sepolicy:qcc add to legacy

Change-Id: I7031cd4070c478f1fccfe8e0b1e7053d6c57c36e

legacy/vendor/common/attributes

@@ -143,3 +143,7 @@ attribute hal_capabilityconfigstore_qti_server;
 attribute vendor_hal_dspmanager;
 attribute vendor_hal_dspmanager_client;
 attribute vendor_hal_dspmanager_server;
+
+attribute vendor_hal_qccvndhal;
+attribute vendor_hal_qccvndhal_client;
+attribute vendor_hal_qccvndhal_server;

legacy/vendor/common/device.te

@@ -84,6 +84,8 @@ type ssr_device, dev_type;
 #Ramdump device
 type ramdump_device, dev_type;
 
+type vendor_ramdump_microdump_modem_device, dev_type;
+
 #Kickstart bridge devices
 type ksbridgehsic_device, dev_type;
 

legacy/vendor/common/file.te

@@ -298,9 +298,8 @@ type sysfs_diag, fs_type, sysfs_type;
 #laser sysfs files
 type sysfs_laser, fs_type, sysfs_type;
 
-# QDMA data files
-type vendor_qdma_data_file, file_type, data_file_type;
-type qdma_socket, file_type, mlstrustedobject;
+# qcc-trd data files
+type vendor_qcc_trd_data_file, file_type, data_file_type;
 
 # path to debugfs use this whic should be only used
 # in debug builds
@@ -411,3 +410,5 @@ type vendor_capabilityconfigstore_data_file, file_type, data_file_type;
 
 #sensor log files
 type sensors_vendor_data_file, file_type, data_file_type;
+
+type vendor_sysfs_kgsl_gpuclk, sysfs_type, fs_type;

legacy/vendor/common/file_contexts

@@ -74,6 +74,7 @@
 /dev/block/mmcblk1p1                            u:object_r:sd_device:s0
 /dev/subsys_.*                                  u:object_r:ssr_device:s0
 /dev/ramdump_.*                                 u:object_r:ramdump_device:s0
+/dev/ramdump_microdump_modem                    u:object_r:vendor_ramdump_microdump_modem_device:s0
 /dev/esoc.*                                     u:object_r:esoc_device:s0
 /dev/ks_hsic_bridge                             u:object_r:ksbridgehsic_device:s0
 /dev/efs_hsic_bridge                            u:object_r:efsbridgehsic_device:s0
@@ -161,7 +162,6 @@
 /dev/socket/location(/.*)?                      u:object_r:location_socket:s0
 /dev/socket/wifihal(/.*)?                       u:object_r:wifihal_socket:s0
 /dev/socket/wigig/wigignpt                      u:object_r:wigignpt_socket:s0
-/dev/socket/qdma(/.*)?                          u:object_r:qdma_socket:s0
 
 ###################################
 # vendor bins files
@@ -325,7 +325,7 @@
 /(vendor|system/vendor)/bin/hw/android\.hardware\.gatekeeper@1\.0-service-qti u:object_r:hal_gatekeeper_qti_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.nxp\.hardware\.nfc@1\.2-service     u:object_r:hal_nfc_default_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.nxp\.hardware\.nfc@2\.0-service     u:object_r:hal_nfc_default_exec:s0
-/(vendor|system/vendor)/bin/qdmastatsd          u:object_r:qdmastatsd_exec:s0
+/(vendor|system/vendor)/bin/qcc-trd          u:object_r:vendor_qcc_trd_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.alarm@1\.0-service      u:object_r:hal_alarm_qti_default_exec:s0
 /(vendor|system/vendor)/bin/imsrcsd             u:object_r:hal_rcsservice_exec:s0
 /(vendor|system/vendor)/bin/vppservice          u:object_r:vendor_vppservice_exec:s0
@@ -353,6 +353,7 @@
 /(vendor|system/vendor)/bin/hdcp_srm               u:object_r:hdcp_srm_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.qti\.power\.pasrmanager\@1\.0-service u:object_r:hal_pasrmanager_qti_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.capabilityconfigstore@1\.0-service u:object_r:hal_capabilityconfigstore_qti_default_exec:s0
+/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.qccvndhal@1\.0-service       u:object_r:vendor_hal_qccvndhal_qti_exec:s0
 
