Merge "Merge Android R (rvc-dev-plus-aosp-without-vendor@6692709)" into stage-aosp-master
diff --git a/OWNERS b/OWNERS
index 374d508..9b7f099 100644
--- a/OWNERS
+++ b/OWNERS
@@ -4,8 +4,10 @@
jbires@google.com
jeffv@google.com
jgalenson@google.com
+jiyong@google.com
nnk@google.com
rurumihong@google.com
sspatil@google.com
+smoreland@google.com
tomcherry@google.com
trong@google.com
diff --git a/coral-sepolicy.mk b/coral-sepolicy.mk
index 8ea3e0a..4d1a0e2 100644
--- a/coral-sepolicy.mk
+++ b/coral-sepolicy.mk
@@ -1,5 +1,5 @@
-PRODUCT_PUBLIC_SEPOLICY_DIRS := device/google/coral-sepolicy/public
-PRODUCT_PRIVATE_SEPOLICY_DIRS := device/google/coral-sepolicy/private
+PRODUCT_PUBLIC_SEPOLICY_DIRS += device/google/coral-sepolicy/public
+PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/coral-sepolicy/private
# vendors
BOARD_SEPOLICY_DIRS += device/google/coral-sepolicy/vendor/google
@@ -7,3 +7,7 @@
BOARD_SEPOLICY_DIRS += device/google/coral-sepolicy/vendor/qcom/sm8150
BOARD_SEPOLICY_DIRS += device/google/coral-sepolicy/vendor/knowles/common
BOARD_SEPOLICY_DIRS += device/google/coral-sepolicy/tracking_denials
+BOARD_SEPOLICY_DIRS += device/google/coral-sepolicy/vendor/verizon
+
+# Pixel-wide
+BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/citadel
diff --git a/private/atrace.te b/private/atrace.te
deleted file mode 100644
index ddf34c9..0000000
--- a/private/atrace.te
+++ /dev/null
@@ -1,6 +0,0 @@
-# On debug builds, allow specific HALs to be notified that
-# trace-related system properties have changed.
-# TODO(b/135396507): Remove once b/78136428 is resolved.
-userdebug_or_eng(`
- hal_client_domain(atrace, hal_vibrator)
-')
diff --git a/private/dun-server.te b/private/dun-server.te
deleted file mode 100644
index 25dd77c..0000000
--- a/private/dun-server.te
+++ /dev/null
@@ -1,5 +0,0 @@
-type dun-server_exec, system_file_type, exec_type, file_type;
-typeattribute dun-server coredomain;
-
-init_daemon_domain(dun-server)
-
diff --git a/private/file.te b/private/file.te
deleted file mode 100644
index efbe29d..0000000
--- a/private/file.te
+++ /dev/null
@@ -1 +0,0 @@
-type dpmwrapper_socket, file_type, coredomain_socket, mlstrustedobject;
diff --git a/private/file_contexts b/private/file_contexts
index 8a3be54..1e55ebd 100755
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -1,8 +1,3 @@
####### system file ###############
-/system/bin/dun-server u:object_r:dun-server_exec:s0
/system/bin/bt_logger u:object_r:bt_logger_exec:s0
-/system/etc/init\.qcom\.testscripts\.sh u:object_r:qti-testscripts_exec:s0
/system/bin/smcinvoked u:object_r:smcinvoke_daemon_exec:s0
-/system/bin/wfdservice u:object_r:wfdservice_exec:s0
-/system/bin/mmi u:object_r:vendor_mmi_sys_exec:s0
-/system/bin/mmi_diag u:object_r:vendor_mmi_sys_exec:s0
diff --git a/private/mmi_sys.te b/private/mmi_sys.te
deleted file mode 100755
index 2424611..0000000
--- a/private/mmi_sys.te
+++ /dev/null
@@ -1,7 +0,0 @@
-typeattribute vendor_mmi_sys coredomain;
-type vendor_mmi_sys_exec, system_file_type, exec_type, file_type;
-
-#init
-init_daemon_domain(vendor_mmi_sys)
-
-
diff --git a/private/qti-testscripts.te b/private/qti-testscripts.te
deleted file mode 100644
index b8ac419..0000000
--- a/private/qti-testscripts.te
+++ /dev/null
@@ -1,9 +0,0 @@
-#as the exec is defined in file_context it is hitting build
-# error in user build so moving out of the macro
-type qti-testscripts_exec, system_file_type, exec_type, file_type;
-
-userdebug_or_eng(`
- typeattribute qti-testscripts coredomain;
- init_daemon_domain(qti-testscripts)
-
-')
diff --git a/private/seapp_contexts b/private/seapp_contexts
index 57a99de..6b8b2cc 100644
--- a/private/seapp_contexts
+++ b/private/seapp_contexts
@@ -1,2 +1,5 @@
# Domain for WfcActivation app
user=_app seinfo=wfcactivation name=com.google.android.wfcactivation domain=wfc_activation_app levelFrom=all
+
+#Domain for Sprint Hidden Menu
+user=_app isPrivApp=true seinfo=platform name=com.google.android.hiddenmenu domain=sprint_hidden_menu type=app_data_file levelFrom=all
diff --git a/private/service.te b/private/service.te
index 6d01230..db4c81f 100644
--- a/private/service.te
+++ b/private/service.te
@@ -8,5 +8,4 @@
type wigigp2p_service, app_api_service, system_server_service, service_manager_type;
type wigig_service, app_api_service, system_server_service, service_manager_type;
type vendor_perf_service, app_api_service, system_server_service, service_manager_type;
-type wfdservice_service, service_manager_type;
type qchook_service, service_manager_type;
diff --git a/private/sprint_hidden_menu.te b/private/sprint_hidden_menu.te
new file mode 100644
index 0000000..9eb45e7
--- /dev/null
+++ b/private/sprint_hidden_menu.te
@@ -0,0 +1,9 @@
+type sprint_hidden_menu, domain, coredomain;
+
+app_domain(sprint_hidden_menu)
+net_domain(sprint_hidden_menu)
+
+# Services
+allow sprint_hidden_menu app_api_service:service_manager find;
+allow sprint_hidden_menu qchook_service:service_manager find;
+allow sprint_hidden_menu radio_service:service_manager find;
diff --git a/private/wfdservice.te b/private/wfdservice.te
deleted file mode 100644
index 9d32684..0000000
--- a/private/wfdservice.te
+++ /dev/null
@@ -1,6 +0,0 @@
-typeattribute wfdservice coredomain;
-
-#Allow for transition from init domain to wfdservice
-init_daemon_domain(wfdservice)
-
-
diff --git a/public/dun-server.te b/public/dun-server.te
deleted file mode 100644
index 889504e..0000000
--- a/public/dun-server.te
+++ /dev/null
@@ -1 +0,0 @@
-type dun-server, domain;
diff --git a/public/file.te b/public/file.te
deleted file mode 100644
index ddf72a6..0000000
--- a/public/file.te
+++ /dev/null
@@ -1 +0,0 @@
-type dpmtcm_socket, file_type, coredomain_socket, mlstrustedobject;
diff --git a/public/hwservice.te b/public/hwservice.te
deleted file mode 100644
index 0751bc4..0000000
--- a/public/hwservice.te
+++ /dev/null
@@ -1 +0,0 @@
-type hal_atfwd_hwservice, coredomain_hwservice, hwservice_manager_type;
diff --git a/public/mmi_sys.te b/public/mmi_sys.te
deleted file mode 100755
index c14aa19..0000000
--- a/public/mmi_sys.te
+++ /dev/null
@@ -1 +0,0 @@
-type vendor_mmi_sys, domain;
diff --git a/public/qtelephony.te b/public/qtelephony.te
deleted file mode 100644
index 99191bc..0000000
--- a/public/qtelephony.te
+++ /dev/null
@@ -1 +0,0 @@
-type qtelephony, domain;
diff --git a/public/qti-testscripts.te b/public/qti-testscripts.te
deleted file mode 100644
index cff8a7d..0000000
--- a/public/qti-testscripts.te
+++ /dev/null
@@ -1,3 +0,0 @@
-userdebug_or_eng(`
- type qti-testscripts, domain, mlstrustedsubject;
-')
diff --git a/public/wfdservice.te b/public/wfdservice.te
deleted file mode 100644
index 1dd0f7d..0000000
--- a/public/wfdservice.te
+++ /dev/null
@@ -1,2 +0,0 @@
-type wfdservice, domain;
-type wfdservice_exec, system_file_type, exec_type, file_type;
diff --git a/tracking_denials/bootanim.te b/tracking_denials/bootanim.te
deleted file mode 100644
index 977590d..0000000
--- a/tracking_denials/bootanim.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/128958090
-dontaudit bootanim sysfs_msm_subsys:dir search;
diff --git a/tracking_denials/hal_audio_default.te b/tracking_denials/hal_audio_default.te
deleted file mode 100644
index f0bd336..0000000
--- a/tracking_denials/hal_audio_default.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/129111829
-dontaudit hal_audio_default exported3_system_prop:file read;
diff --git a/tracking_denials/hal_face_default.te b/tracking_denials/hal_face_default.te
index 1be13a5..6ee257a 100644
--- a/tracking_denials/hal_face_default.te
+++ b/tracking_denials/hal_face_default.te
@@ -1,2 +1,3 @@
-# b/134894179
+# b/149542424
dontaudit hal_face_default exported_camera_prop:file read;
+dontaudit hal_face_default vendor_display_prop:file read;
diff --git a/tracking_denials/hal_graphics_allocator_default.te b/tracking_denials/hal_graphics_allocator_default.te
deleted file mode 100644
index 68eb040..0000000
--- a/tracking_denials/hal_graphics_allocator_default.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/149542444
-dontaudit hal_graphics_allocator_default sysfs_msm_subsys:dir search;
diff --git a/tracking_denials/ims.te b/tracking_denials/ims.te
deleted file mode 100644
index 255f3ec..0000000
--- a/tracking_denials/ims.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/129460752
-dontaudit ims sysfs_faceauth:dir search;
diff --git a/tracking_denials/init-insmod-sh.te b/tracking_denials/init-insmod-sh.te
deleted file mode 100644
index d4039af..0000000
--- a/tracking_denials/init-insmod-sh.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/149543972
-dontaudit init-insmod-sh proc_cmdline:file read;
diff --git a/tracking_denials/init.te b/tracking_denials/init.te
deleted file mode 100644
index d4ce80b..0000000
--- a/tracking_denials/init.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/149542343
-dontaudit init kernel:system module_request;
diff --git a/tracking_denials/location.te b/tracking_denials/location.te
deleted file mode 100644
index 6e64ef1..0000000
--- a/tracking_denials/location.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/149544069
-dontaudit location qtidataservices_app:binder call;
diff --git a/tracking_denials/platform_app.te b/tracking_denials/platform_app.te
deleted file mode 100644
index d58e641..0000000
--- a/tracking_denials/platform_app.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/149542783
-dontaudit platform_app sysfs_msm_subsys:dir search;
diff --git a/tracking_denials/radio.te b/tracking_denials/radio.te
deleted file mode 100644
index 7a81617..0000000
--- a/tracking_denials/radio.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/129455852
-dontaudit radio proc_filesystems:file read;
diff --git a/tracking_denials/surfaceflinger.te b/tracking_denials/surfaceflinger.te
deleted file mode 100644
index 9c96382..0000000
--- a/tracking_denials/surfaceflinger.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/149544591
-dontaudit surfaceflinger sysfs_msm_subsys:dir search;
diff --git a/tracking_denials/system_app.te b/tracking_denials/system_app.te
deleted file mode 100644
index 7037625..0000000
--- a/tracking_denials/system_app.te
+++ /dev/null
@@ -1,3 +0,0 @@
-# b/149544592
-dontaudit system_app apk_verity_prop:file read;
-dontaudit system_app sysfs_msm_subsys:dir search;
diff --git a/tracking_denials/system_server.te b/tracking_denials/system_server.te
index 79d8a91..c073049 100644
--- a/tracking_denials/system_server.te
+++ b/tracking_denials/system_server.te
@@ -1,2 +1,4 @@
# b/149544018
dontaudit system_server sysfs_msm_subsys:file read;
+# b/149544018
+dontaudit system_server proc_irq:dir search;
diff --git a/tracking_denials/untrusted_app_29.te b/tracking_denials/untrusted_app_29.te
deleted file mode 100644
index 047852d..0000000
--- a/tracking_denials/untrusted_app_29.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/149544802
-dontaudit untrusted_app_29 sysfs_msm_subsys:dir search;
diff --git a/tracking_denials/vendor_pd_mapper.te b/tracking_denials/vendor_pd_mapper.te
deleted file mode 100644
index 4930dd1..0000000
--- a/tracking_denials/vendor_pd_mapper.te
+++ /dev/null
@@ -1,3 +0,0 @@
-# b/129744410
-dontaudit vendor_pd_mapper sysfs_esoc:dir search;
-dontaudit vendor_pd_mapper sysfs_msm_subsys:dir search;
diff --git a/tracking_denials/wcnss_service.te b/tracking_denials/wcnss_service.te
deleted file mode 100644
index 9b4b83d..0000000
--- a/tracking_denials/wcnss_service.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/130262158
-dontaudit wcnss_service kernel:system module_request;
diff --git a/vendor/google/certs/com_google_mds.x509.pem b/vendor/google/certs/com_google_mds.x509.pem
new file mode 100644
index 0000000..640c6fb
--- /dev/null
+++ b/vendor/google/certs/com_google_mds.x509.pem
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIF1TCCA72gAwIBAgIVAPZ4KZV2jpxRBCoVAidCu62l3cDqMA0GCSqGSIb3DQEBCwUAMHsxCzAJ
+BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQw
+EgYDVQQKEwtHb29nbGUgSW5jLjEQMA4GA1UECxMHQW5kcm9pZDEXMBUGA1UEAwwOY29tX2dvb2ds
+ZV9tZHMwHhcNMTkwNDIyMTQ1NzA1WhcNNDkwNDIyMTQ1NzA1WjB7MQswCQYDVQQGEwJVUzETMBEG
+A1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLR29vZ2xl
+IEluYy4xEDAOBgNVBAsTB0FuZHJvaWQxFzAVBgNVBAMMDmNvbV9nb29nbGVfbWRzMIICIjANBgkq
+hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqgNC0hhI3NzaPUllJfe01hCTuEpl35D02+DKJ5prPFxv
+6KGTk6skjZOwV87Zf2pyj/cbnv28ioDjwvqMBe4ntFdKtH9gl2tTAVl69HMKXF4Iny/wnrt2mxzh
+WxFUd5PuW+mWug+UQw/NGUuaf5d/yys/RrchHKM1+zBV6aOzH6BXiwDoOF2i43d5GlNQ/tFuMySW
+LJftJN0QULFelxNDFFJZhw2P3c4opxjmF2yCoIiDfBEIhTZFKUbHX6YDLXmtUpXl35q+cxK4TCxP
+URyzwdfiyheF3TTxagfzhvXNg/ifrY67S4qCGfzoEMPxrTz02gS0u3D6r/2+hl9vAJChLKDNdIs6
+TqIw+YnABrELiZLLFnaABnjQ7xC3xv1s3W6dWxaxnoVMtC1YvdgwhC5gSpJ4A+AGcCLv96hoeB1I
+IoGV9Yt0Z97MFpXeHFpAxFZ1F9feBqwOCDbu50dmdKZvqGHZ4Ts3uy7ukDQ08dquHpT+NmqkmmW5
+GGhkuyZS3HHpU/QeVsZiyJCJBbDe5lz6NGXK56ruuF9ILeGHtldjQm40oYRc01ESScyVjSU0kpMO
+C7hn1B7rKAm8xxG7eH04ieQrNnbbee7atOO4C3157W5CqujfLMeo6OCRVtcYkYIuSi8hIPNySu/q
+OaEtEP4owVNZR0H6mCHy5pANsyBofMkCAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQU
+gk8pmLx8yP3RILwR5am1G10PBEowHwYDVR0jBBgwFoAUgk8pmLx8yP3RILwR5am1G10PBEowDQYJ
+KoZIhvcNAQELBQADggIBAC9iQ1huo6CzjcsB1IIw3WYPYVfHtvG7fiB49QO6cjth8fxM36YOxnMz
+K9Zh89cnFx7BeXG4MdbR3lAWO+wTbEpM/5azAQfqHB/ZEEAo1THtqS58C1bTwJ5zxkA+wL/x1ucT
+EV0QZtPHC1K5nIV5FuICiJjui5FHfj2HYu2A5a5729rdZ7sL8Vgx6TUFKpEPs5iCrlx5X/E+/wJa
+DM5iIjVvrGJJq0VWHHeDJEE+Sw1CDxWYRzvu1WvCvhk149hf4LlfrR0A5t8QJRGx0WwF10DLGgJx
+7epMBpzhMIXc529FTIx4Rx2PcufjTZC9EN7PkLgVfYahWEkt/YIfV/0F6U6viLxdNC5O0pimSV57
+vT6HIthX1OC34eZca0cPqH1kOuhRDKOhbP4yIgdYX6knpvw8aXsYcyTfAmDyrt0EWffeBPedaxMo
+xfijdlsBQUymviUQ8qBbfl1Ew9VoC+VEsiobK7Ubog0IK+82LQ7FOLMoNYnhk5wJ63i1kVvBVAgH
+64PMME2KG//BwYFfKK6jUXibabyNke72+1Jr0xpw1BHJPxNJ8Q8yCBLF0wmXmFJSM+9lSDd10Bni
+FJeMFMQ0T1Sf8GUSIxYYbMK5pDguRs+JOYkUID02ylJ3L6GAnxXCjGWzpdxw29/WWJc+qsYFEIbP
+kKzTUNQHaaLHmcLK22Ht
+-----END CERTIFICATE-----
diff --git a/vendor/google/citadel_provision.te b/vendor/google/citadel_provision.te
index d178a79..803195d 100644
--- a/vendor/google/citadel_provision.te
+++ b/vendor/google/citadel_provision.te
@@ -1,31 +1,25 @@
-type citadel_provision, domain;
-type citadel_provision_exec, exec_type, vendor_file_type, file_type;
-
# Extra permissions for userdebug that allow lazy-provisioning of
# keymaster preshared-keys, used for faceauth authtoken enforcement.
# (i.e. for EVT devices that leave factory unprovisioned).
userdebug_or_eng(`
+ vndbinder_use(citadel_provision)
+ binder_call(citadel_provision, citadeld)
+ allow citadel_provision citadeld_service:service_manager find;
+ hwbinder_use(citadel_provision)
+ get_prop(citadel_provision, hwservicemanager_prop)
+ allow citadel_provision hidl_manager_hwservice:hwservice_manager find;
-init_daemon_domain(citadel_provision)
+ allow citadel_provision vndbinder_device:chr_file ioctl;
+ allow citadel_provision self:qipcrtr_socket create_socket_perms_no_ioctl;
+ allow citadel_provision ion_device:chr_file r_file_perms;
+ allow citadel_provision tee_device:chr_file rw_file_perms;
+ get_prop(citadel_provision, vendor_tee_listener_prop);
-vndbinder_use(citadel_provision)
-binder_call(citadel_provision, citadeld)
-allow citadel_provision citadeld_service:service_manager find;
-hwbinder_use(citadel_provision)
-get_prop(citadel_provision, hwservicemanager_prop)
-allow citadel_provision hidl_manager_hwservice:hwservice_manager find;
-
-allow citadel_provision vndbinder_device:chr_file ioctl;
-allow citadel_provision self:qipcrtr_socket create_socket_perms_no_ioctl;
-allow citadel_provision ion_device:chr_file r_file_perms;
-allow citadel_provision tee_device:chr_file rw_file_perms;
-get_prop(citadel_provision, vendor_tee_listener_prop);
-
-dontaudit citadel_provision sysfs_esoc:dir r_dir_perms;
-dontaudit citadel_provision sysfs_esoc:file r_file_perms;
-dontaudit citadel_provision sysfs_msm_subsys:dir r_dir_perms;
-dontaudit citadel_provision sysfs_ssr:file r_file_perms;
-dontaudit citadel_provision sysfs:file r_file_perms;
-dontaudit citadel_provision sysfs_faceauth:dir r_dir_perms;
-dontaudit citadel_provision sysfs_faceauth:file r_file_perms;
+ dontaudit citadel_provision sysfs_esoc:dir r_dir_perms;
+ dontaudit citadel_provision sysfs_esoc:file r_file_perms;
+ dontaudit citadel_provision sysfs_msm_subsys:dir r_dir_perms;
+ dontaudit citadel_provision sysfs_ssr:file r_file_perms;
+ dontaudit citadel_provision sysfs:file r_file_perms;
+ dontaudit citadel_provision sysfs_faceauth:dir r_dir_perms;
+ dontaudit citadel_provision sysfs_faceauth:file r_file_perms;
')
diff --git a/vendor/google/citadeld.te b/vendor/google/citadeld.te
index 7f6a31f..dc18d24 100644
--- a/vendor/google/citadeld.te
+++ b/vendor/google/citadeld.te
@@ -1,20 +1,2 @@
-type citadeld, domain;
-type citadeld_exec, exec_type, vendor_file_type, file_type;
-
-vndbinder_use(citadeld)
-add_service(citadeld, citadeld_service)
-
-allow citadeld citadel_device:chr_file rw_file_perms;
-
-allow citadeld hal_power_stats_default:binder { call transfer };
allow citadeld power_stats_service:service_manager find;
-
allow citadeld debugfs_ipc:dir search;
-
-# Let citadeld find and use statsd.
