zenfone8: Import modified SEPolicy from CAF
Asus have added vendor.camera.aux.packagelist in vendor/etc/selinux/vendor_property_contexts and CAF have it in system_ext.
So we have an duplicate context and device dont boot and reboot to bootloader
[6.228548] (CPU:7-pid:1:init)init: Unable to serialize property contexts: Duplicate prefix match detected for 'vendor.camera.aux.packagelist'
So We import the whole CAF SEPolicy and remove only this context to boot correctly.
https: //github.com/omnirom/android_device_qcom_caf-sepolicy/blob/android-11/qva/private/property_contexts#L38
Change-Id: I19e6fe9908fbdd64b3942c3d9adbaaae3fe08793
diff --git a/BoardConfig.mk b/BoardConfig.mk
index d107ad5..13a6ebd 100755
--- a/BoardConfig.mk
+++ b/BoardConfig.mk
@@ -186,9 +186,10 @@
# Sepolicy
include vendor/omni/sepolicy/sepolicy.mk
-include device/qcom/sepolicy/SEPolicy.mk
+include $(DEVICE_PATH)/sepolicy/SEPolicy.mk
+BOARD_PLAT_PRIVATE_SEPOLICY_DIR += $(DEVICE_PATH)/sepolicy/private \
+ $(DEVICE_PATH)/sepolicy/qva/private
-BOARD_PLAT_PRIVATE_SEPOLICY_DIR += $(DEVICE_PATH)/sepolicy/private
PRODUCT_PRIVATE_SEPOLICY_DIRS += $(DEVICE_PATH)/sepolicy/product/private
# Treble
diff --git a/sepolicy/SEPolicy.mk b/sepolicy/SEPolicy.mk
new file mode 100644
index 0000000..2839874
--- /dev/null
+++ b/sepolicy/SEPolicy.mk
@@ -0,0 +1,27 @@
+# Board specific SELinux policy variable definitions
+SEPOLICY_PATH:= device/qcom/sepolicy
+BOARD_PLAT_PUBLIC_SEPOLICY_DIR := \
+ $(BOARD_PLAT_PUBLIC_SEPOLICY_DIR) \
+ $(SEPOLICY_PATH)/generic/public \
+ $(SEPOLICY_PATH)/generic/public/attribute
+
+BOARD_PLAT_PRIVATE_SEPOLICY_DIR := \
+ $(BOARD_PLAT_PRIVATE_SEPOLICY_DIR) \
+ $(SEPOLICY_PATH)/generic/private
+
+BOARD_PLAT_PUBLIC_SEPOLICY_DIR := \
+ $(BOARD_PLAT_PUBLIC_SEPOLICY_DIR) \
+ $(SEPOLICY_PATH)/qva/public \
+ $(SEPOLICY_PATH)/qva/public/attribute
+
+#once all the services are moved to Product /ODM above lines will be removed.
+# sepolicy rules for product images
+PRODUCT_PUBLIC_SEPOLICY_DIRS := \
+ $(PRODUCT_PUBLIC_SEPOLICY_DIRS) \
+ $(SEPOLICY_PATH)/generic/product/public \
+ $(SEPOLICY_PATH)/qva/product/public
+
+PRODUCT_PRIVATE_SEPOLICY_DIRS := \
+ $(PRODUCT_PRIVATE_SEPOLICY_DIRS) \
+ $(SEPOLICY_PATH)/generic/product/private \
+ $(SEPOLICY_PATH)/qva/product/private
diff --git a/sepolicy/qva/private/app.te b/sepolicy/qva/private/app.te
new file mode 100644
index 0000000..31adc81
--- /dev/null
+++ b/sepolicy/qva/private/app.te
@@ -0,0 +1,29 @@
+# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+get_prop(appdomain, vendor_persist_dpm_prop)
+
diff --git a/sepolicy/qva/private/audioserver.te b/sepolicy/qva/private/audioserver.te
new file mode 100644
index 0000000..ca657ed
--- /dev/null
+++ b/sepolicy/qva/private/audioserver.te
@@ -0,0 +1,31 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+binder_call(audioserver,vendor_wfdservice);
+
+#allow access to ALSA MMAP FDs for AAudio API
+allow audioserver audio_service:service_manager find;
diff --git a/sepolicy/qva/private/bluetooth.te b/sepolicy/qva/private/bluetooth.te
new file mode 100644
index 0000000..29ad366
--- /dev/null
+++ b/sepolicy/qva/private/bluetooth.te
@@ -0,0 +1,28 @@
+# Copyright (c) 2020, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+unix_socket_connect(bluetooth, vendor_qvrd_controller, vendor_qvrd)
\ No newline at end of file
diff --git a/sepolicy/qva/private/bt_logger.te b/sepolicy/qva/private/bt_logger.te
new file mode 100644
index 0000000..b7bb9b1
--- /dev/null
+++ b/sepolicy/qva/private/bt_logger.te
@@ -0,0 +1,42 @@
+# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_bt_logger, domain;
+type vendor_bt_logger_exec, system_file_type, exec_type, file_type;
+typeattribute vendor_bt_logger bluetoothdomain;
+typeattribute vendor_bt_logger coredomain;
+
+init_daemon_domain(vendor_bt_logger)
+bluetooth_domain(vendor_bt_logger)
+
+get_prop(vendor_bt_logger, bluetooth_prop)
+allow bluetooth vendor_bt_logger:unix_stream_socket connectto;
+allow vendor_bt_logger bluetooth:unix_stream_socket connectto;
+
+allow vendor_bt_logger bluetooth_data_file:dir search;
+allow vendor_bt_logger bluetooth_logs_data_file:dir rw_dir_perms;
+allow vendor_bt_logger bluetooth_logs_data_file:file create_file_perms;
diff --git a/sepolicy/qva/private/cameraserver.te b/sepolicy/qva/private/cameraserver.te
new file mode 100644
index 0000000..0a288d8
--- /dev/null
+++ b/sepolicy/qva/private/cameraserver.te
@@ -0,0 +1,30 @@
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+get_prop(cameraserver, vendor_persist_camera_prop)
+#access to cameraservice apis by faceauth
+hal_client_domain(cameraserver, hal_face)
diff --git a/sepolicy/qva/private/dataservice_app.te b/sepolicy/qva/private/dataservice_app.te
new file mode 100644
index 0000000..ac26b3d
--- /dev/null
+++ b/sepolicy/qva/private/dataservice_app.te
@@ -0,0 +1,35 @@
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+add_service(vendor_dataservice_app, vendor_dpmservice)
+allow vendor_dataservice_app system_app_data_file:dir create_dir_perms;
+allow vendor_dataservice_app vendor_dpmd_socket:sock_file write;
+allow vendor_dataservice_app vendor_dpmd_data_file:dir rw_dir_perms;
+allow vendor_dataservice_app vendor_dpmd_data_file:file create_file_perms;
+unix_socket_connect(vendor_dataservice_app,vendor_dpmd,vendor_dpmd);
+set_prop(vendor_dataservice_app, vendor_persist_dpm_prop)
diff --git a/sepolicy/qva/private/device.te b/sepolicy/qva/private/device.te
new file mode 100644
index 0000000..f83f890
--- /dev/null
+++ b/sepolicy/qva/private/device.te
@@ -0,0 +1,30 @@
+# Copyright (c) 2015, 2017, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+#Define smd7 device
+type vendor_smd7_device, dev_type;
diff --git a/sepolicy/qva/private/dpmd.te b/sepolicy/qva/private/dpmd.te
new file mode 100644
index 0000000..3df432f
--- /dev/null
+++ b/sepolicy/qva/private/dpmd.te
@@ -0,0 +1,75 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+typeattribute vendor_dpmd coredomain;
+typeattribute vendor_dpmd mlstrustedsubject;
+type vendor_dpmd_exec, exec_type, system_file_type, file_type;
+
+init_daemon_domain(vendor_dpmd)
+
+net_domain(vendor_dpmd)
+
+allow vendor_dpmd {
+ vendor_dpmd_exec
+ system_file
+}:file x_file_perms;
+
+allow vendor_dpmd vendor_dpmd_data_file:file create_file_perms;
+allow vendor_dpmd vendor_dpmd_data_file:dir create_dir_perms;
+r_dir_file(vendor_dpmd,proc_net)
+
+allow vendor_dpmd self:capability {
+ setuid
+ net_raw
+ net_admin
+};
+
+allow vendor_dpmd netutils_wrapper:process sigkill;
+allow vendor_dpmd self:capability2 wake_alarm;
+
+r_dir_file(vendor_dpmd, appdomain)
+
+wakelock_use(vendor_dpmd)
+allow vendor_dpmd shell_exec:file rx_file_perms;
+dontaudit vendor_dpmd self:capability sys_module;