 ###################################
 # sysfs files
@@ -491,6 +492,7 @@
 /sys/devices(/platform)?/soc/[a-f0-9]+.qcom,kgsl-3d0/devfreq/[a-f0-9]+.qcom,kgsl-3d0(/.*)? u:object_r:sysfs_kgsl:s0
 /sys/devices(/platform)?/soc/[a-f0-9]+.qcom,kgsl-3d0/kgsl/kgsl-3d0/snapshot(/.*)? u:object_r:sysfs_kgsl_snapshot:s0
 /sys/devices(/platform)?/soc/[a-f0-9]+.qcom,kgsl-3d0/kgsl/kgsl-3d0/gpu_model u:object_r:sysfs_kgsl_gpu_model:s0
+/sys/devices(/platform)?/soc/[a-f0-9]+.qcom,kgsl-3d0/kgsl/kgsl-3d0/gpuclk u:object_r:vendor_sysfs_kgsl_gpuclk:s0
 
 /sys/devices(/platform)?/soc/[a-f0-9]+.sdhci/mmc_host/mmc0/clk_scaling(/.*)? u:object_r:sysfs_mmc_host:s0
 /sys/devices(/platform)?/soc/[a-f0-9]+.sdhci/mmc_host/mmc[0-9]/mmc0:[0-9]+/block/mmcblk[0-9]/bdi/read_ahead_kb u:object_r:sysfs_mmc_host:s0
@@ -557,8 +559,8 @@
 /data/vendor/wifi/sockets(/.*)?                                     u:object_r:wifi_vendor_wpa_socket:s0
 /data/vendor/wifi/wigig_sockets(/.*)?                               u:object_r:wifi_vendor_wpa_socket:s0
 /data/vendor/wifi/wigig_sockets/wpa_ctrl.*                          u:object_r:wifi_vendor_wpa_socket:s0
-/data/vendor/qdmastats(/.*)?                                        u:object_r:vendor_qdma_data_file:s0
-/data/vendor/qdma(/.*)?                                             u:object_r:vendor_qdma_data_file:s0
+/data/vendor/qdmastats(/.*)?                                        u:object_r:vendor_qcc_trd_data_file:s0
+/data/vendor/qdma(/.*)?                                             u:object_r:vendor_qcc_trd_data_file:s0
 /data/vendor/vpp(/.*)?                                              u:object_r:vendor_vpp_data_file:s0
 /data/vendor/camera(/.*)?                                           u:object_r:vendor_camera_data_file:s0
 /data/vendor/wifi/wigig_hostapd(/.*)?                               u:object_r:wigig_hostapd_socket:s0

legacy/vendor/common/hal_qccvndhalservice.te

@@ -0,0 +1,49 @@
+# Copyright (c) 2020 The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_hal_qccvndhal_qti, domain;
+type vendor_hal_qccvndhal_qti_exec, exec_type, vendor_file_type, file_type;
+
+hal_server_domain(vendor_hal_qccvndhal_qti, vendor_hal_qccvndhal)
+
+#Allow for transition from init domain to vendor_hal_qccvndhal
+init_daemon_domain(vendor_hal_qccvndhal_qti)
+
+#Allow vendor_hal_qccvndhal to use Vendor Binder IPC
+vndbinder_use(vendor_hal_qccvndhal)
+
+#Allow hwbinder call from hal client to server
+binder_call(vendor_hal_qccvndhal_client, vendor_hal_qccvndhal_server)
+binder_call(vendor_hal_qccvndhal_server, vendor_hal_qccvndhal_client)
+
+#Add hwservice related rules
+#add_hwservice(vendor_hal_qccvndhal_server, vendor_hal_qccvndhal_hwservice)
+#allow vendor_hal_qccvndhal_client vendor_hal_qccvndhal_hwservice:hwservice_manager find;
+hal_attribute_hwservice(vendor_hal_qccvndhal, vendor_hal_qccvndhal_hwservice)
+
+allow vendor_hal_qccvndhal_qti vendor_qcc_trd_data_file:file create_file_perms;
+allow vendor_hal_qccvndhal_qti vendor_qcc_trd_data_file:dir create_dir_perms;

legacy/vendor/common/hwservice.te

@@ -66,3 +66,4 @@ type hal_capabilityconfigstore_qti_hwservice, hwservice_manager_type;
 type hal_qseecom_hwservice, hwservice_manager_type, protected_hwservice;
 type hal_perfcallback_hwservice, hwservice_manager_type, protected_hwservice;
 type vendor_hal_dspmanager_hwservice, hwservice_manager_type;
+type vendor_hal_qccvndhal_hwservice, hwservice_manager_type, protected_hwservice;