-hwbinder_use(citadeld)
-get_prop(citadeld, hwservicemanager_prop)
-allow citadeld fwk_stats_hwservice:hwservice_manager find;
-binder_call(citadeld, stats_service_server)
-
-init_daemon_domain(citadeld)
diff --git a/vendor/google/device.te b/vendor/google/device.te
index 7094f2f..03af45f 100644
--- a/vendor/google/device.te
+++ b/vendor/google/device.te
@@ -1,9 +1,9 @@
type abc_tpu_device, dev_type;
type airbrush_device, dev_type, mlstrustedobject;
type airbrush_sm_device, dev_type, mlstrustedobject;
-type citadel_device, dev_type;
type faceauth_device, dev_type;
type ipu_device, dev_type, mlstrustedobject;
+type touch_offload_device, dev_type;
type ramoops_device, dev_type;
type maxfg_device, dev_type;
type rls_device, dev_type;
diff --git a/vendor/google/device_drop_monitor.te b/vendor/google/device_drop_monitor.te
new file mode 100644
index 0000000..0721f33
--- /dev/null
+++ b/vendor/google/device_drop_monitor.te
@@ -0,0 +1,13 @@
+type device_drop_monitor, domain;
+
+userdebug_or_eng(`
+ app_domain(device_drop_monitor)
+
+ allow device_drop_monitor app_api_service:service_manager find;
+ allow device_drop_monitor fwk_stats_hwservice:hwservice_manager find;
+ allow device_drop_monitor sysfs_msm_subsys:dir search;
+ allow device_drop_monitor sysfs_msm_subsys:file r_file_perms;
+ binder_call(device_drop_monitor, gpuservice);
+ binder_call(device_drop_monitor, statsd);
+')
+
diff --git a/vendor/google/dumpstate.te b/vendor/google/dumpstate.te
index cea46f8..19d87ef 100644
--- a/vendor/google/dumpstate.te
+++ b/vendor/google/dumpstate.te
@@ -1,3 +1,4 @@
+dump_hal(hal_telephony)
dump_hal(hal_thermal)
dump_hal(hal_power)
dump_hal(hal_power_stats)
diff --git a/vendor/google/fastbootd.te b/vendor/google/fastbootd.te
index fa3c3a3..6206e31 100644
--- a/vendor/google/fastbootd.te
+++ b/vendor/google/fastbootd.te
@@ -7,5 +7,9 @@
allow fastbootd sg_device:chr_file rw_file_perms;
allow fastbootd devinfo_block_device:blk_file r_file_perms;
allow fastbootd sysfs_leds:file w_file_perms;
+ allow fastbootd sysfs_batteryinfo:file r_file_perms;
+ # Allow to read /sys/class/power_supply directory.
+ allow fastbootd sysfs:dir r_dir_perms;
+ allow fastbootd sysfs_batteryinfo:dir search;
')
diff --git a/vendor/google/file.te b/vendor/google/file.te
index d527cb0..cfb5ef6 100644
--- a/vendor/google/file.te
+++ b/vendor/google/file.te
@@ -1,13 +1,13 @@
type persist_battery_file, file_type, vendor_persist_type;
-type persist_haptics_file, file_type, vendor_persist_type;
type persist_oslo_file, file_type, vendor_persist_type;
type airbrush_data_file, file_type, data_file_type;
type modem_stat_data_file, file_type, data_file_type;
type modem_dump_file, file_type, data_file_type;
-type tcpdump_vendor_data_file, file_type, data_file_type;
+type tcpdump_vendor_data_file, file_type, data_file_type, mlstrustedobject;
type ramoops_vendor_data_file, file_type, data_file_type, mlstrustedobject;
type proc_touch, proc_type, fs_type, mlstrustedobject;
+type per_boot_file, file_type, data_file_type, core_data_file_type;
# Battery-related files
type debugfs_batteryinfo, debugfs_type, fs_type;
@@ -79,3 +79,12 @@
# Dumpstats IPA statistics
type debugfs_ipa, debugfs_type, fs_type;
+
+# wifi_sniffer
+type sysfs_wifi_conmode, sysfs_type, fs_type;
+
+# Incremental file system driver
+type vendor_incremental_module, vendor_file_type, file_type;
+
+# RamdumpFS
+allow ramdump_vendor_mnt_file self:filesystem associate;
diff --git a/vendor/google/file_contexts b/vendor/google/file_contexts
index 115ab75..c6de807 100644
--- a/vendor/google/file_contexts
+++ b/vendor/google/file_contexts
@@ -6,7 +6,6 @@
/dev/access-metadata u:object_r:ramoops_device:s0
/dev/access-ramoops u:object_r:ramoops_device:s0
/dev/block/zram0 u:object_r:swap_block_device:s0
-/dev/citadel0 u:object_r:citadel_device:s0
/dev/faceauth u:object_r:faceauth_device:s0
/dev/ipu u:object_r:ipu_device:s0
/dev/maxfg_history u:object_r:maxfg_device:s0
@@ -15,41 +14,30 @@
/dev/st54j_se u:object_r:secure_element_device:s0
/dev/subsys_faceauth u:object_r:faceauth_device:s0
/dev/subsys_faceauth_b u:object_r:faceauth_device:s0
+/dev/touch_offload u:object_r:touch_offload_device:s0
/dev/lm36011_flood u:object_r:laser_device:s0
/dev/lm36011_dot u:object_r:laser_device:s0
/dev/iaxxx-module-celldrv u:object_r:pwrstats_device:s0
+# product binaries
+/product/bin/twoshay u:object_r:twoshay_exec:s0
+
# system binaries
/system/bin/hw/hardware\.google\.pixelstats@1\.0-service u:object_r:pixelstats_system_exec:s0
/vendor/bin/pixelstats-vendor u:object_r:pixelstats_vendor_exec:s0
# vendor binaries
/vendor/bin/hw/android\.hardware\.atrace@1\.0-service.pixel u:object_r:hal_atrace_default_exec:s0
-/vendor/bin/hw/android\.hardware\.authsecret@1\.0-service\.citadel u:object_r:hal_authsecret_citadel_exec:s0
/vendor/bin/hw/android\.hardware\.biometrics\.face@1\.0-service\.google u:object_r:hal_face_default_exec:s0
-/vendor/bin/hw/android\.hardware\.camera\.provider@2\.4-service-google u:object_r:hal_camera_default_exec:s0
+/vendor/bin/hw/android\.hardware\.camera\.provider@2\.6-service-google u:object_r:hal_camera_default_exec:s0
/vendor/bin/hw/android\.hardware\.contexthub@1\.1-service\.generic u:object_r:hal_contexthub_default_exec:s0
-/vendor/bin/hw/android\.hardware\.keymaster@4\.0-service\.citadel u:object_r:hal_keymaster_citadel_exec:s0
/vendor/bin/hw/android\.hardware\.neuralnetworks@1\.2-service-noronha u:object_r:hal_neuralnetworks_darwinn_exec:s0
-/vendor/bin/hw/android\.hardware\.oemlock@1\.0-service\.citadel u:object_r:hal_oemlock_citadel_exec:s0
/vendor/bin/hw/android\.hardware\.power\.stats@1\.0-service\.pixel u:object_r:hal_power_stats_default_exec:s0
-/vendor/bin/hw/android\.hardware\.power@1\.3-service\.pixel-libperfmgr u:object_r:hal_power_default_exec:s0
/vendor/bin/hw/android\.hardware\.secure_element@1\.0-service\.st u:object_r:hal_secure_element_default_exec:s0
-/vendor/bin/hw/android\.hardware\.thermal@2\.0-service\.pixel u:object_r:hal_thermal_default_exec:s0
/vendor/bin/hw/android\.hardware\.usb@1\.2-service\.coral u:object_r:hal_usb_impl_exec:s0
-/vendor/bin/hw/android\.hardware\.vibrator@1\.3-service\.coral u:object_r:hal_vibrator_default_exec:s0
-/vendor/bin/hw/android\.hardware\.weaver@1\.0-service\.citadel u:object_r:hal_weaver_citadel_exec:s0
-/vendor/bin/hw/citadeld u:object_r:citadeld_exec:s0
-/vendor/bin/hw/init_citadel u:object_r:init_citadel_exec:s0
-/vendor/bin/hw/citadel_updater u:object_r:citadel_updater_exec:s0
-/vendor/bin/CitadelProvision u:object_r:citadel_provision_exec:s0
/vendor/bin/hw/hardware\.google\.light@1\.1-service u:object_r:hal_light_default_exec:s0
/vendor/bin/hw/vendor\.google\.airbrush@1\.0-service u:object_r:airbrush_exec:s0
/vendor/bin/hw/vendor\.google\.radioext@1\.0-service u:object_r:hal_radioext_default_exec:s0
-/vendor/bin/hw/wait_for_strongbox u:object_r:wait_for_strongbox_exec:s0
-/vendor/bin/init\.firstboot\.sh u:object_r:init-firstboot_exec:s0
-/vendor/bin/init\.insmod\.sh u:object_r:init-insmod-sh_exec:s0
-/vendor/bin/thermal_logd u:object_r:init-thermal-logging-sh_exec:s0
/vendor/bin/color_init u:object_r:color_init_exec:s0
/vendor/bin/init\.ramoops\.sh u:object_r:ramoops_exec:s0
/vendor/bin/modem_svc u:object_r:modem_svc_exec:s0
@@ -59,20 +47,57 @@
/vendor/bin/rlsservice u:object_r:rlsservice_exec:s0
/vendor/bin/init\.radio\.sh u:object_r:init_radio_exec:s0
/vendor/bin/hw/vendor\.google\.wifi_ext@1\.0-service-vendor u:object_r:hal_wifi_ext_exec:s0
+/vendor/bin/hw/vendor\.google\.wifi_ext@1\.0-service-vendor-lazy u:object_r:hal_wifi_ext_exec:s0
/vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0
-/vendor/bin/hw/vendor\.google\.wireless_charger@1\.1-service-vendor u:object_r:hal_wlc_exec:s0
-/vendor/bin/hw/android\.hardware\.graphics\.composer@2\.3-service-sm8150 u:object_r:hal_graphics_composer_default_exec:s0
+/vendor/bin/hw/vendor\.google\.wireless_charger@1\.2-service-vendor u:object_r:hal_wlc_exec:s0
+/vendor/bin/hw/android\.hardware\.graphics\.composer@2\.4-service-sm8150 u:object_r:hal_graphics_composer_default_exec:s0
/vendor/bin/hw/init_dp.sh u:object_r:init_dp_exec:s0
+/vendor/bin/wifi_sniffer u:object_r:wifi_sniffer_exec:s0
# Vendor libs that are exposed to apps (those listed in /vendor/etc/public.libraries.txt
# and their dependencies)
/vendor/lib(64)?/libairbrush-pixel\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/vendor\.google\.airbrush\.manager@1\.0\.so u:object_r:same_process_hal_file:s0
+# Vendor kernel modules
+/vendor/lib/modules/adsp_loader_dlkm.ko u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/apr_dlkm.ko u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/cs35l36_dlkm.ko u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/ftm5.ko u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/heatmap.ko u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/lkdtm.ko u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/machine_dlkm.ko u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/mbhc_dlkm.ko u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/msm_11ad_proxy.ko u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/native_dlkm.ko u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/pinctrl_wcd_dlkm.ko u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/platform_dlkm.ko u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/q6_dlkm.ko u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/q6_notifier_dlkm.ko u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/q6_pdr_dlkm.ko u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/softdog.ko u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/stub_dlkm.ko u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/swr_ctrl_dlkm.ko u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/swr_dlkm.ko u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/usf_dlkm.ko u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/videobuf2-memops.ko u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/videobuf2-vmalloc.ko u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/wcd934x_dlkm.ko u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/wcd9360_dlkm.ko u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/wcd9xxx_dlkm.ko u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/wcd_core_dlkm.ko u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/wcd_cpe_dlkm.ko u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/wcd_spi_dlkm.ko u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/wglink_dlkm.ko u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/wlan.ko u:object_r:vendor_kernel_modules:s0
+/vendor/lib/modules/wsa881x_dlkm.ko u:object_r:vendor_kernel_modules:s0
+
/mnt/vendor/persist/battery(/.*)? u:object_r:persist_battery_file:s0
-/mnt/vendor/persist/haptics(/.*)? u:object_r:persist_haptics_file:s0
/mnt/vendor/persist/oslo(/.*)? u:object_r:persist_oslo_file:s0
+# Incremental file system driver
+/vendor/lib/modules/incrementalfs\.ko u:object_r:vendor_incremental_module:s0
+
# data files
/data/vendor/hardware/airbrush/manager(/.*)? u:object_r:airbrush_data_file:s0
/data/vendor/modem_stat/debug\.txt u:object_r:modem_stat_data_file:s0
@@ -83,6 +108,7 @@
/data/vendor/hal_neuralnetworks_darwinn/hal_camera(/.*)? u:object_r:hal_neuralnetworks_darwinn_hal_camera_data_file:s0
/data/vendor/camera_calibration(/.*)? u:object_r:camera_calibration_vendor_data_file:s0
/data/vendor/face(/.*)? u:object_r:face_vendor_data_file:s0
+/data/per_boot(/.*)? u:object_r:per_boot_file:s0
# dev socket node
/dev/socket/diag_router u:object_r:diag_socket:s0
diff --git a/vendor/google/genfs_contexts b/vendor/google/genfs_contexts
index 17b5434..9531d61 100644
--- a/vendor/google/genfs_contexts
+++ b/vendor/google/genfs_contexts
@@ -7,6 +7,10 @@
genfscon sysfs /devices/platform/soc/1d84000.ufshc/slowio_unmap_cnt u:object_r:sysfs_scsi_devices_0000:s0
genfscon sysfs /devices/platform/soc/1d84000.ufshc/slowio_sync_cnt u:object_r:sysfs_scsi_devices_0000:s0
genfscon sysfs /devices/platform/soc/1d84000.ufshc/manual_gc u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/soc/1d84000.ufshc/io_stats u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/soc/1d84000.ufshc/req_stats u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/soc/1d84000.ufshc/err_stats u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/soc/1d84000.ufshc/device_descriptor u:object_r:sysfs_scsi_devices_0000:s0
genfscon proc /sys/vm/swappiness u:object_r:proc_swappiness:s0
genfscon proc /fs/f2fs u:object_r:proc_f2fs:s0
genfscon proc /irq u:object_r:proc_irq:s0
@@ -31,7 +35,7 @@
genfscon sysfs /devices/platform/soc/soc:qcom,cpu4-cpu-l3-lat/devfreq u:object_r:sysfs_msm_subsys:s0
genfscon sysfs /devices/platform/soc/1d84000.ufshc/clkgate_enable u:object_r:sysfs_scsi_devices_0000:s0
genfscon sysfs /devices/platform/soc/1d84000.ufshc/hibern8_on_idle_enable u:object_r:sysfs_scsi_devices_0000:s0
-genfscon debugfs /sched_features u:object_r:debugfs_sched_features:s0
+genfscon proc /sys/kernel/sched_energy_aware u:object_r:proc_sched_energy_aware:s0
# PowerStatsHal
genfscon sysfs /power/system_sleep/stats u:object_r:sysfs_power_stats:s0
@@ -166,3 +170,53 @@
# Dumpstats IPA statistics
genfscon debugfs /ipa/ipa_statistics_msg u:object_r:debugfs_ipa:s0
+
+# wifi_sniffer
+genfscon sysfs /module/wlan/parameters/con_mode u:object_r:sysfs_wifi_conmode:s0
+
+# Wakeup stats (new)
+# https://lkml.org/lkml/2019/8/6/1275
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm8150@0:qcom,power-on@800/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,power-on@800/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/880000.i2c/i2c-1/1-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8150b@2:google,bms/power_supply/charger/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/880000.i2c/i2c-1/1-0061/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/880000.i2c/i2c-1/1-0061/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:abc-sm/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/main/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-04/c440000.qcom,spmi:qcom,pm8150l@4:qcom,power-on@800/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/pc_port/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:google,battery/power_supply/battery/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,usb-pdphy@1700/usbpd0/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,usb-pdphy@1700/usbpd0/power_supply/tcpm-source-psy-usbpd0/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/a600000.ssusb/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:gpio_keys/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_aac/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_alac/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_amrnb/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/88e0000.qcom,msm-eud/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_amrwb/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_amrwbplus/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_ape/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_evrc/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_g711alaw/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_g711mlaw/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_mp3/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_multi_aac/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_qcelp/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_wma/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/18800000.qcom,icnss/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_wmapro/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/1c08000.qcom,pcie/pci0001:00/0001:00:00.0/0001:01:00.0/abc-pcie-ipu/paintbox-ipu/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/diag/diag/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm8150@0:qcom,pm8150_rtc/rtc/rtc0/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm8150@0:qcom,pm8150_rtc/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/a84000.i2c/i2c-2/2-0008/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c94000.i2c/i2c-3/3-0043/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/89c000.i2c/i2c-2/2-0036/power_supply/maxfg/wakeup10 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/89c000.i2c/i2c-2/2-0036/power_supply/maxfg/wakeup11 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c94000.i2c/i2c-4/4-0043/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/a84000.i2c/i2c-3/3-0008/wakeup u:object_r:sysfs_wakeup:s0
diff --git a/tracking_denials/gmscore_app.te b/vendor/google/gmscore_app.te
similarity index 62%
rename from tracking_denials/gmscore_app.te
rename to vendor/google/gmscore_app.te
index edab2c3..2e049f3 100644
--- a/tracking_denials/gmscore_app.te
+++ b/vendor/google/gmscore_app.te
@@ -1,4 +1,2 @@
-# b/149543390
dontaudit gmscore_app firmware_file:filesystem getattr;
-dontaudit gmscore_app mnt_vendor_file:dir search;
dontaudit gmscore_app sysfs_msm_subsys:file read;
diff --git a/vendor/google/grilservice_app.te b/vendor/google/grilservice_app.te
