Merge "Revert "Add GIA (Google Input interface Abstraction layer) relat..."" into main
diff --git a/audio/sepolicy/common/hal_audio_default.te b/audio/sepolicy/common/hal_audio_default.te
index f6e0e5d..e917b73 100644
--- a/audio/sepolicy/common/hal_audio_default.te
+++ b/audio/sepolicy/common/hal_audio_default.te
@@ -15,6 +15,7 @@
 allow hal_audio_default sysfs_pixelstats:file rw_file_perms;
 allow hal_audio_default sysfs_extcon:dir search;
 allow hal_audio_default sysfs_extcon:file r_file_perms;
+allow hal_audio_default vendor_usb_debugfs:dir search;
 
 #allow access to aoc and kernel boottime
 allow hal_audio_default sysfs_aoc:dir { search };
diff --git a/bluetooth/dump/Android.bp b/bluetooth/dump/Android.bp
new file mode 100644
index 0000000..72e83b4
--- /dev/null
+++ b/bluetooth/dump/Android.bp
@@ -0,0 +1,20 @@
+package {
+    default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+cc_binary {
+    name: "dump_bt",
+    srcs: ["dump.cpp"],
+    cflags: [
+        "-Wall",
+        "-Wextra",
+        "-Werror",
+    ],
+    shared_libs: [
+        "libbase",
+        "libdump",
+        "liblog",
+    ],
+    vendor: true,
+    relative_install_path: "dump",
+}
diff --git a/bluetooth/dump/dump.cpp b/bluetooth/dump/dump.cpp
new file mode 100644
index 0000000..db92c3c
--- /dev/null
+++ b/bluetooth/dump/dump.cpp
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <dump/pixel_dump.h>
+#include <android-base/file.h>
+
+#define PIXELBT_ACTIVITY_LOG_DIRECTORY "/data/vendor/bluetooth"
+#define PIXELBT_SNOOP_LOG_DIRECTORY "/data/vendor/bluetooth"
+#define PIXELBT_FW_LOG_DIRECTORY "/data/vendor/ssrdump/coredump"
+#define PIXELBT_SNOOP_LOG_PREFIX "btsnoop_hci_vnd"
+#define PIXELBT_BACKUP_SNOOP_LOG_PREFIX "backup_btsnoop_hci_vnd"
+#define PIXELBT_FW_DUMP_LOG_PREFIX "coredump_bt_socdump_"
+#define PIXELBT_CHRE_DUMP_LOG_PREFIX "coredump_bt_chredump_"
+#define PIXELBT_HAL_DUMP_LOG_PREFIX "coredump_bt_"
+#define PIXELBT_ACTIVITY_LOG_PREFIX "bt_activity_"
+
+int main() {
+    std::string outputDir = concatenatePath(BUGREPORT_PACKING_DIR, "bt");
+    if (mkdir(outputDir.c_str(), 0777) == -1) {
+        printf("Unable to create folder: %s\n", outputDir.c_str());
+        return 0;
+    }
+
