[automerger skipped] Merge changes from topic "trusty-dsu_fix-sc-qpr3" into sc-v2-dev-plus-aosp am: 92707e72ab -s ours
am skip reason: Merged-In I86055dd5601f8c2899d28f29bdfcb4dcb9b90d1b with SHA-1 b69ac35ff0 is already in history
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/16727208
Change-Id: I485b582f2dd3df1d6c9f25e3df31094e82e8bfc0
diff --git a/ambient/exo_app.te b/ambient/exo_app.te
new file mode 100644
index 0000000..3a88eeb
--- /dev/null
+++ b/ambient/exo_app.te
@@ -0,0 +1,21 @@
+type exo_app, coredomain, domain;
+
+app_domain(exo_app)
+net_domain(exo_app)
+
+allow exo_app app_api_service:service_manager find;
+allow exo_app audioserver_service:service_manager find;
+allow exo_app cameraserver_service:service_manager find;
+allow exo_app mediaserver_service:service_manager find;
+allow exo_app radio_service:service_manager find;
+allow exo_app fwk_stats_service:service_manager find;
+allow exo_app mediametrics_service:service_manager find;
+allow exo_app virtual_device_service:service_manager find;
+allow exo_app gpu_device:dir search;
+
+allow exo_app uhid_device:chr_file rw_file_perms;
+
+binder_call(exo_app, statsd)
+binder_use(exo_app)
+
+get_prop(exo_app, device_config_runtime_native_boot_prop)
diff --git a/ambient/seapp_contexts b/ambient/seapp_contexts
new file mode 100644
index 0000000..8024688
--- /dev/null
+++ b/ambient/seapp_contexts
@@ -0,0 +1,2 @@
+# Domain for Exo app
+user=_app seinfo=platform name=com.google.pixel.exo domain=exo_app type=app_data_file levelFrom=all
diff --git a/bluetooth/device.te b/bluetooth/device.te
new file mode 100644
index 0000000..a256332
--- /dev/null
+++ b/bluetooth/device.te
@@ -0,0 +1,3 @@
+# Bt Wifi Coexistence device
+type wb_coexistence_dev, dev_type;
+
diff --git a/bluetooth/file_contexts b/bluetooth/file_contexts
new file mode 100644
index 0000000..d4681db
--- /dev/null
+++ b/bluetooth/file_contexts
@@ -0,0 +1,6 @@
+# Bluetooth
+/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.1-service\.bcmbtlinux u:object_r:hal_bluetooth_btlinux_exec:s0
+
+/dev/wbrc u:object_r:wb_coexistence_dev:s0
+/dev/ttySAC16 u:object_r:hci_attach_dev:s0
+
diff --git a/bluetooth/genfs_contexts b/bluetooth/genfs_contexts
new file mode 100644
index 0000000..607e146
--- /dev/null
+++ b/bluetooth/genfs_contexts
@@ -0,0 +1,7 @@
+genfscon sysfs /devices/platform/odm/odm:btbcm/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0
+genfscon sysfs /devices/platform/odm/odm:btbcm/rfkill/rfkill2/state u:object_r:sysfs_bluetooth_writable:s0
+genfscon proc /bluetooth/sleep/lpm u:object_r:proc_bluetooth_writable:s0
+genfscon proc /bluetooth/sleep/btwrite u:object_r:proc_bluetooth_writable:s0
+genfscon proc /bluetooth/sleep/btwake u:object_r:proc_bluetooth_writable:s0
+genfscon proc /bluetooth/timesync u:object_r:proc_bluetooth_writable:s0
+
diff --git a/whitechapel/vendor/google/hal_bluetooth_btlinux.te b/bluetooth/hal_bluetooth_btlinux.te
similarity index 100%
rename from whitechapel/vendor/google/hal_bluetooth_btlinux.te
rename to bluetooth/hal_bluetooth_btlinux.te
diff --git a/bluetooth/hwservice.te b/bluetooth/hwservice.te
new file mode 100644
index 0000000..5e36cd0
--- /dev/null
+++ b/bluetooth/hwservice.te
@@ -0,0 +1,3 @@
+# Bluetooth HAL extension
+type hal_bluetooth_coexistence_hwservice, hwservice_manager_type, vendor_hwservice_type;
+
diff --git a/bluetooth/hwservice_contexts b/bluetooth/hwservice_contexts
new file mode 100644
index 0000000..df77e6f
--- /dev/null
+++ b/bluetooth/hwservice_contexts
@@ -0,0 +1,5 @@
+# Bluetooth HAL extension
+hardware.google.bluetooth.bt_channel_avoidance::IBTChannelAvoidance u:object_r:hal_bluetooth_coexistence_hwservice:s0
+hardware.google.bluetooth.sar::IBluetoothSar u:object_r:hal_bluetooth_coexistence_hwservice:s0
+hardware.google.bluetooth.ccc::IBluetoothCcc u:object_r:hal_bluetooth_coexistence_hwservice:s0
+
diff --git a/edgetpu/file_contexts b/edgetpu/file_contexts
index dcaacdc..04f8491 100644
--- a/edgetpu/file_contexts
+++ b/edgetpu/file_contexts
@@ -6,12 +6,12 @@
# EdgeTPU service binaries and libraries
/system_ext/bin/hw/vendor\.google\.edgetpu_app_service@1\.0-service u:object_r:edgetpu_app_server_exec:s0
-/vendor/lib64/com\.google\.edgetpu_app_service-V1-ndk\.so u:object_r:same_process_hal_file:s0
+/vendor/lib64/com\.google\.edgetpu_app_service-V[1-2]-ndk\.so u:object_r:same_process_hal_file:s0
/vendor/lib64/libedgetpu_client\.google\.so u:object_r:same_process_hal_file:s0
# EdgeTPU vendor service
/vendor/bin/hw/vendor\.google\.edgetpu_vendor_service@1\.0-service u:object_r:edgetpu_vendor_server_exec:s0
-/vendor/lib64/com\.google\.edgetpu_vendor_service-V1-ndk\.so u:object_r:same_process_hal_file:s0
+/vendor/lib64/com\.google\.edgetpu_vendor_service-V[1-2]-ndk\.so u:object_r:same_process_hal_file:s0
# EdgeTPU runtime libraries
/vendor/lib64/libedgetpu_util\.so u:object_r:same_process_hal_file:s0
diff --git a/edgetpu/hal_neuralnetworks_darwinn.te b/edgetpu/hal_neuralnetworks_darwinn.te
index b45a705..1896071 100644
--- a/edgetpu/hal_neuralnetworks_darwinn.te
+++ b/edgetpu/hal_neuralnetworks_darwinn.te
@@ -43,3 +43,7 @@
# Allows the logging service to access /sys/class/edgetpu
allow hal_neuralnetworks_darwinn sysfs_edgetpu:dir r_dir_perms;
allow hal_neuralnetworks_darwinn sysfs_edgetpu:file r_file_perms;
+
+# Allows the NNAPI HAL to access the edgetpu_app_service
+allow hal_neuralnetworks_darwinn edgetpu_app_service:service_manager find;
