Snap for 7192656 from a15fb3d868ef2dd97ee756ea549bfa9efeb0b3f5 to rvc-platform-release
Change-Id: I0c6b6335ac88bd7f7311a21bbc8943531819328e
diff --git a/coral-sepolicy.mk b/coral-sepolicy.mk
index b4da01c..4de3284 100644
--- a/coral-sepolicy.mk
+++ b/coral-sepolicy.mk
@@ -7,4 +7,5 @@
BOARD_SEPOLICY_DIRS += device/google/coral-sepolicy/vendor/qcom/sm8150
BOARD_SEPOLICY_DIRS += device/google/coral-sepolicy/vendor/knowles/common
BOARD_SEPOLICY_DIRS += device/google/coral-sepolicy/tracking_denials
+BOARD_SEPOLICY_DIRS += device/google/coral-sepolicy/vendor/st
BOARD_SEPOLICY_DIRS += device/google/coral-sepolicy/vendor/verizon
diff --git a/vendor/google/bug_map b/vendor/google/bug_map
index 4e2cd76..10bea10 100644
--- a/vendor/google/bug_map
+++ b/vendor/google/bug_map
@@ -1 +1,4 @@
hal_health_default unlabeled file b/156200409
+shell debugfs file b/175106535
+shell device_config_runtime_native_boot_prop file b/175106535
+shell sysfs file b/175106535
diff --git a/vendor/google/file.te b/vendor/google/file.te
index cfb5ef6..1faf285 100644
--- a/vendor/google/file.te
+++ b/vendor/google/file.te
@@ -49,9 +49,6 @@
#diag cmd socket
type diag_socket, file_type, mlstrustedobject;
-#eSE file
-type ese_vendor_data_file, file_type, data_file_type;
-
# Dumpstats dmabuf info
type debugfs_dma_buf, debugfs_type, fs_type;
diff --git a/vendor/google/file_contexts b/vendor/google/file_contexts
index 4fd4689..8c110f6 100644
--- a/vendor/google/file_contexts
+++ b/vendor/google/file_contexts
@@ -12,7 +12,6 @@
/dev/maxfg_history u:object_r:maxfg_device:s0
/dev/vd6281 u:object_r:rls_device:s0
/dev/sensor_tunnel u:object_r:rls_device:s0
-/dev/st54j_se u:object_r:secure_element_device:s0
/dev/subsys_faceauth u:object_r:faceauth_device:s0
/dev/subsys_faceauth_b u:object_r:faceauth_device:s0
/dev/touch_offload u:object_r:touch_offload_device:s0
@@ -37,7 +36,6 @@
/vendor/bin/hw/android\.hardware\.neuralnetworks@1\.2-service-noronha u:object_r:hal_neuralnetworks_darwinn_exec:s0
/vendor/bin/hw/android\.hardware\.power\.stats@1\.0-service\.pixel u:object_r:hal_power_stats_default_exec:s0
/vendor/bin/hw/android\.hardware\.rebootescrow-service\.citadel u:object_r:hal_rebootescrow_citadel_exec:s0
-/vendor/bin/hw/android\.hardware\.secure_element@1\.0-service\.st u:object_r:hal_secure_element_default_exec:s0
/vendor/bin/hw/android\.hardware\.usb@1\.2-service\.coral u:object_r:hal_usb_impl_exec:s0
/vendor/bin/hw/android\.hardware\.weaver@1\.0-service\.citadel u:object_r:hal_weaver_citadel_exec:s0
/vendor/bin/hw/citadeld u:object_r:citadeld_exec:s0
@@ -114,7 +112,6 @@
/data/vendor/modem_dump(/.*)? u:object_r:modem_dump_file:s0
/data/vendor/tcpdump_logger(/.*)? u:object_r:tcpdump_vendor_data_file:s0
/data/vendor_ce/[0-9]+/ramoops(/.*)? u:object_r:ramoops_vendor_data_file:s0
-/data/vendor/ese(/.*)? u:object_r:ese_vendor_data_file:s0
/data/vendor/hal_neuralnetworks_darwinn/hal_camera(/.*)? u:object_r:hal_neuralnetworks_darwinn_hal_camera_data_file:s0
/data/vendor/camera_calibration(/.*)? u:object_r:camera_calibration_vendor_data_file:s0
/data/vendor/face(/.*)? u:object_r:face_vendor_data_file:s0
diff --git a/vendor/google/genfs_contexts b/vendor/google/genfs_contexts
index aad6cc7..d302d71 100644
--- a/vendor/google/genfs_contexts
+++ b/vendor/google/genfs_contexts
@@ -114,6 +114,18 @@
genfscon debugfs /google_battery u:object_r:debugfs_batteryinfo:s0
genfscon sysfs /devices/platform/soc/soc:google,charger/charge_start_level u:object_r:sysfs_chargelevel:s0