+set_prop(vendor_dpmd, vendor_persist_dpm_prop)
+get_prop(vendor_dpmd, vendor_persist_dpm_prop)
+#allow vendor_dpmd to create socket
+allow vendor_dpmd self:socket create_socket_perms_no_ioctl;
+allow vendor_dpmd self:{ netlink_socket netlink_generic_socket } create_socket_perms_no_ioctl;
+vendor_dpmd_socket_perm(priv_app)
+vendor_dpmd_socket_perm(system_server)
+vendor_dpmd_socket_perm(system_app)
+vendor_dpmd_socket_perm(untrusted_app)
+vendor_dpmd_socket_perm(untrusted_app_25)
+vendor_dpmd_socket_perm(platform_app)
+#allow vendor_dpmd to write to /proc/net/sys
+allow vendor_dpmd proc_net:file write;
+#self kill rule to kill vendor_dpmd child process which executes iptable commands
+allow vendor_dpmd self:capability kill;
+set_prop(vendor_dpmd, ctl_dpmd_prop)
diff --git a/sepolicy/qva/private/dun-server.te b/sepolicy/qva/private/dun-server.te
new file mode 100644
index 0000000..981a5e7
--- /dev/null
+++ b/sepolicy/qva/private/dun-server.te
@@ -0,0 +1,40 @@
+# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_dun-server_exec, system_file_type, exec_type, file_type;
+typeattribute vendor_dun-server bluetoothdomain;
+typeattribute vendor_dun-server coredomain;
+
+allow bluetooth vendor_dun-server:unix_stream_socket connectto;
+allow vendor_dun-server {
+ serial_device
+ vendor_smd7_device
+}:chr_file rw_file_perms;
+
+init_daemon_domain(vendor_dun-server)
+
+bluetooth_domain(vendor_dun-server)
diff --git a/sepolicy/qva/private/file.te b/sepolicy/qva/private/file.te
new file mode 100644
index 0000000..fb8f9a6
--- /dev/null
+++ b/sepolicy/qva/private/file.te
@@ -0,0 +1,38 @@
+# Copyright (c) 2018,2020, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_dpmd_socket, file_type, coredomain_socket;
+type vendor_dpmd_data_file, file_type, data_file_type, core_data_file_type;
+type vendor_dpmwrapper_socket, file_type, coredomain_socket, mlstrustedobject;
+type vendor_qvrd_data_file, file_type, data_file_type, core_data_file_type;
+type vendor_qvrd_socket, file_type, mlstrustedobject, coredomain_socket;
+type vendor_qvrd_controller_socket, file_type, coredomain_socket;
+type vendor_qvrd_hvx_socket, file_type, coredomain_socket;
+type vendor_sys_sxrd_data_file, file_type, data_file_type, core_data_file_type;
+type vendor_sys_sxrd_socket, file_type, mlstrustedobject, coredomain_socket;
+type vendor_qcc_data_file, file_type, data_file_type, core_data_file_type;
+type vendor_qcc_app_socket, file_type, mlstrustedobject, coredomain_socket;
diff --git a/sepolicy/qva/private/file_contexts b/sepolicy/qva/private/file_contexts
new file mode 100644
index 0000000..b9412f3
--- /dev/null
+++ b/sepolicy/qva/private/file_contexts
@@ -0,0 +1,66 @@
+# Copyright (c) 2018-2020, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED"AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+####### device files ##############
+/dev/smd7 u:object_r:vendor_smd7_device:s0
+
+####### dev/socket files ##########
+/dev/socket/seempdw u:object_r:vendor_seempdw_socket:s0
+/dev/socket/dpmd u:object_r:vendor_dpmd_socket:s0
+/dev/socket/tcm u:object_r:vendor_dpmtcm_socket:s0
+/dev/socket/qvrservice u:object_r:vendor_qvrd_socket:s0
+/dev/socket/qvrservice_controller u:object_r:vendor_qvrd_controller_socket:s0
+/dev/socket/qvrservice_camera u:object_r:vendor_qvrd_socket:s0
+/dev/socket/qvrservice_hvx_camera u:object_r:vendor_qvrd_hvx_socket:s0
+/dev/socket/sxrservice u:object_r:vendor_sys_sxrd_socket:s0
+/dev/socket/qdma_app(/.*)? u:object_r:vendor_qcc_app_socket:s0
+
+####### system file ###############
+/system/bin/seempd u:object_r:vendor_seempd_exec:s0
+/(system_ext|system/system_ext)/bin/dpmd u:object_r:vendor_dpmd_exec:s0
+/(system_ext|system/system_ext)/bin/qvrservice u:object_r:vendor_qvrd_exec:s0
+/(system_ext|system/system_ext)/bin/sxrservice u:object_r:vendor_sys_sxrd_exec:s0
+/system/bin/vpsservice u:object_r:vendor_vpsservice_exec:s0
+
+####### system_ext file ###############
+/(system_ext|system/system_ext)/bin/dun-server u:object_r:vendor_dun-server_exec:s0
+/(system_ext|system/system_ext)/bin/bt_logger u:object_r:vendor_bt_logger_exec:s0
+/(system_ext|system/system_ext)/bin/perfservice u:object_r:vendor_perfservice_exec:s0
+/(system_ext|system/system_ext)/bin/qdtservice u:object_r:vendor_qdtservice_exec:s0
+/(system|system_ext|system/system_ext)/bin/wfdservice u:object_r:vendor_wfdservice_exec:s0
+/(system|system_ext|system/system_ext)/bin/sigma_miracasthalservice u:object_r:vendor_sigmahal_qti_exec:s0
+/(system_ext|system/system_ext)/bin/qccsyshalservice u:object_r:vendor_qccsyshal_qti_exec:s0
+/(system_ext|system/system_ext)/bin/mmi u:object_r:vendor_mmi_sys_exec:s0
+/(system_ext|system/system_ext)/bin/mmi_diag u:object_r:vendor_mmi_sys_exec:s0
+/(system_ext|system/system_ext)/bin/qspmsvc u:object_r:vendor_qspmsvc_exec:s0
+
+####### data files ################
+/data/dpm(/.*)? u:object_r:vendor_dpmd_data_file:s0
+/data/misc/qvr(/.*)? u:object_r:vendor_qvrd_data_file:s0
+/data/misc/sxr(/.*)? u:object_r:vendor_sys_sxrd_data_file:s0
+/data/nfc(/.*)? u:object_r:nfc_data_file:s0
+/data/misc/qdma(/.*)? u:object_r:vendor_qcc_data_file:s0
diff --git a/sepolicy/qva/private/fm_app.te b/sepolicy/qva/private/fm_app.te
new file mode 100644
index 0000000..265f229
--- /dev/null
+++ b/sepolicy/qva/private/fm_app.te
@@ -0,0 +1,39 @@
+# Copyright (c) 2020, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+typeattribute vendor_fm_app coredomain;
+app_domain(vendor_fm_app)
+
+hal_client_domain(vendor_fm_app, vendor_hal_fm);
+hal_client_domain(vendor_fm_app, vendor_hal_btconfigstore);
+hal_client_domain(vendor_fm_app, vendor_hal_qspmhal);
+
+binder_call(vendor_fm_app, gpuservice)
+allow vendor_fm_app radio_service:service_manager find;
+allow vendor_fm_app audioserver_service:service_manager find;
+allow vendor_fm_app mediaserver_service:service_manager find;
+allow vendor_fm_app app_api_service:service_manager find;
diff --git a/sepolicy/qva/private/hal_qccsyshalservice.te b/sepolicy/qva/private/hal_qccsyshalservice.te
new file mode 100644
index 0000000..2aaed35
--- /dev/null
+++ b/sepolicy/qva/private/hal_qccsyshalservice.te
@@ -0,0 +1,59 @@
+# Copyright (c) 2020 The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_qccsyshal_qti, domain, coredomain;
+type vendor_qccsyshal_qti_exec, system_file_type , exec_type, file_type;
+
+hal_server_domain(vendor_qccsyshal_qti, vendor_qccsyshal);
+
+#Add hwservice related rules
+hal_attribute_hwservice(vendor_qccsyshal, vendor_qccsyshal_hwservice);
+
+#Allow for transition from init domain to qccsyshal
+init_daemon_domain(vendor_qccsyshal_qti)
+
+#Allow the interaction with servicemanager
+binder_use(vendor_qccsyshal_qti)
+
+#Allow hwbinder call from hal client to server
