Merge "sepolicy: Add vm block devices labeling"
diff --git a/generic/vendor/common/hal_wifi_supplicant.te b/generic/vendor/common/hal_wifi_supplicant.te
index cffb540..5beaad8 100644
--- a/generic/vendor/common/hal_wifi_supplicant.te
+++ b/generic/vendor/common/hal_wifi_supplicant.te
@@ -1,4 +1,4 @@
-#Copyright (c) 2017-2018, The Linux Foundation. All rights reserved.
+#Copyright (c) 2017-2020, The Linux Foundation. All rights reserved.
#
#Redistribution and use in source and binary forms, with or without
#modification, are permitted provided that the following conditions are
@@ -37,7 +37,7 @@
allow hal_wifi_supplicant_default wpa_data_file:file create_file_perms;
# Permission for wpa socket which IMS use to communicate
# # Allow wpa_supplicant to send back wifi information to cnd
-allow hal_wifi_supplicant_default { vendor_cnd vendor_ims }:unix_dgram_socket sendto;
+allow hal_wifi_supplicant_default { vendor_cnd vendor_ims vendor_mutualex}:unix_dgram_socket sendto;
# # Allow wpa_supplicant to send back wifi information to vendor_location
allow hal_wifi_supplicant_default vendor_location:unix_dgram_socket sendto;
diff --git a/generic/vendor/common/netmgrd.te b/generic/vendor/common/netmgrd.te
index 5c99633..d36a17b 100644
--- a/generic/vendor/common/netmgrd.te
+++ b/generic/vendor/common/netmgrd.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018, 2020 The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -72,6 +72,9 @@
binder_call(vendor_netmgrd, netd)
allow vendor_netmgrd system_net_netd_hwservice:hwservice_manager find;
+# Allow netmgrd to use shsusrd properties
+set_prop(vendor_netmgrd, vendor_data_shsusr_prop)
+
allow vendor_netmgrd self:capability { net_admin net_raw setgid setpcap setuid };
allow vendor_netmgrd vendor_toolbox_exec:file rx_file_perms;
diff --git a/generic/vendor/common/property.te b/generic/vendor/common/property.te
index 16c8adb..229d943 100644
--- a/generic/vendor/common/property.te
+++ b/generic/vendor/common/property.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018-2020, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -67,6 +67,9 @@
# Audio props
vendor_restricted_prop(vendor_audio_prop);
+# shsusrd props
+vendor_restricted_prop(vendor_data_shsusr_prop);
+
#ss-restart
vendor_internal_prop(vendor_ssr_prop);
diff --git a/generic/vendor/common/property_contexts b/generic/vendor/common/property_contexts
index 9cb44c7..9035b15 100644
--- a/generic/vendor/common/property_contexts
+++ b/generic/vendor/common/property_contexts
@@ -1,4 +1,4 @@
-# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018-2020, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -115,6 +115,9 @@
vendor.debug.egl.swapinterval u:object_r:vendor_public_vendor_default_prop:s0
vendor.debug.egl.profiler u:object_r:vendor_public_vendor_default_prop:s0
+# shsusrd loading
+persist.vendor.data.shsusr_load u:object_r:vendor_data_shsusr_prop:s0
+
#vendor-wlan
vendor.wlan. u:object_r:vendor_wifi_prop:s0
diff --git a/generic/vendor/lahaina/genfs_contexts b/generic/vendor/lahaina/genfs_contexts