genfscon sysfs /devices/platform/soc/soc:google,charger/charge_stop_level u:object_r:sysfs_chargelevel:s0
+genfscon sysfs /devices/platform/soc/soc:google,charger/bd_drainto_soc u:object_r:sysfs_chargelevel:s0
+genfscon sysfs /devices/platform/soc/soc:google,charger/bd_recharge_soc u:object_r:sysfs_chargelevel:s0
+genfscon sysfs /devices/platform/soc/soc:google,charger/bd_recharge_voltage u:object_r:sysfs_chargelevel:s0
+genfscon sysfs /devices/platform/soc/soc:google,charger/bd_resume_abs_temp u:object_r:sysfs_chargelevel:s0
+genfscon sysfs /devices/platform/soc/soc:google,charger/bd_resume_soc u:object_r:sysfs_chargelevel:s0
+genfscon sysfs /devices/platform/soc/soc:google,charger/bd_resume_temp u:object_r:sysfs_chargelevel:s0
+genfscon sysfs /devices/platform/soc/soc:google,charger/bd_resume_time u:object_r:sysfs_chargelevel:s0
+genfscon sysfs /devices/platform/soc/soc:google,charger/bd_trigger_temp u:object_r:sysfs_chargelevel:s0
+genfscon sysfs /devices/platform/soc/soc:google,charger/bd_trigger_time u:object_r:sysfs_chargelevel:s0
+genfscon sysfs /devices/platform/soc/soc:google,charger/bd_trigger_voltage u:object_r:sysfs_chargelevel:s0
+genfscon sysfs /devices/platform/soc/soc:google,charger/bd_temp_enable u:object_r:sysfs_chargelevel:s0
+genfscon sysfs /devices/platform/soc/soc:google,charger/bd_temp_dry_run u:object_r:sysfs_chargelevel:s0
# Pixelstats
genfscon sysfs /devices/virtual/misc/msm_cirrus_playback/resistance_left_right u:object_r:sysfs_pixelstats:s0
@@ -122,6 +134,9 @@
genfscon sysfs /devices/platform/soc/a8c000.spi/spi_master/spi4/spi4.0/iaxxx-dev/iaxxx_misc/wdsp_stat u:object_r:sysfs_pixelstats:s0
genfscon sysfs /devices/platform/soc/a8c000.spi/spi_master/spi5/spi5.0/iaxxx-dev/iaxxx_misc/codec_state u:object_r:sysfs_pixelstats:s0
genfscon sysfs /devices/platform/soc/a8c000.spi/spi_master/spi5/spi5.0/iaxxx-dev/iaxxx_misc/wdsp_stat u:object_r:sysfs_pixelstats:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,usb-pdphy@1700/usbpd0/typec/port0/port0-partner/identity/id_header u:object_r:sysfs_pixelstats:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,usb-pdphy@1700/usbpd0/typec/port0/port0-partner/identity/product u:object_r:sysfs_pixelstats:s0
+
# Audio Dsp for HardwareInfo
genfscon sysfs /devices/platform/soc/a8c000.spi/spi_master/spi4/spi4.0/iaxxx-dev/iaxxx_misc/hwinfo_part_number u:object_r:sysfs_audio:s0
diff --git a/vendor/google/hal_dumpstate_impl.te b/vendor/google/hal_dumpstate_impl.te
index 5a5bb09..ae79018 100644
--- a/vendor/google/hal_dumpstate_impl.te
+++ b/vendor/google/hal_dumpstate_impl.te
@@ -52,6 +52,8 @@
# Battery/Charger/Guage
allow hal_dumpstate_impl debugfs_batteryinfo:file r_file_perms;
+allow hal_dumpstate_impl sysfs_chargelevel:file r_file_perms;
+allow hal_dumpstate_impl sysfs_batteryinfo:file r_file_perms;
# Dump PMIC data
allow hal_dumpstate_impl debugfs_pmic:dir r_dir_perms;
diff --git a/vendor/google/hal_secure_element_default.te b/vendor/google/hal_secure_element_default.te
deleted file mode 100644
index 94b811d..0000000
--- a/vendor/google/hal_secure_element_default.te
+++ /dev/null
@@ -1,6 +0,0 @@
-allow hal_secure_element_default secure_element_device:chr_file rw_file_perms;
-allow hal_secure_element_default ese_vendor_data_file:dir create_dir_perms;
-allow hal_secure_element_default ese_vendor_data_file:file create_file_perms;
-allow hal_secure_element_default debugfs_ipc:dir search;
-set_prop(hal_secure_element_default, vendor_secure_element_prop)
-get_prop(hal_secure_element_default, vendor_modem_prop)