+    dumpLogs(PIXELBT_SNOOP_LOG_DIRECTORY, outputDir.c_str(), 4,
+             PIXELBT_SNOOP_LOG_PREFIX);
+    dumpLogs(PIXELBT_SNOOP_LOG_DIRECTORY, outputDir.c_str(), 2, PIXELBT_BACKUP_SNOOP_LOG_PREFIX);
+    dumpLogs(PIXELBT_FW_LOG_DIRECTORY, outputDir.c_str(), 10, PIXELBT_FW_DUMP_LOG_PREFIX);
+    dumpLogs(PIXELBT_FW_LOG_DIRECTORY, outputDir.c_str(), 10, PIXELBT_CHRE_DUMP_LOG_PREFIX);
+    dumpLogs(PIXELBT_FW_LOG_DIRECTORY, outputDir.c_str(), 10, PIXELBT_HAL_DUMP_LOG_PREFIX);
+    dumpLogs(PIXELBT_ACTIVITY_LOG_DIRECTORY, outputDir.c_str(), 10, PIXELBT_ACTIVITY_LOG_PREFIX);
+    return 0;
+}
diff --git a/bluetooth/dump/dumplog.mk b/bluetooth/dump/dumplog.mk
new file mode 100644
index 0000000..51c3b3c
--- /dev/null
+++ b/bluetooth/dump/dumplog.mk
@@ -0,0 +1,3 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/bluetooth/dump/sepolicy/
+
+PRODUCT_PACKAGES_DEBUG += dump_bt
diff --git a/bluetooth/dump/sepolicy/dump.te b/bluetooth/dump/sepolicy/dump.te
new file mode 100644
index 0000000..fdd123e
--- /dev/null
+++ b/bluetooth/dump/sepolicy/dump.te
@@ -0,0 +1,12 @@
+# pixel bluetooth common hal service
+pixel_bugreport(dump_bt)
+
+allow hal_dumpstate_default vendor_bt_data_file:dir { open read search };
+allow hal_dumpstate_default vendor_bt_data_file:file read;
+allow dump_bt radio_vendor_data_file:dir create_dir_perms;
+allow dump_bt radio_vendor_data_file:file create_file_perms;
+allow dump_bt vendor_bt_data_file:dir r_dir_perms;
+allow dump_bt vendor_bt_data_file:file r_file_perms;
+allow dump_bt sscoredump_vendor_data_crashinfo_file:dir search;
+allow dump_bt sscoredump_vendor_data_coredump_file:dir r_dir_perms;
+allow dump_bt sscoredump_vendor_data_coredump_file:file r_file_perms;
diff --git a/bluetooth/dump/sepolicy/file_contexts b/bluetooth/dump/sepolicy/file_contexts
new file mode 100644
index 0000000..da28d10
--- /dev/null
+++ b/bluetooth/dump/sepolicy/file_contexts
@@ -0,0 +1,2 @@
+# bt common hal dump_bt service
+/vendor/bin/dump/dump_bt           u:object_r:dump_bt_exec:s0
diff --git a/bluetooth/sepolicy/hal_bluetooth_btlinux.te b/bluetooth/sepolicy/hal_bluetooth_btlinux.te
index a893102..0c85cb0 100644
--- a/bluetooth/sepolicy/hal_bluetooth_btlinux.te
+++ b/bluetooth/sepolicy/hal_bluetooth_btlinux.te
@@ -9,7 +9,8 @@
 
