Merge "Fixes nnapi driver sepolicy violations so it can run properly."
diff --git a/private/system_server.te b/private/system_server.te
index 7e0bba4..a03c968 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -3,3 +3,6 @@
allow system_server debugfs_system_ion_heap:file r_file_perms;
')
dontaudit system_server debugfs_system_ion_heap:file r_file_perms;
+
+# b/129561352: Access to cpufreq interface for battery saver experiments.
+allow system_server sysfs_devices_system_cpu:file w_file_perms;
diff --git a/vendor/google/bug_map b/vendor/google/bug_map
index 6b3c602..6990829 100644
--- a/vendor/google/bug_map
+++ b/vendor/google/bug_map
@@ -4,6 +4,7 @@
factory_ota_app vendor_default_prop file 79617173
hal_bluetooth_default ramdump_vendor_data_file dir 129298416
hal_camera_default persist_file file 123018469
+hal_health_default persist_file dir 127303305
hal_health_default persist_file file 127303305
hal_health_default sysfs_usb_c dir 126568362
init sysfs_graphics file 126568362
diff --git a/vendor/google/file_contexts b/vendor/google/file_contexts
index c7b7cb9..1b54840 100644
--- a/vendor/google/file_contexts
+++ b/vendor/google/file_contexts
@@ -11,7 +11,7 @@
/vendor/bin/hw/citadeld u:object_r:citadeld_exec:s0
/vendor/bin/hw/init_citadel u:object_r:init_citadel_exec:s0
/vendor/bin/hw/wait_for_strongbox u:object_r:wait_for_strongbox_exec:s0
-/vendor/bin/hw/android\.hardware\.secure_element@1\.0-service-disabled u:object_r:hal_secure_element_default_exec:s0
+/vendor/bin/hw/android\.hardware\.secure_element@1\.1-service-disabled u:object_r:hal_secure_element_default_exec:s0
/vendor/bin/hw/android\.hardware\.power@1\.3-service\.crosshatch-libperfmgr u:object_r:hal_power_default_exec:s0
/vendor/bin/init\.firstboot\.sh u:object_r:init-firstboot_exec:s0
/vendor/bin/ramoops u:object_r:ramoops_exec:s0
diff --git a/vendor/google/genfs_contexts b/vendor/google/genfs_contexts
index a2afe4a..3edf8b0 100644
--- a/vendor/google/genfs_contexts
+++ b/vendor/google/genfs_contexts
@@ -7,3 +7,9 @@
genfscon sysfs /devices/virtual/ramoops/pstore/aes_key_tag u:object_r:sysfs_pstore:s0
genfscon sysfs /devices/virtual/ramoops/pstore/use_alt u:object_r:sysfs_pstore:s0
genfscon proc /fts/driver_test u:object_r:proc_touch:s0
+genfscon debugfs /logbuffer/smblib u:object_r:debugfs_usb:s0
+genfscon debugfs /logbuffer/usbpd u:object_r:debugfs_usb:s0
+
+# Battery
+genfscon sysfs /devices/platform/soc/soc:google,battery/power_supply/battery u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/soc/880000.i2c/i2c-1/1-0061/power_supply/wireless u:object_r:sysfs_batteryinfo:s0
diff --git a/vendor/google/modem_svc.te b/vendor/google/modem_svc.te
index e2ab8ed..8dbf3da 100644
--- a/vendor/google/modem_svc.te
+++ b/vendor/google/modem_svc.te
@@ -5,10 +5,17 @@
allow modem_svc self:capability net_bind_service;
allow modem_svc self:socket create_socket_perms;
-allowxperm modem_svc self:socket ioctl IPC_ROUTER_IOCTL_BIND_CONTROL_PORT;
+allowxperm modem_svc self:socket ioctl msm_sock_ipc_ioctls;
+# For property service
set_prop(modem_svc, vendor_modem_diag_prop)
get_prop(modem_svc, exported2_default_prop)
get_prop(modem_svc, exported3_radio_prop)
+# For bugreport collection
+allow modem_svc hal_dumpstate_impl:fd use;
+allow modem_svc dumpstate:fd use;
+allow modem_svc shell_data_file:file write;
+
dontaudit modem_svc kernel:system module_request;
+dontaudit modem_svc sysfs_msm_subsys:dir search;
diff --git a/vendor/qcom/common/hal_dumpstate_impl.te b/vendor/qcom/common/hal_dumpstate_impl.te
index 37ed8ec..db35ccf 100644
--- a/vendor/qcom/common/hal_dumpstate_impl.te
+++ b/vendor/qcom/common/hal_dumpstate_impl.te
@@ -25,7 +25,10 @@
set_prop(hal_dumpstate_impl, vendor_modem_diag_prop)
')
+# modem stat
+domain_auto_trans(hal_dumpstate_impl, modem_svc_exec, modem_svc)
allow hal_dumpstate_impl modem_stat_data_file:file r_file_perms;
+
dontaudit hal_dumpstate_impl modem_dump_file:dir create_dir_perms;
dontaudit hal_dumpstate_impl modem_dump_file:file create_file_perms;
