am e0deb640: mako: update WCNSS_qcom_cfg.ini to optimize TDLS
* commit 'e0deb64097c456117b3ad65aad2b79a2df85b385':
mako: update WCNSS_qcom_cfg.ini to optimize TDLS
diff --git a/BoardConfig.mk b/BoardConfig.mk
index 0575b30..7f86242 100644
--- a/BoardConfig.mk
+++ b/BoardConfig.mk
@@ -92,28 +92,32 @@
TARGET_RELEASETOOLS_EXTENSIONS := device/lge/mako
-BOARD_SEPOLICY_DIRS := \
+BOARD_SEPOLICY_DIRS += \
device/lge/mako/sepolicy
-BOARD_SEPOLICY_UNION := \
+BOARD_SEPOLICY_UNION += \
app.te \
- bluetooth.te \
+ bluetooth_loader.te \
+ bridge.te \
+ camera.te \
+ conn_init.te \
device.te \
domain.te \
- drmserver.te \
file.te \
file_contexts \
- hci_init.te \
- init_shell.te \
- keystore.te \
- mediaserver.te \
kickstart.te \
- nfc.te \
+ mediaserver.te \
+ mpdecision.te \
+ netmgrd.te \
+ qmux.te \
rild.te \
+ rmt.te \
+ sensors.te \
surfaceflinger.te \
- system.te \
- ueventd.te \
- wpa.te
+ system_server.te \
+ te_macros \
+ thermald.te \
+ ueventd.te
BOARD_CHARGER_ENABLE_SUSPEND := true
diff --git a/camera/QualcommCamera2.cpp b/camera/QualcommCamera2.cpp
index 009539d..138dc27 100755
--- a/camera/QualcommCamera2.cpp
+++ b/camera/QualcommCamera2.cpp
@@ -56,56 +56,56 @@
*/
static hw_module_methods_t camera_module_methods = {
- open: camera_device_open,
+ .open = camera_device_open,
};
static hw_module_t camera_common = {
- tag: HARDWARE_MODULE_TAG,
- version_major: 0,
- version_minor: 01,
- id: CAMERA_HARDWARE_MODULE_ID,
- name: "Qcamera",
- author:"Qcom",
- methods: &camera_module_methods,
- dso: NULL,
+ .tag = HARDWARE_MODULE_TAG,
+ .version_major = 0,
+ .version_minor = 01,
+ .id = CAMERA_HARDWARE_MODULE_ID,
+ .name = "Qcamera",
+ .author ="Qcom",
+ .methods = &camera_module_methods,
+ .dso = NULL,
//reserved[0]: 0,
};
camera_module_t HAL_MODULE_INFO_SYM = {
- common: camera_common,
- get_number_of_cameras: get_number_of_cameras,
- get_camera_info: get_camera_info,
+ .common = camera_common,
+ .get_number_of_cameras = get_number_of_cameras,
+ .get_camera_info = get_camera_info,
};
camera_device_ops_t camera_ops = {
- set_preview_window: android::set_preview_window,
- set_callbacks: android::set_CallBacks,
- enable_msg_type: android::enable_msg_type,
- disable_msg_type: android::disable_msg_type,
- msg_type_enabled: android::msg_type_enabled,
+ .set_preview_window = android::set_preview_window,
+ .set_callbacks = android::set_CallBacks,
+ .enable_msg_type = android::enable_msg_type,
+ .disable_msg_type = android::disable_msg_type,
+ .msg_type_enabled = android::msg_type_enabled,
- start_preview: android::start_preview,
- stop_preview: android::stop_preview,
- preview_enabled: android::preview_enabled,
- store_meta_data_in_buffers: android::store_meta_data_in_buffers,
+ .start_preview = android::start_preview,
+ .stop_preview = android::stop_preview,
+ .preview_enabled = android::preview_enabled,
+ .store_meta_data_in_buffers = android::store_meta_data_in_buffers,
- start_recording: android::start_recording,
- stop_recording: android::stop_recording,
- recording_enabled: android::recording_enabled,
- release_recording_frame: android::release_recording_frame,
+ .start_recording = android::start_recording,
+ .stop_recording = android::stop_recording,
+ .recording_enabled = android::recording_enabled,
+ .release_recording_frame = android::release_recording_frame,
- auto_focus: android::auto_focus,
- cancel_auto_focus: android::cancel_auto_focus,
+ .auto_focus = android::auto_focus,
+ .cancel_auto_focus = android::cancel_auto_focus,
- take_picture: android::take_picture,
- cancel_picture: android::cancel_picture,
+ .take_picture = android::take_picture,
+ .cancel_picture = android::cancel_picture,
- set_parameters: android::set_parameters,
- get_parameters: android::get_parameters,
- put_parameters: android::put_parameters,
- send_command: android::send_command,
+ .set_parameters = android::set_parameters,
+ .get_parameters = android::get_parameters,
+ .put_parameters = android::put_parameters,
+ .send_command = android::send_command,
- release: android::release,
- dump: android::dump,
+ .release = android::release,
+ .dump = android::dump,
};
namespace android {
diff --git a/conn_init/wfc_util_fctrl.c b/conn_init/wfc_util_fctrl.c
index 13a82f1..cd532a9 100644
--- a/conn_init/wfc_util_fctrl.c
+++ b/conn_init/wfc_util_fctrl.c
@@ -464,7 +464,8 @@
* return : it will return the length of the stored string value if procedure is success
* or will return 0 if not.