+binder_call(hal_neuralnetworks_darwinn, edgetpu_app_server);
diff --git a/gs101-sepolicy.mk b/gs101-sepolicy.mk
index f00a170..d33fcd4 100644
--- a/gs101-sepolicy.mk
+++ b/gs101-sepolicy.mk
@@ -23,17 +23,19 @@
# Dauntless (uses Citadel policy currently)
BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/citadel
-# Wifi
-BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/wifi_ext
-
# PowerStats HAL
BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/powerstats
# sscoredump
BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/sscoredump
-# Sniffer Logger
-BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/wifi_sniffer
-
# Public
PRODUCT_PUBLIC_SEPOLICY_DIRS += device/google/gs101-sepolicy/public
+
+# pKVM
+ifeq ($(TARGET_PKVM_ENABLED),true)
+BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/pkvm
+endif
+
+# Health HAL
+BOARD_SEPOLICY_DIRS += device/google/gs101-sepolicy/health
diff --git a/health/file_contexts b/health/file_contexts
new file mode 100644
index 0000000..5532174
--- /dev/null
+++ b/health/file_contexts
@@ -0,0 +1 @@
+/vendor/bin/hw/android\.hardware\.health-service\.gs101 u:object_r:hal_health_default_exec:s0
diff --git a/pkvm/file_contexts b/pkvm/file_contexts
new file mode 100644
index 0000000..310aad4
--- /dev/null
+++ b/pkvm/file_contexts
@@ -0,0 +1 @@
+/vendor/bin/pkvm_enabler u:object_r:vendor_misc_writer_exec:s0
diff --git a/pkvm/vendor_misc_writer.te b/pkvm/vendor_misc_writer.te
new file mode 100644
index 0000000..b9b4ceb
--- /dev/null
+++ b/pkvm/vendor_misc_writer.te
@@ -0,0 +1,2 @@
+# Allow pkvm_enabler to execute misc_writer.
+allow vendor_misc_writer vendor_misc_writer_exec:file execute_no_trans;
diff --git a/private/gmscore_app.te b/private/gmscore_app.te
index fa20f24..3968de3 100644
--- a/private/gmscore_app.te
+++ b/private/gmscore_app.te
@@ -1,2 +1,3 @@
# b/177389198
dontaudit gmscore_app adbd_prop:file *;
+dontaudit gmscore_app sysfs_vendor_sched:file write;
diff --git a/private/priv_app.te b/private/priv_app.te
index 2ef1f96..de2a4f2 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -17,3 +17,4 @@
dontaudit priv_app ab_update_gki_prop:file { map };
dontaudit priv_app adbd_prop:file { open };
dontaudit priv_app adbd_prop:file { getattr };
+dontaudit priv_app sysfs_vendor_sched:file write;
diff --git a/tracking_denials/hal_drm_default.te b/tracking_denials/hal_drm_default.te
new file mode 100644
index 0000000..ee4ed08
--- /dev/null
+++ b/tracking_denials/hal_drm_default.te
@@ -0,0 +1,2 @@
+# b/223502652
+dontaudit hal_drm_default vndbinder_device:chr_file { read };
diff --git a/whitechapel/vendor/google/aocd.te b/whitechapel/vendor/google/aocd.te
index 79add16..69b0af0 100644
--- a/whitechapel/vendor/google/aocd.te
+++ b/whitechapel/vendor/google/aocd.te
@@ -12,7 +12,7 @@
allow aocd sysfs_aoc_firmware:file w_file_perms;
# dev operations
-allow aocd aoc_device:chr_file r_file_perms;
+allow aocd aoc_device:chr_file rw_file_perms;
# allow inotify to watch for additions/removals from /dev
allow aocd device:dir r_dir_perms;
diff --git a/whitechapel/vendor/google/charger_vendor.te b/whitechapel/vendor/google/charger_vendor.te
new file mode 100644
index 0000000..7b914da
--- /dev/null
+++ b/whitechapel/vendor/google/charger_vendor.te
@@ -0,0 +1,9 @@
+allow charger_vendor mnt_vendor_file:dir search;
+allow charger_vendor persist_file:dir search;
+allow charger_vendor persist_battery_file:dir search;
+allow charger_vendor persist_battery_file:file rw_file_perms;
+allow charger_vendor sysfs_scsi_devices_0000:file r_file_perms;
+allow charger_vendor sysfs_thermal:file w_file_perms;
+allow charger_vendor sysfs_thermal:lnk_file read;
+allow charger_vendor thermal_link_device:dir search;
+set_prop(charger_vendor, vendor_battery_defender_prop)
diff --git a/whitechapel/vendor/google/device.te b/whitechapel/vendor/google/device.te
index 7cd2c7f..94ec0bb 100644
--- a/whitechapel/vendor/google/device.te
+++ b/whitechapel/vendor/google/device.te
@@ -1,21 +1,16 @@
# Block Devices
-type efs_block_device, dev_type, bdev_type;
-type fat_block_device, dev_type, bdev_type;
-type modem_block_device, dev_type, bdev_type;
-type modem_userdata_block_device, dev_type, bdev_type;
-type persist_block_device, dev_type, bdev_type;
-type vendor_block_device, dev_type, bdev_type;
-type sda_block_device, dev_type, bdev_type;
-type mfg_data_block_device, dev_type, bdev_type;
+type efs_block_device, dev_type;
+type modem_block_device, dev_type;
+type modem_userdata_block_device, dev_type;
+type persist_block_device, dev_type;
+type sda_block_device, dev_type;
+type mfg_data_block_device, dev_type;
# Exynos devices
-type vendor_m2m1shot_device, dev_type;
type vendor_gnss_device, dev_type;
-type vendor_nanohub_device, dev_type;
-type vendor_secmem_device, dev_type;
type vendor_toe_device, dev_type;
-type custom_ab_block_device, dev_type, bdev_type;
-type devinfo_block_device, dev_type, bdev_type;
+type custom_ab_block_device, dev_type;
+type devinfo_block_device, dev_type;
# usbpd
type logbuffer_device, dev_type;
@@ -23,9 +18,6 @@
#cpuctl
type cpuctl_device, dev_type;
-# Bt Wifi Coexistence device
-type wb_coexistence_dev, dev_type;
-
# LWIS (Lightweight Imaging Subsystem) devices, used by Lyric camera HAL
type lwis_device, dev_type;
@@ -56,3 +48,7 @@
# Raw HID device
type hidraw_device, dev_type;
+# SecureElement SPI device
+type st54spi_device, dev_type;
+type st33spi_device, dev_type;
+