+binder_call(vendor_qccsyshal_client, vendor_qccsyshal_server)
+binder_call(vendor_qccsyshal_server, vendor_qccsyshal_client)
+
+allow vendor_qccsyshal_client vendor_qccsyshal_hwservice:hwservice_manager find;
+
+# allow access to qdma dropbox (/data/misc/qdma)
+allow vendor_qccsyshal_qti vendor_qcc_data_file:dir create_dir_perms;
+allow vendor_qccsyshal_qti vendor_qcc_data_file:file create_file_perms;
+
+# allow access to vendor_qcc_app_socket
+unix_socket_connect(vendor_qccsyshal_qti, vendor_qcc_app, vendor_qcc_app)
+allow vendor_qccsyshal_qti vendor_qcc_app_socket:dir r_dir_perms;
+allow vendor_qccsyshal_qti vendor_qcc_app_socket:sock_file rw_file_perms;
+
+userdebug_or_eng(`
+ allow vendor_qccsyshal_qti vendor_qcc_lmtp_app:unix_stream_socket connectto;
+')
diff --git a/sepolicy/qva/private/hwservice_contexts b/sepolicy/qva/private/hwservice_contexts
new file mode 100644
index 0000000..2a98049
--- /dev/null
+++ b/sepolicy/qva/private/hwservice_contexts
@@ -0,0 +1,29 @@
+# Copyright (c) 2019-2020, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED"AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+vendor.qti.hardware.sigma_miracast::Isigma_miracast u:object_r:vendor_sigmahal_hwservice:s0
+vendor.qti.hardware.qccsyshal::IQccsyshal u:object_r:vendor_qccsyshal_hwservice:s0
diff --git a/sepolicy/qva/private/ioctl_defines b/sepolicy/qva/private/ioctl_defines
new file mode 100644
index 0000000..846eb5e
--- /dev/null
+++ b/sepolicy/qva/private/ioctl_defines
@@ -0,0 +1,34 @@
+# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# socket ioctls defined in the kernel in include/uapi/linux/msm_ipc.h
+define(`IPC_ROUTER_IOCTL_GET_VERSION', `0x0000c300')
+define(`IPC_ROUTER_IOCTL_GET_MTU', `0x0000c301')
+define(`IPC_ROUTER_IOCTL_LOOKUP_SERVER', `0x0000c302')
+define(`IPC_ROUTER_IOCTL_GET_CURR_PKT_SIZE', `0x0000c303')
+define(`IPC_ROUTER_IOCTL_BIND_CONTROL_PORT', `0x0000c304')
+define(`IPC_ROUTER_IOCTL_CONFIG_SEC_RULES', `0x0000c305')
diff --git a/sepolicy/qva/private/ioctl_macros b/sepolicy/qva/private/ioctl_macros
new file mode 100644
index 0000000..84c899b
--- /dev/null
+++ b/sepolicy/qva/private/ioctl_macros
@@ -0,0 +1,35 @@
+# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+define(`msm_sock_ipc_ioctls_system', `{
+IPC_ROUTER_IOCTL_GET_VERSION
+IPC_ROUTER_IOCTL_GET_MTU
+IPC_ROUTER_IOCTL_LOOKUP_SERVER
+IPC_ROUTER_IOCTL_GET_CURR_PKT_SIZE
+IPC_ROUTER_IOCTL_BIND_CONTROL_PORT
+IPC_ROUTER_IOCTL_CONFIG_SEC_RULES
+}')
\ No newline at end of file
diff --git a/sepolicy/qva/private/location_app.te b/sepolicy/qva/private/location_app.te
new file mode 100644
index 0000000..c558b23
--- /dev/null
+++ b/sepolicy/qva/private/location_app.te
@@ -0,0 +1,53 @@
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# generic/vendor_location_app.te - sepolicy rules for qti value added location apps
+# that will be part of system image. Eg: XT app.
+
+app_domain(vendor_location_app)
+binder_use(vendor_location_app)
+hal_client_domain(vendor_location_app, hal_gnss)
+
+net_domain(vendor_location_app)
+
+#Permissions for JDWP
+userdebug_or_eng(`
+ allow vendor_location_app { adbd su }:unix_stream_socket connectto;
+')
+
+allow vendor_location_app app_api_service:service_manager find;
+
+allow vendor_location_app system_app_data_file:dir create_dir_perms;
+allow vendor_location_app system_app_data_file:file create_file_perms;
+
+allow vendor_location_app radio_service:service_manager find;
+
+unix_socket_connect(vendor_location_app, vendor_dpmtcm, vendor_dpmd);
+
+allow vendor_location_app cgroup:file rw_file_perms;
+
+unix_socket_send(vendor_location_app, vendor_seempdw, vendor_seempd);
diff --git a/sepolicy/qva/private/mediaextractor.te b/sepolicy/qva/private/mediaextractor.te
new file mode 100644
index 0000000..ce01c84
--- /dev/null
+++ b/sepolicy/qva/private/mediaextractor.te
@@ -0,0 +1,29 @@
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+get_prop(mediaextractor, vendor_mm_parser_prop);
+get_prop(mediaextractor, vendor_mm_osal_prop);
diff --git a/sepolicy/qva/private/mediaprovider.te b/sepolicy/qva/private/mediaprovider.te
new file mode 100644
index 0000000..4ff3dcd
--- /dev/null
+++ b/sepolicy/qva/private/mediaprovider.te
@@ -0,0 +1,29 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+allow mediaprovider vendor_dpmtcm_socket:sock_file w_file_perms;
+allow mediaprovider vendor_dpmd:unix_stream_socket connectto;
diff --git a/sepolicy/qva/private/mediaserver.te b/sepolicy/qva/private/mediaserver.te
new file mode 100644
index 0000000..aa62ea9
--- /dev/null
+++ b/sepolicy/qva/private/mediaserver.te
@@ -0,0 +1,31 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+unix_socket_send(mediaserver, vendor_seempdw, vendor_seempd)
+
+get_prop(mediaserver, vendor_mm_video_prop)
+get_prop(mediaserver, vendor_sys_video_prop)
diff --git a/sepolicy/qva/private/mmi_sys.te b/sepolicy/qva/private/mmi_sys.te
new file mode 100644
index 0000000..e0fc2fa
--- /dev/null
+++ b/sepolicy/qva/private/mmi_sys.te
@@ -0,0 +1,45 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+typeattribute vendor_mmi_sys coredomain;
+type vendor_mmi_sys_exec, system_file_type, exec_type, file_type;
+
+#init
+init_daemon_domain(vendor_mmi_sys)
+
+#Allow mmi to use IPC
+binder_call(vendor_mmi_sys,surfaceflinger)
+binder_use(vendor_mmi_sys)
+
+#mmi_sys
+allow vendor_mmi_sys ion_device:chr_file r_file_perms;
+allow vendor_mmi_sys surfaceflinger_service:service_manager find;
+hal_client_domain(vendor_mmi_sys, hal_graphics_allocator)
+allow vendor_mmi_sys vendor_mmi_sys_exec:file execute_no_trans;
+
+allow vendor_mmi_sys gpu_device:chr_file rw_file_perms;
+allow vendor_mmi_sys kmsg_device:chr_file w_file_perms;
diff --git a/sepolicy/qva/private/perfservice.te b/sepolicy/qva/private/perfservice.te
new file mode 100644
index 0000000..cdb8182
--- /dev/null
+++ b/sepolicy/qva/private/perfservice.te
@@ -0,0 +1,35 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_perfservice_exec, exec_type, system_file_type, file_type;
+
+init_daemon_domain(vendor_perfservice)
+
+add_service(vendor_perfservice, vendor_perf_service);
+binder_use(vendor_perfservice);
+binder_call(vendor_perfservice, system_server);
+binder_service(vendor_perfservice);
diff --git a/sepolicy/qva/private/platform_app.te b/sepolicy/qva/private/platform_app.te
new file mode 100644
index 0000000..7857487
--- /dev/null
+++ b/sepolicy/qva/private/platform_app.te
@@ -0,0 +1,48 @@
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#allow platform_app to read vendor_camera_prop
+get_prop(platform_app, vendor_persist_camera_prop)
+# Allow cneservice to be found
+allow platform_app vendor_cne_service:service_manager find;
+
+# Allow vendor_dpmservice to be found
+allow platform_app vendor_dpmservice:service_manager find;