index 729f29b..a1adeab 100644
--- a/vendor/google/grilservice_app.te
+++ b/vendor/google/grilservice_app.te
@@ -3,5 +3,8 @@
app_domain(grilservice_app)
allow grilservice_app hal_radioext_hwservice:hwservice_manager find;
+allow grilservice_app hal_wifi_ext_hwservice:hwservice_manager find;
allow grilservice_app activity_service:service_manager find;
+
binder_call(grilservice_app, hal_radioext_default)
+binder_call(grilservice_app, hal_wifi_ext)
diff --git a/vendor/google/hal_authsecret_citadel.te b/vendor/google/hal_authsecret_citadel.te
deleted file mode 100644
index 029d957..0000000
--- a/vendor/google/hal_authsecret_citadel.te
+++ /dev/null
@@ -1,9 +0,0 @@
-type hal_authsecret_citadel, domain;
-type hal_authsecret_citadel_exec, exec_type, vendor_file_type, file_type;
-
-vndbinder_use(hal_authsecret_citadel)
-binder_call(hal_authsecret_citadel, citadeld)
-allow hal_authsecret_citadel citadeld_service:service_manager find;
-
-hal_server_domain(hal_authsecret_citadel, hal_authsecret)
-init_daemon_domain(hal_authsecret_citadel)
diff --git a/vendor/google/hal_confirmationui.te b/vendor/google/hal_confirmationui.te
index 932251a..97609fd 100644
--- a/vendor/google/hal_confirmationui.te
+++ b/vendor/google/hal_confirmationui.te
@@ -1,14 +1,3 @@
-allow hal_confirmationui_server tee_device:chr_file rw_file_perms;
-allow hal_confirmationui_server ion_device:chr_file r_file_perms;
-
-allow hal_confirmationui_server hal_tui_comm_hwservice:hwservice_manager find;
binder_call(hal_confirmationui_server, hal_tui_comm_qti)
-
-vndbinder_use(hal_confirmationui_server)
-allow hal_confirmationui_server citadeld_service:service_manager find;
binder_call(hal_confirmationui_server, citadeld)
-
-binder_call(hal_confirmationui_server, keystore)
-
-allow hal_confirmationui_server input_device:chr_file rw_file_perms;
-allow hal_confirmationui_server input_device:dir r_dir_perms;
+allow hal_confirmationui_server citadeld_service:service_manager find;
diff --git a/vendor/google/hal_dumpstate_impl.te b/vendor/google/hal_dumpstate_impl.te
index 450c2d2..ef49a6b 100644
--- a/vendor/google/hal_dumpstate_impl.te
+++ b/vendor/google/hal_dumpstate_impl.te
@@ -30,6 +30,9 @@
allow hal_dumpstate_impl sysfs_scsi_devices_0000:dir r_dir_perms;
allow hal_dumpstate_impl sysfs_scsi_devices_0000:file r_file_perms;
+# Access to prop
+get_prop(hal_dumpstate_impl, boottime_public_prop)
+
# Access to thermal debug data
r_dir_file(hal_dumpstate_impl, sysfs_thermal)
@@ -108,6 +111,7 @@
allow hal_dumpstate_impl sysfs_esim:file r_file_perms;
allow hal_dumpstate_impl display_vendor_data_file:dir r_dir_perms;
allow hal_dumpstate_impl firmware_file:dir r_dir_perms;
+allow hal_dumpstate_impl block_device:dir r_dir_perms;
#dump power supply stats
allow hal_dumpstate_impl sysfs_batteryinfo:dir search;
diff --git a/vendor/google/hal_face_default.te b/vendor/google/hal_face_default.te
index 2d74a2c..e71a370 100644
--- a/vendor/google/hal_face_default.te
+++ b/vendor/google/hal_face_default.te
@@ -46,6 +46,7 @@
allow hal_face_default face_debug:fifo_file write;
')
+get_prop(hal_face_default, camera_config_prop)
get_prop(hal_face_default, camera_prop)
get_prop(hal_face_default, vendor_faceauth_prop)
diff --git a/vendor/google/hal_identity_citadel.te b/vendor/google/hal_identity_citadel.te
new file mode 100644
index 0000000..e29310c
--- /dev/null
+++ b/vendor/google/hal_identity_citadel.te
@@ -0,0 +1,9 @@
+type hal_identity_citadel, domain;
+type hal_identity_citadel_exec, exec_type, vendor_file_type, file_type;
+
+vndbinder_use(hal_identity_citadel)
+binder_call(hal_identity_citadel, citadeld)
+allow hal_identity_citadel citadeld_service:service_manager find;
+
+hal_server_domain(hal_identity_citadel, hal_identity)
+init_daemon_domain(hal_identity_citadel)
diff --git a/vendor/google/hal_keymaster_citadel.te b/vendor/google/hal_keymaster_citadel.te
deleted file mode 100644
index dd0a735..0000000
--- a/vendor/google/hal_keymaster_citadel.te
+++ /dev/null
@@ -1,11 +0,0 @@
-type hal_keymaster_citadel, domain;
-type hal_keymaster_citadel_exec, exec_type, vendor_file_type, file_type;
-
-vndbinder_use(hal_keymaster_citadel)
-binder_call(hal_keymaster_citadel, citadeld)
-allow hal_keymaster_citadel citadeld_service:service_manager find;
-
-hal_server_domain(hal_keymaster_citadel, hal_keymaster)
-init_daemon_domain(hal_keymaster_citadel)
-
-get_prop(hal_keymaster_citadel, vendor_security_patch_level_prop)
diff --git a/vendor/google/hal_oemlock_citadel.te b/vendor/google/hal_oemlock_citadel.te
deleted file mode 100644
index d3ff719..0000000
--- a/vendor/google/hal_oemlock_citadel.te
+++ /dev/null
@@ -1,9 +0,0 @@
-type hal_oemlock_citadel, domain;
-type hal_oemlock_citadel_exec, exec_type, vendor_file_type, file_type;
-
-vndbinder_use(hal_oemlock_citadel)
-binder_call(hal_oemlock_citadel, citadeld)
-allow hal_oemlock_citadel citadeld_service:service_manager find;
-
-hal_server_domain(hal_oemlock_citadel, hal_oemlock)
-init_daemon_domain(hal_oemlock_citadel)
diff --git a/vendor/google/hal_power_default.te b/vendor/google/hal_power_default.te
index 3c88eab..a1a925d 100644
--- a/vendor/google/hal_power_default.te
+++ b/vendor/google/hal_power_default.te
@@ -1,15 +1,7 @@
allow hal_power_default sysfs_msm_subsys:dir search;
allow hal_power_default sysfs_msm_subsys:file rw_file_perms;
-allow hal_power_default sysfs_devices_system_cpu:file rw_file_perms;
-allow hal_power_default latency_device:chr_file rw_file_perms;
-allow hal_power_default debugfs_sched_features:file rw_file_perms;
+allow hal_power_default proc_sched_energy_aware:file rw_file_perms;
allow hal_power_default sysfs_scsi_devices_0000:file rw_file_perms;
-# Rule for hal_power_default to access graphics composer process
-unix_socket_connect(hal_power_default, pps, hal_graphics_composer_default);
-
-# To get/set powerhal state property
-set_prop(hal_power_default, power_prop)
-
# Rule for powerhal to write/dump cgroup
allow hal_power_default cgroup:file rw_file_perms;
diff --git a/vendor/google/hal_thermal_default.te b/vendor/google/hal_thermal_default.te
deleted file mode 100644
index 55073a9..0000000
--- a/vendor/google/hal_thermal_default.te
+++ /dev/null
@@ -1,8 +0,0 @@
-allow hal_thermal_default sysfs_thermal:dir r_dir_perms;
-allow hal_thermal_default sysfs_thermal:file rw_file_perms;
-allow hal_thermal_default proc_stat:file r_file_perms;
-
-allow hal_thermal_default self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
-
-# read thermal_config
-get_prop(hal_thermal_default, vendor_thermal_prop)
diff --git a/vendor/google/hal_vibrator_default.te b/vendor/google/hal_vibrator_default.te
deleted file mode 100644
index 94e9c07..0000000
--- a/vendor/google/hal_vibrator_default.te
+++ /dev/null
@@ -1,5 +0,0 @@
-allow hal_vibrator_default sysfs_leds:dir search;
-
-r_dir_file(hal_vibrator_default, persist_haptics_file)
-allow hal_vibrator_default mnt_vendor_file:dir search;
-allow hal_vibrator_default persist_file:dir search;
diff --git a/vendor/google/hal_weaver_citadel.te b/vendor/google/hal_weaver_citadel.te
deleted file mode 100644
index 59914a8..0000000
--- a/vendor/google/hal_weaver_citadel.te
+++ /dev/null
@@ -1,9 +0,0 @@
-type hal_weaver_citadel, domain;
-type hal_weaver_citadel_exec, exec_type, vendor_file_type, file_type;
-
-vndbinder_use(hal_weaver_citadel)
-binder_call(hal_weaver_citadel, citadeld)
-allow hal_weaver_citadel citadeld_service:service_manager find;
-
-hal_server_domain(hal_weaver_citadel, hal_weaver)
-init_daemon_domain(hal_weaver_citadel)
diff --git a/vendor/google/hbmsvmanager_app.te b/vendor/google/hbmsvmanager_app.te
new file mode 100644
index 0000000..25c06c0
--- /dev/null
+++ b/vendor/google/hbmsvmanager_app.te
@@ -0,0 +1,7 @@
+type hbmsvmanager_app, domain;
+
+app_domain(hbmsvmanager_app);
+hal_client_domain(hbmsvmanager_app, hal_light)
+
+# Standard system services
+allow hbmsvmanager_app app_api_service:service_manager find;
diff --git a/vendor/google/init-firstboot.te b/vendor/google/init-firstboot.te
deleted file mode 100644
index a7d5085..0000000
--- a/vendor/google/init-firstboot.te
+++ /dev/null
@@ -1,4 +0,0 @@
-type init-firstboot, domain;
-type init-firstboot_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(init-firstboot)
diff --git a/vendor/google/init-insmod-sh.te b/vendor/google/init-insmod-sh.te
index bd563d8..df9e87f 100644
--- a/vendor/google/init-insmod-sh.te
+++ b/vendor/google/init-insmod-sh.te
@@ -1,24 +1,6 @@
-type init-insmod-sh, domain;
-type init-insmod-sh_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(init-insmod-sh)
-
-allow init-insmod-sh vendor_toolbox_exec:file rx_file_perms;
-
-# Set the vendor.all.modules.ready property
-set_prop(init-insmod-sh, vendor_device_prop)
-
# Allow insmod
-allow init-insmod-sh self:capability sys_module;
-
-allow init-insmod-sh vendor_file:system module_load;
-
-allow init-insmod-sh kernel:key search;
-
allow init-insmod-sh sysfs_msm_boot:file w_file_perms;
-
-# modprobe need proc_modules
-allow init-insmod-sh proc_modules:file r_file_perms;
-
allow init-insmod-sh debugfs_ipc:dir search;
allow init-insmod-sh debugfs_wlan:dir search;
+
+dontaudit init-insmod-sh proc_cmdline:file r_file_perms;
diff --git a/vendor/google/init-thermal-logging.sh.te b/vendor/google/init-thermal-logging.sh.te
deleted file mode 100644
index 3da540e..0000000
--- a/vendor/google/init-thermal-logging.sh.te
+++ /dev/null
@@ -1,10 +0,0 @@
-type init-thermal-logging-sh, domain;
-type init-thermal-logging-sh_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(init-thermal-logging-sh)
-
-userdebug_or_eng(`
- allow init-thermal-logging-sh vendor_toolbox_exec:file rx_file_perms;
- allow init-thermal-logging-sh sysfs_thermal:dir r_dir_perms;
- allow init-thermal-logging-sh sysfs_thermal:file r_file_perms;
-')
diff --git a/vendor/google/init_citadel.te b/vendor/google/init_citadel.te
index b30d02f..f08ea1f 100644
--- a/vendor/google/init_citadel.te
+++ b/vendor/google/init_citadel.te
@@ -1,19 +1,3 @@
-type init_citadel, domain;
-type init_citadel_exec, exec_type, vendor_file_type, file_type;
-type citadel_updater_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(init_citadel)
-
-vndbinder_use(init_citadel)
-binder_call(init_citadel, citadeld)
-allow init_citadel citadeld_service:service_manager find;
-
-# Many standard utils are actually vendor_toolbox (like xxd)
-allow init_citadel vendor_toolbox_exec:file rx_file_perms;
-
-# init_citadel needs to invoke citadel_updater
-allow init_citadel citadel_updater_exec:file rx_file_perms;
-
-# We also might need to read the board-id from a sysfs file, if
-# we can't determine it from getprop.
+# init_citadel might need to read the board-id from a sysfs file, if we
+# can't determine it from getprop.
allow init_citadel sysfs_msm_boardid:file r_file_perms;
diff --git a/vendor/google/kernel.te b/vendor/google/kernel.te
new file mode 100644
index 0000000..ce22b84
--- /dev/null
+++ b/vendor/google/kernel.te
@@ -0,0 +1 @@
+allow kernel per_boot_file:file r_file_perms;
diff --git a/vendor/google/keys.conf b/vendor/google/keys.conf
index 62d08f2..2a6ef1d 100644
--- a/vendor/google/keys.conf
+++ b/vendor/google/keys.conf
@@ -4,3 +4,6 @@
[@GOOGLEPULSE]
ALL : device/google/coral-sepolicy/vendor/google/certs/pulse-release.x509.pem
+[@MDS]
+ALL : device/google/coral-sepolicy/vendor/google/certs/com_google_mds.x509.pem
+
diff --git a/vendor/google/logger_app.te b/vendor/google/logger_app.te
index 8b77859..92a9e37 100644
--- a/vendor/google/logger_app.te
+++ b/vendor/google/logger_app.te
@@ -13,7 +13,11 @@
allow logger_app cnss_vendor_data_file:dir create_dir_perms;
allow logger_app cnss_vendor_data_file:file create_file_perms;
+ allow logger_app tcpdump_vendor_data_file:dir create_dir_perms;
+ allow logger_app tcpdump_vendor_data_file:file create_file_perms;
+
set_prop(logger_app, vendor_cnss_diag_prop)
set_prop(logger_app, vendor_modem_diag_prop)
set_prop(logger_app, vendor_tcpdump_log_prop)
+ set_prop(logger_app, vendor_wifi_sniffer_prop)
')
diff --git a/vendor/google/mac_permissions.xml b/vendor/google/mac_permissions.xml
index 9d8d8d4..3b20bb1 100644
--- a/vendor/google/mac_permissions.xml
+++ b/vendor/google/mac_permissions.xml
@@ -27,4 +27,7 @@
<signer signature="@GOOGLEPULSE" >
<seinfo value="googlepulse" />
</signer>
+ <signer signature="@MDS" >
+ <seinfo value="mds" />
+ </signer>
</policy>
diff --git a/private/mediaswcodec.te b/vendor/google/mediaswcodec.te
similarity index 100%
rename from private/mediaswcodec.te
rename to vendor/google/mediaswcodec.te
diff --git a/vendor/google/pixelstats_vendor.te b/vendor/google/pixelstats_vendor.te
index 7e2edd0..2e6b3ed 100644
--- a/vendor/google/pixelstats_vendor.te
+++ b/vendor/google/pixelstats_vendor.te
@@ -10,12 +10,20 @@
binder_call(pixelstats_vendor, pixelstats_system)
allow pixelstats_vendor fwk_stats_hwservice:hwservice_manager find;
-binder_call(pixelstats_vendor, statsd)
+binder_call(pixelstats_vendor, stats_service_server)
unix_socket_connect(pixelstats_vendor, chre, chre)
allow pixelstats_vendor sysfs_scsi_devices_0000:file rw_file_perms;
+
r_dir_file(pixelstats_vendor, sysfs_pixelstats)
r_dir_file(pixelstats_vendor, sysfs_batteryinfo)
allow pixelstats_vendor sysfs_batteryinfo:file rw_file_perms;
allow pixelstats_vendor self:netlink_kobject_uevent_socket { create getopt setopt bind read };
+
+# wlc
+allow pixelstats_vendor sysfs_wlc:dir search;
+
+# OrientationCollector
+allow pixelstats_vendor fwk_sensor_hwservice:hwservice_manager find;
+binder_call(pixelstats_vendor, system_server)
diff --git a/vendor/google/property.te b/vendor/google/property.te
index d1834e5..d18a411 100644
--- a/vendor/google/property.te
+++ b/vendor/google/property.te
@@ -1,9 +1,3 @@
-#thermal HAL
-vendor_internal_prop(vendor_thermal_prop)
-
-# PowerHal
-vendor_internal_prop(power_prop)
-
# Tcpdump_logger
vendor_internal_prop(vendor_tcpdump_log_prop)
@@ -34,3 +28,6 @@
# SecureElement property
vendor_internal_prop(vendor_secure_element_prop)
+
+# wifi_sniffer
+vendor_internal_prop(vendor_wifi_sniffer_prop)
diff --git a/vendor/google/property_contexts b/vendor/google/property_contexts
index e783fe8..262866e 100644
--- a/vendor/google/property_contexts
+++ b/vendor/google/property_contexts
@@ -4,30 +4,20 @@
persist.vendor.radio.VT_HYBRID_ENABLE u:object_r:vendor_radio_prop:s0
persist.vendor.radio.videopause.mode u:object_r:vendor_radio_prop:s0
persist.vendor.radio.smlog_switch u:object_r:vendor_radio_prop:s0
+persist.vendor.radio.scone_cat.enable u:object_r:vendor_radio_prop:s0
ro.vendor.radio.log_loc u:object_r:vendor_radio_prop:s0
ro.vendor.radio.log_prefix u:object_r:vendor_radio_prop:s0
-vendor.all.modules.ready u:object_r:vendor_device_prop:s0
-vendor.all.devices.ready u:object_r:vendor_device_prop:s0
-vendor.thermal.config u:object_r:vendor_thermal_prop:s0
-
ro.boot.usbcontroller u:object_r:vendor_usb_prop:s0
ro.boot.hardware.platform u:object_r:public_vendor_default_prop:s0
-vendor.powerhal.state u:object_r:power_prop:s0
-vendor.powerhal.audio u:object_r:power_prop:s0
-vendor.powerhal.lpm u:object_r:power_prop:s0
-vendor.powerhal.init u:object_r:power_prop:s0
-vendor.powerhal.rendering u:object_r:power_prop:s0
-
vendor.display.primary_red u:object_r:vendor_display_prop:s0
vendor.display.primary_green u:object_r:vendor_display_prop:s0
vendor.display.primary_blue u:object_r:vendor_display_prop:s0
vendor.display.primary_white u:object_r:vendor_display_prop:s0
vendor.display.native_display_primaries_ready u:object_r:vendor_display_prop:s0
-vendor.display.enable_kernel_idle_timer u:object_r:vendor_display_prop:s0
# battery
vendor.battery.defender. u:object_r:vendor_battery_defender_prop:s0
@@ -79,3 +69,8 @@
# SecureElement
persist.vendor.se. u:object_r:vendor_secure_element_prop:s0
+
+# wifi_sniffer
+persist.vendor.wifi.sniffer.freq u:object_r:vendor_wifi_sniffer_prop:s0
+persist.vendor.wifi.sniffer.bandwidth u:object_r:vendor_wifi_sniffer_prop:s0
+vendor.wifi.sniffer.start u:object_r:vendor_wifi_sniffer_prop:s0
diff --git a/vendor/google/ramdump.te b/vendor/google/ramdump.te
index bd13dd9..699c4a1 100644
--- a/vendor/google/ramdump.te
+++ b/vendor/google/ramdump.te
@@ -28,4 +28,11 @@
get_prop(ramdump, hwservicemanager_prop)
allow ramdump fwk_stats_hwservice:hwservice_manager find;
binder_call(ramdump, stats_service_server)
+
+ # To implement fusefs (ramdumpfs) under /mnt/vendor/ramdump.
+ allow ramdump fuse:filesystem relabelfrom;
+ allow ramdump fuse_device:chr_file rw_file_perms;
+ allow ramdump mnt_vendor_file:dir r_dir_perms;
+ allow ramdump ramdump_vendor_mnt_file:dir { getattr mounton };
+ allow ramdump ramdump_vendor_mnt_file:filesystem { mount unmount relabelfrom relabelto };
')
diff --git a/vendor/google/ramdump_app.te b/vendor/google/ramdump_app.te
index af710d6..76da83b 100644
--- a/vendor/google/ramdump_app.te
+++ b/vendor/google/ramdump_app.te
@@ -12,4 +12,9 @@
set_prop(ramdump_app, vendor_ramdump_prop);
get_prop(system_app, vendor_ssr_prop)
get_prop(ramdump_app, system_boot_reason_prop)
+
+ # To access ramdumpfs.