diff --git a/whitechapel/vendor/google/euiccpixel_app.te b/whitechapel/vendor/google/euiccpixel_app.te
index 32f958b..db71a87 100644
--- a/whitechapel/vendor/google/euiccpixel_app.te
+++ b/whitechapel/vendor/google/euiccpixel_app.te
@@ -15,8 +15,11 @@
userdebug_or_eng(`
net_domain(euiccpixel_app)
- # Access to directly upgrade firmware on secure_element used for engineering devices
- typeattribute secure_element_device mlstrustedobject;
- allow euiccpixel_app secure_element_device:chr_file rw_file_perms;
+ # Access to directly upgrade firmware on st54spi_device used for engineering devices
+ typeattribute st54spi_device mlstrustedobject;
+ allow euiccpixel_app st54spi_device:chr_file rw_file_perms;
+ # Access to directly upgrade firmware on st33spi_device used for engineering devices
+ typeattribute st33spi_device mlstrustedobject;
+ allow euiccpixel_app st33spi_device:chr_file rw_file_perms;
')
diff --git a/whitechapel/vendor/google/exo_camera_injection/file_contexts b/whitechapel/vendor/google/exo_camera_injection/file_contexts
index cfcbd6f..98627c6 100644
--- a/whitechapel/vendor/google/exo_camera_injection/file_contexts
+++ b/whitechapel/vendor/google/exo_camera_injection/file_contexts
@@ -1 +1 @@
-/vendor/bin/hw/vendor\.google\.exo_camera_injection@1\.0-service u:object_r:hal_exo_camera_injection_exec:s0
+/vendor/bin/hw/vendor\.google\.exo_camera_injection@1\.1-service u:object_r:hal_exo_camera_injection_exec:s0
diff --git a/whitechapel/vendor/google/fastbootd.te b/whitechapel/vendor/google/fastbootd.te
index f9d09d9..d6cf731 100644
--- a/whitechapel/vendor/google/fastbootd.te
+++ b/whitechapel/vendor/google/fastbootd.te
@@ -1,6 +1,6 @@
# Required by the bootcontrol HAL for the 'set_active' command.
recovery_only(`
-allow fastbootd secure_element_device:chr_file rw_file_perms;
+allow fastbootd st54spi_device:chr_file rw_file_perms;
allow fastbootd devinfo_block_device:blk_file rw_file_perms;
allow fastbootd sda_block_device:blk_file rw_file_perms;
allow fastbootd sysfs_ota:file rw_file_perms;
diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te
index e2baeca..9009824 100644
--- a/whitechapel/vendor/google/file.te
+++ b/whitechapel/vendor/google/file.te
@@ -78,7 +78,7 @@
type mediadrm_vendor_data_file, file_type, data_file_type;
# Storage Health HAL
-type sysfs_scsi_devices_0000, sysfs_type, fs_type, sysfs_block_type;
+type sysfs_scsi_devices_0000, sysfs_type, fs_type;
type debugfs_f2fs, debugfs_type, fs_type;
type proc_f2fs, proc_type, fs_type;
@@ -203,3 +203,6 @@
userdebug_or_eng(`
typeattribute sysfs_sjtag mlstrustedobject;
')
+
+# SecureElement
+type sysfs_st33spi, sysfs_type, fs_type;
diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts
index 309c896..05e4959 100644
--- a/whitechapel/vendor/google/file_contexts
+++ b/whitechapel/vendor/google/file_contexts
@@ -1,13 +1,14 @@
#
# Exynos HAL
#
-/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.4-service\.widevine u:object_r:hal_drm_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.drm(@[0-9]+\.[0-9]+)?-service\.widevine u:object_r:hal_drm_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@[0-9]+\.[0-9]+-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.0-service32 u:object_r:hal_usb_default_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.samsung_slsi\.hardware\.ExynosHWCServiceTW@1\.0-service u:object_r:hal_vendor_hwcservice_default_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.samsung_slsi\.hardware\.power@1\.0-service u:object_r:hal_power_default_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.samsung_slsi\.hardware\.configstore@1\.0-service u:object_r:hal_configstore_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.3-service\.gs101 u:object_r:hal_usb_impl_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.usb-service\.gs101 u:object_r:hal_usb_impl_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.usb\.gadget-service\.gs101 u:object_r:hal_usb_gadget_impl_exec:s0
/(vendor|system/vendor)/lib(64)?/libion_exynos\.so u:object_r:same_process_hal_file:s0
/(vendor|system/vendor)/lib(64)?/libOpenCL\.so u:object_r:same_process_hal_file:s0
@@ -42,13 +43,11 @@
/dev/block/platform/14700000\.ufs/by-name/efs u:object_r:efs_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/efs_backup u:object_r:efs_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/modem_userdata u:object_r:modem_userdata_block_device:s0
-/dev/block/platform/14700000\.ufs/by-name/fat u:object_r:fat_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/modem_[ab] u:object_r:modem_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/modem u:object_r:modem_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/persist u:object_r:persist_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/system u:object_r:system_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/userdata u:object_r:userdata_block_device:s0
-/dev/block/platform/14700000\.ufs/by-name/vendor u:object_r:vendor_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/frp u:object_r:frp_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/misc u:object_r:misc_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/devinfo u:object_r:devinfo_block_device:s0
@@ -87,9 +86,6 @@
/dev/bbd_control u:object_r:vendor_gnss_device:s0
/dev/bbd_pwrstat u:object_r:power_stats_device:s0
/dev/ttyBCM u:object_r:vendor_gnss_device:s0
-/dev/nanohub u:object_r:vendor_nanohub_device:s0
