Merge "Add property value to indicate support for multiple SIMs."
diff --git a/private/service_contexts b/private/service_contexts
index bf26183..62f7248 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -1,5 +1,4 @@
qti.ims.ext u:object_r:radio_service:s0
cneservice u:object_r:cne_service:s0
uce u:object_r:uce_service:s0
-rcs u:object_r:radio_service:s0
qchook u:object_r:qchook_service:s0
diff --git a/vendor/google/bug_map b/vendor/google/bug_map
index 9a10cfe..b2ffe9f 100644
--- a/vendor/google/bug_map
+++ b/vendor/google/bug_map
@@ -3,9 +3,12 @@
dataservice_app vendor_default_prop file 79617173
factory_ota_app vendor_default_prop file 79617173
hal_camera_default persist_file file 123018469
+hal_health_default sysfs_usb_c dir 126568362
+init sysfs_graphics file 126568362
netmgrd system_file file 117232795
platform_app vendor_default_prop file 79617173
priv_app vendor_default_prop file 79617173
+shell sysfs_usb_c dir 126568362
system_app vendor_default_prop file 79617173
system_server vendor_default_prop file 79617173
untrusted_app vendor_default_prop file 79617173
diff --git a/vendor/google/certs/pulse-release.x509.pem b/vendor/google/certs/pulse-release.x509.pem
new file mode 100644
index 0000000..fb11572
--- /dev/null
+++ b/vendor/google/certs/pulse-release.x509.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICUjCCAbsCBEk0mH4wDQYJKoZIhvcNAQEEBQAwcDELMAkGA1UEBhMCVVMxCzAJ
+BgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtHb29n
+bGUsIEluYzEUMBIGA1UECxMLR29vZ2xlLCBJbmMxEDAOBgNVBAMTB1Vua25vd24w
+HhcNMDgxMjAyMDIwNzU4WhcNMzYwNDE5MDIwNzU4WjBwMQswCQYDVQQGEwJVUzEL
+MAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC0dv
+b2dsZSwgSW5jMRQwEgYDVQQLEwtHb29nbGUsIEluYzEQMA4GA1UEAxMHVW5rbm93
+bjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAn0gDGZD5sUcmOE4EU9GPjAu/
+jcd7JQSksSB8TGxEurwArcZhD6a2qy2oDjPy7vFrJqP2uFua+sqQn/u+s/TJT36B
+IqeY4OunXO090in6c2X0FRZBWqnBYX3Vg84Zuuigu9iF/BeptL0mQIBRIarbk3fe
+tAATOBQYiC7FIoL8WA0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQBAhmae1jHaQ4Td
+0GHSJuBzuYzEuZ34teS+njy+l1Aeg98cb6lZwM5gXE/SrG0chM7eIEdsurGb6PIg
+Ov93F61lLY/MiQcI0SFtqERXWSZJ4OnTxLtM9Y2hnbHU/EG8uVhPZOZfQQ0FKf1b
+aIOMFB0Km9HbEZHLKg33kOoMsS2zpA==
+-----END CERTIFICATE-----
diff --git a/vendor/google/file_contexts b/vendor/google/file_contexts
index 31a0882..c7b7cb9 100644
--- a/vendor/google/file_contexts
+++ b/vendor/google/file_contexts
@@ -16,6 +16,7 @@
/vendor/bin/init\.firstboot\.sh u:object_r:init-firstboot_exec:s0
/vendor/bin/ramoops u:object_r:ramoops_exec:s0
/vendor/bin/init\.ramoops\.sh u:object_r:ramoops_exec:s0
+/vendor/bin/modem_svc u:object_r:modem_svc_exec:s0
/vendor/bin/pixelstats-vendor u:object_r:pixelstats_vendor_exec:s0
/data/vendor_ce/[0-9]+/ramoops(/.*)? u:object_r:ramoops_vendor_data_file:s0
diff --git a/vendor/google/genfs_contexts b/vendor/google/genfs_contexts
index cba7474..a2afe4a 100644
--- a/vendor/google/genfs_contexts
+++ b/vendor/google/genfs_contexts
@@ -1,5 +1,7 @@