index 5537d6d..38e7ad5 100644
--- a/generic/vendor/lahaina/genfs_contexts
+++ b/generic/vendor/lahaina/genfs_contexts
@@ -32,3 +32,13 @@
genfscon sysfs /devices/platform/soc/soc:hwevent/coresight-hwevent u:object_r:vendor_sysfs_qdss_dev:s0
genfscon sysfs /devices/platform/soc/6b0f000.csr/coresight-swao-csr u:object_r:vendor_sysfs_qdss_dev:s0
genfscon sysfs /devices/platform/soc/soc:dummy_source/coresight-modem-diag u:object_r:vendor_sysfs_qdss_dev:s0
+
+# Power supply device nodes
+genfscon sysfs /devices/platform/soc/soc:qcom,pmic_glink/soc:qcom,pmic_glink:qcom,battery_charger/power_supply/battery u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,pmic_glink/soc:qcom,pmic_glink:qcom,battery_charger/power_supply/usb u:object_r:vendor_sysfs_usb_supply:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,pmic_glink/soc:qcom,pmic_glink:qcom,battery_charger/power_supply/wireless u:object_r:vendor_sysfs_usb_supply:s0
+
+# LED device nodes
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8350c@2:qcom,leds@ef00/leds/red u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8350c@2:qcom,leds@ef00/leds/green u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8350c@2:qcom,leds@ef00/leds/blue u:object_r:vendor_sysfs_graphics:s0
diff --git a/generic/vendor/lito/file_contexts b/generic/vendor/lito/file_contexts
index 4146709..ed6d9e8 100644
--- a/generic/vendor/lito/file_contexts
+++ b/generic/vendor/lito/file_contexts
@@ -180,6 +180,23 @@
/vendor/lib(64)?/hw/gralloc\.lito\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/hw/vulkan\.lito\.so u:object_r:same_process_hal_file:s0
+#SSR nodes
+/sys/devices/platform/soc/4080000.qcom,mss/subsys[0-9]+/name u:object_r:vendor_sysfs_ssr:s0
+/sys/devices/platform/soc/3000000.qcom,lpass/subsys[0-9]+/name u:object_r:vendor_sysfs_ssr:s0
+/sys/devices/platform/soc/8300000.qcom,turing/subsys[0-9]+/name u:object_r:vendor_sysfs_ssr:s0
+/sys/devices/platform/soc/aae0000.qcom,venus/subsys[0-9]+/name u:object_r:vendor_sysfs_ssr:s0
+/sys/devices/platform/soc/soc:qcom,ipa_fws/subsys[0-9]+/name u:object_r:vendor_sysfs_ssr:s0
+/sys/devices/platform/soc/9800000.qcom,npu/subsys[0-9]+/name u:object_r:vendor_sysfs_ssr:s0
+/sys/devices/platform/soc/soc:qcom,kgsl-hyp/subsys[0-9]+/name u:object_r:vendor_sysfs_ssr:s0
+
+/sys/devices/platform/soc/4080000.qcom,mss/subsys[0-9]+/restart_level u:object_r:vendor_sysfs_ssr_toggle:s0
+/sys/devices/platform/soc/3000000.qcom,lpass/subsys[0-9]+/restart_level u:object_r:vendor_sysfs_ssr_toggle:s0
+/sys/devices/platform/soc/8300000.qcom,turing/subsys[0-9]+/restart_level u:object_r:vendor_sysfs_ssr_toggle:s0
+/sys/devices/platform/soc/aae0000.qcom,venus/subsys[0-9]+/restart_level u:object_r:vendor_sysfs_ssr_toggle:s0
+/sys/devices/platform/soc/soc:qcom,ipa_fws/subsys[0-9]+/restart_level u:object_r:vendor_sysfs_ssr_toggle:s0
+/sys/devices/platform/soc/9800000.qcom,npu/subsys[0-9]+/restart_level u:object_r:vendor_sysfs_ssr_toggle:s0
+/sys/devices/platform/soc/soc:qcom,kgsl-hyp/subsys[0-9]+/restart_level u:object_r:vendor_sysfs_ssr_toggle:s0
+
#FPC