+ allow ramdump_app mnt_vendor_file:dir search;
+ allow ramdump_app ramdump_vendor_mnt_file:dir create_dir_perms;
+ allow ramdump_app ramdump_vendor_mnt_file:file create_file_perms;
')
diff --git a/vendor/google/recovery.te b/vendor/google/recovery.te
index 7e7925c..39cb557 100644
--- a/vendor/google/recovery.te
+++ b/vendor/google/recovery.te
@@ -1,5 +1,4 @@
recovery_only(`
- allow recovery citadel_device:chr_file rw_file_perms;
allow recovery sg_device:chr_file rw_file_perms;
allow recovery sysfs_scsi_devices_0000:dir r_dir_perms;
')
diff --git a/vendor/google/refreshrate_app.te b/vendor/google/refreshrate_app.te
deleted file mode 100644
index c747bbf..0000000
--- a/vendor/google/refreshrate_app.te
+++ /dev/null
@@ -1,11 +0,0 @@
-type refreshrate_app, domain;
-
-app_domain(refreshrate_app);
-hal_client_domain(refreshrate_app, hal_light)
-
-# Standard system services
-allow refreshrate_app app_api_service:service_manager find;
-allow refreshrate_app surfaceflinger_service:service_manager find;
-
-binder_call(refreshrate_app, gpuservice)
-set_prop(refreshrate_app, vendor_display_prop);
diff --git a/vendor/google/seapp_contexts b/vendor/google/seapp_contexts
index e07a087..9736cf5 100644
--- a/vendor/google/seapp_contexts
+++ b/vendor/google/seapp_contexts
@@ -6,7 +6,7 @@
user=_app isPrivApp=true seinfo=platform name=com.google.android.grilservice domain=grilservice_app levelFrom=all
# Domain for Modem Diagnostic System
-user=_app seinfo=google name=com.google.mds domain=modem_diagnostic_app type=app_data_file levelFrom=user
+user=_app seinfo=mds name=com.google.mds domain=modem_diagnostic_app type=app_data_file levelFrom=user
# Domain for Pixel Logger
user=_app seinfo=platform name=com.android.pixellogger domain=logger_app type=app_data_file levelFrom=all
@@ -15,7 +15,7 @@
user=_app seinfo=platform name=com.google.oslo domain=oslo_app type=app_data_file levelFrom=all
# Domain for Display
-user=_app seinfo=platform name=com.android.refreshratecontrol domain=refreshrate_app type=app_data_file levelFrom=all
+user=_app seinfo=platform name=com.android.hbmsvmanager domain=hbmsvmanager_app type=app_data_file levelFrom=all
# Domain for GoogleCBRS app
user=_app seinfo=platform name=com.google.googlecbrs domain=cbrs_setup_app type=app_data_file levelFrom=user
@@ -25,3 +25,9 @@
# Domain for Touch app
user=_app seinfo=platform name=com.google.touch.touchinspector domain=google_touch_app type=app_data_file levelFrom=user
+
+# Domain for DeviceDropMonitor service
+user=_app seinfo=platform name=com.google.android.devicedropmonitor domain=device_drop_monitor type=app_data_file levelFrom=all
+
+# Domain for UvExposureReporter service
+user=_app seinfo=platform name=com.google.android.uvexposurereporter domain=uv_exposure_reporter type=app_data_file levelFrom=all
diff --git a/vendor/google/shell.te b/vendor/google/shell.te
index f63f5cf..441f369 100644
--- a/vendor/google/shell.te
+++ b/vendor/google/shell.te
@@ -1 +1 @@
-dontaudit shell sysfs_wlc:dir search;
+dontaudit shell sysfs_wlc:dir search;
\ No newline at end of file
diff --git a/vendor/google/system_server.te b/vendor/google/system_server.te
new file mode 100644
index 0000000..2adcf05
--- /dev/null
+++ b/vendor/google/system_server.te
@@ -0,0 +1,2 @@
+# pixelstats_vendor/OrientationCollector
+binder_call(system_server, pixelstats_vendor)
diff --git a/vendor/google/toolbox.te b/vendor/google/toolbox.te
new file mode 100644
index 0000000..b12911a
--- /dev/null
+++ b/vendor/google/toolbox.te
@@ -0,0 +1,2 @@
+allow toolbox per_boot_file:dir create_dir_perms;
+allow toolbox per_boot_file:file create_file_perms;
diff --git a/vendor/google/twoshay.te b/vendor/google/twoshay.te
new file mode 100644
index 0000000..fc33822
--- /dev/null
+++ b/vendor/google/twoshay.te
@@ -0,0 +1,6 @@
+type twoshay, domain, coredomain;
+type twoshay_exec, exec_type, file_type, system_file_type;
+
+init_daemon_domain(twoshay)
+
+allow twoshay touch_offload_device:chr_file rw_file_perms;
diff --git a/vendor/google/uv_exposure_reporter.te b/vendor/google/uv_exposure_reporter.te
new file mode 100644
index 0000000..1d9ae56
--- /dev/null
+++ b/vendor/google/uv_exposure_reporter.te
@@ -0,0 +1,13 @@
+type uv_exposure_reporter, domain;
+
+userdebug_or_eng(`
+ app_domain(uv_exposure_reporter)
+
+ allow uv_exposure_reporter app_api_service:service_manager find;
+ allow uv_exposure_reporter fwk_stats_hwservice:hwservice_manager find;
+ allow uv_exposure_reporter sysfs_msm_subsys:dir search;
+ allow uv_exposure_reporter sysfs_msm_subsys:file r_file_perms;
+ binder_call(uv_exposure_reporter, gpuservice);
+ binder_call(uv_exposure_reporter, stats_service_server);
+')
+
diff --git a/vendor/google/vendor_init.te b/vendor/google/vendor_init.te
index 678826e..7ec076d 100644
--- a/vendor/google/vendor_init.te
+++ b/vendor/google/vendor_init.te
@@ -3,9 +3,7 @@
allow vendor_init ipa_dev:chr_file w_file_perms;
allow vendor_init proc_swappiness:file w_file_perms;
allow vendor_init proc_dirty:file w_file_perms;
-allow vendor_init debugfs_sched_features:file write;
-allow vendor_init debugfs_tracing_instances:dir create_dir_perms;
-allow vendor_init debugfs_tracing_instances:file w_file_perms;
+allow vendor_init proc_sched_energy_aware:file w_file_perms;
allow vendor_init debugfs_clk:file write;
allow vendor_init debugfs_airbrush:file write;
@@ -18,12 +16,15 @@
set_prop(vendor_init, vendor_modem_diag_prop)
get_prop(vendor_init, vendor_usb_prop)
set_prop(vendor_init, vendor_bluetooth_prop)
-set_prop(vendor_init, power_prop)
+set_prop(vendor_init, vendor_power_prop)
set_prop(vendor_init, vendor_display_prop)
set_prop(vendor_init, camera_prop)
set_prop(vendor_init, vendor_build_type_prop)
set_prop(vendor_init, vendor_disable_spu_prop)
+#IMS related
+set_prop(vendor_init, qcom_ims_prop)
+
userdebug_or_eng(`
set_prop(vendor_init, logpersistd_logging_prop)
# Allow vendor_init to write vendor_tcpdump_log_prop on userdebug or eng ROM
diff --git a/vendor/google/vndservice.te b/vendor/google/vndservice.te
index 8047846..33ce7dd 100644
--- a/vendor/google/vndservice.te
+++ b/vendor/google/vndservice.te
@@ -1,4 +1,3 @@
-type citadeld_service, vndservice_manager_type;
type rls_service, vndservice_manager_type;
type power_stats_service, vndservice_manager_type;
type airbrush_faceauth_service, vndservice_manager_type;
diff --git a/vendor/google/vndservice_contexts b/vendor/google/vndservice_contexts
index f0744bd..c59c217 100644
--- a/vendor/google/vndservice_contexts
+++ b/vendor/google/vndservice_contexts
@@ -1,4 +1,3 @@
-android.hardware.citadel.ICitadeld u:object_r:citadeld_service:s0
rlsservice u:object_r:rls_service:s0
airbrush_faceauth u:object_r:airbrush_faceauth_service:s0
airbrush_tpu u:object_r:airbrush_tpu_service:s0
diff --git a/vendor/google/vold.te b/vendor/google/vold.te
new file mode 100644
index 0000000..f7b7e26
--- /dev/null
+++ b/vendor/google/vold.te
@@ -0,0 +1,4 @@
+# Allow to load incremental file system driver
+allow vold self:capability sys_module;
+allow vold vendor_incremental_module:file r_file_perms;
+allow vold vendor_incremental_module:system module_load;
diff --git a/vendor/google/wait_for_strongbox.te b/vendor/google/wait_for_strongbox.te
deleted file mode 100644
index c9586c8..0000000
--- a/vendor/google/wait_for_strongbox.te
+++ /dev/null
@@ -1,9 +0,0 @@
-# wait_for_strongbox service
-type wait_for_strongbox, domain;
-type wait_for_strongbox_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(wait_for_strongbox)
-
-hal_client_domain(wait_for_strongbox, hal_keymaster)
-
-allow wait_for_strongbox kmsg_device:chr_file w_file_perms;
\ No newline at end of file
diff --git a/vendor/google/wifi_sniffer.te b/vendor/google/wifi_sniffer.te
new file mode 100644
index 0000000..b87a51f
--- /dev/null
+++ b/vendor/google/wifi_sniffer.te
@@ -0,0 +1,20 @@
+type wifi_sniffer, domain;
+type wifi_sniffer_exec, exec_type, vendor_file_type, file_type;
+
+userdebug_or_eng(`
+ # make transition from init to its domain
+ init_daemon_domain(wifi_sniffer)
+ net_domain(wifi_sniffer)
+
+# configurate con mode
+ allow wifi_sniffer self:capability net_admin;
+ allow wifi_sniffer sysfs_wifi_conmode:file rw_file_perms;
+
+# interface up
+ allowxperm wifi_sniffer self:udp_socket ioctl SIOCSIFFLAGS;
+ allow wifi_sniffer self:netlink_generic_socket create_socket_perms_no_ioctl;
+
+ get_prop(wifi_sniffer, vendor_wifi_sniffer_prop)
+
+ dontaudit wifi_sniffer debugfs_wlan:dir search;
+')
diff --git a/vendor/qcom/common/adpl.te b/vendor/qcom/common/adpl.te
deleted file mode 100644
index ad80aec..0000000
--- a/vendor/qcom/common/adpl.te
+++ /dev/null
@@ -1,4 +0,0 @@
-type adpl, domain;
-type adpl_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(adpl)
-
diff --git a/vendor/qcom/common/app.te b/vendor/qcom/common/app.te
index 900963a..6b4c9d2 100644
--- a/vendor/qcom/common/app.te
+++ b/vendor/qcom/common/app.te
@@ -1 +1,3 @@
get_prop(appdomain, vendor_display_prop)
+
+dontaudit appdomain sysfs_msm_subsys:dir search;
diff --git a/vendor/qcom/common/atfwd.te b/vendor/qcom/common/atfwd.te
deleted file mode 100644
index f764b90..0000000
--- a/vendor/qcom/common/atfwd.te
+++ /dev/null
@@ -1,5 +0,0 @@
-type atfwd, domain;
-type atfwd_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(atfwd)
-
diff --git a/vendor/qcom/common/attributes b/vendor/qcom/common/attributes
index 9db522b..5820538 100644
--- a/vendor/qcom/common/attributes
+++ b/vendor/qcom/common/attributes
@@ -1,2 +1,5 @@
attribute vendor_persist_type;
attribute hal_display_color;
+attribute hal_qseecom;
+attribute hal_qseecom_client;
+attribute hal_qseecom_server;
diff --git a/vendor/qcom/common/audiod.te b/vendor/qcom/common/audiod.te
deleted file mode 100644
index 182c91d..0000000
--- a/vendor/qcom/common/audiod.te
+++ /dev/null
@@ -1,5 +0,0 @@
-# audio daemon
-type audiod, domain;
-type audiod_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(audiod)
-
diff --git a/vendor/qcom/common/bootanim.te b/vendor/qcom/common/bootanim.te
index 3583904..1824981 100644
--- a/vendor/qcom/common/bootanim.te
+++ b/vendor/qcom/common/bootanim.te
@@ -5,3 +5,5 @@
# in /data/system. This should be moved. In the meantime, suppress
# this denial on phones since this functionality is not used.
dontaudit bootanim system_data_file:dir read;
+
+dontaudit bootanim sysfs_msm_subsys:dir search;
diff --git a/vendor/qcom/common/cameraserver.te b/vendor/qcom/common/cameraserver.te
index ae768ee..f8dd61f 100644
--- a/vendor/qcom/common/cameraserver.te
+++ b/vendor/qcom/common/cameraserver.te
@@ -4,3 +4,4 @@
dontaudit cameraserver gpu_device:chr_file rw_file_perms;
get_prop(cameraserver, vendor_display_prop)
+dontaudit cameraserver sysfs_msm_subsys:dir search;
diff --git a/vendor/qcom/common/charger_monitor.te b/vendor/qcom/common/charger_monitor.te
deleted file mode 100644
index 75a5785..0000000
--- a/vendor/qcom/common/charger_monitor.te
+++ /dev/null
@@ -1,7 +0,0 @@
-#integrated process
-type charger_monitor, domain;
-type charger_monitor_exec, exec_type, vendor_file_type, file_type;
-
-#started by init
-init_daemon_domain(charger_monitor)
-
diff --git a/vendor/qcom/common/device.te b/vendor/qcom/common/device.te
index 60e488d..a57eb41 100644
--- a/vendor/qcom/common/device.te
+++ b/vendor/qcom/common/device.te
@@ -20,16 +20,12 @@
#Define thermal-engine devices
type thermal_device, dev_type;
-#Define vm_bms devices
-type vm_bms_device, dev_type;
type battery_data_device, dev_type;
#Add qdsp_device type
type qdsp_device, dev_type, mlstrustedobject;
type dsp_device, dev_type;
type xdsp_device, dev_type;
-#Define hvdcp/quickcharge device
-type hvdcp_device, dev_type;
#Define mpdecision device
type device_latency, dev_type;
@@ -45,7 +41,6 @@
type rpmb_device, dev_type;
type sg_device, dev_type;
type dip_device, dev_type;
-type mdtp_device, dev_type;
type sd_device, dev_type;
type ssd_block_device, dev_type;
@@ -77,9 +72,6 @@
#Bootselect partition
type bootselect_device, dev_type;
-#define usb_uicc_device for usb_uicc daemon
-type usb_uicc_device, dev_type;
-
# Define IPA devices
type ipa_dev, dev_type;
@@ -113,7 +105,6 @@
type qsee_ipc_irq_spss_device, dev_type;
# Define QDSS devices
-type qdss_device, dev_type;
#Define Gadget serial device
type gadget_serial_device, dev_type;
@@ -121,10 +112,6 @@
#energy-awareness device
type pta_device, dev_type;
-#Added for hbtp
-type bu21150_device, dev_type;
-type hbtp_device, dev_type;
-
#Define qfintverify device
type qce_device, dev_type;
type rng_device, dev_type;
@@ -132,9 +119,6 @@
#Define system health monitor devices
type system_health_monitor_device, dev_type;
-#Define usf device
-type usf_device, dev_type;
-
#Define qbt1000 device - ultrasonic fingperprint sensor
type qbt1000_device, dev_type;
@@ -167,6 +151,3 @@
#define devinfo block device
type devinfo_block_device, dev_type;
-
-# define latency device
-type latency_device, dev_type;
diff --git a/vendor/qcom/common/dtsconfigurator.te b/vendor/qcom/common/dtsconfigurator.te
deleted file mode 100644
index a97703e..0000000
--- a/vendor/qcom/common/dtsconfigurator.te
+++ /dev/null
@@ -1,6 +0,0 @@
-type dtsconfigurator, domain;
-type dtsconfigurator_exec, exec_type, vendor_file_type, file_type;
-
-#started by init
-init_daemon_domain(dtsconfigurator)
-
diff --git a/vendor/qcom/common/dtseagleservice.te b/vendor/qcom/common/dtseagleservice.te
deleted file mode 100644
index caeb34e..0000000
--- a/vendor/qcom/common/dtseagleservice.te
+++ /dev/null
@@ -1,7 +0,0 @@
-type dtseagleservice, domain;
-type dtseagleservice_exec, exec_type, vendor_file_type, file_type;
-
-#Allow for transition from init domain to dtseagleservice
-init_daemon_domain(dtseagleservice)
-
-
diff --git a/vendor/qcom/common/energyawareness.te b/vendor/qcom/common/energyawareness.te
deleted file mode 100644
index 8d1edde..0000000
--- a/vendor/qcom/common/energyawareness.te
+++ /dev/null
@@ -1,6 +0,0 @@
-type energyawareness, domain;
-type energyawareness_exec, exec_type, vendor_file_type, file_type;
-
-#started by init
-init_daemon_domain(energyawareness)
-
diff --git a/vendor/qcom/common/esepmdaemon.te b/vendor/qcom/common/esepmdaemon.te
deleted file mode 100644
index 86118a7..0000000
--- a/vendor/qcom/common/esepmdaemon.te
+++ /dev/null
@@ -1,7 +0,0 @@
-type esepmdaemon, domain;
-type esepmdaemon_exec, exec_type, vendor_file_type, file_type;
-
-#Allow for transition from init domain to esepmdaemon
-init_daemon_domain(esepmdaemon)
-
-
diff --git a/vendor/qcom/common/factory_ota_app.te b/vendor/qcom/common/factory_ota_app.te
deleted file mode 100644
index 5a661df..0000000
--- a/vendor/qcom/common/factory_ota_app.te
+++ /dev/null
@@ -1,31 +0,0 @@
-type factory_ota_app, domain, coredomain;
-
-app_domain(factory_ota_app)
-net_domain(factory_ota_app)
-
-# Write to /data/ota_package for OTA packages.
-# Factory OTA client will download OTA image into ota_package folder and unzip it.
-# Than Update engine could use it to execute OTA process.
-# So Factory OTA client need read / write and create file access right for this folder
-allow factory_ota_app ota_package_file:dir rw_dir_perms;
-allow factory_ota_app ota_package_file:file create_file_perms;
-
-# Properties
-# For read system property ro.* or persist.*
-get_prop(factory_ota_app, factory_ota_prop);
-# For write system property persist.*
-set_prop(factory_ota_app, exported_system_prop);
-
-# Services
-# For get access WiFi manager service
-allow factory_ota_app app_api_service:service_manager find;
-# Allow Factory OTA to call Update Engine
-binder_call(factory_ota_app, update_engine)
-# Allow Update Engine to call the Factory OTA callback
-binder_call(update_engine, factory_ota_app)
-#For access update engine function
-allow factory_ota_app update_engine_service:service_manager find;
-#For disable NFC wake up device feature
-allow factory_ota_app nfc_service:service_manager find;
-#For get device IMEI
-allow factory_ota_app radio_service:service_manager find;
diff --git a/vendor/qcom/common/fidodaemon.te b/vendor/qcom/common/fidodaemon.te
deleted file mode 100644
index bde9ce8..0000000
--- a/vendor/qcom/common/fidodaemon.te
+++ /dev/null
@@ -1,7 +0,0 @@
-type fidodaemon, domain;
-type fidodaemon_exec, exec_type, vendor_file_type, file_type;
-
-#Allow for transition from init domain to fidodaemon
-init_daemon_domain(fidodaemon)
-
-
diff --git a/vendor/qcom/common/file.te b/vendor/qcom/common/file.te
index 52cdfcf..0284a07 100644
--- a/vendor/qcom/common/file.te
+++ b/vendor/qcom/common/file.te
@@ -1,6 +1,3 @@
-# Default type for anything under /vendor/firmware_mnt.