genfscon sysfs /devices/platform/soc/171c0000.slim/tavil-slim-pgd/tavil_codec u:object_r:sysfs_pixelstats:s0
genfscon sysfs /devices/virtual/misc/msm_cirrus_playback/resistance_left_right u:object_r:sysfs_pixelstats:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,wcd-dsp-mgr u:object_r:sysfs_pixelstats:s0
+genfscon sysfs /devices/platform/soc/soc:google,overheat_mitigation u:object_r:sysfs_pixelstats:s0
genfscon sysfs /devices/virtual/ramoops/pstore/aes_key u:object_r:sysfs_pstore:s0
genfscon sysfs /devices/virtual/ramoops/pstore/aes_key_iv u:object_r:sysfs_pstore:s0
genfscon sysfs /devices/virtual/ramoops/pstore/aes_key_tag u:object_r:sysfs_pstore:s0
diff --git a/vendor/google/keys.conf b/vendor/google/keys.conf
index 4a78849..b5e23b9 100644
--- a/vendor/google/keys.conf
+++ b/vendor/google/keys.conf
@@ -12,5 +12,8 @@
[@GOOGLE]
ALL : device/google/crosshatch-sepolicy/vendor/google/certs/app.x509.pem
+[@GOOGLEPULSE]
+ALL : device/google/crosshatch-sepolicy/vendor/google/certs/pulse-release.x509.pem
+
[@EASEL]
ALL : device/google/crosshatch-sepolicy/vendor/google/certs/easel.x509.pem
diff --git a/vendor/google/mac_permissions.xml b/vendor/google/mac_permissions.xml
index 401dc83..9350761 100644
--- a/vendor/google/mac_permissions.xml
+++ b/vendor/google/mac_permissions.xml
@@ -24,6 +24,9 @@
<signer signature="@GOOGLE" >
<seinfo value="google" />
</signer>
+ <signer signature="@GOOGLEPULSE" >
+ <seinfo value="googlepulse" />
+ </signer>
<signer signature="@TANGO" >
<seinfo value="tango" />
</signer>
diff --git a/vendor/google/modem_svc.te b/vendor/google/modem_svc.te
new file mode 100644
index 0000000..e2ab8ed
--- /dev/null
+++ b/vendor/google/modem_svc.te
@@ -0,0 +1,14 @@
+type modem_svc, domain;
+type modem_svc_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(modem_svc)
+
+allow modem_svc self:capability net_bind_service;
+allow modem_svc self:socket create_socket_perms;
+allowxperm modem_svc self:socket ioctl IPC_ROUTER_IOCTL_BIND_CONTROL_PORT;
+
+set_prop(modem_svc, vendor_modem_diag_prop)
+get_prop(modem_svc, exported2_default_prop)
+get_prop(modem_svc, exported3_radio_prop)
+
+dontaudit modem_svc kernel:system module_request;
diff --git a/vendor/google/system_server.te b/vendor/google/system_server.te
new file mode 100644
index 0000000..581723e
--- /dev/null
+++ b/vendor/google/system_server.te
@@ -0,0 +1 @@
+allow system_server thermal_service:service_manager find;
diff --git a/vendor/google/thermalserviced.te b/vendor/google/thermalserviced.te
new file mode 100644
index 0000000..aa6a085
--- /dev/null
+++ b/vendor/google/thermalserviced.te
@@ -0,0 +1 @@
+binder_call(thermalserviced, system_server)
diff --git a/vendor/qcom/common/dumpstate.te b/vendor/qcom/common/dumpstate.te
index 6892e27..aec24a4 100644
--- a/vendor/qcom/common/dumpstate.te
+++ b/vendor/qcom/common/dumpstate.te
@@ -1,4 +1,5 @@
userdebug_or_eng(`
+ allow dumpstate debugfs_dma_bufinfo:file r_file_perms;
allow dumpstate proc_modules:file r_file_perms;
allow dumpstate proc_stat:file r_file_perms;