*/
-int wfc_util_fget_string(char *pFileName, char *pEndOfCfg, char *pSTagString, char *pETagString, char *pValueStringBuff, int stringBuffLength)
+int wfc_util_fget_string(char *pFileName, char *pEndOfCfg __attribute__((unused)), char *pSTagString,
+ char *pETagString, char *pValueStringBuff, int stringBuffLength)
{
int result = 0;
int fd;
@@ -472,9 +473,6 @@
char *pReadBuff = NULL;
char *pSPointer = NULL, *pETagPointer = NULL, *pSValuePointer = NULL;
- /* unused parameter*/
- pEndOfCfg = pEndOfCfg;
-
fd = open( pFileName, O_RDONLY );
if( fd >= 0 ) {
diff --git a/fstab.mako b/fstab.mako
index 3ae7c2a..2cee35c 100644
--- a/fstab.mako
+++ b/fstab.mako
@@ -7,7 +7,7 @@
/dev/block/platform/msm_sdcc.1/by-name/cache /cache ext4 noatime,nosuid,nodev,barrier=1,data=ordered wait,check
/dev/block/platform/msm_sdcc.1/by-name/userdata /data ext4 noatime,nosuid,nodev,barrier=1,data=ordered,noauto_da_alloc wait,check,encryptable=/dev/block/platform/msm_sdcc.1/by-name/metadata
/dev/block/platform/msm_sdcc.1/by-name/persist /persist ext4 nosuid,nodev,barrier=1,data=ordered,nodelalloc wait
-/dev/block/platform/msm_sdcc.1/by-name/modem /firmware vfat ro,uid=1000,gid=1000,dmask=227,fmask=337 wait
+/dev/block/platform/msm_sdcc.1/by-name/modem /firmware vfat ro,uid=1000,gid=1000,dmask=227,fmask=337,context=u:object_r:radio_efs_file:s0 wait
/dev/block/platform/msm_sdcc.1/by-name/boot /boot emmc defaults defaults
/dev/block/platform/msm_sdcc.1/by-name/recovery /recovery emmc defaults defaults
/dev/block/platform/msm_sdcc.1/by-name/misc /misc emmc defaults defaults
diff --git a/init.mako.bt.sh b/init.mako.bt.sh
index d3fc5f8..9a71aef 100644
--- a/init.mako.bt.sh
+++ b/init.mako.bt.sh
@@ -57,9 +57,9 @@
if [$BDADDR == ""]
then
-logwrapper /system/bin/hci_qcomm_init -e $PWR_CLASS -vv
+/system/bin/hci_qcomm_init -e $PWR_CLASS -vv
else
-logwrapper /system/bin/hci_qcomm_init -b $BDADDR -e $PWR_CLASS -vv
+/system/bin/hci_qcomm_init -b $BDADDR -e $PWR_CLASS -vv
fi
case $? in
diff --git a/init.mako.rc b/init.mako.rc
index 50474a7..38ba00e 100644
--- a/init.mako.rc
+++ b/init.mako.rc
@@ -50,6 +50,7 @@
on fs
mount_all ./fstab.mako
+ restorecon_recursive /persist
setprop ro.crypto.fuse_sdcard true
write /sys/kernel/boot_adsp/boot 1
@@ -178,16 +179,21 @@
#Create directory used by sensor subsystem(dsps)
mkdir /data/system/sensors
chmod 665 /data/system/sensors
+ restorecon_recursive /data/system/sensors
write /data/system/sensors/settings 1
chmod 660 /data/system/sensors/settings
# AKM setting data
mkdir /data/misc/sensors
chmod 775 /data/misc/sensors
+ restorecon_recursive /data/misc/sensors
mkdir /persist/sensors
chmod 775 /persist/sensors
+ # Label in case file already exists
+ restorecon /data/fdAlbum
+
#Provide the access to hostapd.conf only to root and group
chmod 0660 /data/hostapd/hostapd.conf
@@ -197,6 +203,7 @@
# kickstart
mkdir /data/qcks 0770 system system
+ restorecon_recursive /data/qcks
chown system /dev/block/platform/msm_sdcc.1/by-name
setprop vold.post_fs_data_done 1
@@ -207,8 +214,7 @@
chown system system /sys/class/leds/red/device/lock
# communicate with mpdecision and thermald
- mkdir /dev/socket/mpdecision 0770 system system
- chmod 2770 /dev/socket/mpdecision
+ mkdir /dev/socket/mpdecision 2770 root system
# adjust vibrator amplitude
write /sys/class/timed_output/vibrator/amp 70
@@ -274,6 +280,7 @@
class late_start
user bluetooth
group qcom_oncrpc bluetooth net_bt_admin system
+ seclabel u:r:bluetooth_loader:s0
disabled
oneshot
@@ -302,12 +309,12 @@
service netmgrd /system/bin/netmgrd
class main
-
+ group radio
service sensors /system/bin/sensors.qcom
class late_start
user root
- group root
+ group root radio system
service wpa_supplicant /system/bin/wpa_supplicant \
-iwlan0 -Dnl80211 -c/data/misc/wifi/wpa_supplicant.conf \
@@ -380,6 +387,7 @@
service thermald /system/bin/thermald
class main
+ group radio
service mpdecision /system/bin/mpdecision --no_sleep --avg_comp
class main
diff --git a/overlay/frameworks/base/core/res/res/values-az-rAZ/config.xml b/overlay/frameworks/base/core/res/res/values-az-rAZ/config.xml
deleted file mode 100644
index c9598c4..0000000
--- a/overlay/frameworks/base/core/res/res/values-az-rAZ/config.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-/*
-** Copyright 2012, The Android Open Source Project
-**
-** Licensed under the Apache License, Version 2.0 (the "License");
-** you may not use this file except in compliance with the License.
-** You may obtain a copy of the License at
-**
-** http://www.apache.org/licenses/LICENSE-2.0
-**
-** Unless required by applicable law or agreed to in writing, software
-** distributed under the License is distributed on an "AS IS" BASIS,
-** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-** See the License for the specific language governing permissions and
-** limitations under the License.
-*/
- -->
-
-<resources xmlns:android="http://schemas.android.com/apk/res/android"
- xmlns:xliff="urn:oasis:names:tc:xliff:document:1.2">
- <string-array name="config_usbHostBlacklist">
- <item msgid="2854983642221012800">"/dev/bus/usb/001"</item>
- </string-array>
-</resources>
diff --git a/overlay/frameworks/base/core/res/res/values-en-rIN/config.xml b/overlay/frameworks/base/core/res/res/values-en-rIN/config.xml
deleted file mode 100644
index c9598c4..0000000
--- a/overlay/frameworks/base/core/res/res/values-en-rIN/config.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-/*
-** Copyright 2012, The Android Open Source Project
-**
-** Licensed under the Apache License, Version 2.0 (the "License");
-** you may not use this file except in compliance with the License.
-** You may obtain a copy of the License at
-**
-** http://www.apache.org/licenses/LICENSE-2.0
-**
-** Unless required by applicable law or agreed to in writing, software
-** distributed under the License is distributed on an "AS IS" BASIS,
-** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-** See the License for the specific language governing permissions and
-** limitations under the License.
-*/
- -->
-
-<resources xmlns:android="http://schemas.android.com/apk/res/android"
- xmlns:xliff="urn:oasis:names:tc:xliff:document:1.2">
- <string-array name="config_usbHostBlacklist">
- <item msgid="2854983642221012800">"/dev/bus/usb/001"</item>
- </string-array>
-</resources>
diff --git a/overlay/frameworks/base/core/res/res/values-et-rEE/config.xml b/overlay/frameworks/base/core/res/res/values-et-rEE/config.xml
deleted file mode 100644
index c9598c4..0000000
--- a/overlay/frameworks/base/core/res/res/values-et-rEE/config.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-/*
-** Copyright 2012, The Android Open Source Project
-**
-** Licensed under the Apache License, Version 2.0 (the "License");
-** you may not use this file except in compliance with the License.
-** You may obtain a copy of the License at
-**
-** http://www.apache.org/licenses/LICENSE-2.0
-**
-** Unless required by applicable law or agreed to in writing, software
-** distributed under the License is distributed on an "AS IS" BASIS,
-** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-** See the License for the specific language governing permissions and
-** limitations under the License.
-*/
- -->
-
-<resources xmlns:android="http://schemas.android.com/apk/res/android"
- xmlns:xliff="urn:oasis:names:tc:xliff:document:1.2">
- <string-array name="config_usbHostBlacklist">
- <item msgid="2854983642221012800">"/dev/bus/usb/001"</item>
- </string-array>
-</resources>
diff --git a/overlay/frameworks/base/core/res/res/values-fr-rCA/config.xml b/overlay/frameworks/base/core/res/res/values-fr-rCA/config.xml
deleted file mode 100644
index c9598c4..0000000
--- a/overlay/frameworks/base/core/res/res/values-fr-rCA/config.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-/*
-** Copyright 2012, The Android Open Source Project
-**
-** Licensed under the Apache License, Version 2.0 (the "License");
-** you may not use this file except in compliance with the License.