-/dev/nanohub_comms u:object_r:vendor_nanohub_device:s0
-/dev/m2m1shot_scaler0 u:object_r:vendor_m2m1shot_device:s0
/dev/radio0 u:object_r:radio_device:s0
/dev/dri/card0 u:object_r:graphics_device:s0
/dev/fimg2d u:object_r:graphics_device:s0
@@ -132,7 +128,6 @@
# GPU device
/dev/mali0 u:object_r:gpu_device:s0
-/dev/s5p-smem u:object_r:vendor_secmem_device:s0
#
# Exynos Daemon Exec
@@ -197,6 +192,8 @@
/dev/lwis-eeprom-m24c64s u:object_r:lwis_device:s0
/dev/lwis-eeprom-m24c64s-imx355-inner u:object_r:lwis_device:s0
/dev/lwis-eeprom-m24c64s-imx355-outer u:object_r:lwis_device:s0
+/dev/lwis-eeprom-m24c64s-rear u:object_r:lwis_device:s0
+/dev/lwis-eeprom-m24c64s-front u:object_r:lwis_device:s0
/dev/lwis-eeprom-m24c64x u:object_r:lwis_device:s0
/dev/lwis-eeprom-m24c64x-imx386 u:object_r:lwis_device:s0
/dev/lwis-eeprom-m24c64x-imx663 u:object_r:lwis_device:s0
@@ -223,6 +220,8 @@
/dev/lwis-sensor-imx355 u:object_r:lwis_device:s0
/dev/lwis-sensor-imx355-inner u:object_r:lwis_device:s0
/dev/lwis-sensor-imx355-outer u:object_r:lwis_device:s0
+/dev/lwis-sensor-imx355-rear u:object_r:lwis_device:s0
+/dev/lwis-sensor-imx355-front u:object_r:lwis_device:s0
/dev/lwis-sensor-imx363 u:object_r:lwis_device:s0
/dev/lwis-sensor-imx386 u:object_r:lwis_device:s0
/dev/lwis-sensor-imx586 u:object_r:lwis_device:s0
@@ -252,7 +251,7 @@
/dev/aoc u:object_r:aoc_device:s0
# Contexthub
-/vendor/bin/hw/android\.hardware\.contexthub@1\.2-service\.generic u:object_r:hal_contexthub_default_exec:s0
+/vendor/bin/hw/android\.hardware\.contexthub-service\.generic u:object_r:hal_contexthub_default_exec:s0
/(vendor|system/vendor)/bin/chre u:object_r:chre_exec:s0
/dev/socket/chre u:object_r:chre_socket:s0
@@ -290,19 +289,14 @@
/data/nfc(/.*)? u:object_r:nfc_data_file:s0
# SecureElement
-/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.2-service\.st u:object_r:hal_secure_element_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.2-service-gto u:object_r:hal_secure_element_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.2-service-gto-ese2 u:object_r:hal_secure_element_default_exec:s0
-/dev/st54j_se u:object_r:secure_element_device:s0
-/dev/st54spi u:object_r:secure_element_device:s0
-/dev/st33spi u:object_r:secure_element_device:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.2-service-gto u:object_r:hal_secure_element_st54spi_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.2-service-gto-ese2 u:object_r:hal_secure_element_st33spi_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.2-uicc-service u:object_r:hal_secure_element_default_exec:s0
+/dev/st54spi u:object_r:st54spi_device:s0
+/dev/st33spi u:object_r:st33spi_device:s0
# Bluetooth
-/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.1-service\.bcmbtlinux u:object_r:hal_bluetooth_btlinux_exec:s0
-/dev/wbrc u:object_r:wb_coexistence_dev:s0
-/dev/ttySAC16 u:object_r:hci_attach_dev:s0
-/dev/logbuffer_btlpm u:object_r:logbuffer_device:s0
+/dev/logbuffer_btlpm u:object_r:logbuffer_device:s0
/dev/logbuffer_tty16 u:object_r:logbuffer_device:s0
# Audio
@@ -353,7 +347,7 @@
# Uwb
# R4
-/vendor/bin/hw/hardware\.qorvo\.uwb-service u:object_r:hal_uwb_vendor_default_exec:s0
+/vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service u:object_r:hal_uwb_vendor_default_exec:s0
/vendor/bin/init\.uwb\.calib\.sh u:object_r:vendor_uwb_init_exec:s0
/mnt/vendor/persist/uwb(/.*)? u:object_r:persist_uwb_file:s0
/data/vendor/uwb(/.*)? u:object_r:uwb_data_vendor:s0
@@ -368,9 +362,6 @@
/dev/dit2 u:object_r:vendor_toe_device:s0
/vendor/bin/hw/vendor\.samsung_slsi\.hardware\.tetheroffload@1\.[0-9]-service u:object_r:hal_tetheroffload_default_exec:s0
-# pixelstats binary
-/vendor/bin/pixelstats-vendor u:object_r:pixelstats_vendor_exec:s0
-
# battery history
/dev/battery_history u:object_r:battery_history_device:s0
@@ -381,7 +372,7 @@
/vendor/lib(64)?/libion_google\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libdrm\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/hw/gralloc\.gs101\.so u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/hw/vulkan\.gs101\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/hw/vulkan\.mali\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/arm\.graphics-V1-ndk\.so u:object_r:same_process_hal_file:s0
# Fingerprint
diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts
index 33d761d..63d06d1 100644
--- a/whitechapel/vendor/google/genfs_contexts
+++ b/whitechapel/vendor/google/genfs_contexts
@@ -23,6 +23,7 @@
genfscon sysfs /devices/platform/google,cpm/power_supply u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/platform/google,cpm/ u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/platform/google,charger u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/google,dock/power_supply/dock u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/platform/10d50000.hsi2c u:object_r:sysfs_batteryinfo:s0
# Slider
@@ -62,6 +63,7 @@
genfscon sysfs /devices/platform/14700000.ufs/health_descriptor u:object_r:sysfs_scsi_devices_0000:s0
genfscon sysfs /devices/platform/14700000.ufs/host0/target0:0:0/0:0:0: u:object_r:sysfs_scsi_devices_0000:s0
genfscon sysfs /devices/platform/14700000.ufs/ufs_stats u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/14700000.ufs/attributes/wb_avail_buf u:object_r:sysfs_scsi_devices_0000:s0
# Networking / Tethering
genfscon sysfs /devices/platform/10d30000.spi/spi_master/spi10/spi10.0/ieee802154/phy0/net u:object_r:sysfs_net:s0
@@ -147,34 +149,43 @@