-type firmware_file, file_type, contextmount_type, vendor_file_type;
-
# All files under /vendor/firmware
type vendor_firmware_file, vendor_file_type, file_type;
@@ -15,8 +12,6 @@
type proc_wifi_dbg, proc_type, fs_type;
type proc_swappiness, proc_type, fs_type;
-#Define the pps socket type
-type pps_socket, file_type;
#Define the qdcmss socket type
type qdcmsocket_socket, file_type;
@@ -36,9 +31,7 @@
#Define the files written during the operation of netmgrd and qmuxd
type netmgrd_data_file, file_type, data_file_type;
-type sysrq_trigger_proc, fs_type, mlstrustedobject;
# Persist file types
-type persist_file, file_type, vendor_persist_type;
type persist_bluetooth_file, file_type , vendor_persist_type;
type persist_camera_file, file_type , vendor_persist_type;
type persist_data_file, file_type , vendor_persist_type;
@@ -48,11 +41,8 @@
type persist_misc_file, file_type , vendor_persist_type;
type persist_bms_file, file_type , vendor_persist_type;
type persist_secnvm_file, file_type , vendor_persist_type;
-type persist_hvdcp_file, file_type , vendor_persist_type;
type persist_audio_file, file_type , vendor_persist_type;
-#file type for restricting proc read by audiod
-type proc_audiod, fs_type, proc_type;
type proc_sysctl_schedboost, proc_type, fs_type;
#msm irqbalance
@@ -77,12 +67,6 @@
type persist_rfs_file, file_type, vendor_persist_type;
type persist_rfs_shared_hlos_file, file_type, vendor_persist_type;
-#mm-pp-daemon file type for sysfs access
-#type sysfs_leds, fs_type, sysfs_type;
-
-#Define the files written during the operation of mm-pp-daemon
-type data_ad_calib_cfg, file_type, data_file_type;
-
#SurfaceFlinger file type for sysfs access
type sysfs_graphics, sysfs_type, fs_type;
@@ -95,9 +79,6 @@
# sysfs spmi device for hvdcp/quickcharge
type sysfs_spmi_dev, sysfs_type, fs_type;
-# sysfs qdss device for qcomsysd
-type sysfs_qdss_dev, sysfs_type, fs_type;
-
# sysfs poweron_alarm is used in init.target.rc
type sysfs_poweron_alarm, sysfs_type, fs_type;
@@ -105,7 +86,6 @@
type sysfs_mpdecision, fs_type, sysfs_type;
type sysfs_rqstats, fs_type, sysfs_type;
type sysfs_cpu_online, fs_type, sysfs_type;
-type mpctl_socket, file_type, mlstrustedobject;
type mpctl_data_file, file_type, data_file_type;
#Define the files used by lm
@@ -126,7 +106,6 @@
type sysfs_timestamp_switch, sysfs_type, fs_type;
#define the files writer during the operation of app state changes
-type gamed_socket, file_type;
#define the files writter during the operatio of iop
type iop_socket, file_type;
@@ -135,15 +114,6 @@
#Socket node needed by ims_data daemon
type ims_socket, file_type;
-#mink-lowi-interface-daemon (mlid) socket
-type mlid_socket, file_type, mlstrustedobject;
-
-#ssg qmi gateway daemon socket
-type ssgqmig_socket, file_type, mlstrustedobject;
-
-#ssg tz daemon socket
-type ssgtzd_socket, file_type, mlstrustedobject;
-
#location file types
type location_data_file, file_type, data_file_type;
type location_socket, file_type, data_file_type;
@@ -162,10 +132,6 @@
# Files accessed by qcom-system-daemon
type sysfs_socinfo, fs_type, sysfs_type;
-#Define the sysfs files for usb_uicc_daemon
-type sysfs_usb_uicc, sysfs_type, fs_type;
-
-type qlogd_socket, file_type, mlstrustedobject;
#Defines the files (configs, dumps, etc) used by display processes
type display_vendor_data_file, file_type, data_file_type;
@@ -195,43 +161,17 @@
type proc_dirty_ratio, fs_type, proc_type;
#File types by mmi
-type vendor_mmi_socket, file_type;
-# hbtp config file
-type hbtp_cfg_file, file_type, vendor_file_type;
-type hbtp_log_file, file_type, data_file_type;
-type hbtp_kernel_sysfs, fs_type, sysfs_type;
-
-type persist_usf_file, file_type, vendor_persist_type;
#rmt files
type sysfs_rmtfs, sysfs_type, fs_type;
-#qfp-daemon
-type qfp-daemon_data_file, file_type, data_file_type;
-type persist_qti_fp_file, file_type, vendor_persist_type;
-#qsee_svc_app file types
-type qsee_svc_app_data_file, file_type, data_file_type;
-# imshelper_app file types
-type imshelper_app_data_file, file_type, data_file_type;
-
-# RIDL data files
-type RIDL_data_file, file_type, data_file_type;
-type RIDL_socket, file_type, data_file_type;
-
-# qti_logkit data files (privileged and public)
-type qti_logkit_priv_data_file, file_type, data_file_type;
-type qti_logkit_pub_data_file, file_type, data_file_type;
-type qti_logkit_priv_socket, file_type, data_file_type;
-type qti_logkit_pub_socket, file_type, mlstrustedobject, data_file_type;
# used for /dsp files
type adsprpcd_file, file_type, mlstrustedobject, vendor_file_type;
-#mdtp_svc_app file types
-type mdtp_svc_app_data_file, file_type, data_file_type;
# Regionalization files
type regionalization_file, file_type , vendor_persist_type;
@@ -246,8 +186,6 @@
# Wifi Data file
type wifi_vendor_data_file, file_type, data_file_type;
type wifi_vendor_wpa_socket, file_type, data_file_type;
-type wifi_vendor_hostapd_socket, file_type, data_file_type;
-type hostapd_socket, file_type, data_file_type;
#widevine data file
type vendor_mediadrm_data_file, file_type, data_file_type;
@@ -281,8 +219,6 @@
type sysfs_laser, fs_type, sysfs_type;
# QDMA data files
-type vendor_qdma_data_file, file_type, data_file_type;
-type qdma_socket, file_type;
# path to debugfs use this whic should be only used
# in debug builds
@@ -300,10 +236,6 @@
#irq balance sysfs type
type sysfs_irqbalance , sysfs_type, fs_type;
-# vpp files
-type vendor_vpp_data_file, file_type, data_file_type;
-type persist_vpp_file, file_type, vendor_persist_type;
-
# vendor camera files
type vendor_camera_data_file, file_type, data_file_type;
@@ -318,8 +250,6 @@
type sysfs_wigig, fs_type, sysfs_type;
type wigignpt_socket, file_type, data_file_type;
-# wigig_hostapd
-type wigig_hostapd_socket, file_type, data_file_type;
# ea sysfs files
type sysfs_ea, fs_type, sysfs_type;
@@ -343,7 +273,6 @@
type data_tzstorage_file, file_type, data_file_type;
#TLOC Files
-type tlocd_data_file, file_type, data_file_type;
#DRM files
type data_qsee_file, file_type, data_file_type;
@@ -363,6 +292,9 @@
#SSR Log Files
type ramdump_vendor_data_file, file_type, data_file_type, mlstrustedobject;
+# RamdumpFs files
+type ramdump_vendor_mnt_file, file_type, data_file_type, mlstrustedobject;
+
# npu file
type sysfs_npu, fs_type, sysfs_type;
@@ -391,9 +323,7 @@
type sysfs_scsi_devices_0000, sysfs_type, fs_type;
# for PowerHal
-type debugfs_sched_features, debugfs_type, fs_type;
-
-allow firmware_file self:filesystem associate;
+type proc_sched_energy_aware, proc_type, fs_type;
# debugfs wlan
type debugfs_wlan, debugfs_type, fs_type;
diff --git a/vendor/qcom/common/file_contexts b/vendor/qcom/common/file_contexts
index 0aafcfe..f329e37 100644
--- a/vendor/qcom/common/file_contexts
+++ b/vendor/qcom/common/file_contexts
@@ -1,11 +1,7 @@
###################################
# System files
#
-/(vendor|system/vendor)/bin/ATFWD-daemon u:object_r:atfwd_exec:s0
/(vendor|system/vendor)/bin/PktRspTest u:object_r:diag_exec:s0
-/(vendor|system/vendor)/bin/audiod u:object_r:audiod_exec:s0
-/(vendor|system/vendor)/bin/charger_monitor u:object_r:charger_monitor_exec:s0
-/(vendor|system/vendor)/bin/hvdcp_opti u:object_r:hvdcp_exec:s0
/(vendor|system/vendor)/bin/cnd u:object_r:cnd_exec:s0
/(vendor|system/vendor)/bin/diag_callback_client u:object_r:diag_exec:s0
/(vendor|system/vendor)/bin/diag_dci_sample u:object_r:diag_exec:s0
@@ -45,37 +41,25 @@
/(vendor|system/vendor)/bin/init\.qti\.ims\.sh u:object_r:qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/init\.sensors\.sh u:object_r:qti_init_shell_exec:s0
/(vendor|system/vendor)/bin/qca6234-service.sh u:object_r:qti_init_shell_exec:s0
-/(vendor|system/vendor)/bin/mm-pp-daemon u:object_r:mm-pp-daemon_exec:s0
-/(vendor|system/vendor)/bin/mm-pp-dpps u:object_r:mm-pp-daemon_exec:s0
-/(vendor|system/vendor)/bin/mmi u:object_r:vendor_mmi_exec:s0
-/(vendor|system/vendor)/bin/mmid u:object_r:vendor_mmi_exec:s0
-/(vendor|system/vendor)/bin/qdcmss u:object_r:qdcm-ss_exec:s0
/(vendor|system/vendor)/bin/msm_irqbalance u:object_r:msm_irqbalanced_exec:s0
/(vendor|system/vendor)/bin/imsdatadaemon u:object_r:ims_exec:s0
/(vendor|system/vendor)/bin/imsqmidaemon u:object_r:ims_exec:s0
/(vendor|system/vendor)/bin/ims_rtp_daemon u:object_r:hal_imsrtp_exec:s0
/(vendor|system/vendor)/bin/netmgrd u:object_r:netmgrd_exec:s0
-/(vendor|system/vendor)/bin/qmuxd u:object_r:qmuxd_exec:s0
/(vendor|system/vendor)/bin/port-bridge u:object_r:port-bridge_exec:s0
/(vendor|system/vendor)/bin/sensors.qcom u:object_r:sensors_exec:s0
/(vendor|system/vendor)/bin/sensors.qti u:object_r:sensors_exec:s0
/(vendor|system/vendor)/bin/test_diag u:object_r:diag_exec:s0
/(vendor|system/vendor)/bin/thermal-engine u:object_r:thermal-engine_exec:s0
-/(vendor|system/vendor)/bin/vm_bms u:object_r:vm_bms_exec:s0
-/(vendor|system/vendor)/bin/mm-qcamera-daemon u:object_r:mm-qcamerad_exec:s0
-/(vendor|system/vendor)/bin/qfp-daemon u:object_r:qfp-daemon_exec:s0
-/(vendor|system/vendor)/bin/qvop-daemon u:object_r:qvop-daemon_exec:s0
/system/rfs.* u:object_r:rfs_system_file:s0
/(vendor|system/vendor)/bin/time_daemon u:object_r:time_daemon_exec:s0
/(vendor|system/vendor)/bin/rmt_storage u:object_r:rmt_storage_exec:s0
/(vendor|system/vendor)/bin/tftp_server u:object_r:rfs_access_exec:s0
-/(vendor|system/vendor)/bin/hvdcp u:object_r:hvdcp_exec:s0
/(vendor|system/vendor)/bin/qseecomd u:object_r:tee_exec:s0
/(vendor|system/vendor)/bin/spdaemon u:object_r:spdaemon_exec:s0
/(vendor|system/vendor)/bin/sec_nvm u:object_r:sec_nvm_exec:s0
/(vendor|system/vendor)/bin/cnss-daemon u:object_r:wcnss_service_exec:s0
/(vendor|system/vendor)/bin/cnss_diag u:object_r:wcnss_service_exec:s0
-/(vendor|system/vendor)/bin/hostapd_cli u:object_r:hostapd_exec:s0
/(vendor|system/vendor)/bin/adsprpcd u:object_r:adsprpcd_exec:s0
/(vendor|system/vendor)/bin/cdsprpcd u:object_r:cdsprpcd_exec:s0
/(vendor|system/vendor)/bin/wpa_cli u:object_r:wcnss_service_exec:s0
@@ -86,11 +70,7 @@
/(vendor|system/vendor)/bin/pm-proxy u:object_r:vendor_per_mgr_exec:s0
/(vendor|system/vendor)/bin/pd-mapper u:object_r:vendor_pd_mapper_exec:s0
/(vendor|system/vendor)/bin/pd-api-test u:object_r:vendor_pd_mapper_exec:s0
-/(vendor|system/vendor)/bin/usb_uicc_client u:object_r:usb_uicc_daemon_exec:s0
-/(vendor|system/vendor)/bin/qcom-system-daemon u:object_r:vendor_qcomsysd_exec:s0
-/(vendor|system/vendor)/bin/poweroffhandler u:object_r:poweroffhandler_exec:s0
/(vendor|system/vendor)/xbin/qlogd u:object_r:qlogd_exec:s0
-/(vendor|system/vendor)/bin/dpmQmiMgr u:object_r:hal_dpmQmiMgr_exec:s0
/(vendor|system/vendor)/bin/ssr_setup u:object_r:vendor_ssr_setup_exec:s0
/(vendor|system/vendor)/bin/subsystem_ramdump u:object_r:vendor_subsystem_ramdump_exec:s0
/(vendor|system/vendor)/bin/ssr_diag u:object_r:vendor_ssr_diag_exec:s0
@@ -101,67 +81,27 @@
/(vendor|system/vendor)/bin/hw/vendor\.qti\.gnss@.*-service u:object_r:hal_gnss_qti_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.0-service-qti u:object_r:hal_bluetooth_default_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.display\.color@1\.0-service u:object_r:hal_display_color_default_exec:s0
-/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.perf@1\.0-service u:object_r:hal_perf_default_exec:s0
-/(vendor|system/vendor)/bin/ssgqmigd u:object_r:ssgqmigd_exec:s0
-/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.iop@1\.0-service u:object_r:hal_iop_default_exec:s0
-/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.iop@2\.0-service u:object_r:hal_iop_default_exec:s0
-/(vendor|system/vendor)/bin/mlid u:object_r:mlid_exec:s0
/(vendor|system/vendor)/bin/loc_launcher u:object_r:location_exec:s0
/(vendor|system/vendor)/bin/lowi-server u:object_r:location_exec:s0
/(vendor|system/vendor)/bin/xtra-daemon u:object_r:location_exec:s0
-/(vendor|system/vendor)/bin/energy-awareness u:object_r:energyawareness_exec:s0
-/(vendor|system/vendor)/bin/fidodaemon u:object_r:fidodaemon_exec:s0
-/(vendor|system/vendor)/bin/esepmdaemon u:object_r:esepmdaemon_exec:s0
-/(vendor|system/vendor)/bin/secotad u:object_r:secotad_exec:s0
-/(vendor|system/vendor)/bin/qseeproxydaemon u:object_r:qseeproxy_exec:s0
-/(vendor|system/vendor)/bin/dts_configurator u:object_r:dtsconfigurator_exec:s0
-/(vendor|system/vendor)/bin/dts_eagle_service u:object_r:dtseagleservice_exec:s0
-/(vendor|system/vendor)/bin/qti u:object_r:qti_exec:s0
-/(vendor|system/vendor)/bin/adpl u:object_r:adpl_exec:s0
/(vendor|system/vendor)/bin/wcnss_service u:object_r:wcnss_service_exec:s0
-/(vendor|system/vendor)/bin/hbtp_daemon u:object_r:hbtp_exec:s0
-/(vendor|system/vendor)/bin/touch_fusion u:object_r:touchfusion_exec:s0
-/(vendor|system/vendor)/bin/seemp_healthd u:object_r:seemp_health_daemon_exec:s0
/(vendor|system/vendor)/bin/wifidisplayhalservice u:object_r:wifidisplayhalservice_qti_exec:s0
-/(vendor|system/vendor)/bin/usf_epos u:object_r:usf_exec:s0
-/(vendor|system/vendor)/bin/usf_gesture u:object_r:usf_exec:s0
-/(vendor|system/vendor)/bin/usf_hovering u:object_r:usf_exec:s0
-/(vendor|system/vendor)/bin/usf_p2p u:object_r:usf_exec:s0
-/(vendor|system/vendor)/bin/usf_proximity u:object_r:usf_exec:s0
-/(vendor|system/vendor)/bin/usf_sync_gesture u:object_r:usf_exec:s0
-/(vendor|system/vendor)/bin/usf_sw_calib u:object_r:usf_exec:s0
-/(vendor|system/vendor)/bin/usf_pairing u:object_r:usf_exec:s0
-/(vendor|system/vendor)/bin/usf_tester u:object_r:usf_exec:s0
-/(vendor|system/vendor)/bin/LKCore u:object_r:qti_logkit_exec:s0
-/(vendor|system/vendor)/bin/tbaseLoader u:object_r:tbaseLoader_exec:s0
-/(vendor|system/vendor)/bin/mcStarter u:object_r:mcStarter_exec:s0
/(vendor|system/vendor)/bin/fstman u:object_r:fstman_exec:s0
/(vendor|system/vendor)/bin/wigighalsvc u:object_r:wigighalsvc_exec:s0
/(vendor|system/vendor)/bin/wigignpt u:object_r:wigignpt_exec:s0
-/(vendor|system/vendor)/bin/mdtpd u:object_r:mdtpdaemon_exec:s0
-/(vendor|system/vendor)/bin/wifi_ftmd u:object_r:wifi_ftmd_exec:s0
-/(vendor|system/vendor)/bin/fingerprint.qcom u:object_r:fps_hal_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@3\.0-service-qti u:object_r:hal_keymaster_qti_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.0-service-qti u:object_r:hal_keymaster_qti_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.0-strongbox-service-qti u:object_r:hal_keymaster_qti_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.gatekeeper@1\.0-service-qti u:object_r:hal_gatekeeper_qti_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.2-service\.st u:object_r:hal_nfc_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.confirmationui@1\.0-service-google u:object_r:hal_confirmationui_default_exec:s0
-/(vendor|system/vendor)/bin/qdmastatsd u:object_r:qdmastatsd_exec:s0
-/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.alarm@1\.0-service u:object_r:hal_alarm_qti_default_exec:s0
/(vendor|system/vendor)/bin/imsrcsd u:object_r:hal_rcsservice_exec:s0
-/(vendor|system/vendor)/bin/vppservice u:object_r:vendor_vppservice_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.qteeconnector@1\.0-service u:object_r:hal_qteeconnector_qti_exec:s0
-/(vendor|system/vendor)/bin/fm_qsoc_patches u:object_r:fm_qsoc_patches_exec:s0
+/vendor/bin/hw/vendor\.qti\.hardware\.qseecom@1\.0-service u:object_r:hal_qseecom_default_exec:s0
/(vendor|system/vendor)/bin/chre u:object_r:chre_exec:s0
-/(vendor|system/vendor)/bin/tloc_daemon u:object_r:tlocd_exec:s0
-/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.factory@1\.0-service u:object_r:vendor_hal_factory_qti_default_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.display\.allocator@1\.0-service u:object_r:hal_graphics_allocator_default_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.display\.allocator-service u:object_r:hal_graphics_allocator_default_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.tui_comm@1\.0-service-qti u:object_r:hal_tui_comm_qti_exec:s0