-** You may obtain a copy of the License at
-**
-** http://www.apache.org/licenses/LICENSE-2.0
-**
-** Unless required by applicable law or agreed to in writing, software
-** distributed under the License is distributed on an "AS IS" BASIS,
-** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-** See the License for the specific language governing permissions and
-** limitations under the License.
-*/
- -->
-
-<resources xmlns:android="http://schemas.android.com/apk/res/android"
- xmlns:xliff="urn:oasis:names:tc:xliff:document:1.2">
- <string-array name="config_usbHostBlacklist">
- <item msgid="2854983642221012800">"/dev/bus/usb/001"</item>
- </string-array>
-</resources>
diff --git a/overlay/frameworks/base/core/res/res/values-hy-rAM/config.xml b/overlay/frameworks/base/core/res/res/values-hy-rAM/config.xml
deleted file mode 100644
index c9598c4..0000000
--- a/overlay/frameworks/base/core/res/res/values-hy-rAM/config.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-/*
-** Copyright 2012, The Android Open Source Project
-**
-** Licensed under the Apache License, Version 2.0 (the "License");
-** you may not use this file except in compliance with the License.
-** You may obtain a copy of the License at
-**
-** http://www.apache.org/licenses/LICENSE-2.0
-**
-** Unless required by applicable law or agreed to in writing, software
-** distributed under the License is distributed on an "AS IS" BASIS,
-** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-** See the License for the specific language governing permissions and
-** limitations under the License.
-*/
- -->
-
-<resources xmlns:android="http://schemas.android.com/apk/res/android"
- xmlns:xliff="urn:oasis:names:tc:xliff:document:1.2">
- <string-array name="config_usbHostBlacklist">
- <item msgid="2854983642221012800">"/dev/bus/usb/001"</item>
- </string-array>
-</resources>
diff --git a/overlay/frameworks/base/core/res/res/values-ka-rGE/config.xml b/overlay/frameworks/base/core/res/res/values-ka-rGE/config.xml
deleted file mode 100644
index c9598c4..0000000
--- a/overlay/frameworks/base/core/res/res/values-ka-rGE/config.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-/*
-** Copyright 2012, The Android Open Source Project
-**
-** Licensed under the Apache License, Version 2.0 (the "License");
-** you may not use this file except in compliance with the License.
-** You may obtain a copy of the License at
-**
-** http://www.apache.org/licenses/LICENSE-2.0
-**
-** Unless required by applicable law or agreed to in writing, software
-** distributed under the License is distributed on an "AS IS" BASIS,
-** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-** See the License for the specific language governing permissions and
-** limitations under the License.
-*/
- -->
-
-<resources xmlns:android="http://schemas.android.com/apk/res/android"
- xmlns:xliff="urn:oasis:names:tc:xliff:document:1.2">
- <string-array name="config_usbHostBlacklist">
- <item msgid="2854983642221012800">"/dev/bus/usb/001"</item>
- </string-array>
-</resources>
diff --git a/overlay/frameworks/base/core/res/res/values-km-rKH/config.xml b/overlay/frameworks/base/core/res/res/values-km-rKH/config.xml
deleted file mode 100644
index c9598c4..0000000
--- a/overlay/frameworks/base/core/res/res/values-km-rKH/config.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-/*
-** Copyright 2012, The Android Open Source Project
-**
-** Licensed under the Apache License, Version 2.0 (the "License");
-** you may not use this file except in compliance with the License.
-** You may obtain a copy of the License at
-**
-** http://www.apache.org/licenses/LICENSE-2.0
-**
-** Unless required by applicable law or agreed to in writing, software
-** distributed under the License is distributed on an "AS IS" BASIS,
-** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-** See the License for the specific language governing permissions and
-** limitations under the License.
-*/
- -->
-
-<resources xmlns:android="http://schemas.android.com/apk/res/android"
- xmlns:xliff="urn:oasis:names:tc:xliff:document:1.2">
- <string-array name="config_usbHostBlacklist">
- <item msgid="2854983642221012800">"/dev/bus/usb/001"</item>
- </string-array>
-</resources>
diff --git a/overlay/frameworks/base/core/res/res/values-lo-rLA/config.xml b/overlay/frameworks/base/core/res/res/values-lo-rLA/config.xml
deleted file mode 100644
index c9598c4..0000000
--- a/overlay/frameworks/base/core/res/res/values-lo-rLA/config.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-/*
-** Copyright 2012, The Android Open Source Project
-**
-** Licensed under the Apache License, Version 2.0 (the "License");
-** you may not use this file except in compliance with the License.
-** You may obtain a copy of the License at
-**
-** http://www.apache.org/licenses/LICENSE-2.0
-**
-** Unless required by applicable law or agreed to in writing, software
-** distributed under the License is distributed on an "AS IS" BASIS,
-** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-** See the License for the specific language governing permissions and
-** limitations under the License.
-*/
- -->
-
-<resources xmlns:android="http://schemas.android.com/apk/res/android"
- xmlns:xliff="urn:oasis:names:tc:xliff:document:1.2">
- <string-array name="config_usbHostBlacklist">
- <item msgid="2854983642221012800">"/dev/bus/usb/001"</item>
- </string-array>
-</resources>
diff --git a/overlay/frameworks/base/core/res/res/values-mn-rMN/config.xml b/overlay/frameworks/base/core/res/res/values-mn-rMN/config.xml
deleted file mode 100644
index c9598c4..0000000
--- a/overlay/frameworks/base/core/res/res/values-mn-rMN/config.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-/*
-** Copyright 2012, The Android Open Source Project
-**
-** Licensed under the Apache License, Version 2.0 (the "License");
-** you may not use this file except in compliance with the License.
-** You may obtain a copy of the License at
-**
-** http://www.apache.org/licenses/LICENSE-2.0
-**
-** Unless required by applicable law or agreed to in writing, software
-** distributed under the License is distributed on an "AS IS" BASIS,
-** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-** See the License for the specific language governing permissions and
-** limitations under the License.
-*/
- -->
-
-<resources xmlns:android="http://schemas.android.com/apk/res/android"
- xmlns:xliff="urn:oasis:names:tc:xliff:document:1.2">
- <string-array name="config_usbHostBlacklist">
- <item msgid="2854983642221012800">"/dev/bus/usb/001"</item>
- </string-array>
-</resources>
diff --git a/overlay/frameworks/base/core/res/res/values-ms-rMY/config.xml b/overlay/frameworks/base/core/res/res/values-ms-rMY/config.xml
deleted file mode 100644
index c9598c4..0000000
--- a/overlay/frameworks/base/core/res/res/values-ms-rMY/config.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-/*
-** Copyright 2012, The Android Open Source Project
-**
-** Licensed under the Apache License, Version 2.0 (the "License");
-** you may not use this file except in compliance with the License.
-** You may obtain a copy of the License at
-**
-** http://www.apache.org/licenses/LICENSE-2.0
-**
-** Unless required by applicable law or agreed to in writing, software
-** distributed under the License is distributed on an "AS IS" BASIS,
-** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-** See the License for the specific language governing permissions and
-** limitations under the License.