legacy/vendor/common/hwservice_contexts

@@ -106,3 +106,4 @@ com.dsi.ant::IAnt                                            u:object_r:hal_blue
 vendor.qti.hardware.qseecom::IQSEECom                        u:object_r:hal_qseecom_hwservice:s0
 vendor.qti.hardware.perf::IPerfCallback                      u:object_r:hal_perfcallback_hwservice:s0
 vendor.qti.hardware.dsp::IDspService                         u:object_r:vendor_hal_dspmanager_hwservice:s0
+vendor.qti.hardware.qccvndhal::IQccvndhal                     u:object_r:vendor_hal_qccvndhal_hwservice:s0

legacy/vendor/common/location.te

@@ -119,8 +119,7 @@ allow location self:udp_socket ioctl;
 # Replace this with macro
 allowxperm location self:udp_socket ioctl priv_sock_ioctls;
 
-#access to qdma socket
-qdma_file_socket(location);
+hal_client_domain(location, vendor_qccsyshal);
 
 allow location hal_datafactory_hwservice:hwservice_manager find;
 binder_call(location, cnd)
@@ -129,9 +128,6 @@ get_prop(location, cnd_vendor_prop)
 #Allow access to wake alarm
 allow location self:capability2 wake_alarm;
 
-#allow qdma prop
-get_prop(location, vendor_qdma_prop);
-
 #xtra-demon
 hal_client_domain(location, vendor_qccsyshal);
 allow location hal_cacert_hwservice:hwservice_manager find;

legacy/vendor/common/property.te

@@ -127,8 +127,9 @@ type ctl_vendor_hbtp_prop, property_type;
 # factory properties
 type ctl_vendor_mmid_prop, property_type;
 
-#qdma property
-type vendor_qdma_prop, property_type;
+#qcc property
+#type vendor_qdma_prop, property_type;
+vendor_public_prop(vendor_qcc_prop);
 
 #imsrcsservice
 type ctl_vendor_imsrcsservice_prop, property_type;

legacy/vendor/common/property_contexts

@@ -145,8 +145,8 @@ ctl.vendor.hbtp u:object_r:ctl_vendor_hbtp_prop:s0
 # factory properties
 ctl.vendor.mmid   u:object_r:ctl_vendor_mmid_prop:s0
 
-# qdma property
-vendor.qti.qdma.        u:object_r:vendor_qdma_prop:s0
+# qcc property
+vendor.qti.qdma.                             u:object_r:vendor_qcc_prop:s0
 
 #Needed by qsee need to rename this
 vendor.sys.listeners.registered   u:object_r:vendor_tee_listener_prop:s0

legacy/vendor/common/qcc_app.te

@@ -0,0 +1,32 @@
+# Copyright (c) 2020 The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+hal_client_domain(vendor_qcc_app, vendor_hal_qccvndhal);
+
+# IPerf
+hal_client_domain(vendor_qcc_app, vendor_hal_perf);
+