/sys/devices/platform/soc/soc:fpc1020(/.*?) u:object_r:vendor_sysfs_fps_attr:s0
/sys/devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-03/200f000.qcom,spmi:qcom,pmi632@3:qcom,leds@d000/modalias u:object_r:vendor_sysfs_fps_attr:s0
diff --git a/generic/vendor/lito/genfs_contexts b/generic/vendor/lito/genfs_contexts
index ce5a544..c503520 100644
--- a/generic/vendor/lito/genfs_contexts
+++ b/generic/vendor/lito/genfs_contexts
@@ -44,21 +44,6 @@
genfscon sysfs /devices/platform/soc/6b0c000.csr/coresight-swao-csr u:object_r:vendor_sysfs_qdss_dev:s0
genfscon sysfs /devices/platform/soc/soc:dummy_source/coresight-modem-diag u:object_r:vendor_sysfs_qdss_dev:s0
-genfscon sysfs /devices/platform/soc/4080000.qcom,mss/subsys0/name u:object_r:vendor_sysfs_ssr:s0
-genfscon sysfs /devices/platform/soc/3000000.qcom,lpass/subsys1/name u:object_r:vendor_sysfs_ssr:s0
-genfscon sysfs /devices/platform/soc/8300000.qcom,turing/subsys2/name u:object_r:vendor_sysfs_ssr:s0
-genfscon sysfs /devices/platform/soc/aae0000.qcom,venus/subsys3/name u:object_r:vendor_sysfs_ssr:s0
-genfscon sysfs /devices/platform/soc/soc:qcom,ipa_fws/subsys4/name u:object_r:vendor_sysfs_ssr:s0
-genfscon sysfs /devices/platform/soc/9800000.qcom,npu/subsys5/name u:object_r:vendor_sysfs_ssr:s0
-genfscon sysfs /devices/platform/soc/soc:qcom,kgsl-hyp/subsys6/name u:object_r:vendor_sysfs_ssr:s0
-
-
-#It seem some change in the subsystem numbering adding the new list also
-genfscon sysfs /devices/platform/soc/soc:qcom,ipa_fws/subsys3/name u:object_r:vendor_sysfs_ssr:s0
-genfscon sysfs /devices/platform/soc/9800000.qcom,npu/subsys4/name u:object_r:vendor_sysfs_ssr:s0
-genfscon sysfs /devices/platform/soc/soc:qcom,kgsl-hyp/subsys5/name u:object_r:vendor_sysfs_ssr:s0
-genfscon sysfs /devices/platform/soc/aae0000.qcom,venus/subsys6/name u:object_r:vendor_sysfs_ssr:s0
-
# PMIC UI peripherals
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm8150@0:qcom,pm8150_rtc/rtc u:object_r:sysfs_rtc:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-03/c440000.qcom,spmi:qcom,pm7250b@3:qcom,vibrator@5300/leds/vibrator u:object_r:sysfs_leds:s0
diff --git a/qva/vendor/common/file_contexts b/qva/vendor/common/file_contexts
index fd87c66..6586100 100644
--- a/qva/vendor/common/file_contexts
+++ b/qva/vendor/common/file_contexts
@@ -1,4 +1,4 @@
-# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018-2020, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -53,8 +53,8 @@
/dev/socket/ssgtzd u:object_r:vendor_ssgtzd_socket:s0
/dev/socket/qdma(/.*)? u:object_r:vendor_qdma_socket:s0
/dev/socket/adpl_cmd_uds_file u:object_r:vendor_dataadpl_socket:s0
+/dev/socket/vendor_wpa_wlan[0-9] u:object_r:vendor_wifi_vendor_wpa_socket:s0
/dev/socket/wigig/wpa_wigig[0-9] u:object_r:vendor_wigig_vendor_wpa_socket:s0
-/dev/socket/wigig/vendor_wpa_wlan[0-9] u:object_r:vendor_wigig_vendor_wpa_socket:s0
/dev/socket/wigig/wigignpt u:object_r:vendor_wigignpt_socket:s0
/dev/socket/wigig/sensingdaemon u:object_r:vendor_sensingdaemon_socket:s0
@@ -115,6 +115,7 @@