-*/
- -->
-
-<resources xmlns:android="http://schemas.android.com/apk/res/android"
- xmlns:xliff="urn:oasis:names:tc:xliff:document:1.2">
- <string-array name="config_usbHostBlacklist">
- <item msgid="2854983642221012800">"/dev/bus/usb/001"</item>
- </string-array>
-</resources>
diff --git a/overlay/frameworks/base/core/res/res/values-ne-rNP/config.xml b/overlay/frameworks/base/core/res/res/values-ne-rNP/config.xml
deleted file mode 100644
index c9598c4..0000000
--- a/overlay/frameworks/base/core/res/res/values-ne-rNP/config.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-/*
-** Copyright 2012, The Android Open Source Project
-**
-** Licensed under the Apache License, Version 2.0 (the "License");
-** you may not use this file except in compliance with the License.
-** You may obtain a copy of the License at
-**
-** http://www.apache.org/licenses/LICENSE-2.0
-**
-** Unless required by applicable law or agreed to in writing, software
-** distributed under the License is distributed on an "AS IS" BASIS,
-** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-** See the License for the specific language governing permissions and
-** limitations under the License.
-*/
- -->
-
-<resources xmlns:android="http://schemas.android.com/apk/res/android"
- xmlns:xliff="urn:oasis:names:tc:xliff:document:1.2">
- <string-array name="config_usbHostBlacklist">
- <item msgid="2854983642221012800">"/dev/bus/usb/001"</item>
- </string-array>
-</resources>
diff --git a/overlay/frameworks/base/core/res/res/values-si-rLK/config.xml b/overlay/frameworks/base/core/res/res/values-si-rLK/config.xml
deleted file mode 100644
index c9598c4..0000000
--- a/overlay/frameworks/base/core/res/res/values-si-rLK/config.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-/*
-** Copyright 2012, The Android Open Source Project
-**
-** Licensed under the Apache License, Version 2.0 (the "License");
-** you may not use this file except in compliance with the License.
-** You may obtain a copy of the License at
-**
-** http://www.apache.org/licenses/LICENSE-2.0
-**
-** Unless required by applicable law or agreed to in writing, software
-** distributed under the License is distributed on an "AS IS" BASIS,
-** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-** See the License for the specific language governing permissions and
-** limitations under the License.
-*/
- -->
-
-<resources xmlns:android="http://schemas.android.com/apk/res/android"
- xmlns:xliff="urn:oasis:names:tc:xliff:document:1.2">
- <string-array name="config_usbHostBlacklist">
- <item msgid="2854983642221012800">"/dev/bus/usb/001"</item>
- </string-array>
-</resources>
diff --git a/overlay/frameworks/base/core/res/res/values-zh-rHK/config.xml b/overlay/frameworks/base/core/res/res/values-zh-rHK/config.xml
deleted file mode 100644
index c9598c4..0000000
--- a/overlay/frameworks/base/core/res/res/values-zh-rHK/config.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-/*
-** Copyright 2012, The Android Open Source Project
-**
-** Licensed under the Apache License, Version 2.0 (the "License");
-** you may not use this file except in compliance with the License.
-** You may obtain a copy of the License at
-**
-** http://www.apache.org/licenses/LICENSE-2.0
-**
-** Unless required by applicable law or agreed to in writing, software
-** distributed under the License is distributed on an "AS IS" BASIS,
-** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-** See the License for the specific language governing permissions and
-** limitations under the License.
-*/
- -->
-
-<resources xmlns:android="http://schemas.android.com/apk/res/android"
- xmlns:xliff="urn:oasis:names:tc:xliff:document:1.2">
- <string-array name="config_usbHostBlacklist">
- <item msgid="2854983642221012800">"/dev/bus/usb/001"</item>
- </string-array>
-</resources>
diff --git a/sepolicy/bluetooth.te b/sepolicy/bluetooth.te
deleted file mode 100644
index 523b252..0000000
--- a/sepolicy/bluetooth.te
+++ /dev/null
@@ -1 +0,0 @@
-allow bluetooth smd_device:chr_file rw_file_perms;
diff --git a/sepolicy/bluetooth_loader.te b/sepolicy/bluetooth_loader.te
new file mode 100644
index 0000000..35bf139
--- /dev/null
+++ b/sepolicy/bluetooth_loader.te
@@ -0,0 +1,29 @@
+# Bluetooth executables and scripts
+type bluetooth_loader, domain;
+type bluetooth_loader_exec, exec_type, file_type;
+
+# Start bdAddrLoader from init
+init_daemon_domain(bluetooth_loader)
+
+# Run init.mako.bt.sh
+allow bluetooth_loader shell_exec:file { entrypoint read };
+allow bluetooth_loader bluetooth_loader_exec:file { getattr open execute_no_trans };
+
+# init.mako.bt.sh needs /system/bin/log access
+allow bluetooth_loader devpts:chr_file rw_file_perms;
+
+# Run hci_qcomm_init from init.mako.bt.sh
+domain_auto_trans(bluetooth_loader, hci_attach_exec, hci_attach)
+allow hci_attach bluetooth_loader:fd use;
+
+# Read mac address from persist partition
+allow bluetooth_loader persist_file:dir search;
+r_dir_file(bluetooth_loader, persist_bluetooth_file)
+
+# Talk to init over the property socket
+unix_socket_connect(bluetooth_loader, property, init)
+# Set persist.service.bdroid.* and bluetooth.* property values
+allow bluetooth_loader bluetooth_prop:property_service set;
+
+# Allow getprop/setprop for init.mako.bt.sh
+allow bluetooth_loader system_file:file execute_no_trans;
diff --git a/sepolicy/bridge.te b/sepolicy/bridge.te
new file mode 100644
index 0000000..09678c8
--- /dev/null
+++ b/sepolicy/bridge.te
@@ -0,0 +1,19 @@
+# Bridge Manager (radio process)
+type bridge, domain;
+type bridge_exec, exec_type, file_type;
+
+# Started by init
+init_daemon_domain(bridge)
+
+# Uevent for usb connection
+allow bridge self:netlink_kobject_uevent_socket { create bind read };
+
+# Allow logging diagnostic items to /dev/diag
+allow bridge diag_device:chr_file rw_file_perms;
+
+# Talk to qmuxd (qmux_radio)
+qmux_socket(bridge)
+
+# Alert the RmNet SMD & SDIO function driver of the correct transport.