+allow platform_app { vendor_dpmd_socket vendor_dpmtcm_socket }:sock_file w_file_perms;
+allow platform_app vendor_dpmd:unix_stream_socket connectto;
+userdebug_or_eng(`
+ r_dir_file(platform_app, vendor_seemp_data_file)
+ allow platform_app vendor_seemp_data_file: file w_file_perms;
+')
+allow platform_app vendor_color_service:service_manager find;
+# WigigSettings need to read persist.vendor.wigig.icon.disable
+get_prop(platform_app, vendor_wigig_core_prop)
+# SVA app and OEM voice activation app need to find soundtrigger_middleware_service
+allow platform_app soundtrigger_middleware_service:service_manager find;
+
+# allow platform_app access to Workload Classifier Property
+set_prop(platform_app, vendor_wlc_prop);
diff --git a/sepolicy/qva/private/priv_app.te b/sepolicy/qva/private/priv_app.te
new file mode 100644
index 0000000..2fef4c3
--- /dev/null
+++ b/sepolicy/qva/private/priv_app.te
@@ -0,0 +1,32 @@
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+get_prop(priv_app, vendor_persist_camera_prop)
+allow priv_app vendor_dpmtcm_socket:sock_file w_file_perms;
+allow priv_app vendor_dpmd:unix_stream_socket connectto;
+# QVA app need to find soundtrigger_middleware_service
+allow priv_app soundtrigger_middleware_service:service_manager find;
diff --git a/sepolicy/qva/private/property.te b/sepolicy/qva/private/property.te
new file mode 100644
index 0000000..45068fa
--- /dev/null
+++ b/sepolicy/qva/private/property.te
@@ -0,0 +1,42 @@
+# Copyright (c) 2019 The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#mm-parser
+type vendor_mm_parser_prop, property_type, extended_core_property_type;
+#mm-osal
+type vendor_mm_osal_prop, property_type, extended_core_property_type;
+
+type vendor_mm_video_prop, property_type, extended_core_property_type;
+
+#WiFi Display
+type vendor_wfd_service_prop, property_type, extended_core_property_type;
+type vendor_wfd_sys_debug_prop, property_type, extended_core_property_type;
+# WIGIG
+type vendor_wigig_core_prop, property_type, extended_core_property_type;
+type vendor_fst_prop, property_type, extended_core_property_type;
+
+system_internal_prop(ctl_dpmd_prop)
diff --git a/sepolicy/qva/private/property_contexts b/sepolicy/qva/private/property_contexts
new file mode 100644
index 0000000..bd4dded
--- /dev/null
+++ b/sepolicy/qva/private/property_contexts
@@ -0,0 +1,79 @@
+# Copyright (c) 2017, 2019 The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+persist.vendor.dpm. u:object_r:vendor_persist_dpm_prop:s0
+persist.vendor.btstack u:object_r:bluetooth_prop:s0
+persist.vendor.bluetooth.emailaccountcount u:object_r:bluetooth_prop:s0
+persist.vendor.bt.a2dp u:object_r:bluetooth_prop:s0
+persist.vendor.bt_logger. u:object_r:bluetooth_prop:s0
+persist.vendor.service.bt. u:object_r:bluetooth_prop:s0
+ro.vendor.btstack. u:object_r:bluetooth_prop:s0
+vendor.pts. u:object_r:bluetooth_prop:s0
+vendor.bt.pts. u:object_r:bluetooth_prop:s0
+vendor.bluetooth. u:object_r:bluetooth_prop:s0
+persist.vendor.camera.privapp.list u:object_r:vendor_persist_camera_prop:s0
+
+#mm-parser
+vendor.mm.enable.qcom_parser u:object_r:vendor_mm_parser_prop:s0
+vendor.qcom_parser. u:object_r:vendor_mm_parser_prop:s0
+#mm-osal
+vendor.debug.mmosal.config u:object_r:vendor_mm_osal_prop:s0
+
+#perf
+vendor.perf.workloadclassifier.enable u:object_r:vendor_wlc_prop:s0
+persist.vendor.build.date.utc u:object_r:vendor_wlc_prop:s0
+
+#mm-video
+persist.vendor.debug.av.logs.lvl u:object_r:debug_prop:s0
+persist.vendor.debug.en.drpcrpt u:object_r:vendor_mm_video_prop:s0
+persist.vendor.media.hls. u:object_r:vendor_mm_video_prop:s0
+persist.vendor.sys.media.rtp-ports u:object_r:vendor_mm_video_prop:s0
+vendor.encoder.video.profile u:object_r:vendor_mm_video_prop:s0
+vendor.sys.media.target.version u:object_r:vendor_sys_video_prop:s0
+vendor.sys.video.disable.ubwc u:object_r:vendor_sys_video_prop:s0
+
+#Wifi Display
+vendor.wfdservice u:object_r:vendor_wfd_service_prop:s0
+persist.vendor.debug.wfd.wfdsvc u:object_r:vendor_wfd_sys_debug_prop:s0
+persist.vendor.debug.wfdcdbg u:object_r:vendor_wfd_sys_debug_prop:s0
+persist.vendor.debug.wfdcdbgv u:object_r:vendor_wfd_sys_debug_prop:s0
+persist.vendor.sys.debug.mux. u:object_r:vendor_wfd_sys_debug_prop:s0
+persist.vendor.sys.debug.rtp. u:object_r:vendor_wfd_sys_debug_prop:s0
+persist.vendor.sys.debug.wfd. u:object_r:vendor_wfd_sys_debug_prop:s0
+vendor.sys.debug.wfd. u:object_r:vendor_wfd_sys_debug_prop:s0
+
+# WIGIG
+persist.vendor.wigig. u:object_r:vendor_wigig_core_prop:s0
+persist.vendor.fst. u:object_r:vendor_fst_prop:s0
+persist.dpm.feature u:object_r:vendor_persist_dpm_prop:s0
+ctl.stop$dpmd u:object_r:ctl_dpmd_prop:s0
+
+# Beluga
+ro.vendor.beluga.p u:object_r:vendor_exported_system_prop:s0
+ro.vendor.beluga.c u:object_r:vendor_exported_system_prop:s0
+ro.vendor.beluga.s u:object_r:vendor_exported_system_prop:s0
+ro.vendor.beluga.t u:object_r:vendor_exported_system_prop:s0
diff --git a/sepolicy/qva/private/qcc_app.te b/sepolicy/qva/private/qcc_app.te
new file mode 100644
index 0000000..a5e4547
--- /dev/null
+++ b/sepolicy/qva/private/qcc_app.te
@@ -0,0 +1,72 @@
+# Copyright (c) 2020 The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+app_domain(vendor_qcc_app)
+net_domain(vendor_qcc_app)
+binder_use(vendor_qcc_app)
+
+# allow invoking activity and access app content to vendor_qcc_app
+#allow vendor_qcc_app { activity_service content_service }:service_manager find;
+# allow display service to vendor_qcc_app
+#allow vendor_qcc_app { display_service }:service_manager find;
+# allow access to wifi and data network to vendor_qcc_app
+#allow vendor_qcc_app { connectivity_service network_management_service }:service_manager find;
+# allow access telephony service info to vendor_qcc_app
+#allow vendor_qcc_app { radio_service registry_service }:service_manager find;
+allow vendor_qcc_app radio_service:service_manager find;
+# allow acquire wakelock to vendor_qcc_app
+#allow vendor_qcc_app { power_service }:service_manager find;
+# allow to load native library
+#allow vendor_qcc_app { mount_service }:service_manager find;
+# for vendor_perf_service
+allow vendor_qcc_app app_api_service:service_manager find;
+
+# allow access to qdma dropbox (/data/misc/qdma)
+allow vendor_qcc_app vendor_qcc_data_file:dir create_dir_perms;
+allow vendor_qcc_app vendor_qcc_data_file:file create_file_perms;
+
+# allow access to socket
+unix_socket_connect(vendor_qcc_app, vendor_dpmtcm, vendor_dpmd)
+
+# allow access to mediadrmserver for qdmastats/wvstats
+allow vendor_qcc_app mediadrmserver_service:service_manager find;
+
+# allow vendor_qcc_app to access system_app_data_file
+# necessary for read and write /data/data subdirectory.