diff --git a/vendor/google/logger_app.te b/vendor/google/logger_app.te
index 92a9e37..df9741a 100644
--- a/vendor/google/logger_app.te
+++ b/vendor/google/logger_app.te
@@ -20,4 +20,5 @@
set_prop(logger_app, vendor_modem_diag_prop)
set_prop(logger_app, vendor_tcpdump_log_prop)
set_prop(logger_app, vendor_wifi_sniffer_prop)
+ set_prop(logger_app, vendor_usb_prop)
')
diff --git a/vendor/google/nfc.te b/vendor/google/nfc.te
deleted file mode 100644
index 90efccc..0000000
--- a/vendor/google/nfc.te
+++ /dev/null
@@ -1 +0,0 @@
-set_prop(hal_nfc_default, vendor_modem_prop)
diff --git a/vendor/google/property.te b/vendor/google/property.te
index b8ed500..5584d78 100644
--- a/vendor/google/property.te
+++ b/vendor/google/property.te
@@ -26,8 +26,5 @@
type vendor_shutdown_prop, property_type;
type vendor_battery_defender_prop, property_type;
-# SecureElement property
-type vendor_secure_element_prop, property_type;
-
# wifi_sniffer
type vendor_wifi_sniffer_prop, property_type;
diff --git a/vendor/google/property_contexts b/vendor/google/property_contexts
index 262866e..3acdede 100644
--- a/vendor/google/property_contexts
+++ b/vendor/google/property_contexts
@@ -67,9 +67,6 @@
# ramoops
vendor.ramoops. u:object_r:vendor_ramoops_prop:s0
-# SecureElement
-persist.vendor.se. u:object_r:vendor_secure_element_prop:s0
-
# wifi_sniffer
persist.vendor.wifi.sniffer.freq u:object_r:vendor_wifi_sniffer_prop:s0
persist.vendor.wifi.sniffer.bandwidth u:object_r:vendor_wifi_sniffer_prop:s0
diff --git a/vendor/qcom/common/file.te b/vendor/qcom/common/file.te
index 0284a07..6f0a04c 100644
--- a/vendor/qcom/common/file.te
+++ b/vendor/qcom/common/file.te
@@ -197,9 +197,6 @@
type persist_time_file, file_type, vendor_persist_type;
-# nfc file type for data vendor access
-type nfc_vendor_data_file, file_type, data_file_type;
-
# kgsl file type for sysfs access
type sysfs_kgsl, sysfs_type, fs_type;
type sysfs_kgsl_proc, sysfs_type, fs_type;
diff --git a/vendor/qcom/common/file_contexts b/vendor/qcom/common/file_contexts
index f329e37..591b6ba 100644
--- a/vendor/qcom/common/file_contexts
+++ b/vendor/qcom/common/file_contexts
@@ -93,7 +93,6 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.0-service-qti u:object_r:hal_keymaster_qti_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.0-strongbox-service-qti u:object_r:hal_keymaster_qti_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.gatekeeper@1\.0-service-qti u:object_r:hal_gatekeeper_qti_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.2-service\.st u:object_r:hal_nfc_default_exec:s0
/(vendor|system/vendor)/bin/imsrcsd u:object_r:hal_rcsservice_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.qteeconnector@1\.0-service u:object_r:hal_qteeconnector_qti_exec:s0
/vendor/bin/hw/vendor\.qti\.hardware\.qseecom@1\.0-service u:object_r:hal_qseecom_default_exec:s0
@@ -238,8 +237,6 @@
#
/vendor/bt_firmware(/.*)? u:object_r:bt_firmware_file:s0
-/dev/st21nfc u:object_r:nfc_device:s0
-/data/nfc(/.*)? u:object_r:nfc_data_file:s0
#Android NN Driver
/(vendor|system/vendor)/bin/hw/android\.hardware\.neuralnetworks@1\.3-service-qti u:object_r:hal_neuralnetworks_default_exec:s0
@@ -275,6 +272,7 @@
/dev/msm_.* u:object_r:audio_device:s0
/dev/ramdump_.* u:object_r:ramdump_device:s0
/dev/at_.* u:object_r:at_device:s0
+/dev/qce u:object_r:qce_device:s0
# dev socket nodes
/dev/socket/ipacm_log_file u:object_r:ipacm_socket:s0
diff --git a/vendor/qcom/common/hal_drm_widevine.te b/vendor/qcom/common/hal_drm_widevine.te