+# (/sys/class/android_usb/f_rmnet_smd_sdio/transport)
+allow bridge sysfs_rmnet:file { open read write getattr };
diff --git a/sepolicy/camera.te b/sepolicy/camera.te
new file mode 100644
index 0000000..e1caf05
--- /dev/null
+++ b/sepolicy/camera.te
@@ -0,0 +1,27 @@
+# Qualcomm MSM camera
+type camera, domain;
+type camera_exec, exec_type, file_type;
+
+# Started by init
+init_daemon_domain(camera)
+
+permissive camera;
+
+# Interact with other media devices
+allow camera camera_device:dir search;
+allow camera { video_device camera_device }:chr_file rw_file_perms;
+allow camera { surfaceflinger mediaserver }:fd use;
+
+# Create front and back camera sockets (/data/cam_socket[01])
+type_transition camera system_data_file:sock_file camera_socket "cam_socket0";
+type_transition camera system_data_file:sock_file camera_socket "cam_socket1";
+allow camera camera_socket:sock_file { create unlink };
+allow camera system_data_file:dir w_dir_perms;
+allow camera system_data_file:sock_file unlink;
+
+type_transition camera system_data_file:file camera_calibration_file "fdAlbum";
+allow camera camera_calibration_file:file create_file_perms;
+
+# Connect to sensor socket (/data/app/sensor_ctl_socket)
+unix_socket_connect(camera, sensors, sensors)
+allow camera sensors_socket:sock_file read;
diff --git a/sepolicy/conn_init.te b/sepolicy/conn_init.te
new file mode 100644
index 0000000..33f0cab
--- /dev/null
+++ b/sepolicy/conn_init.te
@@ -0,0 +1,16 @@
+# wifi connection service
+type conn_init, domain;
+type conn_init_exec, exec_type, file_type;
+
+# Started by logwrapper in init
+domain_auto_trans(init, conn_init_exec, conn_init)
+
+allow conn_init devpts:chr_file { read write };
+
+# Allow /persist/wifi access
+allow conn_init { persist_file persist_wifi_file }:dir search;
+allow conn_init persist_wifi_file:file r_file_perms;
+
+# Allow /data/misc/wifi access for firmware files
+allow conn_init wifi_data_file:dir w_dir_perms;
+allow conn_init wifi_data_file:file create_file_perms;
diff --git a/sepolicy/device.te b/sepolicy/device.te
index a8c6747..fe55ec6 100644
--- a/sepolicy/device.te
+++ b/sepolicy/device.te
@@ -1,17 +1,18 @@
# GPU (used by most UI apps)
type gpu_device, dev_type;
-# Qualcomm Secure Execution Environment Communicator (QSEECOM) device
-type qseecom_device, dev_type;
-
type diag_device, dev_type;
-type bcm2079x_device, dev_type;
-
-# Qualcomm MSM Audio ACDB device
-type msm_acdb_device, dev_type;
# Kickstart device used by QC qcks
type kickstart_device, dev_type;
# SMD device, used by hci_qcomm_init
type smd_device, dev_type;
+
+# Radio related block device
+type efs_block_device, dev_type;
+
+# Shared memory logger
+type shared_log_device, dev_type;
+
+type power_control_device, dev_type;
diff --git a/sepolicy/drmserver.te b/sepolicy/drmserver.te
deleted file mode 100644
index 0c8b461..0000000
--- a/sepolicy/drmserver.te
+++ /dev/null
@@ -1,3 +0,0 @@
-# Grant DRM Service access to Qualcomm Secure Execution Environment Communicator (QSEECOM) device
-allow drmserver qseecom_device:chr_file rw_file_perms;
-allow drmserver sdcard_external:file open;
diff --git a/sepolicy/file.te b/sepolicy/file.te
index 839b0a4..0a0169b 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -1,7 +1,23 @@
-# Qualcomm MSM Interface (QMI) socket types
-type qmux_audio_socket, file_type;
-type qmux_bluetooth_socket, file_type;
-type qmux_gps_socket, file_type;
-type qmux_radio_socket, file_type;
+# Qualcomm MSM Interface (QMI) socket
+type qmuxd_socket, file_type;
+type sensors_socket, file_type;
+type camera_socket, file_type;
-type audio_firmware_file, file_type;
+type sensors_data_file, file_type, data_file_type;
+
+type kickstart_data_file, file_type, data_file_type;
+
+type mpdecision_socket, file_type;
+
+# Default type for anything under /firmware
+type radio_efs_file, fs_type;
+
+# Persist firmware types
+type persist_file, file_type;
+type persist_bluetooth_file, file_type;
+type persist_drm_file, file_type;
+type persist_sensors_file, file_type;
+type persist_wifi_file, file_type;
+
+type sysfs_rmnet, fs_type, sysfs_type;
+type sysfs_mpdecision, fs_type, sysfs_type;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index ccbb9b6..91baf5b 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -1,27 +1,75 @@
-# GPU device
+# GPU device (world r/w)
/dev/kgsl-3d0 u:object_r:gpu_device:s0
-/dev/msm_rotator u:object_r:gpu_device:s0
+/dev/kgsl u:object_r:gpu_device:s0
+
+# Image Rotator Driver
+/dev/msm_rotator u:object_r:video_device:s0
# Qualcomm Secure Execution Environment Communicator (QSEECOM) device
-/dev/qseecom u:object_r:qseecom_device:s0
+/dev/qseecom u:object_r:tee_device:s0
# Qualcomm MSM Interface (QMI) devices
-/dev/socket/qmux_audio/* u:object_r:qmux_audio_socket:s0
-/dev/socket/qmux_bluetooth/* u:object_r:qmux_bluetooth_socket:s0
-/dev/socket/qmux_gps/* u:object_r:qmux_gps_socket:s0
-/dev/socket/qmux_radio/* u:object_r:qmux_radio_socket:s0
+/dev/socket/qmux_audio(/.*)? u:object_r:qmuxd_socket:s0
+/dev/socket/qmux_bluetooth(/.*)? u:object_r:qmuxd_socket:s0
+/dev/socket/qmux_gps(/.*)? u:object_r:qmuxd_socket:s0
+/dev/socket/qmux_radio(/.*)? u:object_r:qmuxd_socket:s0
-/dev/bcm2079x-i2c u:object_r:bcm2079x_device:s0
+/dev/bcm2079x-i2c u:object_r:nfc_device:s0
/dev/diag u:object_r:diag_device:s0
-/dev/media([0-9])+ u:object_r:camera_device:s0
-/dev/smd([0-9])+ u:object_r:smd_device:s0
-/dev/mdm u:object_r:radio_device:s0
-# Qualcomm MSM Audio ACDB device
-/dev/msm_acdb u:object_r:msm_acdb_device:s0
+# CPU governor controls
+/dev/socket/mpdecision(/.*)? u:object_r:mpdecision_socket:s0
-# Qualcomm audio firmware files
-/data/misc/audio/* u:object_r:audio_firmware_file:s0
+## Radio related
+# modem driver
+/dev/mdm u:object_r:radio_device:s0
+# high speed inter-chip controls
+/dev/hsicctl[0-3] u:object_r:radio_device:s0
+# mux controller
+/dev/rmnet_mux_ctrl u:object_r:radio_device:s0
+# qmi protocol driver
+/dev/qmi[0-2] u:object_r:radio_device:s0
+# shared memory drivers
+/dev/smdcntl[0-7] u:object_r:radio_device:s0
+/dev/smd7 u:object_r:radio_device:s0