+allow vendor_qcc_app system_app_data_file:dir create_dir_perms;
+allow vendor_qcc_app system_app_data_file:file create_file_perms;
+
+# allow cgroup access
+allow vendor_qcc_app cgroup:file rw_file_perms;
+
+#allow mediametrics_service
+allow vendor_qcc_app mediametrics_service:service_manager find;
+
+# Allow read-write permissions to qdma sockets under vendor_qcc_app_socket.
+allow vendor_qcc_app vendor_qcc_app_socket:dir rw_dir_perms;
+allow vendor_qcc_app vendor_qcc_app_socket:sock_file create_file_perms;
diff --git a/sepolicy/qva/private/qcc_lmtp_app.te b/sepolicy/qva/private/qcc_lmtp_app.te
new file mode 100644
index 0000000..495284f
--- /dev/null
+++ b/sepolicy/qva/private/qcc_lmtp_app.te
@@ -0,0 +1,57 @@
+# Copyright (c) 2017-2020, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_qcc_lmtp_app, domain, coredomain;
+userdebug_or_eng(`
+ app_domain(vendor_qcc_lmtp_app)
+ net_domain(vendor_qcc_lmtp_app)
+ binder_use(vendor_qcc_lmtp_app)
+
+ allow vendor_qcc_lmtp_app {activity_service}:service_manager find;
+
+ allow vendor_qcc_lmtp_app location_service:service_manager find;
+
+ # for vendor_perf_service
+ allow vendor_qcc_lmtp_app vendor_perf_service:service_manager find;
+
+ # allow access to socket
+ unix_socket_connect(vendor_qcc_lmtp_app, vendor_dpmtcm, vendor_dpmd)
+
+ # allow access to qcc dropbox
+ allow vendor_qcc_lmtp_app vendor_qcc_data_file:dir create_dir_perms;
+ allow vendor_qcc_lmtp_app vendor_qcc_data_file:file create_file_perms;
+
+ # allow vendor_qcc_lmtp_app to access system_app_data_file
+ # necessary for read and write /data/data subdirectory
+ allow vendor_qcc_lmtp_app system_app_data_file:dir create_dir_perms;
+ allow vendor_qcc_lmtp_app system_app_data_file:file create_file_perms;
+
+ # Allow read-write permissions to qdma sockets under vendor_qcc_app_socket.
+ unix_socket_connect(vendor_qcc_lmtp_app, vendor_qcc_app, vendor_qcc_app)
+ allow vendor_qcc_lmtp_app vendor_qcc_app_socket:dir rw_dir_perms;
+ allow vendor_qcc_lmtp_app vendor_qcc_app_socket:sock_file create_file_perms;
+')
diff --git a/sepolicy/qva/private/qcc_trd.te b/sepolicy/qva/private/qcc_trd.te
new file mode 100644
index 0000000..ded25c9
--- /dev/null
+++ b/sepolicy/qva/private/qcc_trd.te
@@ -0,0 +1,28 @@
+# Copyright (c) 2020 The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+hal_client_domain(vendor_qcc_trd, vendor_qccsyshal);
diff --git a/sepolicy/qva/private/qcc_utils_app.te b/sepolicy/qva/private/qcc_utils_app.te
new file mode 100644
index 0000000..3253144
--- /dev/null
+++ b/sepolicy/qva/private/qcc_utils_app.te
@@ -0,0 +1,47 @@
+# Copyright (c) 2017-2020, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+app_domain(vendor_qcc_utils_app)
+net_domain(vendor_qcc_utils_app)
+binder_use(vendor_qcc_utils_app)
+
+allow vendor_qcc_utils_app { app_api_service radio_service }:service_manager find;
+
+# allow access to qcc dropbox
+allow vendor_qcc_utils_app vendor_qcc_data_file:dir create_dir_perms;
+allow vendor_qcc_utils_app vendor_qcc_data_file:file create_file_perms;
+
+# allow vendor_qcc_utils_app to access system_app_data_file
+# necessary for read and write /data/data subdirectory
+allow vendor_qcc_utils_app system_app_data_file:dir create_dir_perms;
+allow vendor_qcc_utils_app system_app_data_file:file create_file_perms;
+
+# allow cgroup access
+allow vendor_qcc_utils_app cgroup:file rw_file_perms;
+
+# for aws iot mqtt
+allow vendor_qcc_utils_app self: udp_socket create_socket_perms_no_ioctl;
diff --git a/sepolicy/qva/private/qdtservice.te b/sepolicy/qva/private/qdtservice.te
new file mode 100644
index 0000000..d80a845
--- /dev/null
+++ b/sepolicy/qva/private/qdtservice.te
@@ -0,0 +1,37 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_qdtservice_exec, exec_type, system_file_type, file_type;
+type vendor_qdtservice, domain, coredomain;
+
+init_daemon_domain(vendor_qdtservice)
+
+add_service(vendor_qdtservice, vendor_qdt_service);
+binder_use(vendor_qdtservice);
+binder_service(vendor_qdtservice);
+
+hal_client_domain(vendor_qdtservice, vendor_hal_perf)
diff --git a/sepolicy/qva/private/qspmsvc.te b/sepolicy/qva/private/qspmsvc.te
new file mode 100644
index 0000000..ac71950
--- /dev/null
+++ b/sepolicy/qva/private/qspmsvc.te
@@ -0,0 +1,36 @@
+# Copyright (c) 2019-2020, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+typeattribute vendor_qspmsvc coredomain;
+type vendor_qspmsvc_exec, exec_type, system_file_type, file_type;
+
+init_daemon_domain(vendor_qspmsvc)
+add_service(vendor_qspmsvc, vendor_qspmsvc_service);
+binder_use(vendor_qspmsvc);
+binder_call(vendor_qspmsvc, system_server);
+binder_service(vendor_qspmsvc);
+hal_client_domain(vendor_qspmsvc, hal_thermal)
diff --git a/sepolicy/qva/private/qvrd.te b/sepolicy/qva/private/qvrd.te
new file mode 100644
index 0000000..a182614
--- /dev/null
+++ b/sepolicy/qva/private/qvrd.te
@@ -0,0 +1,94 @@
+# Copyright (c) 2017,2020, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+typeattribute vendor_qvrd coredomain;
+typeattribute vendor_qvrd mlstrustedsubject;
+type vendor_qvrd_exec, system_file_type, exec_type, file_type;
+
+init_daemon_domain(vendor_qvrd)
+
+#
+# General
+#
+
+binder_call(vendor_qvrd, system_server);
+
+# Allow interracting with vendor_qvrd directory
+allow vendor_qvrd vendor_qvrd_data_file:dir create_dir_perms;
+allow vendor_qvrd vendor_qvrd_data_file:file create_file_perms;
+
+#allow binder use for checking permissions
+binder_use(vendor_qvrd)
+allow vendor_qvrd permission_service:service_manager find;
+
+#Allow hardware binder use
+hwbinder_use(vendor_qvrd)
+get_prop(vendor_qvrd, hwservicemanager_prop)
+
+# Allow access to our socket
+allow vendor_qvrd vendor_qvrd_socket:sock_file rw_file_perms;
+allow vendor_qvrd vendor_qvrd_controller_socket:sock_file rw_file_perms;
+
+#
+# Sensors
+#
+
+
+# Allow access to sensor1 API
+allow vendor_qvrd self:socket create_socket_perms_no_ioctl;
+
+#
+# Display
+#
+
+# Allow access to /dev/graphics/fb0 for configuring vsync interrupts
+allow vendor_qvrd graphics_device:dir r_dir_perms;
+allow vendor_qvrd graphics_device:chr_file rw_file_perms;
+
+#
+# Graphics
+#
+
+#Allow hal graphics mapper permissions
+hal_client_domain(vendor_qvrd, hal_graphics_composer);
+
+#Allow hal graphics allocator permissions
+hal_client_domain(vendor_qvrd, hal_graphics_allocator);
