modem_diagnostics: add rules for getting battery info am: 313f35262a
Original change: https://googleplex-android-review.googlesource.com/c/device/google/redbull-sepolicy/+/16259282
Change-Id: I326368f10169bc7202cf4a01247486aabba50e37
diff --git a/PREUPLOAD.cfg b/PREUPLOAD.cfg
new file mode 100644
index 0000000..6544d62
--- /dev/null
+++ b/PREUPLOAD.cfg
@@ -0,0 +1,2 @@
+[Hook Scripts]
+aosp_hook = ${REPO_ROOT}/frameworks/base/tools/aosp/aosp_sha.sh ${PREUPLOAD_COMMIT} "."
diff --git a/private/compat/31.0/31.0.cil b/private/compat/31.0/31.0.cil
new file mode 100644
index 0000000..1c8f763
--- /dev/null
+++ b/private/compat/31.0/31.0.cil
@@ -0,0 +1,7 @@
+(typeattributeset dataservice_app_31_0 (dataservice_app))
+(expandtypeattribute (dataservice_app_31_0) true)
+(typeattribute dataservice_app_31_0)
+(typeattributeset google_camera_app_31_0 (google_camera_app))
+(expandtypeattribute (google_camera_app_31_0) true)
+(typeattribute google_camera_app_31_0)
+
diff --git a/private/dumpstate.te b/private/dumpstate.te
index 79a3f74..a5522fd 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -1,3 +1,2 @@
-# b/193084798
-dontaudit dumpstate incident:process signal;
-dontaudit dumpstate incident:process sigkill;
+# b/192197221
+dontaudit dumpstate artd:binder call;
diff --git a/private/incidentd.te b/private/incidentd.te
deleted file mode 100644
index c951dbc..0000000
--- a/private/incidentd.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/193084909
-dontaudit incidentd odsign_prop:file read;
diff --git a/private/toolbox.te b/private/toolbox.te
new file mode 100644
index 0000000..e2676e9
--- /dev/null
+++ b/private/toolbox.te
@@ -0,0 +1,6 @@
+# b/192506182
+dontaudit toolbox toolbox:capability dac_read_search ;
+dontaudit toolbox toolbox:capability dac_override ;
+dontaudit toolbox virtualizationservice_data_file:dir setattr;
+# b/192985881
+dontaudit toolbox toolbox:capability fowner;
diff --git a/tracking_denials/cnd.te b/tracking_denials/cnd.te
deleted file mode 100644
index 2678670..0000000
--- a/tracking_denials/cnd.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/174535021
-dontaudit cnd wifi_hal_prop:file read;
diff --git a/tracking_denials/init-insmod-sh.te b/tracking_denials/init-insmod-sh.te
deleted file mode 100644
index dc9dbc4..0000000
--- a/tracking_denials/init-insmod-sh.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/184697586
-dontaudit init-insmod-sh debugfs_bootreceiver_tracing:dir search;
diff --git a/tracking_denials/platform_app.te b/tracking_denials/platform_app.te
index 32ac3eb..d3f4522 100644
--- a/tracking_denials/platform_app.te
+++ b/tracking_denials/platform_app.te
@@ -1,2 +1,2 @@
-# b/152624986
-dontaudit platform_app default_android_hwservice:hwservice_manager find;
+# b/194892738
+dontaudit platform_app hal_power_stats_hwservice:hwservice_manager find;
diff --git a/vendor/google/dumpstate.te b/vendor/google/dumpstate.te
index 12a6a43..b3fc3dd 100644
--- a/vendor/google/dumpstate.te
+++ b/vendor/google/dumpstate.te
@@ -4,6 +4,7 @@
userdebug_or_eng(`
allow dumpstate debugfs_dma_buf:file r_file_perms;
allow dumpstate media_rw_data_file:file append;
+ dontaudit dumpstate su:process sigkill;
')