allow dumpstate persist_file:dir r_dir_perms;
diff --git a/vendor/qcom/common/hal_dumpstate_impl.te b/vendor/qcom/common/hal_dumpstate_impl.te
index f0d9b8d..ca1762a 100644
--- a/vendor/qcom/common/hal_dumpstate_impl.te
+++ b/vendor/qcom/common/hal_dumpstate_impl.te
@@ -11,24 +11,23 @@
userdebug_or_eng(`
# smlog_dump
domain_auto_trans(hal_dumpstate_impl, smlog_dump_exec, smlog_dump)
+ allow hal_dumpstate_impl modem_dump_file:dir create_dir_perms;
+ allow hal_dumpstate_impl modem_dump_file:file create_file_perms;
allow hal_dumpstate_impl radio_vendor_data_file:dir r_dir_perms;
allow hal_dumpstate_impl radio_vendor_data_file:file r_file_perms;
allow hal_dumpstate_impl netmgr_data_file:dir r_dir_perms;
allow hal_dumpstate_impl netmgr_data_file:file r_file_perms;
- allow hal_dumpstate_impl debugfs_tzdbg:dir search;
- allow hal_dumpstate_impl debugfs_tzdbg:file r_file_perms;
allow hal_dumpstate_impl sysfs_usb_device:dir r_dir_perms;
allow hal_dumpstate_impl sysfs_usb_device:file r_file_perms;
allow hal_dumpstate_impl ssr_log_file:dir search;
allow hal_dumpstate_impl ssr_log_file:file r_file_perms;
- allow hal_dumpstate_impl sysfs_esim:file r_file_perms;
set_prop(hal_dumpstate_impl, vendor_modem_diag_prop)
')
-allow hal_dumpstate_impl modem_dump_file:dir create_dir_perms;
-allow hal_dumpstate_impl modem_dump_file:file create_file_perms;
allow hal_dumpstate_impl modem_stat_data_file:file r_file_perms;
+dontaudit hal_dumpstate_impl modem_dump_file:dir create_dir_perms;
+dontaudit hal_dumpstate_impl modem_dump_file:file create_file_perms;
allow hal_dumpstate_impl uio_device:chr_file rw_file_perms;
r_dir_file(hal_dumpstate_impl, sysfs_uio)
@@ -38,6 +37,7 @@
r_dir_file(hal_dumpstate_impl, sysfs_thermal)
r_dir_file(hal_dumpstate_impl, sysfs_easel)
+allow hal_dumpstate_impl sysfs_esim:file r_file_perms;
allow hal_dumpstate_impl sysfs_rpm:file r_file_perms;
allow hal_dumpstate_impl sysfs_system_sleep_stats:file r_file_perms;
@@ -51,6 +51,8 @@
allow hal_dumpstate_impl debugfs_ipc:file r_file_perms;
allow hal_dumpstate_impl debugfs_f2fs:dir r_dir_perms;
allow hal_dumpstate_impl debugfs_f2fs:file r_file_perms;
+allow hal_dumpstate_impl debugfs_tzdbg:dir search;
+allow hal_dumpstate_impl debugfs_tzdbg:file r_file_perms;
allow hal_dumpstate_impl debugfs_ufs:dir r_dir_perms;
allow hal_dumpstate_impl debugfs_ufs:file r_file_perms;
allow hal_dumpstate_impl proc_stat:file r_file_perms;
diff --git a/vendor/qcom/common/hal_power_stats_default.te b/vendor/qcom/common/hal_power_stats_default.te
new file mode 100644
index 0000000..3447fca
--- /dev/null
+++ b/vendor/qcom/common/hal_power_stats_default.te
@@ -0,0 +1,10 @@
+# Allow power.stats hal to read from the following
+r_dir_file(hal_power_stats, sysfs_rpm)
+r_dir_file(hal_power_stats, sysfs_system_sleep_stats)
+r_dir_file(hal_power_stats, debugfs_wlan)
+r_dir_file(hal_power_stats, debugfs_easel)
+
+# Allow power.stats hal to add the power_stats_service
+vndbinder_use(hal_power_stats)