+
+# Bluetooth shared memory interfaces
+/dev/smd2 u:object_r:hci_attach_dev:s0
+/dev/smd3 u:object_r:hci_attach_dev:s0
+# Default label for shared memory drivers
+/dev/smd([0-9])+ u:object_r:smd_device:s0
+/dev/smem_log u:object_r:shared_log_device:s0
+
+# Serial console
+/dev/ttyHS0 u:object_r:hci_attach_dev:s0
+/dev/ttyMSM0 u:object_r:hci_attach_dev:s0
+
+# Serial-to-Usb support
+/dev/ttyUSB0 u:object_r:radio_device:s0
+
+# Jpeg Engine support
+/dev/gemini.* u:object_r:camera_device:s0
+# MSM camera related
+/dev/v4l-subdev.* u:object_r:camera_device:s0
+/dev/video([0-9])+ u:object_r:camera_device:s0
+/dev/msm_camera(/.*)? u:object_r:camera_device:s0
+/dev/media([0-9])+ u:object_r:camera_device:s0
+
+# Qualcomm MSM Audio devices
+/dev/msm_acdb u:object_r:audio_device:s0
+/dev/msm_mp3 u:object_r:audio_device:s0
+/dev/msm_rtac u:object_r:audio_device:s0
+/dev/msm_vidc.* u:object_r:audio_device:s0
+/dev/msm_amrnb.* u:object_r:audio_device:s0
+/dev/msm_amrwb.* u:object_r:audio_device:s0
+/dev/msm_aac.* u:object_r:audio_device:s0
+
+# MSM Dedicated Sensors Processor Subsystem
+/dev/msm_dsps u:object_r:sensors_device:s0
+# Sensors shared Memory Packet Interface
+/dev/smd_sns_dsps u:object_r:sensors_device:s0
+
+/dev/cpu_dma_latency u:object_r:power_control_device:s0
/dev/ks_hsic_bridge u:object_r:kickstart_device:s0
/dev/efs_hsic_bridge u:object_r:kickstart_device:s0
@@ -30,7 +78,41 @@
/system/bin/efsks u:object_r:kickstart_exec:s0
/system/bin/ks u:object_r:kickstart_exec:s0
-/data/nfc(/.*)? u:object_r:nfc_data_file:s0
+# Block labeling
+/dev/block/mmcblk0p[89] u:object_r:efs_block_device:s0
-/system/bin/hci_qcomm_init u:object_r:hci_exec:s0
-/system/bin/bdAddrLoader u:object_r:hci_exec:s0
+/data/nfc(/.*)? u:object_r:nfc_data_file:s0
+/data/qcks(/.*)? u:object_r:kickstart_data_file:s0
+/data/misc/sensors(/.*)? u:object_r:sensors_data_file:s0
+/data/system/sensors(/.*)? u:object_r:sensors_data_file:s0
+/data/fdAlbum u:object_r:camera_calibration_file:s0
+
+/system/bin/hci_qcomm_init u:object_r:hci_attach_exec:s0
+/system/bin/bdAddrLoader u:object_r:bluetooth_loader_exec:s0
+/system/etc/init.mako.bt.sh u:object_r:bluetooth_loader_exec:s0
+/system/bin/rmt_storage u:object_r:rmt_exec:s0
+/system/bin/bridgemgrd u:object_r:bridge_exec:s0
+/system/bin/qmuxd u:object_r:qmux_exec:s0
+/system/bin/netmgrd u:object_r:netmgrd_exec:s0
+/system/bin/thermald u:object_r:thermald_exec:s0
+/system/bin/mpdecision u:object_r:mpdecision_exec:s0
+/system/bin/sensors.qcom u:object_r:sensors_exec:s0
+/system/bin/mm-qcamera-daemon u:object_r:camera_exec:s0
+/system/bin/qseecomd u:object_r:tee_exec:s0
+/system/bin/conn_init u:object_r:conn_init_exec:s0
+
+# Persist firmware filesystem
+/persist(/.*)? u:object_r:persist_file:s0
+/persist/bluetooth(/.*)? u:object_r:persist_bluetooth_file:s0
+/persist/sensors(/.*)? u:object_r:persist_sensors_file:s0
+/persist/playready(/.*)? u:object_r:persist_drm_file:s0
+/persist/widevine(/.*)? u:object_r:persist_drm_file:s0
+/persist/wifi(/.*)? u:object_r:persist_wifi_file:s0
+
+# Sysfs entry for the RmNet function driver
+/sys/class/android_usb/f_rmnet_smd_sdio/transport -- u:object_r:sysfs_rmnet:s0
+/sys/devices/virtual/android_usb/android0/f_rmnet_smd_sdio/transport -- u:object_r:sysfs_rmnet:s0
+
+# Sysfs files used by mpdecision
+/sys/module/pm2/modes(/.*)? u:object_r:sysfs_mpdecision:s0
+/sys/module/pm_8x60/modes(/.*)? u:object_r:sysfs_mpdecision:s0
diff --git a/sepolicy/hci_init.te b/sepolicy/hci_init.te
deleted file mode 100644
index 85f5d32..0000000
--- a/sepolicy/hci_init.te
+++ /dev/null
@@ -1,6 +0,0 @@
-type hci_init, domain;
-permissive hci_init;
-type hci_exec, file_type, exec_type;
-type hci_data_file, file_type;
-domain_auto_trans(shell, hci_exec, hci_init)
-unconfined_domain(hci_init)
diff --git a/sepolicy/init_shell.te b/sepolicy/init_shell.te
deleted file mode 100644
index 204392f..0000000
--- a/sepolicy/init_shell.te
+++ /dev/null
@@ -1,6 +0,0 @@
-allow init_shell diag_device:chr_file { read write };
-allow init_shell hci_exec:file rx_file_perms;
-allow init_shell bluetooth_prop:property_service set;
-allow init_shell smd_device:chr_file rw_file_perms;
-allow init_shell unlabeled:file r_file_perms;
-allow init_shell init:fifo_file r_file_perms;
diff --git a/sepolicy/keystore.te b/sepolicy/keystore.te
deleted file mode 100644
index 2583cac..0000000
--- a/sepolicy/keystore.te
+++ /dev/null
@@ -1,3 +0,0 @@
-# Grant keystore daemon access to Qualcomm Secure Execution Environment Communicator (QSEECOM) device
-allow keystore qseecom_device:chr_file rw_file_perms;
-
diff --git a/sepolicy/kickstart.te b/sepolicy/kickstart.te
index f4a4a26..6aa402b 100644
--- a/sepolicy/kickstart.te
+++ b/sepolicy/kickstart.te
@@ -1,5 +1,33 @@
+# kickstart processes and scripts (system process)
type kickstart, domain;
-permissive kickstart;
type kickstart_exec, file_type, exec_type;
-domain_auto_trans(init, kickstart_exec, kickstart)
-unconfined_domain(kickstart)
+
+init_daemon_domain(kickstart)
+
+# Spawn /system/bin/efsks and /system/bin/ks
+allow kickstart kickstart_exec:file { open execute_no_trans getattr };
+
+# Let qcks access /dev/mdm node (modem driver)
+allow kickstart radio_device:chr_file r_file_perms;
+
+# Access USB host ks bridge drivers
+allow kickstart kickstart_device:chr_file rw_file_perms;
+
+# Read and write to /dev/block/mmcblk0p[89]
+allow kickstart efs_block_device:blk_file rw_file_perms;
+allow kickstart block_device:dir { getattr write search };
+
+# Write contents of block device to kickstart data dir
+allow kickstart kickstart_data_file:file create_file_perms;
+allow kickstart kickstart_data_file:dir rw_dir_perms;
+
+# Read radio firmware file(s)
+allow kickstart radio_efs_file:dir search;
+allow kickstart radio_efs_file:file r_file_perms;
+
+# Run dd from toolbox on firmware files
+allow kickstart shell_exec:file rx_file_perms;
+allow kickstart system_file:file execute_no_trans;
+
+# Wake lock access
+allow kickstart sysfs_wake_lock:file { open append };
diff --git a/sepolicy/mediaserver.te b/sepolicy/mediaserver.te
