From 1750c0806f2568dbec8fa1ef6f0dd87b254e41bf Mon Sep 17 00:00:00 2001
From: Nilesh Gharde <quic_ngharde@quicinc.com>
Date: Tue, 7 Nov 2023 22:46:38 -0800
Subject: [PATCH 1/3] Avc denials on sdm660 from location, hal_gnss_qti

Change-Id: I3ac6a4d5db46cce66eecd70531a180e21177d979
CRs-fixed: 3661430
---
 legacy/vendor/sdm660/hal_gnss_qti.te | 9 +++++++++
 legacy/vendor/sdm660/location.te     | 7 +++++++
 legacy/vendor/sdm660/location_app.te | 5 +++++
 3 files changed, 21 insertions(+)
 create mode 100644 legacy/vendor/sdm660/hal_gnss_qti.te
 create mode 100644 legacy/vendor/sdm660/location.te

diff --git a/legacy/vendor/sdm660/hal_gnss_qti.te b/legacy/vendor/sdm660/hal_gnss_qti.te
new file mode 100644
index 00000000..6cdc4b84
--- /dev/null
+++ b/legacy/vendor/sdm660/hal_gnss_qti.te
@@ -0,0 +1,9 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+# generic/vendor_hal_gnss_qti.te - generic sepolicy rules for vendor_location hidl
+
+#Allow Gnss HAL to access ril socket
+allow hal_gnss_qti vendor_rild_socket:dir search;
+allow hal_gnss_qti vendor_rild_socket:sock_file write;
+unix_socket_connect(hal_gnss_qti, rild, rild)
diff --git a/legacy/vendor/sdm660/location.te b/legacy/vendor/sdm660/location.te
new file mode 100644
index 00000000..077b1657
--- /dev/null
+++ b/legacy/vendor/sdm660/location.te
@@ -0,0 +1,7 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+# generic/vendor_location.te - sepolicy rules for generic vendor_location modules
+
+# allows location to access ssgtzd socket
+allow location ssgtzd_socket:sock_file write;
diff --git a/legacy/vendor/sdm660/location_app.te b/legacy/vendor/sdm660/location_app.te
index 0d0273bb..6bf6da9f 100644
--- a/legacy/vendor/sdm660/location_app.te
+++ b/legacy/vendor/sdm660/location_app.te
@@ -24,5 +24,10 @@
 # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+# Changes from Qualcomm Innovation Center are provided under the following license:
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
 
 allow vendor_location_app sysfs_kgsl_gpu_model:file r_file_perms;
+dontaudit vendor_location_app default_android_service:service_manager {find};

From 460350924051133f27ca35867e62c974c5d85281 Mon Sep 17 00:00:00 2001
From: Kamesh Relangi <quic_krelangi@quicinc.com>
Date: Wed, 15 Nov 2023 10:58:00 +0530
Subject: [PATCH 2/3] SE Policy change to fix avc denial for qcrild socket

Change-Id: I1c2f3378d974a07496590a3dbd1b20323dbbba16
---
 legacy/vendor/common/file.te       | 7 +++++++
 legacy/vendor/common/file_contexts | 6 +++++-
 legacy/vendor/sdm660/rild.te       | 8 ++++++++
 3 files changed, 20 insertions(+), 1 deletion(-)
 create mode 100644 legacy/vendor/sdm660/rild.te

diff --git a/legacy/vendor/common/file.te b/legacy/vendor/common/file.te
index 23b8f122..17c52302 100644
--- a/legacy/vendor/common/file.te
+++ b/legacy/vendor/common/file.te
@@ -24,6 +24,10 @@
 # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+# Changes from Qualcomm Innovation Center are provided under the following license:
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
 
 # Default type for anything under /firmware.
 type firmware_file,  file_type, contextmount_type, vendor_file_type;
@@ -419,3 +423,6 @@ type vendor_sysfs_kgsl_gpuclk, sysfs_type, fs_type;
 #slub-debug
 type sysfs_slab_zshandle_storeuser, fs_type, sysfs_type;
 type sysfs_slab_zspage_storeuser, fs_type, sysfs_type;
+
+#ril socket
+type vendor_rild_socket, file_type;
diff --git a/legacy/vendor/common/file_contexts b/legacy/vendor/common/file_contexts
index 1d86294e..26c39849 100644
--- a/legacy/vendor/common/file_contexts
+++ b/legacy/vendor/common/file_contexts
@@ -24,7 +24,10 @@
 # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
+#
+# Changes from Qualcomm Innovation Center are provided under the following license:
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
 ###################################
 # Dev nodes
 #
@@ -151,6 +154,7 @@
 /dev/socket/rild3                               u:object_r:rild_socket:s0
 /dev/socket/rild3-debug                         u:object_r:rild_debug_socket:s0
 /dev/socket/rild-debug3                         u:object_r:rild_debug_socket:s0
+/dev/socket/qcrild(/.*)?                        u:object_r:vendor_rild_socket:s0
 /dev/socket/msm_irqbalance                      u:object_r:vendor_msm_irqbalance_socket:s0
 /dev/socket/mlid                                u:object_r:mlid_socket:s0
 /dev/socket/ssgqmig                             u:object_r:ssgqmig_socket:s0
diff --git a/legacy/vendor/sdm660/rild.te b/legacy/vendor/sdm660/rild.te
new file mode 100644
index 00000000..5facef33
--- /dev/null
+++ b/legacy/vendor/sdm660/rild.te
@@ -0,0 +1,8 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+# rild.te - sepolicy rules for legacy ril module
+
+# allows rild to create rild0 and rild1 sockets
+allow rild vendor_rild_socket:dir w_dir_perms;
+allow rild vendor_rild_socket:sock_file create_file_perms;

From 8569f71b88fafd7061f120677e0bf446e4fc5ce1 Mon Sep 17 00:00:00 2001
From: Neelu Maheshwari <quic_neelmahe@quicinc.com>
Date: Mon, 20 Nov 2023 20:57:31 +0530
Subject: [PATCH 3/3] sepolicy : Allow apps to have read access to
 vendor_display_prop

Change-Id: Ib2793107a54fa1a2df60ac872645277a9a0b2415
---
 legacy/vendor/common/app.te | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/legacy/vendor/common/app.te b/legacy/vendor/common/app.te
index 684da80e..b6422387 100644
--- a/legacy/vendor/common/app.te
+++ b/legacy/vendor/common/app.te
@@ -24,6 +24,10 @@
 # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+# Changes from Qualcomm Innovation Center are provided under the following license:
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
 
 #Allow all apps to open and send ioctl to qdsp device
 allow appdomain qdsp_device:chr_file r_file_perms;
@@ -39,3 +43,6 @@ allow appdomain qti_logkit_pub_socket:dir r_dir_perms;
 
 # Allow all apps to open and send ioctl to npu device
 allow appdomain npu_device:chr_file r_file_perms;
+
+#Allow all apps to have read access to vendor_display_prop
+get_prop(appdomain, vendor_display_prop)