+add_service(hal_power_stats_server, power_stats_service)
+
diff --git a/vendor/qcom/common/hal_thermal_default.te b/vendor/qcom/common/hal_thermal_default.te
index 0d56bc1..608cda0 100644
--- a/vendor/qcom/common/hal_thermal_default.te
+++ b/vendor/qcom/common/hal_thermal_default.te
@@ -2,13 +2,6 @@
allow hal_thermal_default sysfs_thermal:file { getattr open read };
allow hal_thermal_default sysfs_thermal:lnk_file read;
-allow hal_thermal_default sysfs_batteryinfo:dir search;
-allow hal_thermal_default sysfs_batteryinfo:file r_file_perms;
-allow hal_thermal_default sysfs_batteryinfo:lnk_file read;
-allow hal_thermal_default sysfs_msm_subsys:dir search;
-allow hal_thermal_default sysfs_msm_subsys:file r_file_perms;
-allow hal_thermal_default sysfs_msm_subsys:lnk_file read;
-
allow hal_thermal_default proc_stat:file { getattr open read };
# read thermal_config
get_prop(hal_thermal_default, vendor_thermal_prop)
diff --git a/vendor/qcom/common/hal_tui_comm.te b/vendor/qcom/common/hal_tui_comm.te
index c282127..f3f48ba 100644
--- a/vendor/qcom/common/hal_tui_comm.te
+++ b/vendor/qcom/common/hal_tui_comm.te
@@ -9,5 +9,7 @@
hwbinder_use(hal_tui_comm)
binder_call(hal_tui_comm, secure_ui_service_app)
+binder_call(hal_tui_comm, hal_confirmationui_default)
+binder_call(hal_tui_comm, tee)
allow hal_tui_comm hal_graphics_allocator_default:fd use;
diff --git a/vendor/qcom/common/seapp_contexts b/vendor/qcom/common/seapp_contexts
index f5f6dca..070cf7e 100644
--- a/vendor/qcom/common/seapp_contexts
+++ b/vendor/qcom/common/seapp_contexts
@@ -22,7 +22,10 @@
user=_app seinfo=platform name=com.google.android.hardwareinfo domain=hardware_info_app type=app_data_file levelFrom=user
# Use a custom domain for GoogleCamera, to allow for Hexagon DSP access
-user=_app seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=user
+user=_app seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=all
+
+# Also allow GoogleCameraNext, the dogfood beta version, the same access as GoogleCamera
+user=_app seinfo=googlepulse name=com.google.android.apps.googlecamera.fishfood domain=google_camera_app type=app_data_file levelFrom=all
#Needed for time service apk
user=_app seinfo=platform name=com.qualcomm.timeservice domain=timeservice_app type=app_data_file
diff --git a/vendor/qcom/common/vndservice.te b/vendor/qcom/common/vndservice.te
index 44c45ca..d15f3bf 100644
--- a/vendor/qcom/common/vndservice.te
+++ b/vendor/qcom/common/vndservice.te
@@ -1,2 +1,3 @@
type qdisplay_service, vndservice_manager_type;
type per_mgr_service, vndservice_manager_type;
+type power_stats_service, vndservice_manager_type;
diff --git a/vendor/qcom/common/vndservice_contexts b/vendor/qcom/common/vndservice_contexts
index 1db4aa0..39e94cf 100644
--- a/vendor/qcom/common/vndservice_contexts
+++ b/vendor/qcom/common/vndservice_contexts
@@ -1,2 +1,3 @@
display.qservice u:object_r:qdisplay_service:s0
vendor.qcom.PeripheralManager u:object_r:per_mgr_service:s0
+power.stats-vendor u:object_r:power_stats_service:s0