 # bt firmware dump
 allow hal_bluetooth_btlinux aconfig_storage_metadata_file:dir search;
-allow hal_bluetooth_btlinux sscoredump_vendor_data_crashinfo_file:dir { read search };
+allow hal_bluetooth_btlinux sscoredump_vendor_data_crashinfo_file:dir rw_dir_perms;
+allow hal_bluetooth_btlinux sscoredump_vendor_data_crashinfo_file:file rw_file_perms;
 
 userdebug_or_eng(`
   allow hal_bluetooth_btlinux sscoredump_vendor_data_coredump_file:dir create_dir_perms;
diff --git a/dump_chip_info/Android.bp b/dump_chip_info/Android.bp
new file mode 100644
index 0000000..4a13160
--- /dev/null
+++ b/dump_chip_info/Android.bp
@@ -0,0 +1,20 @@
+package {
+    default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+cc_binary {
+    name: "dump_chip_info",
+    srcs: ["dump_chip_info.cpp"],
+    cflags: [
+        "-Wall",
+        "-Wextra",
+        "-Werror",
+    ],
+    shared_libs: [
+        "libbase",
+        "libdump",
+        "liblog",
+    ],
+    vendor: true,
+    relative_install_path: "dump",
+}
diff --git a/dump_chip_info/chip_info.mk b/dump_chip_info/chip_info.mk
new file mode 100644
index 0000000..a0d8317
--- /dev/null
+++ b/dump_chip_info/chip_info.mk
@@ -0,0 +1,3 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/dump_chip_info/sepolicy
+
+PRODUCT_PACKAGES += dump_chip_info
diff --git a/dump_chip_info/dump_chip_info.cpp b/dump_chip_info/dump_chip_info.cpp
new file mode 100644
index 0000000..dd83743
--- /dev/null
+++ b/dump_chip_info/dump_chip_info.cpp
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <dump/pixel_dump.h>
+#include <android-base/file.h>
+
+int main() {
+    dumpFileContent("ap_rom_patch_ver", "/sys/devices/system/goog-chip-info/ap_rom_patch_ver");
+    dumpFileContent("gpcm_asic_id", "/sys/devices/system/goog-chip-info/gpcm_asic_id");
+
+    return 0;
+}
diff --git a/dump_chip_info/sepolicy/dump_chip_info.te b/dump_chip_info/sepolicy/dump_chip_info.te
new file mode 100644
index 0000000..936d425
--- /dev/null
+++ b/dump_chip_info/sepolicy/dump_chip_info.te
@@ -0,0 +1,3 @@
+#
+pixel_bugreport(dump_chip_info)
+allow dump_chip_info sysfs_chip_info:file r_file_perms;
diff --git a/dump_chip_info/sepolicy/file.te b/dump_chip_info/sepolicy/file.te
new file mode 100644
index 0000000..80900b0
--- /dev/null
+++ b/dump_chip_info/sepolicy/file.te
@@ -0,0 +1,2 @@
+#
+type sysfs_chip_info, sysfs_type, fs_type;
diff --git a/dump_chip_info/sepolicy/file_contexts b/dump_chip_info/sepolicy/file_contexts
new file mode 100644
index 0000000..b9f4b21
--- /dev/null
+++ b/dump_chip_info/sepolicy/file_contexts
@@ -0,0 +1 @@
+/vendor/bin/dump/dump_chip_info     u:object_r:dump_chip_info_exec:s0
diff --git a/dump_chip_info/sepolicy/genfs_contexts b/dump_chip_info/sepolicy/genfs_contexts
new file mode 100644
index 0000000..3fda2de
--- /dev/null
+++ b/dump_chip_info/sepolicy/genfs_contexts
@@ -0,0 +1,2 @@
+genfscon sysfs /devices/system/goog-chip-info/ap_rom_patch_ver u:object_r:sysfs_chip_info:s0
+genfscon sysfs /devices/system/goog-chip-info/gpcm_asic_id     u:object_r:sysfs_chip_info:s0
diff --git a/esim/init.esim-gs.rc b/esim/init.esim-gs.rc
index 291f9ee..ce27334 100644
--- a/esim/init.esim-gs.rc
+++ b/esim/init.esim-gs.rc
@@ -2,6 +2,10 @@
 on property:ro.build.type=user && property:ro.boot.flash.locked=0
     setprop setupwizard.feature.provisioning_profile_mode false
 
+# Disable bootstrap for UGS devices
+on property:ro.boot.warranty.sku=UGS
+    setprop setupwizard.feature.provisioning_profile_mode false
+
 # Disable bootstrap for DVT devices shipping to non-US carriers
 on property:ro.boot.warranty.sku=BOF
     setprop setupwizard.feature.provisioning_profile_mode false
diff --git a/fingerprint/sepolicy/service_contexts b/fingerprint/sepolicy/service_contexts
new file mode 100644
index 0000000..4cc220f
--- /dev/null
+++ b/fingerprint/sepolicy/service_contexts
@@ -0,0 +1,2 @@
+# Fingerprint HAL extension
+vendor.goodix.hardware.biometrics.fingerprint.IGoodixFingerprintDaemon/default  u:object_r:hal_fingerprint_service:s0
diff --git a/gcam_app/sepolicy/product/private/debug_camera_app.te b/gcam_app/sepolicy/product/private/debug_camera_app.te
index 4402e55..9d4643d 100644
--- a/gcam_app/sepolicy/product/private/debug_camera_app.te
+++ b/gcam_app/sepolicy/product/private/debug_camera_app.te
@@ -1,28 +1,16 @@
 # GCANext and GCAEng.
-# b/363018500
 typeattribute debug_camera_app coredomain;
 
 userdebug_or_eng(`
 	app_domain(debug_camera_app)
 	net_domain(debug_camera_app)
 