index 0b3e295..2f8fbdd 100644
--- a/vendor/qcom/common/hal_drm_widevine.te
+++ b/vendor/qcom/common/hal_drm_widevine.te
@@ -11,3 +11,5 @@
binder_call(hal_drm_widevine, hal_graphics_composer_default)
allow hal_drm_widevine { appdomain -isolated_app }:fd use;
+
+allow hal_drm_widevine qce_device:chr_file rw_file_perms;
diff --git a/vendor/qcom/common/hal_neuralnetworks.te b/vendor/qcom/common/hal_neuralnetworks.te
index 5fc3015..2a4e676 100644
--- a/vendor/qcom/common/hal_neuralnetworks.te
+++ b/vendor/qcom/common/hal_neuralnetworks.te
@@ -15,3 +15,6 @@
r_dir_file(hal_neuralnetworks_default, sysfs_soc)
r_dir_file(hal_neuralnetworks_default, adsprpcd_file)
+
+# b/159570217 suppress warning related to zeroth.debuglog.logmask
+dontaudit hal_neuralnetworks_default default_prop:file { open read };
diff --git a/vendor/qcom/common/hal_nfc_default.te b/vendor/qcom/common/hal_nfc_default.te
deleted file mode 100644
index 3044f1d..0000000
--- a/vendor/qcom/common/hal_nfc_default.te
+++ /dev/null
@@ -1,3 +0,0 @@
-# Data file accesses.
-allow hal_nfc_default nfc_vendor_data_file:dir create_dir_perms;
-allow hal_nfc_default nfc_vendor_data_file:file create_file_perms;
diff --git a/vendor/st/file_contexts b/vendor/st/file_contexts
new file mode 100644
index 0000000..eddf11d
--- /dev/null
+++ b/vendor/st/file_contexts
@@ -0,0 +1,15 @@
+###################################
+# vendor binaries
+/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.2-service\.st u:object_r:hal_nfc_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.0-service\.st u:object_r:hal_secure_element_default_exec:s0
+
+
+###################################
+# dev nodes
+/dev/st54j_se u:object_r:secure_element_device:s0
+/dev/st21nfc u:object_r:nfc_device:s0
+
+###################################
+# data files
+/data/nfc(/.*)? u:object_r:nfc_data_file:s0
+
diff --git a/vendor/st/hal_nfc_default.te b/vendor/st/hal_nfc_default.te
new file mode 100644
index 0000000..5f0c7f6
--- /dev/null
+++ b/vendor/st/hal_nfc_default.te
@@ -0,0 +1,9 @@
+# NFC property
+get_prop(hal_nfc_default, vendor_nfc_prop)
+
+# SecureElement property
+set_prop(hal_nfc_default, vendor_secure_element_prop)
+
+# Modem property
+set_prop(hal_nfc_default, vendor_modem_prop)
+
diff --git a/vendor/st/hal_secure_element_default.te b/vendor/st/hal_secure_element_default.te
new file mode 100644
index 0000000..1c127ea
--- /dev/null
+++ b/vendor/st/hal_secure_element_default.te
@@ -0,0 +1,5 @@
+allow hal_secure_element_default secure_element_device:chr_file rw_file_perms;
+dontaudit hal_secure_element_default debugfs_ipc:dir search;
+set_prop(hal_secure_element_default, vendor_secure_element_prop)
+get_prop(hal_secure_element_default, vendor_modem_prop)
+
diff --git a/vendor/st/property.te b/vendor/st/property.te
new file mode 100644
index 0000000..723121a
--- /dev/null
+++ b/vendor/st/property.te
@@ -0,0 +1,2 @@
+vendor_internal_prop(vendor_nfc_prop)
+vendor_internal_prop(vendor_secure_element_prop)
diff --git a/vendor/st/property_contexts b/vendor/st/property_contexts
new file mode 100644
index 0000000..c6cd8a4
--- /dev/null
+++ b/vendor/st/property_contexts
@@ -0,0 +1,6 @@
+# SecureElement
+persist.vendor.se. u:object_r:vendor_secure_element_prop:s0
+
+# NFC
+persist.vendor.nfc. u:object_r:vendor_nfc_prop:s0
+
diff --git a/vendor/st/vendor_init.te b/vendor/st/vendor_init.te
new file mode 100644
index 0000000..7de90e2
--- /dev/null
+++ b/vendor/st/vendor_init.te
@@ -0,0 +1,2 @@
+# NFC vendor property
+set_prop(vendor_init, vendor_nfc_prop)