genfscon proc /fts/driver_test u:object_r:proc_touch:s0
genfscon proc /fts_ext/driver_test u:object_r:proc_touch:s0
genfscon sysfs /devices/virtual/sec/tsp u:object_r:sysfs_touch:s0
+genfscon sysfs /devices/virtual/input/input2 u:object_r:sysfs_touch:s0
+genfscon sysfs /devices/virtual/input/input3 u:object_r:sysfs_touch:s0
+genfscon sysfs /devices/virtual/input/nvt_touch u:object_r:sysfs_touch:s0
+genfscon proc /nvt_baseline u:object_r:proc_touch:s0
+genfscon proc /nvt_cc_uniformity u:object_r:proc_touch:s0
+genfscon proc /nvt_diff u:object_r:proc_touch:s0
+genfscon proc /nvt_fw_version u:object_r:proc_touch:s0
+genfscon proc /nvt_heatmap u:object_r:proc_touch:s0
+genfscon proc /nvt_pen_diff u:object_r:proc_touch:s0
+genfscon proc /nvt_raw u:object_r:proc_touch:s0
+genfscon proc /nvt_selftest u:object_r:proc_touch:s0
# GPS
genfscon sysfs /devices/platform/10940000.spi/spi_master/spi5/spi5.0/nstandby u:object_r:sysfs_gps:s0
genfscon sysfs /devices/virtual/pps/pps0/assert_elapsed u:object_r:sysfs_gps_assert:s0
# Display
-genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/gamma u:object_r:sysfs_display:s0
-genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/gamma u:object_r:sysfs_display:s0
-genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/min_vrefresh u:object_r:sysfs_display:s0
-genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/min_vrefresh u:object_r:sysfs_display:s0
-genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/idle_delay_ms u:object_r:sysfs_display:s0
-genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/idle_delay_ms u:object_r:sysfs_display:s0
-genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_extinfo u:object_r:sysfs_display:s0
-genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/panel_extinfo u:object_r:sysfs_display:s0
-genfscon sysfs /devices/platform/1c2c0000.drmdsim/hs_clock u:object_r:sysfs_display:s0
-genfscon sysfs /devices/platform/1c2d0000.drmdsim/hs_clock u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/gamma u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/gamma u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/min_vrefresh u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/min_vrefresh u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/idle_delay_ms u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/idle_delay_ms u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_extinfo u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/panel_extinfo u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_idle u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/panel_idle u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_need_handle_idle_exit u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/panel_need_handle_idle_exit u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/hs_clock u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2d0000.drmdsim/hs_clock u:object_r:sysfs_display:s0
# Modem
genfscon sysfs /devices/platform/cp-tm1/cp_temp u:object_r:sysfs_modem:s0
# Bluetooth
genfscon sysfs /devices/platform/175b0000.serial/serial0/serial0-0/bluetooth/hci0/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0
-genfscon sysfs /devices/platform/odm/odm:btbcm/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0
-genfscon sysfs /devices/platform/odm/odm:btbcm/rfkill/rfkill2/state u:object_r:sysfs_bluetooth_writable:s0
-genfscon proc /bluetooth/sleep/lpm u:object_r:proc_bluetooth_writable:s0
-genfscon proc /bluetooth/sleep/btwrite u:object_r:proc_bluetooth_writable:s0
-genfscon proc /bluetooth/sleep/btwake u:object_r:proc_bluetooth_writable:s0
-genfscon proc /bluetooth/timesync u:object_r:proc_bluetooth_writable:s0
# ODPM
genfscon sysfs /devices/platform/acpm_mfd_bus@17500000/i2c-6/i2c-s2mpg10mfd/s2mpg10-meter/s2mpg10-odpm/iio:device0/name u:object_r:sysfs_odpm:s0
@@ -339,6 +350,14 @@
genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/hysteresis_time u:object_r:sysfs_usbc_throttling_stats:s0
genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/trip_time u:object_r:sysfs_usbc_throttling_stats:s0
+# Extcon
+genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-6/i2c-max77759tcpc/extcon u:object_r:sysfs_extcon:s0
+genfscon sysfs /devices/platform/10d50000.hsi2c/i2c-5/i2c-max77759tcpc/extcon u:object_r:sysfs_extcon:s0
+
+# SecureElement
+genfscon sysfs /devices/platform/10950000.spi/spi_master/spi6/spi6.0/st33spi u:object_r:sysfs_st33spi:s0
+genfscon sysfs /devices/platform/175c0000.spi/spi_master/spi15/spi15.0/st33spi u:object_r:sysfs_st33spi:s0
+
# Thermal
genfscon sysfs /devices/platform/100a0000.LITTLE u:object_r:sysfs_thermal:s0
genfscon sysfs /devices/platform/100a0000.MID u:object_r:sysfs_thermal:s0
diff --git a/whitechapel/vendor/google/hal_fingerprint_default.te b/whitechapel/vendor/google/hal_fingerprint_default.te
index 6dedfce..d1ac4d7 100644
--- a/whitechapel/vendor/google/hal_fingerprint_default.te
+++ b/whitechapel/vendor/google/hal_fingerprint_default.te
@@ -8,9 +8,7 @@
allow hal_fingerprint_default sysfs_fingerprint:file rw_file_perms;
allow hal_fingerprint_default fwk_stats_service:service_manager find;
get_prop(hal_fingerprint_default, fingerprint_ghbm_prop)
-userdebug_or_eng(`
- get_prop(hal_fingerprint_default, vendor_fingerprint_fake_prop)
-')
+set_prop(hal_fingerprint_default, vendor_fingerprint_prop)
add_hwservice(hal_fingerprint_default, hal_fingerprint_ext_hwservice)
