @@
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-allow qti_init_shell ctl_qvrd_prop:property_service set;
+set_prop(qti_init_shell, ctl_qvrd_prop)

msm8998/file_contexts

@@ -28,26 +28,26 @@
 # Dev block nodes
 
 # UFS Devices
-/dev/block/platform/soc/1da4000.ufshc/by-name/system                            u:object_r:system_block_device:s0
-/dev/block/platform/soc/1da4000.ufshc/by-name/userdata                          u:object_r:userdata_block_device:s0
-/dev/block/platform/soc/1da4000.ufshc/by-name/boot                              u:object_r:boot_block_device:s0
-/dev/block/platform/soc/1da4000.ufshc/by-name/logdump                           u:object_r:logdump_partition:s0
-/dev/block/platform/soc/1da4000.ufshc/by-name/fsc                                u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc/1da4000.ufshc/by-name/fsg                                u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc/1da4000.ufshc/by-name/modemst1                           u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc/1da4000.ufshc/by-name/modemst2                           u:object_r:modem_efs_partition_device:s0
-/dev/block/platform/soc/1da4000.ufshc/by-name/ssd                                u:object_r:ssd_device:s0
-/dev/block/platform/soc/1da4000.ufshc/by-name/misc                               u:object_r:misc_block_device:s0
-/dev/block/platform/soc/1da4000.ufshc/by-name/rpm                                u:object_r:rpmb_device:s0
-/dev/block/platform/soc/1da4000.ufshc/by-name/msadp                              u:object_r:mba_debug_dev:s0
-/dev/block/platform/soc/1da4000.ufshc/by-name/recovery                           u:object_r:recovery_block_device:s0
-/dev/block/platform/soc/1da4000.ufshc/by-name/cache                              u:object_r:cache_block_device:s0
-/dev/block/platform/soc/1da4000.ufshc/by-name/frp                                u:object_r:frp_block_device:s0
-/dev/block/platform/soc/1da4000.ufshc/by-name/mdtp                               u:object_r:mdtp_device:s0
-/dev/block/platform/soc/1da4000.ufshc/by-name/dip                                u:object_r:dip_device:s0
+/dev/block/platform/soc/1da4000\.ufshc/by-name/system                            u:object_r:system_block_device:s0
+/dev/block/platform/soc/1da4000\.ufshc/by-name/userdata                          u:object_r:userdata_block_device:s0
+/dev/block/platform/soc/1da4000\.ufshc/by-name/boot                              u:object_r:boot_block_device:s0
+/dev/block/platform/soc/1da4000\.ufshc/by-name/logdump                           u:object_r:logdump_partition:s0
+/dev/block/platform/soc/1da4000\.ufshc/by-name/fsc                               u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/1da4000\.ufshc/by-name/fsg                               u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/1da4000\.ufshc/by-name/modemst1                          u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/1da4000\.ufshc/by-name/modemst2                          u:object_r:modem_efs_partition_device:s0
+/dev/block/platform/soc/1da4000\.ufshc/by-name/ssd                               u:object_r:ssd_device:s0
+/dev/block/platform/soc/1da4000\.ufshc/by-name/misc                              u:object_r:misc_block_device:s0
+/dev/block/platform/soc/1da4000\.ufshc/by-name/rpm                               u:object_r:rpmb_device:s0
+/dev/block/platform/soc/1da4000\.ufshc/by-name/msadp                             u:object_r:mba_debug_dev:s0
+/dev/block/platform/soc/1da4000\.ufshc/by-name/recovery                          u:object_r:recovery_block_device:s0
+/dev/block/platform/soc/1da4000\.ufshc/by-name/cache                             u:object_r:cache_block_device:s0
+/dev/block/platform/soc/1da4000\.ufshc/by-name/frp                               u:object_r:frp_block_device:s0
+/dev/block/platform/soc/1da4000\.ufshc/by-name/mdtp                              u:object_r:mdtp_device:s0
+/dev/block/platform/soc/1da4000\.ufshc/by-name/dip                               u:object_r:dip_device:s0
 
 #rawdump partition
-/dev/block/platform/soc/1da4000.ufshc/by-name/rawdump                            u:object_r:rawdump_block_device:s0
+/dev/block/platform/soc/1da4000\.ufshc/by-name/rawdump                           u:object_r:rawdump_block_device:s0
 /sys/kernel/dload/emmc_dload                                                     u:object_r:sysfs_emmc_dload:s0
 
 ###################################

msm8998/init_shell.te

@@ -30,4 +30,4 @@ allow qti_init_shell regionalization_file:dir r_dir_perms;
 allow qti_init_shell regionalization_file:file create_file_perms;
 
 # For VR
-allow qti_init_shell ctl_qvrd_prop:property_service set;
+set_prop(qti_init_shell, ctl_qvrd_prop)

msm8998/untrusted_app.te

@@ -28,3 +28,5 @@
 
 # for oemfs
 allow untrusted_app oemfs:lnk_file { read getattr };
+#for regionalization data file
+allow untrusted_app regionalization_data_file:file r_file_perms;

sepolicy.mk

@@ -0,0 +1,9 @@
+# Board specific SELinux policy variable definitions
+BOARD_SEPOLICY_DIRS := \
+       $(BOARD_SEPOLICY_DIRS) \
+       device/qcom/sepolicy \
+       device/qcom/sepolicy/common \
+       device/qcom/sepolicy/test \
+       device/qcom/sepolicy/$(TARGET_BOARD_PLATFORM)
+
+-include vendor/cm/sepolicy/qcom/sepolicy.mk

test/fidotest.te

@@ -17,9 +17,6 @@ userdebug_or_eng(`
   #Allow fido test daemons to be registered with service manager
   allow fidotest fidotest_service:service_manager add;
 
-  # Allow communication with init over property server
-  unix_socket_connect(fidotest, property, init);
-
   # Allow access to tee device
   allow fidotest tee_device:chr_file rw_file_perms;
 

test/qseeproxysample.te

@@ -45,9 +45,6 @@ userdebug_or_eng(`
   #Allow test daemon to use system_server via binder to check caller identity
   binder_call(qseeproxysample, system_server)
 
-  # Allow communication with init over property server
-  unix_socket_connect(qseeproxysample, property, init);
-
   # Allow access to tee device
   allow qseeproxysample tee_device:chr_file rw_file_perms;
 

test/qti-testscripts.te

@@ -26,7 +26,9 @@
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 userdebug_or_eng(`
-  type qti-testscripts, domain, domain_deprecated, mlstrustedsubject;
+  # forward declaration is done in system/sepolicy to avoid neverallow issues
+  
+  # type qti-testscripts, domain, domain_deprecated, mlstrustedsubject;
   permissive qti-testscripts;
   domain_trans(init, shell_exec, qti-testscripts)