+
+#
+# Scheduler
+#
+
+allow vendor_qvrd self:capability { sys_nice };
+userdebug_or_eng(`
+ allow vendor_qvrd su:process setsched;
+')
+allow vendor_qvrd appdomain:process setsched;
+
+# whitelisting ioctlcmd c302
+allowxperm vendor_qvrd self:socket ioctl msm_sock_ipc_ioctls_system;
+allow vendor_qvrd self:socket ioctl;
diff --git a/sepolicy/qva/private/radio.te b/sepolicy/qva/private/radio.te
new file mode 100644
index 0000000..af5ec47
--- /dev/null
+++ b/sepolicy/qva/private/radio.te
@@ -0,0 +1,30 @@
+# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+userdebug_or_eng(`
+ unix_socket_send(radio,vendor_seempdw, vendor_seempd)
+')
diff --git a/sepolicy/qva/private/seapp_contexts b/sepolicy/qva/private/seapp_contexts
new file mode 100644
index 0000000..f04368b
--- /dev/null
+++ b/sepolicy/qva/private/seapp_contexts
@@ -0,0 +1,45 @@
+# Copyright (c) 2019-2020, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#Add new domain for qti value added Location apps
+user=_app seinfo=platform name=com.qualcomm.location.XT isPrivApp=true domain=vendor_location_app type=app_data_file
+user=_app seinfo=platform name=com.qualcomm.location isPrivApp=true domain=vendor_location_app type=app_data_file
+user=_app seinfo=platform name=com.qualcomm.wfd.service:wfd_service domain=vendor_wfd_app type=app_data_file levelfrom=all
+user=_app seinfo=platform name=com.qualcomm.wfd.client domain=vendor_wfd_app type=app_data_file levelfrom=all
+user=_app seinfo=platform name=com.qualcomm.qti.ssmeditor domain=vendor_qconfig_app type=app_data_file levelfrom=all
+
+#Add new domain for QCC
+user=system seinfo=platform name=com.qualcomm.qti.qdma isPrivApp=true domain=vendor_qcc_app type=system_app_data_file
+#Add new domain for QCCLMTP
+user=system seinfo=platform name=com.qualcomm.qti.qcclmtp isPrivApp=true domain=vendor_qcc_lmtp_app type=system_app_data_file
+#Add new domain for QCC-Utils
+user=system seinfo=platform name=com.qualcomm.qti.qdmautils isPrivApp=true domain=vendor_qcc_utils_app type=system_app_data_file
+# Add new domain for FM app
+user=_app seinfo=platform name=com.caf.fmradio domain=vendor_fm_app type=app_data_file levelFrom=all
+
+#Add new domain for secure camera service app
+user=_app seinfo=platform name=com.qualcomm.qti.seccamservice:remote domain=vendor_seccam_app type=app_data_file
diff --git a/sepolicy/qva/private/seccam_app.te b/sepolicy/qva/private/seccam_app.te
new file mode 100644
index 0000000..2881a71
--- /dev/null
+++ b/sepolicy/qva/private/seccam_app.te
@@ -0,0 +1,38 @@
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_seccam_app, domain;
+app_domain(vendor_seccam_app)
+net_domain(vendor_seccam_app)
+
+hal_client_domain(vendor_seccam_app, vendor_hal_qteeconnector);
+
+allow vendor_seccam_app app_data_file:dir create_dir_perms;
+allow vendor_seccam_app app_data_file:file create_file_perms;
+allow vendor_seccam_app { activity_service app_api_service } :service_manager find;
+allow vendor_seccam_app self:qipcrtr_socket create_socket_perms_no_ioctl;
+typeattribute vendor_seccam_app hal_graphics_composer_client;
diff --git a/sepolicy/qva/private/seempd.te b/sepolicy/qva/private/seempd.te
new file mode 100644
index 0000000..ece4248
--- /dev/null
+++ b/sepolicy/qva/private/seempd.te
@@ -0,0 +1,46 @@
+# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+typeattribute vendor_seempd coredomain;
+typeattribute vendor_seempd mlstrustedsubject;
+type vendor_seempd_exec, exec_type, system_file_type, file_type;
+
+init_daemon_domain(vendor_seempd)
+
+binder_use(vendor_seempd)
+binder_call(vendor_seempd, system_server)
+binder_call(vendor_seempd, appdomain)
+
+allow vendor_seempd vendor_MinkBinderSvc:service_manager { find };
+
+add_service(vendor_seempd, vendor_seemp_service)
+
+allow vendor_seempd self:binder call;
+allow vendor_seempd ion_device:chr_file r_file_perms;
+
+#Allow search access in seemp_data_file
+allow vendor_seempd vendor_seemp_data_file:dir search;
diff --git a/sepolicy/qva/private/service.te b/sepolicy/qva/private/service.te
new file mode 100644
index 0000000..87dd607
--- /dev/null
+++ b/sepolicy/qva/private/service.te
@@ -0,0 +1,40 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_seemp_service, service_manager_type;
+type vendor_dpmservice, service_manager_type;
+type vendor_MinkBinderSvc, app_api_service, service_manager_type;
+type vendor_perf_service, app_api_service, service_manager_type;
+type vendor_qdt_service, app_api_service, service_manager_type;
+type vendor_izat_service, app_api_service, system_api_service, service_manager_type;
+type vendor_color_service, service_manager_type;
+type vendor_wfdservice_service, service_manager_type;
+type vendor_wigigp2p_service, app_api_service, system_server_service, service_manager_type;
+type vendor_wigig_service, app_api_service, system_server_service, service_manager_type;
+type vendor_vps_service, app_api_service, service_manager_type;
+type vendor_qspmsvc_service, app_api_service, service_manager_type;
+
diff --git a/sepolicy/qva/private/service_contexts b/sepolicy/qva/private/service_contexts
new file mode 100644
index 0000000..afe0493
--- /dev/null
+++ b/sepolicy/qva/private/service_contexts
@@ -0,0 +1,45 @@
+# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED"AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+dpmservice u:object_r:vendor_dpmservice:s0
+MinkBinderSvc u:object_r:vendor_MinkBinderSvc:s0
+vendor.perfservice u:object_r:vendor_perf_service:s0
+vendor.qdtservice u:object_r:vendor_qdt_service:s0
+sms-sec u:object_r:radio_service:s0
+extphone u:object_r:radio_service:s0
+qti.radio.extphone u:object_r:radio_service:s0
+com.qualcomm.location.izat.IzatService u:object_r:vendor_izat_service:s0
+qti.security.seempspa u:object_r:vendor_seemp_service:s0
+vendor.audio.vrservice u:object_r:audioserver_service:s0
+com.qti.snapdragon.sdk.display.IColorService u:object_r:vendor_color_service:s0
+wfdservice u:object_r:vendor_wfdservice_service:s0
+wigigp2p u:object_r:vendor_wigigp2p_service:s0
+wigig u:object_r:vendor_wigig_service:s0
+display.smomoservice u:object_r:surfaceflinger_service:s0
+vendor.vpsservice u:object_r:vendor_vps_service:s0
+vendor.qspmsvc u:object_r:vendor_qspmsvc_service:s0
+
diff --git a/sepolicy/qva/private/sigma-hal.te b/sepolicy/qva/private/sigma-hal.te
