From 8273b09de3c3e60245666a9a3d1295326ccb1c62 Mon Sep 17 00:00:00 2001
From: Nilesh Gharde <quic_ngharde@quicinc.com>
Date: Tue, 23 Jan 2024 03:12:55 -0800
Subject: [PATCH 1/3] location AVC denials during user profile switch

CRs-fixed: 3713029
Change-Id: Ie20f60a981769278dc1fda195e55f27942cd6a78
---
 legacy/vendor/sdm660/location_app.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/legacy/vendor/sdm660/location_app.te b/legacy/vendor/sdm660/location_app.te
index 6bf6da9f..7e88264b 100644
--- a/legacy/vendor/sdm660/location_app.te
+++ b/legacy/vendor/sdm660/location_app.te
@@ -31,3 +31,6 @@
 
 allow vendor_location_app sysfs_kgsl_gpu_model:file r_file_perms;
 dontaudit vendor_location_app default_android_service:service_manager {find};
+
+allow vendor_location_app system_data_file:dir {search};
+allow vendor_location_app user_profile_root_file:dir {search};

From e1c8914c62901d3aca8c9d0646b7c64fc8a7c5cd Mon Sep 17 00:00:00 2001
From: Harikrishnan Hariharan <quic_hahariha@quicinc.com>
Date: Thu, 25 Jan 2024 00:43:35 +0530
Subject: [PATCH 2/3] Add sepolicy dir and sock permissions to location module

Allow location module to have directory read, write
and socket create permissions in /data/vendor/ path.

CRs-Fixed: 2205732
Change-Id: I4a75623b562337e13b121bacf86af0f97f457916
---
 legacy/vendor/sdm660/hal_wifi_supplicant.te | 5 +++++
 legacy/vendor/sdm660/location.te            | 3 +++
 2 files changed, 8 insertions(+)
 create mode 100644 legacy/vendor/sdm660/hal_wifi_supplicant.te

diff --git a/legacy/vendor/sdm660/hal_wifi_supplicant.te b/legacy/vendor/sdm660/hal_wifi_supplicant.te
new file mode 100644
index 00000000..0968d6ac
--- /dev/null
+++ b/legacy/vendor/sdm660/hal_wifi_supplicant.te
@@ -0,0 +1,5 @@
+# Copyright (c) 2024 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+# # Allow wpa_supplicant to send back wifi information to location
+allow hal_wifi_supplicant_default location:unix_dgram_socket sendto;
\ No newline at end of file
diff --git a/legacy/vendor/sdm660/location.te b/legacy/vendor/sdm660/location.te
index 077b1657..6dcebb07 100644
--- a/legacy/vendor/sdm660/location.te
+++ b/legacy/vendor/sdm660/location.te
@@ -5,3 +5,6 @@
 
 # allows location to access ssgtzd socket
 allow location ssgtzd_socket:sock_file write;
+
+# /data/vendor/wifi
+allow location wifi_vendor_data_file:dir rw_dir_perms;

From 781cfc8b70857a91bcbdb47baa3fdaff4710b6a9 Mon Sep 17 00:00:00 2001
From: Neelu Maheshwari <quic_neelmahe@quicinc.com>
Date: Thu, 8 Feb 2024 18:17:01 +0530
Subject: [PATCH 3/3] Sepolicy : Allow vendor_init to access bluetooth prop.

Change-Id: I393b039b87ac8d717f42640030c1e5d01049ab70
---
 legacy/vendor/common/property_contexts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/legacy/vendor/common/property_contexts b/legacy/vendor/common/property_contexts
index 0433fae4..33354bf4 100644
--- a/legacy/vendor/common/property_contexts
+++ b/legacy/vendor/common/property_contexts
@@ -27,6 +27,7 @@
 
 persist.vendor.service.bdroid.      u:object_r:vendor_bluetooth_prop:s0
 persist.vendor.bt.soc.scram_freqs   u:object_r:vendor_bluetooth_prop:s0
+persist.vendor.bt.a2dp_offload_cap  u:object_r:vendor_bluetooth_prop:s0
 persist.vendor.bluetooth.a2dp.      u:object_r:vendor_bluetooth_prop:s0
 persist.vendor.qcom.bluetooth.      u:object_r:vendor_bluetooth_prop:s0
 vendor.qcom.bluetooth.              u:object_r:vendor_bluetooth_prop:s0