# allow fingerprint to access power hal
@@ -22,3 +20,7 @@
# Allow fingerprint to access calibration blk device.
allow hal_fingerprint_default mfg_data_block_device:blk_file { rw_file_perms };
allow hal_fingerprint_default block_device:dir search;
+
+# Allow fingerprint to access fwk_sensor_hwservice
+allow hal_fingerprint_default fwk_sensor_hwservice:hwservice_manager find;
+
diff --git a/whitechapel/vendor/google/hal_nfc_default.te b/whitechapel/vendor/google/hal_nfc_default.te
index b647792..247ca3d 100644
--- a/whitechapel/vendor/google/hal_nfc_default.te
+++ b/whitechapel/vendor/google/hal_nfc_default.te
@@ -11,3 +11,5 @@
allow hal_nfc_default uwb_data_vendor:dir r_dir_perms;
allow hal_nfc_default uwb_data_vendor:file r_file_perms;
+# allow nfc to read uwb calibration file
+get_prop(hal_nfc_default, vendor_uwb_calibration_prop)
diff --git a/whitechapel/vendor/google/hal_secure_element_default.te b/whitechapel/vendor/google/hal_secure_element_default.te
index dc04874..17a679d 100644
--- a/whitechapel/vendor/google/hal_secure_element_default.te
+++ b/whitechapel/vendor/google/hal_secure_element_default.te
@@ -1,7 +1,5 @@
allow hal_secure_element_default secure_element_device:chr_file rw_file_perms;
-allow hal_secure_element_default nfc_device:chr_file rw_file_perms;
set_prop(hal_secure_element_default, vendor_secure_element_prop)
-set_prop(hal_secure_element_default, vendor_nfc_prop)
set_prop(hal_secure_element_default, vendor_modem_prop)
# Allow hal_secure_element_default to access rild
diff --git a/whitechapel/vendor/google/hal_secure_element_st33spi.te b/whitechapel/vendor/google/hal_secure_element_st33spi.te
new file mode 100644
index 0000000..a5978f2
--- /dev/null
+++ b/whitechapel/vendor/google/hal_secure_element_st33spi.te
@@ -0,0 +1,8 @@
+type hal_secure_element_st33spi, domain;
+hal_server_domain(hal_secure_element_st33spi, hal_secure_element)
+type hal_secure_element_st33spi_exec, exec_type, vendor_file_type, file_type;
+
+allow hal_secure_element_st33spi st33spi_device:chr_file rw_file_perms;
+set_prop(hal_secure_element_st33spi, vendor_secure_element_prop)
+
+init_daemon_domain(hal_secure_element_st33spi)
diff --git a/whitechapel/vendor/google/hal_secure_element_st54spi.te b/whitechapel/vendor/google/hal_secure_element_st54spi.te
new file mode 100644
index 0000000..7f6ea41
--- /dev/null
+++ b/whitechapel/vendor/google/hal_secure_element_st54spi.te
@@ -0,0 +1,9 @@
+type hal_secure_element_st54spi, domain;
+hal_server_domain(hal_secure_element_st54spi, hal_secure_element)
+type hal_secure_element_st54spi_exec, exec_type, vendor_file_type, file_type;
+allow hal_secure_element_st54spi st54spi_device:chr_file rw_file_perms;
+allow hal_secure_element_st54spi nfc_device:chr_file rw_file_perms;
+set_prop(hal_secure_element_st54spi, vendor_secure_element_prop)
+set_prop(hal_secure_element_st54spi, vendor_nfc_prop)
+set_prop(hal_secure_element_st54spi, vendor_modem_prop)
+init_daemon_domain(hal_secure_element_st54spi)
diff --git a/whitechapel/vendor/google/hal_usb_gadget_impl.te b/whitechapel/vendor/google/hal_usb_gadget_impl.te
new file mode 100644
index 0000000..5170a8a
--- /dev/null
+++ b/whitechapel/vendor/google/hal_usb_gadget_impl.te
@@ -0,0 +1,14 @@
+type hal_usb_gadget_impl, domain;
+hal_server_domain(hal_usb_gadget_impl, hal_usb)
+hal_server_domain(hal_usb_gadget_impl, hal_usb_gadget)
+
+type hal_usb_gadget_impl_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(hal_usb_gadget_impl)
+
+allow hal_usb_gadget_impl configfs:dir { create rmdir };
+allow hal_usb_gadget_impl functionfs:dir { watch watch_reads };
+set_prop(hal_usb_gadget_impl, vendor_usb_config_prop)
+
+allow hal_usb_gadget_impl sysfs_batteryinfo:dir r_dir_perms;
+allow hal_usb_gadget_impl sysfs_batteryinfo:file rw_file_perms;
+allow hal_usb_gadget_impl sysfs_extcon:dir search;
diff --git a/whitechapel/vendor/google/hal_usb_impl.te b/whitechapel/vendor/google/hal_usb_impl.te
index ec640c2..6b6d19f 100644
--- a/whitechapel/vendor/google/hal_usb_impl.te
+++ b/whitechapel/vendor/google/hal_usb_impl.te
@@ -1,14 +1,11 @@
type hal_usb_impl, domain;
hal_server_domain(hal_usb_impl, hal_usb)
-hal_server_domain(hal_usb_impl, hal_usb_gadget)
type hal_usb_impl_exec, vendor_file_type, exec_type, file_type;
init_daemon_domain(hal_usb_impl)
-allow hal_usb_impl configfs:dir { create rmdir };
-allow hal_usb_impl functionfs:dir { watch watch_reads };
-set_prop(hal_usb_impl, vendor_usb_config_prop)
-
+allow hal_usb_impl configfs:dir rw_dir_perms;
+allow hal_usb_impl configfs:file create_file_perms;
allow hal_usb_impl sysfs_batteryinfo:dir r_dir_perms;
allow hal_usb_impl sysfs_batteryinfo:file rw_file_perms;
allow hal_usb_impl sysfs_extcon:dir search;
diff --git a/whitechapel/vendor/google/hal_uwb_vendor_default.te b/whitechapel/vendor/google/hal_uwb_vendor_default.te
index 9361687..b287433 100644
--- a/whitechapel/vendor/google/hal_uwb_vendor_default.te
+++ b/whitechapel/vendor/google/hal_uwb_vendor_default.te
@@ -2,10 +2,13 @@