new file mode 100644
index 0000000..dc64d3e
--- /dev/null
+++ b/sepolicy/qva/private/sigma-hal.te
@@ -0,0 +1,50 @@
+# Copyright (c) 2019 The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_sigmahal_qti, domain, coredomain;
+type vendor_sigmahal_qti_exec, system_file_type , exec_type, file_type;
+
+hal_server_domain(vendor_sigmahal_qti,vendor_sigmahal);
+hal_attribute_hwservice(vendor_sigmahal, vendor_sigmahal_hwservice);
+
+#Allow for transition from init domain to vendor_sigmahal_qti
+init_daemon_domain(vendor_sigmahal_qti);
+
+#Allow the interaction with servicemanager
+binder_use(vendor_sigmahal_qti)
+
+#Allow the interaction with wfdservice
+binder_call(vendor_sigmahal_qti,vendor_wfdservice);
+
+#Allow access to vendor_wfdservice_service,audioserver_service,surfaceflinger_service to interact with vendor_sigmahal_qti
+allow vendor_sigmahal_qti {vendor_wfdservice_service audioserver_service surfaceflinger_service}:service_manager find;
+
+#Allow vendor_sigmahal_qti to interact with audio_server
+binder_call(vendor_sigmahal_qti,audioserver);
+
+#Allow vendor_sigmahal_qti to interact with surface flinger
+binder_call(vendor_sigmahal_qti,surfaceflinger);
diff --git a/sepolicy/qva/private/surfaceflinger.te b/sepolicy/qva/private/surfaceflinger.te
new file mode 100644
index 0000000..5cff9c7
--- /dev/null
+++ b/sepolicy/qva/private/surfaceflinger.te
@@ -0,0 +1,28 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+binder_call(surfaceflinger, vendor_wfdservice);
diff --git a/sepolicy/qva/private/sxrd.te b/sepolicy/qva/private/sxrd.te
new file mode 100644
index 0000000..988c2cb
--- /dev/null
+++ b/sepolicy/qva/private/sxrd.te
@@ -0,0 +1,61 @@
+# Copyright (c) 2020 The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+typeattribute vendor_sys_sxrd coredomain;
+typeattribute vendor_sys_sxrd mlstrustedsubject;
+type vendor_sys_sxrd_exec, system_file_type, exec_type, file_type;
+
+init_daemon_domain(vendor_sys_sxrd)
+
+# Allow access to our socket
+allow vendor_sys_sxrd vendor_sys_sxrd_socket:sock_file rw_file_perms;
+
+# Allow interracting with vendor_sxrd directory
+allow vendor_sys_sxrd vendor_sys_sxrd_data_file:dir create_dir_perms;
+allow vendor_sys_sxrd vendor_sys_sxrd_data_file:file create_file_perms;
+
+#video device
+allow vendor_sys_sxrd video_device:chr_file rw_file_perms;
+
+#Allow hal graphics allocator permissions
+hal_client_domain(vendor_sys_sxrd, hal_graphics_allocator);
+
+#access to usb device
+allow vendor_sys_sxrd usb_device:chr_file rw_file_perms;
+allow vendor_sys_sxrd usb_device:dir search;
+allow vendor_sys_sxrd device:dir search;
+
+#Allow access to PCM sound card
+allow vendor_sys_sxrd audio_device:chr_file rw_file_perms;
+allow vendor_sys_sxrd audio_device:dir r_dir_perms;
+
+#Allow access to Audio Flinger APIs
+binder_call(vendor_sys_sxrd, audioserver);
+allow vendor_sys_sxrd audioserver_service : service_manager find;
+
+# Add rule to access /proc/asound/pcm file
+r_dir_file(vendor_sys_sxrd, proc_asound);
diff --git a/sepolicy/qva/private/system_app.te b/sepolicy/qva/private/system_app.te
new file mode 100644
index 0000000..819e759
--- /dev/null
+++ b/sepolicy/qva/private/system_app.te
@@ -0,0 +1,47 @@
+# Copyright (c) 2015, 2017, 2019-2020, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# access to seemp folder
+allow system_app vendor_seemp_data_file:dir r_dir_perms;
+allow system_app vendor_seemp_data_file:{ file fifo_file } rw_file_perms;
+binder_call(system_app, vendor_seempd)
+
+allow system_app vendor_dpmtcm_socket:sock_file w_file_perms;
+allow system_app vendor_dpmd:unix_stream_socket connectto;
+allow system_app vendor_color_service:service_manager add;
+get_prop(system_app, bluetooth_prop);
+# allow system_app to interact with smcinvoke daemon
+#binder_call(system_app, smcinvoke_daemon)
+
+# allow system_app access to Workload Classifier Property
+set_prop(system_app, vendor_wlc_prop);
+
+# allow system_app access to wigig Property
+get_prop(system_app, vendor_wigig_core_prop);
+
+#allow system_app to access faceauth
+hal_client_domain(system_app, hal_face)
diff --git a/sepolicy/qva/private/system_server.te b/sepolicy/qva/private/system_server.te
new file mode 100644
index 0000000..9d026ea
--- /dev/null
+++ b/sepolicy/qva/private/system_server.te
@@ -0,0 +1,67 @@
+# Copyright (c) 2015,2017,2019 The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED"AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+add_service(system_server, vendor_izat_service)
+
+# Ant ipc
+hal_client_domain(system_server,hal_bluetooth);
+
+allow system_server vendor_seempdw_socket:sock_file write;
+
+binder_call(system_server, vendor_seempd)
+unix_socket_send(system_server, vendor_seempdw, vendor_seempd)
+
+unix_socket_connect(system_server, vendor_dpmd, vendor_dpmd);
+allow system_server { vendor_dpmd_socket vendor_dpmtcm_socket }:sock_file w_file_perms;
+
+allow system_server vendor_dpmd_data_file:dir create_dir_perms;
+allow system_server vendor_dpmd_data_file:file create_file_perms;
+
+#Allow system_server to add and find perf service
+#add_service(system_server, vendor_perf_service);
+allow system_server vendor_perf_service:service_manager find;
+
+#Allow system_server to add and find vps service
+allow system_server vendor_vps_service:service_manager find;
+
+binder_call(system_server,vendor_qvrd);
+
+#Allow for access to WFD specific debug properties
+binder_call(system_server, vendor_wfdservice);
+userdebug_or_eng(`
+ get_prop(system_server, vendor_wfd_sys_debug_prop)
+')
+# Allow system server to access fst,wigig system properties
+set_prop(system_server, vendor_wigig_core_prop)
+set_prop(system_server, vendor_fst_prop)
+
+# Allow system server to access for dpm
+get_prop(system_server, vendor_persist_dpm_prop)
+
+#Allow system_server to add and find qspmsvc service
+allow system_server vendor_qspmsvc_service:service_manager find;
+
diff --git a/sepolicy/qva/private/te_macros b/sepolicy/qva/private/te_macros
new file mode 100644
index 0000000..bf771b4
--- /dev/null
+++ b/sepolicy/qva/private/te_macros
@@ -0,0 +1,35 @@
+# Copyright (c) 2017, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#####################################
+# vendor_dpmd_socket_perm(clientdomain)
+# allow vendor_dpmd to use inet socket created by app.