-/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.sensorscalibrate@1\.0-service u:object_r:hal_sensorscalibrate_qti_default_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.media\.c2@1\.0-service u:object_r:mediacodec_exec:s0
-/(vendor|system/vendor)/bin/power_off_alarm u:object_r:power_off_alarm_exec:s0
# dev socket nodes
/dev/socket/chre u:object_r:chre_socket:s0
@@ -176,8 +116,6 @@
###################################
# persist files
#
-/persist u:object_r:persist_file:s0
-/mnt/vendor/persist(/.*)? u:object_r:persist_file:s0
/mnt/vendor/persist/camera(/.*)? u:object_r:persist_camera_file:s0
/mnt/vendor/persist/bluetooth(/.*)? u:object_r:persist_bluetooth_file:s0
/mnt/vendor/persist/drm(/.*)? u:object_r:persist_drm_file:s0
@@ -187,24 +125,21 @@
/mnt/vendor/persist/data(/.*)? u:object_r:persist_drm_file:s0
/mnt/vendor/persist/data/tz(/.*)? u:object_r:persist_drm_file:s0
/mnt/vendor/persist/data/sfs(/.*)? u:object_r:persist_drm_file:s0
-/mnt/vendor/persist/qti_fp(/.*)? u:object_r:persist_qti_fp_file:s0
-/mnt/vendor/persist/usf(/.*)? u:object_r:persist_usf_file:s0
/mnt/vendor/persist/hlos_rfs(/.*)? u:object_r:persist_rfs_shared_hlos_file:s0
/mnt/vendor/persist/display(/.*)? u:object_r:persist_display_file:s0
/mnt/vendor/persist/rfs.* u:object_r:persist_rfs_file:s0
/mnt/vendor/persist/speccfg(/.*)? u:object_r:regionalization_file:s0
/mnt/vendor/persist/misc(/.*)? u:object_r:persist_misc_file:s0
/mnt/vendor/persist/bms(/.*)? u:object_r:persist_bms_file:s0
-/mnt/vendor/persist/vpp(/.*)? u:object_r:persist_vpp_file:s0
/mnt/vendor/persist/secnvm(/.*)? u:object_r:persist_secnvm_file:s0
/mnt/vendor/persist/FTM_AP(/.*)? u:object_r:vendor_persist_mmi_file:s0
-/mnt/vendor/persist/hvdcp_opti(/.*)? u:object_r:persist_hvdcp_file:s0
/mnt/vendor/persist/audio(/.*)? u:object_r:persist_audio_file:s0
###################################
-# etc files
+# ramdumpfs files
#
-/vendor/etc/hbtp/* u:object_r:hbtp_cfg_file:s0
+/mnt/vendor/ramdump(/.*)? u:object_r:ramdump_vendor_mnt_file:s0
+/ramdump(/.*)? u:object_r:ramdump_vendor_mnt_file:s0
###################################
# adsp files
@@ -229,14 +164,18 @@
/vendor/lib(64)?/vendor\.qti\.hardware\.display\.mapper@1\.0\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/vendor\.qti\.hardware\.display\.mapper@2\.0\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/vendor\.qti\.hardware\.display\.mapperextensions@1\.0\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/vendor\.qti\.hardware\.display\.mapperextensions@1\.1\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/hw/android\.hardware\.graphics\.mapper@3\.0-impl-qti-display\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/vendor\.qti\.hardware\.display\.mapper@3\.0\.so u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libqdMetaData\.so u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/lib_aion_buffer\.so u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libqservice\.so u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libqdutils\.so u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libadreno_utils\.so u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libgsl\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libqdMetaData\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libgralloc\.qti\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/lib_aion_buffer\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libqservice\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libqdutils\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libadreno_utils\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libadreno_app_profiles\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libgpudataproducer\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libgsl\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libEGL_adreno\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libGLESv1_CM_adreno\.so u:object_r:same_process_hal_file:s0
@@ -297,20 +236,12 @@
###################################
# firmware images
#
-/vendor/firmware(/.*)? u:object_r:vendor_firmware_file:s0
/vendor/bt_firmware(/.*)? u:object_r:bt_firmware_file:s0
-/vendor/firmware_mnt(/.*)? u:object_r:firmware_file:s0
-
-/(vendor|system/vendor)/bin/grep u:object_r:vendor_toolbox_exec:s0
-##################################
-#vendor toolbox
-#
-/(vendor|system/vendor)/bin/toolbox_vendor u:object_r:vendor_toolbox_exec:s0
/dev/st21nfc u:object_r:nfc_device:s0
/data/nfc(/.*)? u:object_r:nfc_data_file:s0
#Android NN Driver
-/(vendor|system/vendor)/bin/hw/android\.hardware\.neuralnetworks@1\.2-service-qti u:object_r:hal_neuralnetworks_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.neuralnetworks@1\.3-service-qti u:object_r:hal_neuralnetworks_default_exec:s0
# dev nodes
/dev/ipa u:object_r:ipa_dev:s0
@@ -327,7 +258,6 @@
/dev/adsprpc-smd-secure u:object_r:qdsp_device:s0
/dev/kgsl-3d0 u:object_r:gpu_device:s0
/dev/wlan u:object_r:wlan_device:s0
-/dev/cpu_dma_latency u:object_r:latency_device:s0
/dev/smem_log u:object_r:smem_log_device:s0
/dev/subsys_modem u:object_r:modem_ssr_device:s0
/dev/diag u:object_r:diag_device:s0
@@ -350,7 +280,6 @@
/dev/socket/ipacm_log_file u:object_r:ipacm_socket:s0
/dev/socket/location(/.*)? u:object_r:location_socket:s0
/dev/socket/wifihal(/.*)? u:object_r:wifihal_socket:s0
-/dev/socket/pps u:object_r:pps_socket:s0
# files in /vendor
/vendor/bin/ipacm u:object_r:hal_tetheroffload_default_exec:s0
@@ -373,6 +302,7 @@
/data/vendor/audio(/.*)? u:object_r:audio_vendor_data_file:s0
/data/vendor/display(/.*)? u:object_r:display_vendor_data_file:s0
/data/vendor/time(/.*)? u:object_r:time_data_file:s0
+/data/vendor/nnhal(/.*)? u:object_r:hal_neuralnetworks_data_file:s0
# spdaemon and sec_nvm files
/dev/spdaemon_ssr u:object_r:spdaemon_ssr_device:s0
diff --git a/vendor/qcom/common/fm.te b/vendor/qcom/common/fm.te
deleted file mode 100644
index 17747e6..0000000
--- a/vendor/qcom/common/fm.te
+++ /dev/null
@@ -1,2 +0,0 @@
-type fm_qsoc_patches, domain;
-type fm_qsoc_patches_exec, exec_type, vendor_file_type, file_type;
diff --git a/vendor/qcom/common/fps_hal.te b/vendor/qcom/common/fps_hal.te
deleted file mode 100644
index 1ffc482..0000000
--- a/vendor/qcom/common/fps_hal.te
+++ /dev/null
@@ -1,6 +0,0 @@
-type fps_hal, domain;
-type fps_hal_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(fps_hal)
-
-
diff --git a/vendor/qcom/common/gamed.te b/vendor/qcom/common/gamed.te
deleted file mode 100644
index e5178ac..0000000
--- a/vendor/qcom/common/gamed.te
+++ /dev/null
@@ -1,4 +0,0 @@
-type gamed, domain;
-type gamed_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(gamed)
diff --git a/vendor/qcom/common/hal_alarm_qti_default.te b/vendor/qcom/common/hal_alarm_qti_default.te
deleted file mode 100644
index 653d233..0000000
--- a/vendor/qcom/common/hal_alarm_qti_default.te
+++ /dev/null
@@ -1,5 +0,0 @@
-type hal_alarm_qti_default, domain;
-
-type hal_alarm_qti_default_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(hal_alarm_qti_default)
-
diff --git a/vendor/qcom/common/hal_dpmQmiMgr.te b/vendor/qcom/common/hal_dpmQmiMgr.te
deleted file mode 100644
index 635b8f0..0000000
--- a/vendor/qcom/common/hal_dpmQmiMgr.te
+++ /dev/null
@@ -1,7 +0,0 @@
-type hal_dpmQmiMgr, domain;
-
-type hal_dpmQmiMgr_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(hal_dpmQmiMgr)
-
-
diff --git a/vendor/qcom/common/hal_factory_qti_default.te b/vendor/qcom/common/hal_factory_qti_default.te
deleted file mode 100644
index 53838bf..0000000
--- a/vendor/qcom/common/hal_factory_qti_default.te
+++ /dev/null
@@ -1,5 +0,0 @@
-type vendor_hal_factory_qti_default, domain;
-
-type vendor_hal_factory_qti_default_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(vendor_hal_factory_qti_default)
-
diff --git a/vendor/qcom/common/hal_graphics_allocator_default.te b/vendor/qcom/common/hal_graphics_allocator_default.te
index 0a7e40a..2daeed9 100644
--- a/vendor/qcom/common/hal_graphics_allocator_default.te
+++ b/vendor/qcom/common/hal_graphics_allocator_default.te
@@ -1 +1,3 @@
get_prop(hal_graphics_allocator_default, vendor_display_prop)
+
+dontaudit hal_graphics_allocator_default sysfs_msm_subsys:dir search;
diff --git a/vendor/qcom/common/hal_graphics_composer_default.te b/vendor/qcom/common/hal_graphics_composer_default.te
index 8d8e100..c4e51fc 100644
--- a/vendor/qcom/common/hal_graphics_composer_default.te
+++ b/vendor/qcom/common/hal_graphics_composer_default.te
@@ -19,7 +19,8 @@
allow hal_graphics_composer_default sysfs_msm_subsys:dir search;
allow hal_graphics_composer_default sysfs_msm_subsys:file r_file_perms;
allow hal_graphics_composer_default video_device:chr_file rw_file_perms;
-r_dir_file(hal_graphics_composer_default, sysfs_leds)
+allow hal_graphics_composer_default sysfs_leds:dir r_dir_perms;
+allow hal_graphics_composer_default sysfs_leds:file rw_file_perms;
# Allow dir search in '/oem'
allow hal_graphics_composer_default oemfs:dir r_dir_perms;
diff --git a/vendor/qcom/common/hal_imsrtp.te b/vendor/qcom/common/hal_imsrtp.te
index c2c889c..3aef4f0 100644
--- a/vendor/qcom/common/hal_imsrtp.te
+++ b/vendor/qcom/common/hal_imsrtp.te
@@ -14,6 +14,7 @@
add_hwservice(hal_imsrtp, hal_imsrtp_hwservice)
binder_call(hal_imsrtp, radio)
+binder_call(hal_imsrtp, qtelephony)
unix_socket_connect(hal_imsrtp, ims, ims)
get_prop(hal_imsrtp, hwservicemanager_prop)
diff --git a/vendor/qcom/common/hal_iop_default.te b/vendor/qcom/common/hal_iop_default.te
deleted file mode 100644
index fc251f1..0000000
--- a/vendor/qcom/common/hal_iop_default.te
+++ /dev/null
@@ -1,6 +0,0 @@
-type hal_iop_default, domain, mlstrustedsubject;
-
-type hal_iop_default_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(hal_iop_default)
-
-
diff --git a/vendor/qcom/common/hal_perf_default.te b/vendor/qcom/common/hal_perf_default.te
deleted file mode 100644
index 7762c4b..0000000
--- a/vendor/qcom/common/hal_perf_default.te
+++ /dev/null
@@ -1,6 +0,0 @@
-type hal_perf_default, domain;
-
-type hal_perf_default_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(hal_perf_default)
-
-
diff --git a/vendor/qcom/common/hal_qseecom.te b/vendor/qcom/common/hal_qseecom.te
new file mode 100644
index 0000000..fc37ddf
--- /dev/null
+++ b/vendor/qcom/common/hal_qseecom.te
@@ -0,0 +1,25 @@
+#define the domain
+type hal_qseecom_default, domain;
+hal_server_domain(hal_qseecom_default, hal_qseecom)
+type hal_qseecom_default_exec, exec_type, file_type, vendor_file_type;
+
+init_daemon_domain(hal_qseecom_default)
+
+#Allow hal_qseecom client domain apps to find hwservice
+binder_call(hal_qseecom_client, hal_qseecom_server)
+binder_call(hal_qseecom_server, hal_qseecom_client)
+
+#allow the service to be added to hwservice list
+hal_attribute_hwservice(hal_qseecom, hal_qseecom_hwservice)
+
+#allow access to hal_allocator
+hal_client_domain(hal_qseecom_default, hal_allocator)
+
+#allow access to ion device
+allow hal_qseecom_default ion_device:chr_file rw_file_perms;
+
+#Allow access to firmware
+r_dir_file(hal_qseecom_default, firmware_file);
+
+#Allow access to tee device
+allow hal_qseecom_default tee_device:chr_file rw_file_perms;
diff --git a/vendor/qcom/common/hal_sensors_default.te b/vendor/qcom/common/hal_sensors_default.te
index 084992e..39625f2 100644
--- a/vendor/qcom/common/hal_sensors_default.te
+++ b/vendor/qcom/common/hal_sensors_default.te
@@ -37,6 +37,8 @@
allow hal_sensors_default sysfs_ssr:file r_file_perms;
+allow hal_sensors_default hal_graphics_mapper_hwservice:hwservice_manager find;
+
# For Suez metrics collection
allow hal_sensors_default fwk_stats_hwservice:hwservice_manager find;
allow hal_sensors_default system_server:binder call;
diff --git a/vendor/qcom/common/hal_sensorscalibrate_qti_default.te b/vendor/qcom/common/hal_sensorscalibrate_qti_default.te
deleted file mode 100644
index 26c876c..0000000
--- a/vendor/qcom/common/hal_sensorscalibrate_qti_default.te
+++ /dev/null
@@ -1,6 +0,0 @@
-type hal_sensorscalibrate_qti_default, domain;
-
-type hal_sensorscalibrate_qti_default_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(hal_sensorscalibrate_qti_default)
-
-
diff --git a/vendor/qcom/common/hal_wifi_ext.te b/vendor/qcom/common/hal_wifi_ext.te
index 51967f4..e9750ff 100644
--- a/vendor/qcom/common/hal_wifi_ext.te
+++ b/vendor/qcom/common/hal_wifi_ext.te
@@ -15,6 +15,9 @@
# Write wlan driver/fw version into property
set_prop(hal_wifi_ext, vendor_wifi_version)
+# Allow wifi_ext to report callbacks to gril-service app
+allow hal_wifi_ext grilservice_app:binder call;
+
userdebug_or_eng(`
# debugfs entries are only needed in user-debug or eng builds
diff --git a/vendor/qcom/common/hbtp.te b/vendor/qcom/common/hbtp.te
deleted file mode 100644
index 2cc23d4..0000000
--- a/vendor/qcom/common/hbtp.te
+++ /dev/null
@@ -1,5 +0,0 @@
-# Policies for hbtp (host based touch processing)
-type hbtp, domain;
-type hbtp_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(hbtp)
-
diff --git a/vendor/qcom/common/hostapd.te b/vendor/qcom/common/hostapd.te
deleted file mode 100644
index 13336ee..0000000
--- a/vendor/qcom/common/hostapd.te
+++ /dev/null
@@ -1,5 +0,0 @@
-# userspace wifi access points
-type hostapd, domain;
-type hostapd_exec, exec_type, vendor_file_type, file_type;
-
-
diff --git a/vendor/qcom/common/hvdcp.te b/vendor/qcom/common/hvdcp.te
deleted file mode 100644
index 9426727..0000000
--- a/vendor/qcom/common/hvdcp.te
+++ /dev/null
@@ -1,8 +0,0 @@
-# HVDVP quickcharge
-type hvdcp, domain;
-type hvdcp_exec, exec_type, vendor_file_type, file_type;
-
-# Make transition to its own HVDCP domain from init
-init_daemon_domain(hvdcp)
-
-
diff --git a/vendor/qcom/common/hwservice.te b/vendor/qcom/common/hwservice.te
index b8bb5be..f53ee3e 100644
--- a/vendor/qcom/common/hwservice.te
+++ b/vendor/qcom/common/hwservice.te
@@ -2,19 +2,15 @@
type hal_iwlan_hwservice, hwservice_manager_type;
type hal_display_config_hwservice, hwservice_manager_type;
type hal_display_postproc_hwservice, hwservice_manager_type;
-type hal_hbtp_hwservice, hwservice_manager_type;
type hal_dpmqmi_hwservice, hwservice_manager_type;
type hal_imsrtp_hwservice, hwservice_manager_type;
type hal_imscallinfo_hwservice, hwservice_manager_type;
type wifidisplayhalservice_hwservice, hwservice_manager_type;
-type hal_iop_hwservice, hwservice_manager_type;
-type hal_alarm_qti_hwservice, hwservice_manager_type;
type hal_datafactory_hwservice, hwservice_manager_type;
type hal_cne_hwservice, hwservice_manager_type;
type hal_latency_hwservice, hwservice_manager_type;
type hal_imsrcsd_hwservice, hwservice_manager_type;
type hal_ipacm_hwservice, hwservice_manager_type;
-type hal_vpp_hwservice, hwservice_manager_type;
type hal_wigig_hwservice, hwservice_manager_type;
type hal_qteeconnector_hwservice, hwservice_manager_type;
type hal_voiceprint_hwservice, hwservice_manager_type;
@@ -22,9 +18,9 @@
type hal_wigig_npt_hwservice, hwservice_manager_type;
type hal_tui_comm_hwservice, hwservice_manager_type;
type hal_qdutils_disp_hwservice, hwservice_manager_type;
-type hal_sensorscalibrate_qti_hwservice, hwservice_manager_type;
type vnd_atcmdfwd_hwservice, hwservice_manager_type;
type hal_dataconnection_hwservice, hwservice_manager_type;
type hal_bluetooth_sar_hwservice, hwservice_manager_type;
type hal_cacert_hwservice, hwservice_manager_type;
type hal_capabilityconfigstore_qti_hwservice, hwservice_manager_type;
+type hal_qseecom_hwservice, hwservice_manager_type, protected_hwservice;
diff --git a/vendor/qcom/common/hwservice_contexts b/vendor/qcom/common/hwservice_contexts
index f291776..b538720 100644
--- a/vendor/qcom/common/hwservice_contexts
+++ b/vendor/qcom/common/hwservice_contexts
@@ -20,7 +20,6 @@
vendor.qti.hardware.radio.uim_remote_client::IUimRemoteServiceClient u:object_r:hal_telephony_hwservice:s0
vendor.qti.hardware.radio.uim::IUim u:object_r:hal_telephony_hwservice:s0
vendor.qti.hardware.radio.ims::IImsRadio u:object_r:hal_telephony_hwservice:s0
-vendor.qti.hardware.sensorscalibrate::ISensorsCalibrate u:object_r:hal_sensorscalibrate_qti_hwservice:s0