legacy/vendor/common/qcc_trd.te

@@ -0,0 +1,95 @@
+# Copyright (c) 2017-2020, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_qcc_trd_exec, file_type, vendor_file_type, exec_type;
+
+init_daemon_domain(vendor_qcc_trd)
+
+vndbinder_use(vendor_qcc_trd)
+
+allow vendor_qcc_trd vendor_qcc_trd_data_file:file create_file_perms;
+allow vendor_qcc_trd vendor_qcc_trd_data_file:dir create_dir_perms;
+
+# access to /dev/ramdump_microdump_modem
+allow vendor_qcc_trd vendor_ramdump_microdump_modem_device:chr_file r_file_perms;
+
+# cpustats
+# access to /sys/class/power_supply/bms/charge_counter
+# access to /sys/class/power_supply/battery/capacity
+# access to /sys/class/power_supply/battery/status
+allow vendor_qcc_trd sysfs_battery_supply:{file lnk_file} r_file_perms;
+allow vendor_qcc_trd sysfs_battery_supply:dir r_dir_perms;
+
+# gpustats
+# /sys/class/kgsl/kgsl-3d0/gpu_busy_percentage
+# /sys/class/kgsl/kgsl-3d0/gpuclk
+# /sys/class/kgsl/kgsl-3d0/gpu_clock_stats
+# /sys/class/kgsl/kgsl-3d0/num_pwrlevels
+# /sys/class/kgsl/kgsl-3d0/gpu_available_frequencies
+allow vendor_qcc_trd sysfs_kgsl:{file lnk_file} r_file_perms;
+allow vendor_qcc_trd sysfs_kgsl:dir r_dir_perms;
+allow vendor_qcc_trd vendor_sysfs_kgsl_gpuclk:{file lnk_file} r_file_perms;
+allow vendor_qcc_trd vendor_sysfs_kgsl_gpuclk:dir r_dir_perms;
+
+# cpustats /sys/class/leds/lcd-backlight/brightness
+allow vendor_qcc_trd sysfs_leds:{file lnk_file} r_file_perms;
+allow vendor_qcc_trd sysfs_leds:dir r_dir_perms;
+
+# cpustats /sys/class/backlight/panel0-backlight/brightness
+allow vendor_qcc_trd sysfs_graphics:{file lnk_file} r_file_perms;
+allow vendor_qcc_trd sysfs_graphics:dir r_dir_perms;
+
+# cpustats /sys/class/thermal/thermal_zone%d
+allow vendor_qcc_trd sysfs_thermal:{file lnk_file} r_file_perms;
+allow vendor_qcc_trd sysfs_thermal:dir r_dir_perms;
+
+# cpustats /proc/stat
+allow vendor_qcc_trd proc_stat:file r_file_perms;
+allow vendor_qcc_trd proc_stat:dir r_dir_perms;
+
+#access to taskstats interface for process stats
+allow vendor_qcc_trd self:{ netlink_socket netlink_generic_socket } create_socket_perms_no_ioctl;
+
+# mps /persist/hlos_rfs/shared
+allow vendor_qcc_trd mnt_vendor_file:dir r_dir_perms;
+allow vendor_qcc_trd persist_rfs_shared_hlos_file:dir rw_dir_perms;
+allow vendor_qcc_trd persist_rfs_shared_hlos_file:file create_file_perms;
+
+# for logcat
+unix_socket_connect(vendor_qcc_trd, logdr, logd);
+
+# allow qcc_prop
+set_prop(vendor_qcc_trd, vendor_qcc_prop);
+
+# qmi
+qmux_socket(vendor_qcc_trd);
+allow vendor_qcc_trd self:{ socket qipcrtr_socket } create_socket_perms;
+allowxperm vendor_qcc_trd self:{ socket qipcrtr_socket } ioctl msm_sock_ipc_ioctls;
+
+# read ver_info.txt
+allow vendor_qcc_trd vendor_firmware_file:dir r_dir_perms;
+allow vendor_qcc_trd vendor_firmware_file:file r_file_perms;

legacy/vendor/common/qcc_utils_app.te

@@ -0,0 +1,29 @@
+# Copyright (c) 2017-2020, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# IPerf
+hal_client_domain(vendor_qcc_utils_app, vendor_hal_perf);

legacy/vendor/common/qdma_app.te

@@ -1,76 +0,0 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-type qdma_app, domain, mlstrustedsubject;
-app_domain(qdma_app)
-net_domain(qdma_app)
-binder_use(qdma_app)
-
-# allow invoking activity and access app content to qdma_app
-allow qdma_app { activity_service content_service }:service_manager find;
-# allow display service to qdma_app
-allow qdma_app { display_service }:service_manager find;
-# allow access to wifi and data network to qdma_app
-allow qdma_app { connectivity_service network_management_service }:service_manager find;
-# allow access telephony service info to qdma_app
-allow qdma_app { radio_service registry_service }:service_manager find;
-# allow acquire wakelock to qdma_app
-allow qdma_app { power_service }:service_manager find;
-# allow to load native library
-allow qdma_app { mount_service }:service_manager find;
-# for vendor_perf_service
-allow qdma_app app_api_service:service_manager find;
-
-# allow access to qdma dropbox
-allow qdma_app vendor_qdma_data_file:dir create_dir_perms;
-allow qdma_app vendor_qdma_data_file:file create_file_perms;
-
-allow qdma_app user_service:service_manager find;
-
-# allow access to socket
-unix_socket_connect(qdma_app, vendor_dpmtcm, vendor_dpmd)
-
-# allow qdma_socket
-allow qdma_app qdma_socket:dir w_dir_perms;
-allow qdma_app qdma_socket:sock_file create_file_perms;
-
-# for /dev/socket/qdma/qdma-campmgr-s
-unix_socket_connect(qdma_app, qdma, qdmastatsd)
-
-# allow access to mediadrmserver for qdmastats/wvstats
-allow qdma_app mediadrmserver_service:service_manager find;
-
-# allow qdma_app to access system_app_data_file
-# necessary for read and write /data/data subdirectory.
-allow qdma_app system_app_data_file:dir create_dir_perms;
-allow qdma_app system_app_data_file:file create_file_perms;
-
-# allow qdma_prop
-set_prop(qdma_app, vendor_qdma_prop);
-
-# allow cgroup access
-allow qdma_app cgroup:file rw_file_perms;