type hal_uwb_vendor_default_exec, vendor_file_type, exec_type, file_type;
init_daemon_domain(hal_uwb_vendor_default)
+hal_server_domain(hal_uwb_vendor_default, hal_uwb)
add_service(hal_uwb_vendor_default, hal_uwb_vendor_service)
hal_server_domain(hal_uwb_vendor_default, hal_uwb_vendor)
binder_call(hal_uwb_vendor_default, uwb_vendor_app)
allow hal_uwb_vendor_default uwb_data_vendor:dir create_dir_perms;
-allow hal_uwb_vendor_default uwb_data_vendor:file create_file_perms;
\ No newline at end of file
+allow hal_uwb_vendor_default uwb_data_vendor:file create_file_perms;
+
+get_prop(hal_uwb_vendor_default, vendor_uwb_calibration_prop)
diff --git a/whitechapel/vendor/google/hwservice.te b/whitechapel/vendor/google/hwservice.te
index 7ac9857..a3a3ead 100644
--- a/whitechapel/vendor/google/hwservice.te
+++ b/whitechapel/vendor/google/hwservice.te
@@ -16,9 +16,6 @@
# WLC
type hal_wlc_hwservice, hwservice_manager_type;
-# Bluetooth HAL extension
-type hal_bluetooth_coexistence_hwservice, hwservice_manager_type, vendor_hwservice_type;
-
# Fingerprint
type hal_fingerprint_ext_hwservice, hwservice_manager_type;
diff --git a/whitechapel/vendor/google/hwservice_contexts b/whitechapel/vendor/google/hwservice_contexts
index 0bcb1f6..3020777 100644
--- a/whitechapel/vendor/google/hwservice_contexts
+++ b/whitechapel/vendor/google/hwservice_contexts
@@ -23,11 +23,6 @@
# Wireless charger hal
vendor.google.wireless_charger::IWirelessCharger u:object_r:hal_wlc_hwservice:s0
-# Bluetooth HAL extension
-hardware.google.bluetooth.bt_channel_avoidance::IBTChannelAvoidance u:object_r:hal_bluetooth_coexistence_hwservice:s0
-hardware.google.bluetooth.sar::IBluetoothSar u:object_r:hal_bluetooth_coexistence_hwservice:s0
-hardware.google.bluetooth.ccc::IBluetoothCcc u:object_r:hal_bluetooth_coexistence_hwservice:s0
-
# Fingerprint
vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemon u:object_r:hal_fingerprint_ext_hwservice:s0
diff --git a/whitechapel/vendor/google/init-insmod-sh.te b/whitechapel/vendor/google/init-insmod-sh.te
index 9b2da73..0e60196 100644
--- a/whitechapel/vendor/google/init-insmod-sh.te
+++ b/whitechapel/vendor/google/init-insmod-sh.te
@@ -7,6 +7,9 @@
allow init-insmod-sh vendor_kernel_modules:system module_load;
allow init-insmod-sh vendor_toolbox_exec:file execute_no_trans;
+allow init-insmod-sh self:capability sys_nice;
+allow init-insmod-sh kernel:process setsched;
+
set_prop(init-insmod-sh, vendor_device_prop)
userdebug_or_eng(`
diff --git a/whitechapel/vendor/google/logger_app.te b/whitechapel/vendor/google/logger_app.te
index 8c8f519..d091cff 100644
--- a/whitechapel/vendor/google/logger_app.te
+++ b/whitechapel/vendor/google/logger_app.te
@@ -25,4 +25,5 @@
dontaudit logger_app default_prop:file { read };
dontaudit logger_app sysfs_vendor_sched:dir search;
+ dontaudit logger_app sysfs_vendor_sched:file write;
')
diff --git a/whitechapel/vendor/google/mediacodec.te b/whitechapel/vendor/google/mediacodec.te
index f92302e..ed7c1ad 100644
--- a/whitechapel/vendor/google/mediacodec.te
+++ b/whitechapel/vendor/google/mediacodec.te
@@ -7,4 +7,3 @@
allow mediacodec sysfs_video:file r_file_perms;
allow mediacodec sysfs_video:dir r_dir_perms;
allow mediacodec dmabuf_system_secure_heap_device:chr_file r_file_perms;
-hal_client_domain(mediacodec, hal_power);
diff --git a/whitechapel/vendor/google/mediaprovider.te b/whitechapel/vendor/google/mediaprovider.te
index a1b629f..835593f 100644
--- a/whitechapel/vendor/google/mediaprovider.te
+++ b/whitechapel/vendor/google/mediaprovider.te
@@ -1 +1,2 @@
dontaudit mediaprovider sysfs_vendor_sched:dir search;
+dontaudit mediaprovider sysfs_vendor_sched:file write;
diff --git a/whitechapel/vendor/google/ofl_app.te b/whitechapel/vendor/google/ofl_app.te
index e3f6140..a949816 100644
--- a/whitechapel/vendor/google/ofl_app.te
+++ b/whitechapel/vendor/google/ofl_app.te
@@ -11,7 +11,10 @@
allow ofl_app radio_service:service_manager find;
allow ofl_app surfaceflinger_service:service_manager find;
- # Access to directly update firmware on secure_element
- typeattribute secure_element_device mlstrustedobject;
- allow ofl_app secure_element_device:chr_file rw_file_perms;
+ # Access to directly update firmware on st54spi_device
+ typeattribute st54spi_device mlstrustedobject;
+ allow ofl_app st54spi_device:chr_file rw_file_perms;
+ # Access to directly update firmware on st33spi_device
+ typeattribute st33spi_device mlstrustedobject;
+ allow ofl_app st33spi_device:chr_file rw_file_perms;
')
diff --git a/whitechapel/vendor/google/pixelstats_vendor.te b/whitechapel/vendor/google/pixelstats_vendor.te
index 96bd932..f0cca68 100644
--- a/whitechapel/vendor/google/pixelstats_vendor.te
+++ b/whitechapel/vendor/google/pixelstats_vendor.te
@@ -1,9 +1,3 @@
-# pixelstats vendor
-type pixelstats_vendor, domain;
-
-type pixelstats_vendor_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(pixelstats_vendor)
-
unix_socket_connect(pixelstats_vendor, chre, chre)
get_prop(pixelstats_vendor, hwservicemanager_prop)