-	allow debug_camera_app activity_service:service_manager find;
-	allow debug_camera_app activity_task_service:service_manager find;
+	allow debug_camera_app app_api_service:service_manager find;
 	allow debug_camera_app audioserver_service:service_manager find;
-	allow debug_camera_app batterystats_service:service_manager find;
 	allow debug_camera_app cameraserver_service:service_manager find;
-	allow debug_camera_app device_policy_service:service_manager find;
-	allow debug_camera_app device_state_service:service_manager find;
-	allow debug_camera_app gpu_service:service_manager find;
 	allow debug_camera_app mediaextractor_service:service_manager find;
 	allow debug_camera_app mediametrics_service:service_manager find;
 	allow debug_camera_app mediaserver_service:service_manager find;
-	allow debug_camera_app powerstats_service:service_manager find;
-	allow debug_camera_app sensorservice_service:service_manager find;
-	allow debug_camera_app thermal_service:service_manager find;
-	allow debug_camera_app trust_service:service_manager find;
-	allow debug_camera_app vibrator_manager_service:service_manager find;
-	allow debug_camera_app virtual_device_native_service:service_manager find;
 
 	# Allows GCA_Eng & GCA-Next to access the PowerHAL.
 	hal_client_domain(debug_camera_app, hal_power)
diff --git a/gcam_app/sepolicy/product/private/google_camera_app.te b/gcam_app/sepolicy/product/private/google_camera_app.te
index a4c7a79..2d3d73c 100644
--- a/gcam_app/sepolicy/product/private/google_camera_app.te
+++ b/gcam_app/sepolicy/product/private/google_camera_app.te
@@ -3,12 +3,12 @@
 app_domain(google_camera_app)
 net_domain(google_camera_app)
 
-#allow google_camera_app app_api_service:service_manager find;
-#allow google_camera_app audioserver_service:service_manager find;
-#allow google_camera_app cameraserver_service:service_manager find;
-#allow google_camera_app mediaextractor_service:service_manager find;
-#allow google_camera_app mediametrics_service:service_manager find;
-#allow google_camera_app mediaserver_service:service_manager find;
+allow google_camera_app app_api_service:service_manager find;
+allow google_camera_app audioserver_service:service_manager find;
+allow google_camera_app cameraserver_service:service_manager find;
+allow google_camera_app mediaextractor_service:service_manager find;
+allow google_camera_app mediametrics_service:service_manager find;
+allow google_camera_app mediaserver_service:service_manager find;
 
 # Allows GCA to access the PowerHAL.
 hal_client_domain(google_camera_app, hal_power)
diff --git a/gcam_app/sepolicy/vendor/google_camera_app.te b/gcam_app/sepolicy/vendor/google_camera_app.te
index 81f91ac..a1c3ddb 100644
--- a/gcam_app/sepolicy/vendor/google_camera_app.te
+++ b/gcam_app/sepolicy/vendor/google_camera_app.te
@@ -1,12 +1,12 @@
 # GCARelease and GCADogfood.
 
 # Allows GCA to acccess the GXP device & properties.
-#allow google_camera_app gxp_device:chr_file rw_file_perms;
+allow google_camera_app gxp_device:chr_file rw_file_perms;
 get_prop(google_camera_app, vendor_gxp_prop)
 
 # Allows GCA to find and access the EdgeTPU.
-#allow google_camera_app edgetpu_app_service:service_manager find;
-#allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map };
+allow google_camera_app edgetpu_app_service:service_manager find;
+allow google_camera_app edgetpu_device:chr_file { read write ioctl };
 