# For collecting bugreports.
diff --git a/vendor/google/file_contexts b/vendor/google/file_contexts
index e1cb14e..1516e57 100644
--- a/vendor/google/file_contexts
+++ b/vendor/google/file_contexts
@@ -44,6 +44,9 @@
/vendor/bin/init\.gadgethal\.sh u:object_r:init_gadgethal_exec:s0
/vendor/bin/init\.twoshay\.sh u:object_r:init_twoshay_exec:s0
/vendor/bin/init\.insmod\.sh u:object_r:init-insmod-sh_exec:s0
+/vendor/bin/hw/android\.hardware\.contexthub-service\.generic u:object_r:hal_contexthub_default_exec:s0
+/vendor/bin/hw/android\.hardware\.contexthub@1\.[0-9]-service\.generic u:object_r:hal_contexthub_default_exec:s0
+/vendor/bin/hw/vendor\.google\.wireless_charger@1\.[0-9]-service-vendor u:object_r:hal_wlc_exec:s0
# Vendor firmware
/vendor/firmware_mnt(/.*)? u:object_r:firmware_file:s0
diff --git a/vendor/google/genfs_contexts b/vendor/google/genfs_contexts
index 9bcd2c2..fd22226 100644
--- a/vendor/google/genfs_contexts
+++ b/vendor/google/genfs_contexts
@@ -194,6 +194,12 @@
# Call state
genfscon sysfs /devices/platform/soc/soc:qcom,msm-audio-apr/soc:qcom,msm-audio-apr:qcom,q6core-audio/soc:qcom,msm-audio-apr:qcom,q6core-audio:sound/call_state u:object_r:sysfs_call_state:s0
+# Extcon
+genfscon sysfs /devices/platform/soc/soc:qcom,msm-ext-disp/extcon u:object_r:sysfs_extcon:s0
+genfscon sysfs /devices/platform/soc/88e0000.qcom,msm-eud/extcon u:object_r:sysfs_extcon:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm7250b@2:qcom,qpnp-smb5/extcon u:object_r:sysfs_extcon:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm7250b@2:qcom,usb-pdphy@1700/extcon u:object_r:sysfs_extcon:s0
+
# Wakeup stats (new)
# https://lkml.org/lkml/2019/8/6/1275
genfscon sysfs /devices/platform/soc/18800000.qcom,icnss/wakeup u:object_r:sysfs_wakeup:s0
diff --git a/vendor/google/pixelstats_vendor.te b/vendor/google/pixelstats_vendor.te
index be58c2f..bb4a9d4 100644
--- a/vendor/google/pixelstats_vendor.te
+++ b/vendor/google/pixelstats_vendor.te
@@ -1,3 +1,4 @@
allow pixelstats_vendor sysfs_typec_info:dir search;
allow pixelstats_vendor sysfs_typec_info:file r_file_perms;
allow pixelstats_vendor battery_history_device:chr_file r_file_perms;
+allow pixelstats_vendor fwk_stats_hwservice:hwservice_manager find;
diff --git a/vendor/qcom/common/hwservice_contexts b/vendor/qcom/common/hwservice_contexts
index 8fb2887..053545a 100644
--- a/vendor/qcom/common/hwservice_contexts
+++ b/vendor/qcom/common/hwservice_contexts
@@ -34,3 +34,5 @@
vendor.qti.hardware.slmadapter::ISlmAdapter u:object_r:hal_slmadapter_hwservice:s0
vendor.qti.hardware.dsp::IDspService u:object_r:hal_dspmanager_hwservice:s0
vendor.qti.hardware.mwqemadapter::IMwqemAdapter u:object_r:hal_mwqemadapter_hwservice:s0
+vendor.qti.hardware.bluetooth_sar::IBluetoothSar u:object_r:hal_bluetooth_coexistence_hwservice:s0
+vendor.qti.hardware.bt_channel_avoidance::IBTChannelAvoidance u:object_r:hal_bluetooth_coexistence_hwservice:s0
diff --git a/vendor/qcom/common/qspmhal.te b/vendor/qcom/common/qspmhal.te
index 4f1aae6..5f2724b 100644
--- a/vendor/qcom/common/qspmhal.te
+++ b/vendor/qcom/common/qspmhal.te
@@ -25,6 +25,4 @@
# It's not necessary to use the google camera app.
dontaudit google_camera_app hal_qspmhal_hwservice:hwservice_manager find;
-dontaudit untrusted_app_29 hal_qspmhal_hwservice:hwservice_manager find;
-dontaudit untrusted_app_27 hal_qspmhal_hwservice:hwservice_manager find;
-dontaudit untrusted_app_25 hal_qspmhal_hwservice:hwservice_manager find;
+dontaudit untrusted_app_all hal_qspmhal_hwservice:hwservice_manager find;
diff --git a/vendor/qcom/common/tee.te b/vendor/qcom/common/tee.te
index 05a9c29..1aac029 100644
--- a/vendor/qcom/common/tee.te
+++ b/vendor/qcom/common/tee.te
@@ -11,12 +11,15 @@
allow tee ssd_block_device:blk_file rw_file_perms;
allow tee sg_device:chr_file { rw_file_perms setattr };
-allow tee mnt_vendor_file:dir search;
-allow tee persist_file:dir search;
+allow tee mnt_vendor_file:dir r_dir_perms;
+allow tee persist_file:dir r_dir_perms;
allow tee persist_file:lnk_file read;
allow tee persist_drm_file:dir create_dir_perms;
allow tee persist_drm_file:file create_file_perms;
+# b/198130336
+dontaudit tee tmpfs:dir read;
+
wakelock_use(tee);
hwbinder_use(tee)
