FP2-15: create Product ID for FP2 project
Change-Id: Ie902ba40af1902d57cc12bb32f91bfecaaf03410
diff --git a/msm8960/Android.mk b/msm8960/Android.mk
new file mode 100644
index 0000000..4447397
--- /dev/null
+++ b/msm8960/Android.mk
@@ -0,0 +1 @@
+BOARD_SEPOLICY_UNION += \
diff --git a/msm8960/device.te b/msm8960/device.te
new file mode 100755
index 0000000..24d277a
--- /dev/null
+++ b/msm8960/device.te
@@ -0,0 +1,2 @@
+#mdm helper device
+type mdm_device, dev_type;
diff --git a/msm8960/file.te b/msm8960/file.te
new file mode 100644
index 0000000..e5cea97
--- /dev/null
+++ b/msm8960/file.te
@@ -0,0 +1,2 @@
+#efs file types
+type efs_data_file, file_type, data_file_type;
diff --git a/msm8960/file_contexts b/msm8960/file_contexts
new file mode 100755
index 0000000..7e51456
--- /dev/null
+++ b/msm8960/file_contexts
@@ -0,0 +1,22 @@
+###################################
+# Dev nodes
+#
+/dev/msm_camera(/.*)? u:object_r:camera_device:s0
+/dev/msm_rotator u:object_r:graphics_device:s0
+/dev/mdm u:object_r:mdm_device:s0
+/dev/block/bootdevice/by-name/m9kefs1 u:object_r:efs_boot_dev:s0
+/dev/block/bootdevice/by-name/m9kefs2 u:object_r:efs_boot_dev:s0
+/dev/block/bootdevice/by-name/m9kefs3 u:object_r:efs_boot_dev:s0
+/dev/block/bootdevice/by-name/m9kefsc u:object_r:efs_boot_dev:s0
+
+###################################
+# System files
+#
+/system/bin/thermald u:object_r:thermal-engine_exec:s0
+/system/bin/qcks u:object_r:mdm_helper_exec:s0
+/system/bin/efks u:object_r:mdm_helper_exec:s0
+
+###################################
+# Data files
+#
+/data/qcks(/.*)? u:object_r:efs_data_file:s0
diff --git a/msm8960/mdm_helper.te b/msm8960/mdm_helper.te
new file mode 100755
index 0000000..5fe3608
--- /dev/null
+++ b/msm8960/mdm_helper.te
@@ -0,0 +1,8 @@
+#Needed in order to access the data partition bin files
+type_transition mdm_helper system_data_file:{ file } efs_data_file;
+
+allow mdm_helper mdm_device:file rw_file_perms;
+allow mdm_helper mdm_device:chr_file rw_file_perms;
+allow mdm_helper self:capability { dac_read_search dac_override };
+allow mdm_helper efs_data_file:file create_file_perms;
+allow mdm_helper efs_data_file:dir create_dir_perms;
diff --git a/msm8960/mm-pp-daemon.te b/msm8960/mm-pp-daemon.te
new file mode 100644
index 0000000..cbaafcf
--- /dev/null
+++ b/msm8960/mm-pp-daemon.te
@@ -0,0 +1,4 @@
+userdebug_or_eng(`
+ #Allow pp-daemon to access stream socket
+ allow mm-pp-daemon init:unix_stream_socket { read write };
+')
diff --git a/msm8960/mpdecision.te b/msm8960/mpdecision.te
new file mode 100644
index 0000000..f9adcee
--- /dev/null
+++ b/msm8960/mpdecision.te
@@ -0,0 +1,3 @@
+allow mpdecision socket_device:dir w_dir_perms;
+allow mpdecision socket_device:sock_file create;
+allow mpdecision self:capability sys_nice;
diff --git a/msm8960/qseecomd.te b/msm8960/qseecomd.te
new file mode 100644
index 0000000..049367c
--- /dev/null
+++ b/msm8960/qseecomd.te
@@ -0,0 +1,6 @@
+userdebug_or_eng(`
+ # Playready should be able to create/delete dir under /data/data
+ # Securemm should be able to create/delete dir under /data/misc
+ allow tee system_data_file:dir create_dir_perms;
+ allow tee system_data_file:file create_file_perms;
+')
diff --git a/msm8960/rild.te b/msm8960/rild.te
new file mode 100644
index 0000000..81cafff
--- /dev/null
+++ b/msm8960/rild.te
@@ -0,0 +1,2 @@
+#allow rild to access smd_cmx_qmi device;
+allow rild smd_device:chr_file rw_file_perms;
diff --git a/msm8960/rmt_storage.te b/msm8960/rmt_storage.te
new file mode 100644
index 0000000..3b3bbb2
--- /dev/null
+++ b/msm8960/rmt_storage.te
@@ -0,0 +1,5 @@
+# rmt_storage - rmt_storage daemon
+allow rmt_storage rpmb_device:blk_file { open read };
+allow rmt_storage ssd_device:blk_file { open read write };
+unix_socket_connect(rmt_storage, property, init)
+allow rmt_storage ctl_default_prop:property_service set;
diff --git a/msm8960/ssr_diag.te b/msm8960/ssr_diag.te
new file mode 100644
index 0000000..6b170b0
--- /dev/null
+++ b/msm8960/ssr_diag.te
@@ -0,0 +1,3 @@
+userdebug_or_eng(`
+ allow ssr_diag self:netlink_kobject_uevent_socket create;
+')
diff --git a/msm8960/system_server.te b/msm8960/system_server.te
new file mode 100644
index 0000000..1ac7260
--- /dev/null
+++ b/msm8960/system_server.te
@@ -0,0 +1,2 @@
+# WifiStateMachine to access wpa_wlan0 socket
+allow system_server init:unix_dgram_socket sendto;
diff --git a/msm8960/thermal-engine.te b/msm8960/thermal-engine.te
new file mode 100644
index 0000000..707717d
--- /dev/null
+++ b/msm8960/thermal-engine.te
@@ -0,0 +1,2 @@
+allow thermal-engine self:netlink_kobject_uevent_socket create;
+allow thermal-engine socket_device:dir w_dir_perms;
diff --git a/msm8960/wpa.te b/msm8960/wpa.te
new file mode 100644
index 0000000..24ce72f
--- /dev/null
+++ b/msm8960/wpa.te
@@ -0,0 +1,2 @@
+allow wpa devpts:chr_file rw_file_perms;
+allow wpa init:unix_dgram_socket { read write };