 # Allows GCA to access the hw_jpeg /dev/video12.
 #allow google_camera_app hw_jpg_device:chr_file rw_file_perms;
diff --git a/gril/hidl/1.7/sepolicy/grilservice_app.te b/gril/hidl/1.7/sepolicy/grilservice_app.te
index 3a170b8..fd20fb4 100644
--- a/gril/hidl/1.7/sepolicy/grilservice_app.te
+++ b/gril/hidl/1.7/sepolicy/grilservice_app.te
@@ -2,3 +2,5 @@
 allow grilservice_app hal_radio_ext_service:service_manager find;
 # allow grilservice_app to binder call hal_radioext_default
 binder_call(grilservice_app, hal_radioext_default)
+# allow grilservice_app to binder call twoshay
+binder_call(grilservice_app, twoshay)
diff --git a/mailbox/Android.bp b/mailbox/Android.bp
new file mode 100644
index 0000000..6969685
--- /dev/null
+++ b/mailbox/Android.bp
@@ -0,0 +1,21 @@
+package {
+    default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+cc_binary {
+    name: "dump_mailbox",
+    srcs: ["dump/dump_mailbox.cpp"],
+    init_rc: ["init.mailbox.rc"],
+    cflags: [
+        "-Wall",
+        "-Wextra",
+        "-Werror",
+    ],
+    shared_libs: [
+        "libbase",
+        "libdump",
+        "liblog",
+    ],
+    vendor: true,
+    relative_install_path: "dump",
+}
diff --git a/mailbox/dump/dump_mailbox.cpp b/mailbox/dump/dump_mailbox.cpp
new file mode 100644
index 0000000..8f63b30
--- /dev/null
+++ b/mailbox/dump/dump_mailbox.cpp
@@ -0,0 +1,32 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <dump/pixel_dump.h>
+#include <android-base/file.h>
+
+int main() {
+    std::string outputDir = concatenatePath(BUGREPORT_PACKING_DIR, "mailbox");
+    if (mkdir(outputDir.c_str(), 0777) == -1) {
+        printf("Unable to create folder: %s\n", outputDir.c_str());
+        return 0;
+    }
+
+    copyFile("/sys/kernel/tracing/instances/goog_cpm_mailbox/trace",
+             concatenatePath(outputDir.c_str(), "goog_cpm_mailbox_trace").c_str());
+    copyFile("/sys/kernel/tracing/instances/goog_nq_mailbox/trace",
+             concatenatePath(outputDir.c_str(), "goog_nq_mailbox_trace").c_str());
+
+    return 0;
+}
diff --git a/mailbox/dump/sepolicy/dump_mailbox.te b/mailbox/dump/sepolicy/dump_mailbox.te
new file mode 100644
index 0000000..64f184c
--- /dev/null
+++ b/mailbox/dump/sepolicy/dump_mailbox.te
@@ -0,0 +1,7 @@
+#
+pixel_bugreport(dump_mailbox)
+allow dump_mailbox radio_vendor_data_file:dir create_dir_perms;
+allow dump_mailbox radio_vendor_data_file:file create_file_perms;
+allow dump_mailbox debugfs_tracing_instances:file r_file_perms;
+allow dump_mailbox debugfs_tracing_instances:dir search;
+allow dump_mailbox debugfs_tracing_instances_mailbox:file r_file_perms;
diff --git a/mailbox/dump/sepolicy/file.te b/mailbox/dump/sepolicy/file.te
new file mode 100644
index 0000000..5bb7bc4
--- /dev/null
+++ b/mailbox/dump/sepolicy/file.te
@@ -0,0 +1,2 @@
+#
+type debugfs_tracing_instances_mailbox, sysfs_type, fs_type;
diff --git a/mailbox/dump/sepolicy/file_contexts b/mailbox/dump/sepolicy/file_contexts
new file mode 100644
index 0000000..b9bea15
--- /dev/null
+++ b/mailbox/dump/sepolicy/file_contexts
@@ -0,0 +1 @@
+/vendor/bin/dump/dump_mailbox     u:object_r:dump_mailbox_exec:s0
diff --git a/mailbox/dump/sepolicy/genfs_contexts b/mailbox/dump/sepolicy/genfs_contexts
new file mode 100644
index 0000000..0bac5e8
--- /dev/null
+++ b/mailbox/dump/sepolicy/genfs_contexts
@@ -0,0 +1,2 @@
+genfscon tracefs /instances/goog_cpm_mailbox/trace u:object_r:debugfs_tracing_instances_mailbox:s0
+genfscon tracefs /instances/goog_nq_mailbox/trace  u:object_r:debugfs_tracing_instances_mailbox:s0
diff --git a/mailbox/init.mailbox.rc b/mailbox/init.mailbox.rc
new file mode 100644
index 0000000..7659290
--- /dev/null
+++ b/mailbox/init.mailbox.rc
@@ -0,0 +1,8 @@
+on property:sys.boot_completed=1
+    chown system system /sys/kernel/tracing/instances/goog_cpm_mailbox
+    chown system system /sys/kernel/tracing/instances/goog_cpm_mailbox/trace
+    write /sys/kernel/tracing/instances/goog_cpm_mailbox/buffer_size_kb 512
+
+    chown system system /sys/kernel/tracing/instances/goog_nq_mailbox
+    chown system system /sys/kernel/tracing/instances/goog_nq_mailbox/trace
+    write /sys/kernel/tracing/instances/goog_nq_mailbox/buffer_size_kb 512
diff --git a/mailbox/mailbox.mk b/mailbox/mailbox.mk
new file mode 100644
index 0000000..aeefb9a
--- /dev/null
+++ b/mailbox/mailbox.mk
@@ -0,0 +1,3 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/mailbox/dump/sepolicy
+
+PRODUCT_PACKAGES += dump_mailbox
diff --git a/ramdump_and_coredump/sepolicy/ramdump_app.te b/ramdump_and_coredump/sepolicy/ramdump_app.te
index 85d4bfd..9eebc98 100644
--- a/ramdump_and_coredump/sepolicy/ramdump_app.te
+++ b/ramdump_and_coredump/sepolicy/ramdump_app.te
@@ -1,8 +1,12 @@
+# SEpolicy for com.android.ramdump
 type ramdump_app, domain;
 