/(vendor|system/vendor)/bin/sensingdaemon u:object_r:vendor_sensingdaemon_exec:s0
/vendor/bin/hw/android\.hardware\.usb\@1\.[0-2]-service-qti u:object_r:vendor_hal_usb_qti_exec:s0
/vendor/bin/vendor\.qti\.qspmhal@1\.0-service u:object_r:vendor_hal_qspmhal_default_exec:s0
+/(vendor|system/vendor)/bin/mutualex u:object_r:vendor_mutualex_exec:s0
#### Context for location features
diff --git a/qva/vendor/common/hal_wifi_hostapd.te b/qva/vendor/common/hal_wifi_hostapd.te
index 3d6bf37..1833e6d 100644
--- a/qva/vendor/common/hal_wifi_hostapd.te
+++ b/qva/vendor/common/hal_wifi_hostapd.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+# Copyright (c) 2019-2020, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -34,6 +34,8 @@
# Allow hostapd to connect to fstman using control socket
allow hal_wifi_hostapd_default vendor_fstman:unix_dgram_socket sendto;
+# Allow hostapd to connect to mutualex using control socket
+allow hal_wifi_hostapd_default vendor_mutualex:unix_dgram_socket sendto;
# wigig_hostapd has its own directory for sockets,
# in order to prevent conflicts with wifi hostapd
# allow wigig_hostapd to create the directory holding its control socket
diff --git a/qva/vendor/common/mutualex.te b/qva/vendor/common/mutualex.te
new file mode 100644
index 0000000..b725258
--- /dev/null
+++ b/qva/vendor/common/mutualex.te
@@ -0,0 +1,55 @@
+# Copyright (c) 2019-2020, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_mutualex, domain;
+type vendor_mutualex_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(vendor_mutualex)
+
+allow vendor_mutualex vendor_mutualex:{
+ qipcrtr_socket
+ netlink_generic_socket
+}create_socket_perms_no_ioctl;
+
+hal_client_domain(vendor_mutualex,hal_wifi_hostapd)
+hal_client_domain(vendor_mutualex,hal_wifi_supplicant)
+
+# allow mutualex to access wpa_socket
+allow vendor_mutualex vendor_wifi_vendor_data_file:dir r_dir_perms;
+allow vendor_mutualex vendor_wifi_vendor_wpa_socket:sock_file write;
+
+#communicating with wpa supplicant for sending commands/listening to events
+unix_socket_send(vendor_mutualex, wpa, hal_wifi_supplicant)
+allow vendor_mutualex wpa_data_file:dir w_dir_perms;
+allow vendor_mutualex wpa_data_file:sock_file create_file_perms;
+
+#communicating with hostapd for sending commands/listening to events
+allow vendor_mutualex hostapd_data_file:dir rw_dir_perms;
+allow vendor_mutualex hostapd_data_file:sock_file create_file_perms;
+allow vendor_mutualex { hal_wifi_hostapd_default }:unix_dgram_socket sendto;
+
+wakelock_use(vendor_mutualex)
+
diff --git a/qva/vendor/msmsteppe/recovery.te b/qva/vendor/msmsteppe/recovery.te
index 616d011..ef6099f 100644
--- a/qva/vendor/msmsteppe/recovery.te
+++ b/qva/vendor/msmsteppe/recovery.te
@@ -27,6 +27,6 @@
recovery_only(`
domain_auto_trans(recovery, vendor_qrtr_exec, vendor_qrtr)
- domain_auto_trans(recovery, rfs_access_exec, rfs_access)
- domain_auto_trans(recovery, rmt_storage_exec, rmt_storage)
+ domain_auto_trans(recovery, vendor_rfs_access_exec, vendor_rfs_access)
+ domain_auto_trans(recovery, vendor_rmt_storage_exec, vendor_rmt_storage)
')