index dacaacf..2183efb 100644
--- a/sepolicy/mediaserver.te
+++ b/sepolicy/mediaserver.te
@@ -1,13 +1,7 @@
-# Grant access to Qualcomm MSM Audio ACDB device to mediaserver
-allow mediaserver msm_acdb_device:chr_file rw_file_perms;
-
# Grant access to Qualcomm MSM Interface (QMI) audio sockets to mediaserver
-allow mediaserver qmux_audio_socket:sock_file create_file_perms;
-allow mediaserver qmux_audio_socket:dir rw_dir_perms;
+qmux_socket(mediaserver)
+
+unix_socket_send(mediaserver, camera, camera)
# Permit mediaserver to create sockets
allow mediaserver self:socket create;
-
-# Grant access to audio firmware files to mediaserver
-allow mediaserver audio_firmware_file:dir ra_dir_perms;
-allow mediaserver audio_firmware_file:file create_file_perms;
diff --git a/sepolicy/mpdecision.te b/sepolicy/mpdecision.te
new file mode 100644
index 0000000..0107b83
--- /dev/null
+++ b/sepolicy/mpdecision.te
@@ -0,0 +1,39 @@
+# CPU governor (root process)
+type mpdecision, domain;
+type mpdecision_exec, exec_type, file_type;
+
+# Started by init
+init_daemon_domain(mpdecision)
+
+# CPU hotplug uevent to manage cores
+allow mpdecision self:netlink_kobject_uevent_socket { create setopt bind read };
+allow mpdecision self:capability net_admin;
+
+# Create under /dev/socket/mpdecision
+allow mpdecision mpdecision_socket:dir w_dir_perms;
+allow mpdecision mpdecision_socket:sock_file create_file_perms;
+
+# Also support mpdecision creating the /dev/socket/pb socket
+type_transition mpdecision socket_device:sock_file mpdecision_socket;
+allow mpdecision self:capability chown;
+allow mpdecision socket_device:dir w_dir_perms;
+
+# By-product of setting owner on sock_file (don't allow)
+dontaudit mpdecision self:capability fsetid;
+
+allow mpdecision sysfs_devices_system_cpu:file rw_file_perms;
+allow mpdecision sysfs_mpdecision:dir r_dir_perms;
+allow mpdecision sysfs_mpdecision:file rw_file_perms;
+
+# Some files in /sys/devices/system/cpu may pop in and out of existance,
+# defeating our attempt to label them. As a result, they could have the
+# sysfs label, not the sysfs_devices_system_cpu label.
+# Allow write access for now until we figure out a better solution.
+# For example, the following files pop in and out of existance:
+# /sys/devices/system/cpu/cpu1/cpufreq/cpuinfo_min_freq
+# /sys/devices/system/cpu/cpu1/cpufreq/scaling_min_freq
+allow mpdecision sysfs:file write;
+
+# This is needed to allow mpdecision to look at system_server's
+# /proc/PID/status file.
+r_dir_file(mpdecision, system_server)
diff --git a/sepolicy/netmgrd.te b/sepolicy/netmgrd.te
new file mode 100644
index 0000000..5ae79c9
--- /dev/null
+++ b/sepolicy/netmgrd.te
@@ -0,0 +1,29 @@
+# Network utilities (radio process)
+type netmgrd, domain;
+type netmgrd_exec, exec_type, file_type;
+
+# Started by init
+init_daemon_domain(netmgrd)
+
+permissive netmgrd;
+
+# Starts as (root,radio) changes to (radio,radio)
+allow netmgrd self:capability { setuid setgid net_admin net_raw };
+
+# Support modprobe??
+dontaudit netmgrd self:capability sys_module;
+
+allow netmgrd self:udp_socket { create ioctl };
+allow netmgrd self:netlink_socket create_socket_perms;
+allow netmgrd self:netlink_route_socket create_socket_perms;
+
+# Talk to qmuxd (qmux_radio)
+qmux_socket(netmgrd)
+
+# Allow logging diagnostic items (/dev/diag)
+allow netmgrd diag_device:chr_file rw_file_perms;
+
+# Tries to access /data/data_test/ with toolbox. The data_test
+# directory doesn't exist so deny access.
+dontaudit netmgrd shell_exec:file rx_file_perms;
+dontaudit netmgrd system_file:file execute_no_trans;
diff --git a/sepolicy/nfc.te b/sepolicy/nfc.te
deleted file mode 100644
index 593608d..0000000
--- a/sepolicy/nfc.te
+++ /dev/null
@@ -1 +0,0 @@
-allow nfc bcm2079x_device:chr_file rw_file_perms;
diff --git a/sepolicy/qmux.te b/sepolicy/qmux.te
new file mode 100644
index 0000000..3fe384f
--- /dev/null
+++ b/sepolicy/qmux.te
@@ -0,0 +1,19 @@
+# Qualcomm Management Interface Multiplexer
+type qmux, domain;
+type qmux_exec, exec_type, file_type;
+
+# Started by init
+init_daemon_domain(qmux)
+
+# Create sockets under each /dev/socket/qmux_* directory.
+allow qmux qmuxd_socket:dir w_dir_perms;
+allow qmux qmuxd_socket:sock_file { create setattr getattr unlink };
+
+# /dev/hsicctl* node access
+allow qmux radio_device:chr_file rw_file_perms;
+
+# Allow logging diagnostic items
+allow qmux diag_device:chr_file rw_file_perms;
+
+# wake lock access
+allow qmux sysfs_wake_lock:file { open append };
diff --git a/sepolicy/rild.te b/sepolicy/rild.te
index 419c583..834c128 100644
--- a/sepolicy/rild.te
+++ b/sepolicy/rild.te
@@ -1,5 +1,4 @@
allow rild diag_device:chr_file rw_file_perms;
# Grant access to Qualcomm MSM Interface (QMI) radio sockets to RILD
-allow rild qmux_radio_socket:sock_file create_file_perms;
-allow rild qmux_radio_socket:dir rw_dir_perms;
+qmux_socket(rild)
diff --git a/sepolicy/rmt.te b/sepolicy/rmt.te
new file mode 100644
index 0000000..9a8e81f
--- /dev/null
+++ b/sepolicy/rmt.te
@@ -0,0 +1,8 @@
+# remote storage process
+type rmt, domain;
+type rmt_exec, exec_type, file_type;
+
+# Started by init
+init_daemon_domain(rmt)
+
+unconfined_domain(rmt)
diff --git a/sepolicy/sensors.te b/sepolicy/sensors.te
new file mode 100644
index 0000000..2d4c4d3
--- /dev/null
+++ b/sepolicy/sensors.te
@@ -0,0 +1,48 @@
+# Integrated qualcomm sensor process
+type sensors, domain;
+type sensors_exec, exec_type, file_type;
+
+# Started by init
+init_daemon_domain(sensors)
+
+# Change own perms to (nobody,nobody)
+allow sensors self:capability { setuid setgid };
+# Chown /data/misc/sensors/debug/ to nobody
+allow sensors self:capability chown;
+dontaudit sensors self:capability fsetid;
+
+# Access /data/misc/sensors/debug and /data/system/sensors/settings
+allow sensors self:capability dac_read_search;
+dontaudit sensors self:capability dac_override;
+
+# Log diagnostic items (/dev/diag)
+allow sensors diag_device:chr_file rw_file_perms;
+
+# Create /data/app/sensor_ctl_socket (Might want to change location).