+define(`vendor_dpmd_socket_perm', `
+allow vendor_dpmd $1:fd use;
+allow vendor_dpmd $1:tcp_socket rw_socket_perms;
+')
+#####################################
diff --git a/sepolicy/qva/private/untrusted_app.te b/sepolicy/qva/private/untrusted_app.te
new file mode 100644
index 0000000..24189d0
--- /dev/null
+++ b/sepolicy/qva/private/untrusted_app.te
@@ -0,0 +1,36 @@
+# Copyright (c) 2015, 2017, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+unix_socket_connect(untrusted_app,vendor_dpmtcm, vendor_dpmd);
+allow untrusted_app vendor_dpmtcm_socket:sock_file w_file_perms;
+allow untrusted_app vendor_dpmd:unix_stream_socket connectto;
+userdebug_or_eng(`
+ r_dir_file(untrusted_app, vendor_seemp_data_file)
+ allow untrusted_app vendor_seemp_data_file: file w_file_perms;
+')
+unix_socket_connect(untrusted_app, vendor_qvrd, vendor_qvrd);
+allow untrusted_app vendor_qvrd:fd use;
diff --git a/sepolicy/qva/private/untrusted_app_27.te b/sepolicy/qva/private/untrusted_app_27.te
new file mode 100644
index 0000000..35e48f8
--- /dev/null
+++ b/sepolicy/qva/private/untrusted_app_27.te
@@ -0,0 +1,30 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+unix_socket_connect(untrusted_app_27,vendor_dpmtcm, vendor_dpmd);
+allow untrusted_app_27 vendor_dpmtcm_socket:sock_file w_file_perms;
+allow untrusted_app_27 vendor_dpmd:unix_stream_socket connectto;
diff --git a/sepolicy/qva/private/untrusted_app_all.te b/sepolicy/qva/private/untrusted_app_all.te
new file mode 100644
index 0000000..c639b1e
--- /dev/null
+++ b/sepolicy/qva/private/untrusted_app_all.te
@@ -0,0 +1,32 @@
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+unix_socket_connect(untrusted_app_all, vendor_dpmtcm, vendor_dpmd)
+unix_socket_connect(untrusted_app_all, vendor_qvrd, vendor_qvrd)
+allow untrusted_app_all vendor_qvrd:fd use;
+unix_socket_connect(untrusted_app_all, vendor_sys_sxrd, vendor_sys_sxrd)
+allow untrusted_app_all vendor_sys_sxrd:fd use;
diff --git a/sepolicy/qva/private/vendor_qconfig_app.te b/sepolicy/qva/private/vendor_qconfig_app.te
new file mode 100644
index 0000000..f455f0e
--- /dev/null
+++ b/sepolicy/qva/private/vendor_qconfig_app.te
@@ -0,0 +1,35 @@
+# Copyright (c) 2020, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_qconfig_app, domain;
+typeattribute vendor_qconfig_app coredomain;
+
+app_domain(vendor_qconfig_app)
+binder_use(vendor_qconfig_app)
+
+allow vendor_qconfig_app app_api_service:service_manager find;
+hal_client_domain(vendor_qconfig_app, vendor_hal_qconfig)
diff --git a/sepolicy/qva/private/vpsservice.te b/sepolicy/qva/private/vpsservice.te
new file mode 100644
index 0000000..22fd635
--- /dev/null
+++ b/sepolicy/qva/private/vpsservice.te
@@ -0,0 +1,45 @@
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+typeattribute vendor_vpsservice coredomain;
+type vendor_vpsservice_exec, system_file_type, exec_type, file_type;
+
+init_daemon_domain(vendor_vpsservice)
+
+add_service(vendor_vpsservice, vendor_vps_service)
+binder_use(vendor_vpsservice);
+binder_call(vendor_vpsservice, system_server);
+binder_service(vendor_vpsservice);
+
+hal_client_domain(vendor_vpsservice, hal_graphics_composer)
+hal_client_domain(vendor_vpsservice, hal_graphics_allocator)
+allow vendor_vpsservice surfaceflinger:binder call;
+allow vendor_vpsservice surfaceflinger:fd use;
+allow vendor_vpsservice ion_device:chr_file { open read };
+allow vendor_vpsservice media_rw_data_file:dir create_dir_perms;
+allow vendor_vpsservice media_rw_data_file:file create_file_perms;
+allow vendor_vpsservice gpu_device:chr_file rw_file_perms;
diff --git a/sepolicy/qva/private/wfd_app.te b/sepolicy/qva/private/wfd_app.te
new file mode 100644
index 0000000..412b954
--- /dev/null
+++ b/sepolicy/qva/private/wfd_app.te
@@ -0,0 +1,59 @@
+# Copyright (c) 2020 The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+typeattribute vendor_wfd_app coredomain;
+
+app_domain(vendor_wfd_app)
+
+net_domain(vendor_wfd_app)
+
+set_prop(vendor_wfd_app, vendor_wfd_service_prop);
+userdebug_or_eng(`
+ get_prop(vendor_wfd_app, vendor_wfd_sys_debug_prop);
+#Access to MM-OSAL debug prop for parser debugging on WFD sink
+ get_prop(vendor_wfd_app, vendor_mm_osal_prop);
+#Allow access to logmask file in /data/
+ allow vendor_wfd_app system_data_file:file r_file_perms;
+')
+binder_call(vendor_wfd_app, vendor_wfdservice)
+
+# allow access to read video SKU property for WFD sink
+get_prop(vendor_wfd_app, vendor_sys_video_prop)
+
+allow vendor_wfd_app {
+ vendor_wfdservice_service
+ audioserver_service
+ mediaserver_service
+ mediadrmserver_service
+ app_api_service
+ vendor_perf_service
+ mediametrics_service
+}:service_manager find;
+
+# Access to /data/media for debug dump
+allow vendor_wfd_app media_rw_data_file:dir create_dir_perms;
+allow vendor_wfd_app media_rw_data_file:file create_file_perms;
diff --git a/sepolicy/qva/private/wfdservice.te b/sepolicy/qva/private/wfdservice.te
new file mode 100644
index 0000000..2e7c97d
--- /dev/null
+++ b/sepolicy/qva/private/wfdservice.te
@@ -0,0 +1,77 @@
+# Copyright (c) 2017, 2019-2020 The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+typeattribute vendor_wfdservice coredomain;
+type vendor_wfdservice_exec, system_file_type , exec_type, file_type;
+
+#Allow for transition from init domain to vendor_wfdservice
+init_daemon_domain(vendor_wfdservice)
+
+#Inherit base socket permissions from netd domain
+net_domain(vendor_wfdservice)
+
+#Allow vendor_wfdservice to use Binder IPC
+binder_use(vendor_wfdservice)
+
+#Allow for interaction with Display HAL
+binder_call(vendor_wfdservice, surfaceflinger)
+
+#Allow apps to interact with vendor_wfdservice
+binder_call(vendor_wfdservice, vendor_wfd_app)
+
+#Allow access to Audio Flinger APIs
+binder_call(vendor_wfdservice, audioserver)
+
+#Allow access to Permission Controller in System Server
+binder_call(vendor_wfdservice, system_server)
+
+#Allow vendor_wfdservice to be registered with service manager
+add_service(vendor_wfdservice, vendor_wfdservice_service)
+
+userdebug_or_eng(`
+ #Allow access to read mmosal_logmask file in /data partition
+ allow vendor_wfdservice system_data_file:file r_file_perms;
+
+ #Allow access to wfd debug properties
+ get_prop(vendor_wfdservice, vendor_wfd_sys_debug_prop)
+')
+
+# Allow access to mediaserver, surfaceflinger and permissionmanager for interaction of vendor_wfdservice
+allow vendor_wfdservice {audioserver_service permission_service surfaceflinger_service}: service_manager find;
+
+hal_client_domain(vendor_wfdservice, hal_graphics_allocator);
+
+hal_client_domain(vendor_wfdservice, hal_graphics_composer);
+
+#Allow ion device access
+allow vendor_wfdservice ion_device:chr_file r_file_perms;
+
+#Allow source to access video UBWC property(for display config)
+get_prop(vendor_wfdservice, vendor_sys_video_prop)
+
+#Allow the interaction with vendor_sigmahal_qti
+binder_call(vendor_wfdservice, vendor_sigmahal_qti);
diff --git a/sepolicy/qva/private/wificond.te b/sepolicy/qva/private/wificond.te
new file mode 100644
index 0000000..63e7c03
--- /dev/null
+++ b/sepolicy/qva/private/wificond.te
@@ -0,0 +1,29 @@
+# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#allow wificond to read FST properties
+get_prop(wificond, vendor_fst_prop);
diff --git a/sepolicy/qva/private/zygote.te b/sepolicy/qva/private/zygote.te
new file mode 100644
index 0000000..1912999
--- /dev/null
+++ b/sepolicy/qva/private/zygote.te
@@ -0,0 +1,31 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED"AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+unix_socket_send(zygote, vendor_seempdw, vendor_seempd)
+
+get_prop(zygote, vendor_persist_dpm_prop)
+get_prop(zygote, vendor_sys_video_prop)