 userdebug_or_eng(`
   app_domain(ramdump_app)
 
+  # For using Firebase Cloud Firestore
+  net_domain(ramdump_app)
+
   allow ramdump_app app_api_service:service_manager find;
 
   allow ramdump_app ramdump_vendor_data_file:file create_file_perms;
diff --git a/storage/init.storage.rc b/storage/init.storage.rc
index 77057cd..9e4acd4 100644
--- a/storage/init.storage.rc
+++ b/storage/init.storage.rc
@@ -1,3 +1,11 @@
+on init
+    # Make foreground and background I/O priority different. none-to-rt was
+    # introduced in kernel 5.14. promote-to-rt was introduced in kernel 6.5.
+    # Write none-to-rt first and promote-to-rt next to support both older and
+    # newer kernel versions.
+    write /dev/blkio/blkio.prio.class none-to-rt
+    write /dev/blkio/blkio.prio.class promote-to-rt
+
 on property:ro.build.type=userdebug
     write /dev/sys/block/bootdevice/pixel/enable_pixel_ufs_logging 1
     chown system /dev/sg3
@@ -36,13 +44,6 @@
     write /dev/sys/block/bootdevice/clkgate_enable 0
 
 on property:sys.boot_completed=1
-    # Make foreground and background I/O priority different. none-to-rt was
-    # introduced in kernel 5.14. promote-to-rt was introduced in kernel 6.5.
-    # Write none-to-rt first and promote-to-rt next to support both older and
-    # newer kernel versions.
-    write /dev/blkio/blkio.prio.class none-to-rt
-    write /dev/blkio/blkio.prio.class promote-to-rt
-
     # Health Storage HAL
     chown system system /dev/sys/block/bootdevice/manual_gc
 
diff --git a/widevine/sepolicy/hal_drm_widevine.te b/widevine/sepolicy/hal_drm_widevine.te
index 9b4792e..98b49e6 100644
--- a/widevine/sepolicy/hal_drm_widevine.te
+++ b/widevine/sepolicy/hal_drm_widevine.te
@@ -10,4 +10,5 @@
 allow hal_drm_widevine mediadrm_vendor_data_file:dir create_dir_perms;
 
 #L1
-#TODO(snehalreddy@) : Add L1 permissions
+allow hal_drm_widevine dmabuf_system_heap_device:chr_file r_file_perms;
+