+type_transition sensors apk_data_file:sock_file sensors_socket "sensor_ctl_socket";
+allow sensors sensors_socket:sock_file create_file_perms;
+# Trying to be restrictive with perms on apk_data_file
+allow sensors apk_data_file:dir { add_name write };
+# Socket can be deleted. So might have to keep in order to work.
+allow sensors apk_data_file:dir remove_name;
+
+# Create directories and files under /data/misc/sensors
+# and /data/system/sensors. Allow generic r/w file access.
+allow sensors sensors_data_file:dir create_dir_perms;
+allow sensors sensors_data_file:file create_file_perms;
+
+# Access sensor nodes (/dev/msm_dsps)
+allow sensors sensors_device:chr_file rw_file_perms;
+
+# Access power management controls
+allow sensors power_control_device:chr_file w_file_perms;
+
+# Access to /persist/sensors
+allow sensors persist_file:dir r_dir_perms;
+allow sensors persist_sensors_file:dir r_dir_perms;
+allow sensors persist_sensors_file:file rw_file_perms;
+
+# Wake lock access
+allow sensors sysfs_wake_lock:file { open append };
+
+allow sensors cgroup:dir { create add_name };
diff --git a/sepolicy/system.te b/sepolicy/system.te
deleted file mode 100644
index b11c892..0000000
--- a/sepolicy/system.te
+++ /dev/null
@@ -1,8 +0,0 @@
-# Grant GPU access to system apps (e.g., PowerManagerService)
-allow system gpu_device:chr_file rw_file_perms;
-allow system diag_device:chr_file rw_file_perms;
-
-# Grant access to Qualcomm MSM Interface (QMI) radio sockets to system apps
-# (e.g., LocationManager)
-allow system qmux_radio_socket:sock_file create_file_perms;
-allow system qmux_radio_socket:dir rw_dir_perms;
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
new file mode 100644
index 0000000..b9689e0
--- /dev/null
+++ b/sepolicy/system_server.te
@@ -0,0 +1,19 @@
+# Grant GPU access to system services (e.g., PowerManagerService)
+allow system_server gpu_device:chr_file rw_file_perms;
+allow system_server diag_device:chr_file rw_file_perms;
+
+# Grant access to Qualcomm MSM Interface (QMI) radio sockets to system services
+# (e.g., LocationManager)
+qmux_socket(system_server)
+
+# PowerManagerService access to sensors socket
+unix_socket_connect(system_server, sensors, sensors)
+unix_socket_send(system_server, sensors, sensors)
+allow system_server sensors:unix_stream_socket sendto;
+allow system_server sensors_socket:sock_file r_file_perms;
+
+# mpdecision socket access
+unix_socket_connect(system_server, mpdecision, mpdecision)
+unix_socket_send(system_server, mpdecision, mpdecision)
+allow system_server mpdecision:unix_stream_socket sendto;
+allow system_server mpdecision_socket:dir search;
diff --git a/sepolicy/te_macros b/sepolicy/te_macros
new file mode 100644
index 0000000..5e5a8ce
--- /dev/null
+++ b/sepolicy/te_macros
@@ -0,0 +1,12 @@
+#####################################
+# qmux_socket(clientdomain)
+# Allow client domain to connecto and send
+# via a local socket to the qmux domain.
+# Also allow the client domain to remove
+# its own socket.
+define(`qmux_socket', `
+type $1_qmuxd_socket, file_type;
+file_type_auto_trans($1, qmuxd_socket, $1_qmuxd_socket)
+unix_socket_connect($1, qmuxd, qmux)
+allow qmux $1_qmuxd_socket:sock_file { getattr unlink };
+')
diff --git a/sepolicy/thermald.te b/sepolicy/thermald.te
new file mode 100644
index 0000000..aca3fc7
--- /dev/null
+++ b/sepolicy/thermald.te
@@ -0,0 +1,32 @@
+# Temperature sensor daemon (root process)
+type thermald, domain;
+type thermald_exec, exec_type, file_type;
+
+# Started by init
+init_daemon_domain(thermald)
+
+permissive thermald;
+
+allow thermald self:socket create_socket_perms;
+
+# CPU hotplug uevent
+allow thermald self:netlink_kobject_uevent_socket { create setopt bind read };
+allow thermald self:capability net_admin;
+
+# Talk to qmuxd (/dev/socket/qmux_radio)
+qmux_socket(thermald)
+
+# Access shared logger (/dev/smem_log) and diagnostic logger (/dev/diag)
+allow thermald { shared_log_device diag_device }:chr_file rw_file_perms;
+
+# Access /sys/devices/system/cpu/
+allow thermald sysfs_devices_system_cpu:file rw_file_perms;
+
+# Some files in /sys/devices/system/cpu may pop in and out of existance,
+# defeating our attempt to label them. As a result, they could have the
+# sysfs label, not the sysfs_devices_system_cpu label.
+# Allow write access for now until we figure out a better solution.
+# For example, the following files pop in and out of existance:
+# /sys/devices/system/cpu/cpu1/cpufreq/cpuinfo_min_freq
+# /sys/devices/system/cpu/cpu1/cpufreq/scaling_min_freq
+allow thermald sysfs:file write;
diff --git a/sepolicy/ueventd.te b/sepolicy/ueventd.te
index 9f734f4..e82337d 100644
--- a/sepolicy/ueventd.te
+++ b/sepolicy/ueventd.te
@@ -1,4 +1,2 @@
-allow ueventd sdcard_external:dir search;
-allow ueventd sdcard_external:file r_file_perms;
-allow ueventd wifi_data_file:dir search;
-allow ueventd wifi_data_file:file r_file_perms;
+allow ueventd { radio_efs_file wifi_data_file }:dir search;
+allow ueventd { radio_efs_file wifi_data_file }:file r_file_perms;
diff --git a/sepolicy/wpa.te b/sepolicy/wpa.te
deleted file mode 100644
index c8f185f..0000000
--- a/sepolicy/wpa.te
+++ /dev/null
@@ -1 +0,0 @@
-allow wpa devpts:chr_file rw_file_perms;
diff --git a/ueventd.mako.rc b/ueventd.mako.rc
index a24e82f..b299e6b 100644
--- a/ueventd.mako.rc
+++ b/ueventd.mako.rc
@@ -35,7 +35,7 @@
/dev/v4l-subdev* 0660 system camera
/dev/msm_camera/* 0660 system camera
/dev/gemini* 0660 system camera
-/dev/msm_dsps 0600 system system
+/dev/msm_dsps 0660 system system
/dev/bcm2079x-i2c 0660 nfc nfc
/dev/qseecom 0660 system drmrpc
/dev/mdm 0660 system radio