vendor.qti.hardware.tui_comm::ITuiComm u:object_r:hal_tui_comm_hwservice:s0
vendor.qti.hardware.radio.atcmdfwd::IAtCmdFwd u:object_r:vnd_atcmdfwd_hwservice:s0
vendor.qti.hardware.data.latency::ILinkLatency u:object_r:hal_latency_hwservice:s0
@@ -32,3 +31,4 @@
vendor.qti.hardware.capabilityconfigstore::ICapabilityConfigStore u:object_r:hal_capabilityconfigstore_qti_hwservice:s0
vendor.qti.hardware.display.allocator::IQtiAllocator u:object_r:hal_graphics_allocator_hwservice:s0
vendor.qti.ims.callinfo::IService u:object_r:hal_imscallinfo_hwservice:s0
+vendor.qti.hardware.qseecom::IQSEECom u:object_r:hal_qseecom_hwservice:s0
diff --git a/vendor/qcom/common/ims.te b/vendor/qcom/common/ims.te
index 939514a..f5b41e5 100644
--- a/vendor/qcom/common/ims.te
+++ b/vendor/qcom/common/ims.te
@@ -65,3 +65,6 @@
dontaudit hal_rcsservice sysfs_faceauth:dir r_dir_perms;
dontaudit hal_rcsservice sysfs_faceauth:file r_file_perms;
+dontaudit ims sysfs_faceauth:dir search;
+
+dontaudit ims diag_device:chr_file rw_file_perms;
diff --git a/vendor/qcom/common/imshelper_app.te b/vendor/qcom/common/imshelper_app.te
deleted file mode 100644
index 9455589..0000000
--- a/vendor/qcom/common/imshelper_app.te
+++ /dev/null
@@ -1,2 +0,0 @@
-type imshelper_app, domain;
-
diff --git a/vendor/qcom/common/init.te b/vendor/qcom/common/init.te
index 2f55069..53d11fa 100644
--- a/vendor/qcom/common/init.te
+++ b/vendor/qcom/common/init.te
@@ -1,4 +1,2 @@
allow init boot_block_device:lnk_file relabelto;
allow init custom_ab_block_device:lnk_file relabelto;
-allow init firmware_file:dir mounton;
-allow init firmware_file:filesystem { mount relabelfrom getattr };
diff --git a/vendor/qcom/common/logdumpd.te b/vendor/qcom/common/logdumpd.te
deleted file mode 100644
index 7e7bb70..0000000
--- a/vendor/qcom/common/logdumpd.te
+++ /dev/null
@@ -1,5 +0,0 @@
-type logdumpd, domain;
-type logdumpd_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(logdumpd)
-
diff --git a/vendor/qcom/common/mcStarter.te b/vendor/qcom/common/mcStarter.te
deleted file mode 100644
index a95a318..0000000
--- a/vendor/qcom/common/mcStarter.te
+++ /dev/null
@@ -1,5 +0,0 @@
-# mobicore daemon
-type mcStarter, domain;
-type mcStarter_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(mcStarter)
-
diff --git a/vendor/qcom/common/mdtp.te b/vendor/qcom/common/mdtp.te
deleted file mode 100644
index c772747..0000000
--- a/vendor/qcom/common/mdtp.te
+++ /dev/null
@@ -1,4 +0,0 @@
-type mdtpdaemon, domain;
-type mdtpdaemon_exec, exec_type, vendor_file_type, file_type;
-
-
diff --git a/vendor/qcom/common/mdtpservice_app.te b/vendor/qcom/common/mdtpservice_app.te
deleted file mode 100644
index afb82db..0000000
--- a/vendor/qcom/common/mdtpservice_app.te
+++ /dev/null
@@ -1,2 +0,0 @@
-type mdtpservice_app, domain;
-
diff --git a/vendor/qcom/common/mediacodec.te b/vendor/qcom/common/mediacodec.te
index 6e68dbd..8ec1d5c 100644
--- a/vendor/qcom/common/mediacodec.te
+++ b/vendor/qcom/common/mediacodec.te
@@ -3,3 +3,5 @@
get_prop(mediacodec, vendor_display_prop)
get_prop(mediacodec, ecoservice_prop)
allow mediacodec hal_camera_default:binder call;
+
+dontaudit mediacodec sysfs_msm_subsys:dir search;
diff --git a/vendor/qcom/common/mediaserver.te b/vendor/qcom/common/mediaserver.te
index c108170..5ca2c7e 100644
--- a/vendor/qcom/common/mediaserver.te
+++ b/vendor/qcom/common/mediaserver.te
@@ -1 +1,3 @@
get_prop(mediaserver, vendor_display_prop)
+
+dontaudit mediaserver sysfs_msm_subsys:dir search;
diff --git a/vendor/qcom/common/mlid.te b/vendor/qcom/common/mlid.te
deleted file mode 100644
index 563170e..0000000
--- a/vendor/qcom/common/mlid.te
+++ /dev/null
@@ -1,7 +0,0 @@
-# mlid - Mink-Lowi Interface daemon
-type mlid, domain, mlstrustedsubject;
-type mlid_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(mlid)
-
-
diff --git a/vendor/qcom/common/mm-pp-daemon.te b/vendor/qcom/common/mm-pp-daemon.te
deleted file mode 100644
index 351977e..0000000
--- a/vendor/qcom/common/mm-pp-daemon.te
+++ /dev/null
@@ -1,6 +0,0 @@
-type mm-pp-daemon, domain;
-type mm-pp-daemon_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(mm-pp-daemon)
-
-
diff --git a/vendor/qcom/common/mm-qcamerad.te b/vendor/qcom/common/mm-qcamerad.te
deleted file mode 100644
index 5ec10a2..0000000
--- a/vendor/qcom/common/mm-qcamerad.te
+++ /dev/null
@@ -1,4 +0,0 @@
-type mm-qcamerad, domain;
-type mm-qcamerad_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(mm-qcamerad)
-
diff --git a/vendor/qcom/common/mmi.te b/vendor/qcom/common/mmi.te
deleted file mode 100755
index d732954..0000000
--- a/vendor/qcom/common/mmi.te
+++ /dev/null
@@ -1,5 +0,0 @@
-type vendor_mmi, domain;
-type vendor_mmi_exec, exec_type, vendor_file_type, file_type;
-#started by init
-init_daemon_domain(vendor_mmi)
-
diff --git a/vendor/qcom/common/netmgrd.te b/vendor/qcom/common/netmgrd.te
index 079edf8..9613e5a 100644
--- a/vendor/qcom/common/netmgrd.te
+++ b/vendor/qcom/common/netmgrd.te
@@ -72,5 +72,11 @@
allow netmgrd self:netlink_xfrm_socket create_socket_perms_no_ioctl;
allow netmgrd self:netlink_socket create_socket_perms_no_ioctl;
+#Allow set persist.vendor.data.shs_ko_load
+#Allow set persist.vendor.data.shsusr_load
+#Allow set persist.vendor.data.perf_ko_load
+#Allow set persist.vendor.data.qmipriod_load
+set_prop(netmgrd, vendor_radio_prop)
+
dontaudit netmgrd sysfs_faceauth:dir r_dir_perms;
dontaudit netmgrd sysfs_faceauth:file r_file_perms;
diff --git a/vendor/qcom/common/nqnfcinfo.te b/vendor/qcom/common/nqnfcinfo.te
deleted file mode 100644
index 79501cb..0000000
--- a/vendor/qcom/common/nqnfcinfo.te
+++ /dev/null
@@ -1,7 +0,0 @@
-type nqnfcinfo, domain;
-type nqnfcinfo_exec, exec_type, vendor_file_type, file_type;
-
-# Started by init
-init_daemon_domain(nqnfcinfo)
-
-
diff --git a/vendor/qcom/common/omadm.te b/vendor/qcom/common/omadm.te
new file mode 100644
index 0000000..377a051
--- /dev/null
+++ b/vendor/qcom/common/omadm.te
@@ -0,0 +1,10 @@
+# OMADM app
+type omadm_app, domain;
+
+app_domain(omadm_app)
+net_domain(omadm_app)
+
+allow omadm_app app_api_service:service_manager find;
+allow omadm_app vendor_radio_data_file:dir rw_dir_perms;
+allow omadm_app vendor_radio_data_file:file create_file_perms;
+allow omadm_app radio_service:service_manager find;
diff --git a/vendor/qcom/common/peripheral_manager.te b/vendor/qcom/common/peripheral_manager.te
index c091031..5476827 100644
--- a/vendor/qcom/common/peripheral_manager.te
+++ b/vendor/qcom/common/peripheral_manager.te
@@ -8,6 +8,7 @@
vndbinder_use(vendor_per_mgr)
binder_call(vendor_per_mgr, vendor_per_mgr)
binder_call(vendor_per_mgr, wcnss_service)
+binder_call(vendor_per_mgr, rild)
set_prop(vendor_per_mgr, vendor_per_mgr_state_prop)
allow vendor_per_mgr self:qipcrtr_socket create_socket_perms_no_ioctl;
diff --git a/vendor/qcom/common/power_off_alarm.te b/vendor/qcom/common/power_off_alarm.te
deleted file mode 100644
index 3c9253c..0000000
--- a/vendor/qcom/common/power_off_alarm.te
+++ /dev/null
@@ -1,6 +0,0 @@
-type power_off_alarm, domain;
-type power_off_alarm_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(power_off_alarm)
-
-
diff --git a/vendor/qcom/common/poweroffalarm_app.te b/vendor/qcom/common/poweroffalarm_app.te
deleted file mode 100644
index 4a53a31..0000000
--- a/vendor/qcom/common/poweroffalarm_app.te
+++ /dev/null
@@ -1,3 +0,0 @@
-type poweroffalarm_app, domain;
-
-
diff --git a/vendor/qcom/common/poweroffhandler.te b/vendor/qcom/common/poweroffhandler.te
deleted file mode 100644
index 38a3d6d..0000000
--- a/vendor/qcom/common/poweroffhandler.te
+++ /dev/null
@@ -1,6 +0,0 @@
-# poweroffhandler oneshot service
-type poweroffhandler, domain;
-type poweroffhandler_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(poweroffhandler)
-
diff --git a/vendor/qcom/common/property.te b/vendor/qcom/common/property.te
index 01caf92..676e9cf 100644
--- a/vendor/qcom/common/property.te
+++ b/vendor/qcom/common/property.te
@@ -1,7 +1,6 @@
# property for uicc_daemon
vendor_internal_prop(uicc_prop)
vendor_restricted_prop(qcom_ims_prop)
-vendor_internal_prop(ctl_vendor_qmuxd_prop)
vendor_internal_prop(ctl_vendor_netmgrd_prop)
vendor_internal_prop(ctl_vendor_port-bridge_prop)
vendor_internal_prop(ctl_qcrild_prop)
@@ -12,16 +11,8 @@
# property for LKCore ctl start
vendor_internal_prop(ctl_LKCore_prop)
-# properties for usf daemons
-vendor_internal_prop(usf_prop)
-
-# property for FactoryOTA
-vendor_restricted_prop(factory_ota_prop)
-
vendor_internal_prop(freq_prop)
-vendor_internal_prop(vm_bms_prop) #To start vm_bms
vendor_internal_prop(vendor_dataqti_prop)
-vendor_internal_prop(vendor_dataadpl_prop)
vendor_restricted_prop(cnd_vendor_prop)
vendor_internal_prop(sensors_prop)
vendor_internal_prop(slpi_prop)
@@ -30,7 +21,6 @@
vendor_restricted_prop(camera_prop)
vendor_internal_prop(spcomlib_prop)
vendor_restricted_prop(vendor_display_prop)
-vendor_internal_prop(vendor_device_prop)
vendor_internal_prop(scr_enabled_prop)
vendor_internal_prop(bg_boot_complete_prop)
vendor_internal_prop(opengles_prop)
@@ -64,14 +54,12 @@
vendor_restricted_prop(public_vendor_default_prop)
-vendor_internal_prop(ctl_hbtp_prop)
vendor_internal_prop(vendor_alarm_boot_prop)
# DOLBY_START
vendor_internal_prop(dolby_prop)
# DOLBY_END
-vendor_internal_prop(vendor_wifi_ftmd_prop)
# WIGIG
vendor_internal_prop(wigig_prop)
@@ -104,14 +92,6 @@
# Bluetooth props
vendor_internal_prop(vendor_bluetooth_prop)
-# HBTP
-vendor_internal_prop(ctl_vendor_hbtp_prop)
-
-# factory properties
-vendor_internal_prop(ctl_vendor_mmid_prop)
-
-#qdma property
-vendor_internal_prop(vendor_qdma_prop)
#WiFi Display
vendor_internal_prop(wfd_service_prop)
@@ -120,9 +100,6 @@
#imsrcsservice
vendor_internal_prop(ctl_vendor_imsrcsservice_prop)
-#mmi
-vendor_internal_prop(vendor_mmi_prop)
-
#time service
vendor_internal_prop(vendor_time_service_prop)
vendor_restricted_prop(vendor_radio_prop)
diff --git a/vendor/qcom/common/property_contexts b/vendor/qcom/common/property_contexts
index f663a72..68dc967 100644
--- a/vendor/qcom/common/property_contexts
+++ b/vendor/qcom/common/property_contexts
@@ -2,9 +2,6 @@
vendor.audio.adm.buffering.ms u:object_r:vendor_audio_prop:s0
vendor.audio.snd_card.open.retries u:object_r:vendor_audio_prop:s0
-ro.boot.sota u:object_r:factory_ota_prop:s0
-persist.vendor.factoryota.reboot u:object_r:exported_system_prop:s0
-
vendor.audio.volume.listener.dump u:object_r:vendor_audio_prop:s0
vendor.audio.volume.headset.gain.depcal u:object_r:vendor_audio_prop:s0
vendor.audio_hal.in_period_size u:object_r:vendor_audio_prop:s0
@@ -31,6 +28,7 @@
# vendor_bluetooth_prop
persist.vendor.bluetooth.a4wp u:object_r:vendor_bluetooth_prop:s0
persist.vendor.bluetooth.csoc.cnt u:object_r:vendor_bluetooth_prop:s0
+persist.vendor.bluetooth.diag_enabled u:object_r:vendor_bluetooth_prop:s0
persist.vendor.service.bdroid.fwsnoop u:object_r:vendor_bluetooth_prop:s0
persist.vendor.service.bdroid.sibs u:object_r:vendor_bluetooth_prop:s0
persist.vendor.service.bdroid.snooplog u:object_r:vendor_bluetooth_prop:s0
@@ -83,3 +81,9 @@
# Vendor verbose logging prop
persist.vendor.verbose_logging_enabled u:object_r:vendor_logging_prop:s0
+
+# vendor_radio_prop
+persist.vendor.data.shs_ko_load u:object_r:vendor_radio_prop:s0
+persist.vendor.data.shsusr_load u:object_r:vendor_radio_prop:s0
+persist.vendor.data.perf_ko_load u:object_r:vendor_radio_prop:s0
+persist.vendor.data.qmipriod_load u:object_r:vendor_radio_prop:s0
diff --git a/vendor/qcom/common/qcomsysd.te b/vendor/qcom/common/qcomsysd.te
deleted file mode 100755
index 8860b3a..0000000
--- a/vendor/qcom/common/qcomsysd.te
+++ /dev/null
@@ -1,6 +0,0 @@
-#Policy file for qcom-system-daemon
-#qcomsysd = qcom-system-daemon domain
-type vendor_qcomsysd, domain;
-type vendor_qcomsysd_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(vendor_qcomsysd);
-
diff --git a/vendor/qcom/common/qdcm-ss.te b/vendor/qcom/common/qdcm-ss.te
deleted file mode 100644
index 6658a6a..0000000
--- a/vendor/qcom/common/qdcm-ss.te
+++ /dev/null
@@ -1,5 +0,0 @@
-type qdcm-ss, domain;
-type qdcm-ss_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(qdcm-ss)
-
diff --git a/vendor/qcom/common/qdma_app.te b/vendor/qcom/common/qdma_app.te
deleted file mode 100644
index 2cc4088..0000000
--- a/vendor/qcom/common/qdma_app.te
+++ /dev/null
@@ -1,2 +0,0 @@
-type qdma_app, domain;
-
diff --git a/vendor/qcom/common/qdmastatsd.te b/vendor/qcom/common/qdmastatsd.te
deleted file mode 100644
index 4e154bb..0000000
--- a/vendor/qcom/common/qdmastatsd.te
+++ /dev/null
@@ -1,6 +0,0 @@
-type qdmastatsd, domain, mlstrustedsubject;
-type qdmastatsd_exec, file_type, vendor_file_type, exec_type;
-
-init_daemon_domain(qdmastatsd)
-
-
diff --git a/vendor/qcom/common/qfp-daemon.te b/vendor/qcom/common/qfp-daemon.te
deleted file mode 100644
index 93bd9b9..0000000
--- a/vendor/qcom/common/qfp-daemon.te
+++ /dev/null
@@ -1,7 +0,0 @@
-#qfp daemon for ultrasonic fingerprint sensor
-type qfp-daemon, domain;
-type qfp-daemon_exec, exec_type, vendor_file_type, file_type;
-
-hal_server_domain(qfp-daemon, hal_fingerprint)
-init_daemon_domain(qfp-daemon)
-
diff --git a/vendor/qcom/common/qmuxd.te b/vendor/qcom/common/qmuxd.te
deleted file mode 100644
index d45cccf..0000000
--- a/vendor/qcom/common/qmuxd.te
+++ /dev/null
@@ -1,5 +0,0 @@
-type qmuxd, domain;
-type qmuxd_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(qmuxd)
-
-
diff --git a/vendor/qcom/common/qsee_svc_app.te b/vendor/qcom/common/qsee_svc_app.te
deleted file mode 100644
index 9b15b87..0000000
--- a/vendor/qcom/common/qsee_svc_app.te
+++ /dev/null
@@ -1,4 +0,0 @@
-type qsee_svc_app, domain;
-app_domain(qsee_svc_app)
-
-
diff --git a/vendor/qcom/common/qseeproxy.te b/vendor/qcom/common/qseeproxy.te
deleted file mode 100644
index c4124b6..0000000
--- a/vendor/qcom/common/qseeproxy.te
+++ /dev/null
@@ -1,7 +0,0 @@
-type qseeproxy, domain;
-type qseeproxy_exec, exec_type, vendor_file_type, file_type;
-
-#Allow for transition from init domain to qseeproxy
-init_daemon_domain(qseeproxy)
-
-
diff --git a/vendor/qcom/common/qtelephony.te b/vendor/qcom/common/qtelephony.te
new file mode 100644
index 0000000..2bf0641
--- /dev/null
+++ b/vendor/qcom/common/qtelephony.te
@@ -0,0 +1,29 @@
+type qtelephony, domain;
+app_domain(qtelephony)
+
+allow qtelephony app_api_service:service_manager find;
+allow qtelephony hal_imsrtp_hwservice:hwservice_manager find;
+allow qtelephony radio_service:service_manager find;
+allow qtelephony sysfs_diag:dir search;
+allow qtelephony sysfs_timestamp_switch:file r_file_perms;
+allow qtelephony audioserver_service:service_manager find;
+allow qtelephony cameraserver_service:service_manager find;
+allow qtelephony mediaextractor_service:service_manager find;
+allow qtelephony mediametrics_service:service_manager find;
+allow qtelephony mediaserver_service:service_manager find;
+allow qtelephony sysfs_soc:dir search;
+allow qtelephony sysfs_soc:file r_file_perms;
+
+binder_call(qtelephony, hal_imsrtp)
+binder_call(qtelephony, rild)
+hal_client_domain(qtelephony, hal_telephony)
+
+get_prop(qtelephony, vendor_radio_prop)
+get_prop(qtelephony, public_vendor_default_prop)
+get_prop(qtelephony, qcom_ims_prop)
+
+userdebug_or_eng(`
+ allow qtelephony diag_device:chr_file rw_file_perms;
+')
+
+dontaudit qtelephony property_socket:sock_file write;
diff --git a/vendor/qcom/common/qti-logkit.te b/vendor/qcom/common/qti-logkit.te
deleted file mode 100644
index 7bb5243..0000000
--- a/vendor/qcom/common/qti-logkit.te
+++ /dev/null
@@ -1,6 +0,0 @@
-# qti_logkit
-type qti_logkit, domain, mlstrustedsubject;
-init_daemon_domain(qti_logkit)
-type qti_logkit_exec, exec_type, vendor_file_type, file_type;
-
-
diff --git a/vendor/qcom/common/qti.te b/vendor/qcom/common/qti.te
deleted file mode 100644
index ea6a22a..0000000
--- a/vendor/qcom/common/qti.te
+++ /dev/null
@@ -1,4 +0,0 @@
-type qti, domain;
-type qti_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(qti)
-