diff --git a/whitechapel/vendor/google/property.te b/whitechapel/vendor/google/property.te
index bb0894f..31ee4b8 100644
--- a/whitechapel/vendor/google/property.te
+++ b/whitechapel/vendor/google/property.te
@@ -48,8 +48,10 @@
vendor_internal_prop(vendor_tcpdump_log_prop)
# Fingerprint
-vendor_internal_prop(vendor_fingerprint_fake_prop)
+vendor_internal_prop(vendor_fingerprint_prop)
# Dynamic sensor
vendor_internal_prop(vendor_dynamic_sensor_prop)
+# UWB calibration
+system_vendor_config_prop(vendor_uwb_calibration_prop)
diff --git a/whitechapel/vendor/google/property_contexts b/whitechapel/vendor/google/property_contexts
index c9c66b6..e244d6e 100644
--- a/whitechapel/vendor/google/property_contexts
+++ b/whitechapel/vendor/google/property_contexts
@@ -60,6 +60,7 @@
vendor.audiodump.log.ondemand u:object_r:vendor_audio_prop:s0
vendor.audiodump.log.config u:object_r:vendor_audio_prop:s0
vendor.audiodump.output.dir u:object_r:vendor_audio_prop:s0
+vendor.audiodump.encode.disable u:object_r:vendor_audio_prop:s0
# for display
@@ -104,8 +105,11 @@
vendor.tcpdump.output.dir u:object_r:vendor_tcpdump_log_prop:s0
# Fingerprint
-vendor.fingerprint.disable.fake u:object_r:vendor_fingerprint_fake_prop:s0
+vendor.fingerprint. u:object_r:vendor_fingerprint_prop:s0
+vendor.gf. u:object_r:vendor_fingerprint_prop:s0
# Dynamic sensor
vendor.dynamic_sensor. u:object_r:vendor_dynamic_sensor_prop:s0
+# uwb
+ro.vendor.uwb.calibration. u:object_r:vendor_uwb_calibration_prop:s0 exact string
diff --git a/whitechapel/vendor/google/recovery.te b/whitechapel/vendor/google/recovery.te
index 4687a43..1974ebb 100644
--- a/whitechapel/vendor/google/recovery.te
+++ b/whitechapel/vendor/google/recovery.te
@@ -1,4 +1,4 @@
recovery_only(`
allow recovery sysfs_ota:file rw_file_perms;
- allow recovery secure_element_device:chr_file rw_file_perms;
+ allow recovery st54spi_device:chr_file rw_file_perms;
')
diff --git a/whitechapel/vendor/google/seapp_contexts b/whitechapel/vendor/google/seapp_contexts
index 4dcd8e5..f866e37 100644
--- a/whitechapel/vendor/google/seapp_contexts
+++ b/whitechapel/vendor/google/seapp_contexts
@@ -48,7 +48,8 @@
user=_app isPrivApp=true seinfo=platform name=com.thales.device.ofl.app.basicagent domain=ofl_app type=app_data_file levelFrom=user
# Qorvo UWB system app
-user=uwb isPrivApp=true seinfo=uwb name=com.qorvo.uwb domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all
+# TODO(b/222204912): Should this run under uwb user?
+user=_app isPrivApp=true seinfo=uwb name=com.qorvo.uwb.vendorservice domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all
# Domain for EuiccSupportPixel
user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all
diff --git a/whitechapel/vendor/google/service_contexts b/whitechapel/vendor/google/service_contexts
index 812105a..ca2ec93 100644
--- a/whitechapel/vendor/google/service_contexts
+++ b/whitechapel/vendor/google/service_contexts
@@ -1,3 +1,4 @@
com.google.hardware.pixel.display.IDisplay/default u:object_r:hal_pixel_display_service:s0
uwb_vendor u:object_r:uwb_vendor_service:s0
-hardware.qorvo.uwb.IUwb/default u:object_r:hal_uwb_vendor_service:s0
+hardware.qorvo.uwb.IUwbVendor/default u:object_r:hal_uwb_vendor_service:s0
+android.hardware.drm.IDrmFactory/widevine u:object_r:hal_drm_service:s0
diff --git a/whitechapel/vendor/google/shell.te b/whitechapel/vendor/google/shell.te
index aa4dfa4..abc2f2c 100644
--- a/whitechapel/vendor/google/shell.te
+++ b/whitechapel/vendor/google/shell.te
@@ -7,3 +7,4 @@
')
dontaudit shell sysfs_vendor_sched:dir search;
+dontaudit shell sysfs_vendor_sched:file write;
diff --git a/whitechapel/vendor/google/untrusted_app_all.te b/whitechapel/vendor/google/untrusted_app_all.te
index 04229ff..dda8154 100644
--- a/whitechapel/vendor/google/untrusted_app_all.te
+++ b/whitechapel/vendor/google/untrusted_app_all.te
@@ -3,3 +3,4 @@
allow untrusted_app_all dmabuf_system_secure_heap_device:chr_file r_file_perms;
dontaudit untrusted_app_all sysfs_vendor_sched:dir search;
+dontaudit untrusted_app_all sysfs_vendor_sched:file write;
diff --git a/whitechapel/vendor/google/vendor_init.te b/whitechapel/vendor/google/vendor_init.te
index 6f89d9d..dfd8e99 100644
--- a/whitechapel/vendor/google/vendor_init.te
+++ b/whitechapel/vendor/google/vendor_init.te
@@ -1,3 +1,4 @@
+get_prop(vendor_init, gesture_prop)
set_prop(vendor_init, vendor_camera_prop)
set_prop(vendor_init, vendor_device_prop)
set_prop(vendor_init, vendor_modem_prop)
@@ -17,6 +18,7 @@
allow vendor_init proc_sched:file write;
allow vendor_init bootdevice_sysdev:file create_file_perms;
allow vendor_init block_device:lnk_file setattr;
+allow vendor_init sysfs_st33spi:file w_file_perms;
userdebug_or_eng(`
set_prop(vendor_init, logpersistd_logging_prop)
@@ -32,6 +34,4 @@
set_prop(vendor_init, vendor_battery_defender_prop)
# Fingerprint property
-userdebug_or_eng(`
- set_prop(vendor_init, vendor_fingerprint_fake_prop)
-')
+set_prop(vendor_init, vendor_fingerprint_prop)