diff --git a/vendor/qcom/common/qti_logkit_app.te b/vendor/qcom/common/qti_logkit_app.te
deleted file mode 100644
index 2e9ebf1..0000000
--- a/vendor/qcom/common/qti_logkit_app.te
+++ /dev/null
@@ -1,3 +0,0 @@
-# new qti_logkit_app domain
-type qti_logkit_app, domain;
-
diff --git a/vendor/qcom/common/qtidataservices_app.te b/vendor/qcom/common/qtidataservices_app.te
index 6170de4..d3d6dbe 100644
--- a/vendor/qcom/common/qtidataservices_app.te
+++ b/vendor/qcom/common/qtidataservices_app.te
@@ -7,6 +7,7 @@
get_prop(qtidataservices_app, hwservicemanager_prop)
get_prop(qtidataservices_app, vendor_default_prop)
+set_prop(qtidataservices_app, telephony_status_prop)
allow qtidataservices_app hal_datafactory_hwservice:hwservice_manager find;
allow qtidataservices_app hal_iwlan_hwservice:hwservice_manager find;
diff --git a/vendor/qcom/common/qvop.te b/vendor/qcom/common/qvop.te
deleted file mode 100644
index 96d269f..0000000
--- a/vendor/qcom/common/qvop.te
+++ /dev/null
@@ -1,6 +0,0 @@
-#qvop-daemon for ultrasonic fingerprint sensor
-type qvop-daemon, domain;
-type qvop-daemon_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(qvop-daemon)
-
diff --git a/vendor/qcom/common/ridl.te b/vendor/qcom/common/ridl.te
deleted file mode 100644
index d365976..0000000
--- a/vendor/qcom/common/ridl.te
+++ /dev/null
@@ -1,8 +0,0 @@
-# RIDL
-type RIDL, domain;
-type RIDL_exec, exec_type, vendor_file_type, file_type;
-
-# make transition from init to its domain
-init_daemon_domain(RIDL)
-
-
diff --git a/vendor/qcom/common/seapp_contexts b/vendor/qcom/common/seapp_contexts
index 31937bb..a0c9524 100644
--- a/vendor/qcom/common/seapp_contexts
+++ b/vendor/qcom/common/seapp_contexts
@@ -5,16 +5,16 @@
# Hardware Info Collection
user=_app seinfo=platform name=com.google.android.hardwareinfo domain=hardware_info_app type=app_data_file levelFrom=user
-# Factory OTA
-user=_app seinfo=platform name=com.google.android.factoryota domain=factory_ota_app levelFrom=all
-
user=radio isPrivApp=true seinfo=platform name=com.google.RilConfigService domain=ril_config_service_app type=app_data_file
-user=radio seinfo=platform name=.qtidataservices domain=qtidataservices_app type=radio_data_file
+user=_app seinfo=platform name=.qtidataservices domain=qtidataservices_app type=app_data_file levelFrom=all
# Domain for connectivity monitor
user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all
+#Domain for omadm
+user=_app isPrivApp=true seinfo=platform name=com.android.omadm.service domain=omadm_app type=app_data_file levelFrom=all
+
user=_app seinfo=platform name=com.qualcomm.qti.services.secureui* domain=secure_ui_service_app levelFrom=all
# Use a custom domain for GoogleCamera, to allow for Hexagon DSP / Easel access
@@ -25,3 +25,9 @@
#Needed for time service apk
user=_app seinfo=platform name=com.qualcomm.timeservice domain=timeservice_app type=app_data_file
+
+#Add new domain for ims app
+user=_app seinfo=platform name=org.codeaurora.ims isPrivApp=true domain=qtelephony type=app_data_file levelFrom=all
+
+#Add DeviceInfoHidlClient to vendor_qtelephony
+user=_app seinfo=platform name=com.qualcomm.qti.devicestatisticsservice domain=qtelephony type=app_data_file levelFrom=all
diff --git a/vendor/qcom/common/secotad.te b/vendor/qcom/common/secotad.te
deleted file mode 100644
index 7df1f64..0000000
--- a/vendor/qcom/common/secotad.te
+++ /dev/null
@@ -1,6 +0,0 @@
-type secotad, domain;
-type secotad_exec, exec_type, vendor_file_type, file_type;
-
-#Allow for transition from init domain to secota daemon
-init_daemon_domain(secotad)
-
diff --git a/vendor/qcom/common/seemp_health_daemon.te b/vendor/qcom/common/seemp_health_daemon.te
deleted file mode 100644
index ed086ea..0000000
--- a/vendor/qcom/common/seemp_health_daemon.te
+++ /dev/null
@@ -1,7 +0,0 @@
-type seemp_health_daemon, domain;
-type seemp_health_daemon_exec, exec_type, vendor_file_type, file_type;
-
-#Allow for transition from init domain to seemp_health_daemon
-init_daemon_domain(seemp_health_daemon)
-
-
diff --git a/vendor/qcom/common/service.te b/vendor/qcom/common/service.te
index 14e9153..c2ea2f6 100644
--- a/vendor/qcom/common/service.te
+++ b/vendor/qcom/common/service.te
@@ -1,15 +1,6 @@
-type iqfp_service, service_manager_type;
-type qfp_proxy_service, service_manager_type;
-type atfwd_service, service_manager_type;
-type fidodaemon_service, service_manager_type;
-type seemp_health_daemon_service, service_manager_type;
-type secotad_service, service_manager_type;
type wbc_service, service_manager_type;
type dun_service, service_manager_type;
type imsrcs_service, service_manager_type;
type improve_touch_service, service_manager_type;
-type usf_service, service_manager_type;
-type dtseagleservice_service, service_manager_type;
type gba_auth_service, service_manager_type;
-type mdtpdaemon_service, service_manager_type;
type qtitetherservice_service, service_manager_type;
diff --git a/vendor/qcom/common/ssgqmigd.te b/vendor/qcom/common/ssgqmigd.te
deleted file mode 100644
index 81163eb..0000000
--- a/vendor/qcom/common/ssgqmigd.te
+++ /dev/null
@@ -1,7 +0,0 @@
-# ssgqmigd - SSG QMI Gateway Daemon
-type ssgqmigd, domain, mlstrustedsubject;
-type ssgqmigd_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(ssgqmigd)
-
-
diff --git a/vendor/qcom/common/surfaceflinger.te b/vendor/qcom/common/surfaceflinger.te
index 0536412..8d64c5c 100644
--- a/vendor/qcom/common/surfaceflinger.te
+++ b/vendor/qcom/common/surfaceflinger.te
@@ -1 +1,5 @@
get_prop(surfaceflinger, vendor_display_prop)
+
+allow surfaceflinger hal_graphics_composer_default:dir search;
+
+dontaudit surfaceflinger sysfs_msm_subsys:dir search;
diff --git a/vendor/qcom/common/tbaseLoader.te b/vendor/qcom/common/tbaseLoader.te
deleted file mode 100644
index d393233..0000000
--- a/vendor/qcom/common/tbaseLoader.te
+++ /dev/null
@@ -1,6 +0,0 @@
-# tbase loader
-type tbaseLoader, domain;
-type tbaseLoader_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(tbaseLoader)
-
-
diff --git a/vendor/qcom/common/tlocd.te b/vendor/qcom/common/tlocd.te
deleted file mode 100644
index eb62f3a..0000000
--- a/vendor/qcom/common/tlocd.te
+++ /dev/null
@@ -1,6 +0,0 @@
-type tlocd, domain;
-type tlocd_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(tlocd)
-
-
diff --git a/vendor/qcom/common/touchfusion.te b/vendor/qcom/common/touchfusion.te
deleted file mode 100644
index 694fc5f..0000000
--- a/vendor/qcom/common/touchfusion.te
+++ /dev/null
@@ -1,8 +0,0 @@
-# Policies for touchfusion
-type touchfusion, domain;
-
-type touchfusion_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(touchfusion)
-
-
diff --git a/vendor/qcom/common/usb_uicc_daemon.te b/vendor/qcom/common/usb_uicc_daemon.te
deleted file mode 100644
index c51f063..0000000
--- a/vendor/qcom/common/usb_uicc_daemon.te
+++ /dev/null
@@ -1,8 +0,0 @@
-# usb_uicc_daemon
-type usb_uicc_daemon, domain;
-type usb_uicc_daemon_exec, exec_type, vendor_file_type, file_type;
-
-# Make transition from init to its domain
-init_daemon_domain(usb_uicc_daemon)
-
-
diff --git a/vendor/qcom/common/usf.te b/vendor/qcom/common/usf.te
deleted file mode 100644
index b8f5870..0000000
--- a/vendor/qcom/common/usf.te
+++ /dev/null
@@ -1,7 +0,0 @@
-# Policy for usf daemons
-type usf, domain;
-type usf_exec, exec_type, vendor_file_type, file_type;
-
-# Started by init
-init_daemon_domain(usf)
-
diff --git a/vendor/qcom/common/vendor_init.te b/vendor/qcom/common/vendor_init.te
new file mode 100644
index 0000000..f2fea36
--- /dev/null
+++ b/vendor/qcom/common/vendor_init.te
@@ -0,0 +1,5 @@
+userdebug_or_eng(`
+ # Allow vendor_init to write to /proc/sysrq-trigger on userdebug and eng builds
+ allow vendor_init proc_sysrq:file w_file_perms;
+')
+
diff --git a/vendor/qcom/common/vendor_modprobe.te b/vendor/qcom/common/vendor_modprobe.te
new file mode 100644
index 0000000..8a069fa
--- /dev/null
+++ b/vendor/qcom/common/vendor_modprobe.te
@@ -0,0 +1 @@
+dontaudit vendor_modprobe proc_cmdline:file r_file_perms;
diff --git a/vendor/qcom/common/vm_bms.te b/vendor/qcom/common/vm_bms.te
deleted file mode 100644
index 8be2eb2..0000000
--- a/vendor/qcom/common/vm_bms.te
+++ /dev/null
@@ -1,8 +0,0 @@
-#integrated process
-type vm_bms, domain;
-type vm_bms_exec, exec_type, vendor_file_type, file_type;
-
-#started by init
-init_daemon_domain(vm_bms)
-
-
diff --git a/vendor/qcom/common/vndservice.te b/vendor/qcom/common/vndservice.te
index a1981a9..14a05e0 100644
--- a/vendor/qcom/common/vndservice.te
+++ b/vendor/qcom/common/vndservice.te
@@ -1,5 +1,3 @@
type vendor_per_mgr_service, vndservice_manager_type;
type qdisplay_service, vndservice_manager_type;
-type qseeproxy_service, vndservice_manager_type;
-type esepmdaemon_service, vndservice_manager_type;
type wfdnativemm_service, vndservice_manager_type;
diff --git a/vendor/qcom/common/vppservice.te b/vendor/qcom/common/vppservice.te
deleted file mode 100755
index b8ba1fc..0000000
--- a/vendor/qcom/common/vppservice.te
+++ /dev/null
@@ -1,7 +0,0 @@
-# Define domain
-type vendor_vppservice, domain;
-type vendor_vppservice_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(vendor_vppservice)
-
-
diff --git a/vendor/qcom/common/wifi_ftmd.te b/vendor/qcom/common/wifi_ftmd.te
deleted file mode 100644
index 1a3a082..0000000
--- a/vendor/qcom/common/wifi_ftmd.te
+++ /dev/null
@@ -1,5 +0,0 @@
-type wifi_ftmd, domain;
-type wifi_ftmd_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(wifi_ftmd)
-
diff --git a/vendor/qcom/sm8150/file_contexts b/vendor/qcom/sm8150/file_contexts
index 26f9cdc..09cab5d 100644
--- a/vendor/qcom/sm8150/file_contexts
+++ b/vendor/qcom/sm8150/file_contexts
@@ -1,6 +1,6 @@
# Same process file
/vendor/lib(64)?/hw/gralloc\.msmnile\.so u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/hw/vulkan\.msmnile\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/hw/vulkan\.adreno\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/hw/gralloc\.sm8150\.so u:object_r:same_process_hal_file:s0
/(vendor|system/vendor)/bin/sscrpcd u:object_r:sensors_exec:s0
@@ -19,13 +19,12 @@
/dev/block/platform/soc/1d84000\.ufshc/by-name/hyp_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/soc/1d84000\.ufshc/by-name/imagefv_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/soc/1d84000\.ufshc/by-name/keymaster_[ab] u:object_r:custom_ab_block_device:s0
-/dev/block/platform/soc/1d84000\.ufshc/by-name/mdtp_[ab] u:object_r:custom_ab_block_device:s0
-/dev/block/platform/soc/1d84000\.ufshc/by-name/mdtpsecapp_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/soc/1d84000\.ufshc/by-name/modem_[ab] u:object_r:modem_block_device:s0
/dev/block/platform/soc/1d84000\.ufshc/by-name/msadp_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/soc/1d84000\.ufshc/by-name/product_[ab] u:object_r:system_block_device:s0
/dev/block/platform/soc/1d84000\.ufshc/by-name/qupfw_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/soc/1d84000\.ufshc/by-name/system_[ab] u:object_r:system_block_device:s0
+/dev/block/platform/soc/1d84000\.ufshc/by-name/system_ext_[ab] u:object_r:system_block_device:s0
/dev/block/platform/soc/1d84000\.ufshc/by-name/tz_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/soc/1d84000\.ufshc/by-name/uefisecapp_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/soc/1d84000\.ufshc/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0
diff --git a/vendor/qcom/sm8150/genfs_contexts b/vendor/qcom/sm8150/genfs_contexts
index 33723f7..1156f41 100644
--- a/vendor/qcom/sm8150/genfs_contexts
+++ b/vendor/qcom/sm8150/genfs_contexts
@@ -31,13 +31,11 @@
genfscon sysfs /devices/platform/soc/soc:qcom,kgsl-hyp/subsys8/restart_level u:object_r:sysfs_ssr_writable:s0
genfscon sysfs /devices/platform/soc/soc:qcom,faceauth_fws/subsys9/restart_level u:object_r:sysfs_ssr_writable:s0
genfscon sysfs /devices/platform/soc/soc:qcom,faceauth_fws_b/subsys10/restart_level u:object_r:sysfs_ssr_writable:s0
-genfscon sysfs /devices/virtual/thermal u:object_r:sysfs_thermal:s0
genfscon sysfs /devices/platform/soc/1d84000.ufshc/health u:object_r:sysfs_scsi_devices_0000:s0
genfscon sysfs /devices/platform/soc/1d84000.ufshc/version u:object_r:sysfs_scsi_devices_0000:s0
genfscon sysfs /devices/platform/soc/1d84000.ufshc/host0/target0:0:0/0:0:0: u:object_r:sysfs_scsi_devices_0000:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm8150@0:qcom,pm8150_rtc/rtc u:object_r:sysfs_rtc:s0
-genfscon sysfs /class/thermal u:object_r:sysfs_thermal:s0
genfscon sysfs /devices/platform/soc/18321000.qcom,cpucc/18321000.qcom,cpucc:qcom,limits-dcvs@18350800 u:object_r:sysfs_thermal:s0
genfscon sysfs /devices/platform/soc/18321000.qcom,cpucc/18321000.qcom,cpucc:qcom,limits-dcvs@18358800 u:object_r:sysfs_thermal:s0
diff --git a/vendor/verizon/keys.conf b/vendor/verizon/keys.conf
new file mode 100644
index 0000000..03f85b8
--- /dev/null
+++ b/vendor/verizon/keys.conf
@@ -0,0 +1,2 @@
+[@VERIZON]
+ALL : device/google/coral-sepolicy/vendor/verizon/verizon.x509.pem
diff --git a/vendor/verizon/mac_permissions.xml b/vendor/verizon/mac_permissions.xml
new file mode 100644
index 0000000..770f40a
--- /dev/null
+++ b/vendor/verizon/mac_permissions.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<policy>
+ <signer signature="@VERIZON" >
+ <seinfo value="verizon" />
+ </signer>
+</policy>
diff --git a/vendor/verizon/obdm_app.te b/vendor/verizon/obdm_app.te
new file mode 100644
index 0000000..cd7c17f
--- /dev/null
+++ b/vendor/verizon/obdm_app.te
@@ -0,0 +1,21 @@
+type obdm_app, domain, coredomain;
+
+app_domain(obdm_app)
+net_domain(obdm_app)
+
+allow obdm_app app_api_service:service_manager find;
+allow obdm_app radio_service:service_manager find;
+allow obdm_app surfaceflinger_service:service_manager find;
+
+userdebug_or_eng(`
+ allow obdm_app proc_stat:file r_file_perms;
+
+ # talk to /dev/diag
+ allow obdm_app diag_device:chr_file rw_file_perms;
+
+ allow obdm_app self:socket create_socket_perms;
+ allowxperm obdm_app self:socket ioctl { 0x0000c302 0x0000c304 };
+
+ allow obdm_app sysfs:dir r_dir_perms;
+ r_dir_file(obdm_app, sysfs_msm_subsys)
+')
diff --git a/vendor/verizon/seapp_contexts b/vendor/verizon/seapp_contexts
new file mode 100644
index 0000000..951fef3
--- /dev/null
+++ b/vendor/verizon/seapp_contexts
@@ -0,0 +1,3 @@
+# Verizon for OBDM tool
+user=_app seinfo=verizon name=com.verizon.obdm domain=obdm_app type=app_data_file levelFrom=all
+user=_app seinfo=verizon name=com.verizon.obdm:background domain=obdm_app type=app_data_file levelFrom=all
diff --git a/vendor/verizon/verizon.x509.pem b/vendor/verizon/verizon.x509.pem
new file mode 100644
index 0000000..a06efc2
--- /dev/null
+++ b/vendor/verizon/verizon.x509.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDczCCAlugAwIBAgIEMzx+mzANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJV
+UzELMAkGA1UECBMCTkoxDzANBgNVBAcTBldhcnJlbjEZMBcGA1UEChMQVmVyaXpv
+biBXaXJlbGVzczELMAkGA1UECxMCRFQxFDASBgNVBAMTC0RNQVQgQ2xpZW50MCAX
+DTE2MTAxMTIxMzgzN1oYDzIxMTYwOTE3MjEzODM3WjBpMQswCQYDVQQGEwJVUzEL
+MAkGA1UECBMCTkoxDzANBgNVBAcTBldhcnJlbjEZMBcGA1UEChMQVmVyaXpvbiBX
+aXJlbGVzczELMAkGA1UECxMCRFQxFDASBgNVBAMTC0RNQVQgQ2xpZW50MIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8y6pz1KPVolO8wj02oWSzuLZHWg
+HuatQ5RlbXFBqS9/ScPSw3t/Yt+jg2++VUG726qL7ydx8g3AzMktWHNkdhg6j8Dz
+fkEMa/oqcr+VOAQyPw4X0xkUs6ICsEuULRaAwY1NwSVCrTuSlxzlmumbTCg+tp4Y
+m2FXEct8VNayJcrLnTwl/IiYmFLNLLiZPrwqbSkMVfYbfxws7c2lVZI4qhIC7WWA
+HW5PyhO3Vdhjoj4E1QzkyabtB6el3kfE0xIta1IHV2iJdoAlESjaj3UT1i9d+Twt
+7DCsu/ZevIl/g/vwbYi2uqQuSs/a3/qeUcawvcQZR4vWHo/Gx8PyiTZHJwIDAQAB
+oyEwHzAdBgNVHQ4EFgQUMytyC5Cq0A2kE99nyokx0kTzVH0wDQYJKoZIhvcNAQEL
+BQADggEBAE8AexGFmzTp0ZGgRaiv80ONc5PVA12T7h2F5ZN1Yqg99yhpoS6kBIsw
+EG149nIcgOnSYk7ukTcjfsKcbFaB7tV1dw6SUqjmsqLpzVxGI32/DVdIorfxwaHZ
+dKjvlC9Yh1uDEipKuEzR+nXRnzMdMzEv6KOXeIXJxTHY/f538oPVuiXksdnjllmV
+xL1waQrZzdS15hfeBpGlC0WXk9wMiBbJNfEqQ5/J0EaFu+zPk8R3VLQ8WvKcXPyK
+30vZ56McQuwz2MT/gQxnR84LRXUhLGoWOr0MYFzOwhTso2vhIlEysGX+HtkEJh3L
+Hc+p+viW7lz17QqvZmOxjb6atkRpOVY=
+-----END CERTIFICATE-----