legacy/vendor/common/qdmastatsd.te

@@ -1,111 +0,0 @@
-# Copyright (c) 2017, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-type qdmastatsd, domain, mlstrustedsubject;
-type qdmastatsd_exec, file_type, vendor_file_type, exec_type;
-
-init_daemon_domain(qdmastatsd)
-
-allow qdmastatsd vendor_qdma_data_file:file create_file_perms;
-allow qdmastatsd vendor_qdma_data_file:dir create_dir_perms;
-
-# access to /dev/ramdump_microdump_modem
-allow qdmastatsd ramdump_device:chr_file r_file_perms;
-
-# access to /sys/class/power_supply/bms/charge_counter
-# access to /sys/class/power_supply/battery/capacity
-# access to /sys/class/power_supply/battery/status
-allow qdmastatsd sysfs_battery_supply:{file lnk_file} r_file_perms;
-allow qdmastatsd sysfs_battery_supply:dir r_dir_perms;
-
-# /sys/class/kgsl/kgsl-3d0/gpu_busy_percentage
-# /sys/class/kgsl/kgsl-3d0/gpuclk
-# /sys/class/kgsl/kgsl-3d0/gpu_clock_stats
-# /sys/class/kgsl/kgsl-3d0/num_pwrlevels
-# /sys/class/kgsl/kgsl-3d0/gpu_available_frequencies
-allow qdmastatsd sysfs_kgsl:{file lnk_file} r_file_perms;
-allow qdmastatsd sysfs_kgsl:dir r_dir_perms;
-
-# /sys/class/leds/lcd-backlight/brightness
-allow qdmastatsd sysfs_leds:{file lnk_file} r_file_perms;
-allow qdmastatsd sysfs_leds:dir r_dir_perms;
-allow qdmastatsd sysfs_graphics:{file lnk_file} r_file_perms;
-allow qdmastatsd sysfs_graphics:dir r_dir_perms;
-
-# access to /sys/devices/system/cpu/possible
-allow qdmastatsd sysfs_devices_system_cpu:file r_file_perms;
-allow qdmastatsd sysfs_devices_system_cpu:dir r_dir_perms;
-
-# access to /sys/module/lpm_stats/cpu%d/total_sleep_time_secs
-#allow qdmastatsd sysfs_lpm_stats:{file lnk_file} r_file_perms;
-#allow qdmastatsd sysfs_lpm_stats:dir r_dir_perms;
-
-# access to /sys/class/thermal/thermal_zone%d
-allow qdmastatsd sysfs_thermal:{file lnk_file} r_file_perms;
-allow qdmastatsd sysfs_thermal:dir r_dir_perms;
-
-# access to /sys/power/wake_lock, wake_unlock
-allow qdmastatsd sysfs_wake_lock:file r_file_perms;
-allow qdmastatsd sysfs_wake_lock:dir r_dir_perms;
-
-# access to /proc/stat
-allow qdmastatsd proc_stat:file r_file_perms;
-allow qdmastatsd proc_stat:dir r_dir_perms;
-
-# access to /proc/net/xt_qtaguid/stats
-allow qdmastatsd proc_qtaguid_stat:file r_file_perms;
-
-# access to /proc/<pid>/
-r_dir_file(qdmastatsd, domain);
-
-# qmi
-qmux_socket(qdmastatsd);
-allow qdmastatsd self:{ socket qipcrtr_socket } create_socket_perms;
-allowxperm qdmastatsd self:{ socket qipcrtr_socket } ioctl msm_sock_ipc_ioctls;
-
-#access to qdma_socket
-allow qdmastatsd qdma_socket:dir rw_dir_perms;
-allow qdmastatsd qdma_socket:sock_file create_file_perms;
-
-# access to /persist/hlos_rfs/shared
-allow qdmastatsd mnt_vendor_file:dir r_dir_perms;
-allow qdmastatsd persist_rfs_shared_hlos_file:dir rw_dir_perms;
-allow qdmastatsd persist_rfs_shared_hlos_file:file create_file_perms;
-
-# diag
-userdebug_or_eng(`
-  diag_use(qdmastatsd)
-')
-
-# for logcat
-unix_socket_connect(qdmastatsd, logdr, logd);
-
-# for dmesg
-#read_logd(qdmastatsd);
-
-# allow qdma_prop
-set_prop(qdmastatsd, vendor_qdma_prop);

legacy/vendor/common/seapp_contexts

@@ -35,9 +35,6 @@ user=system seinfo=platform name=com.qualcomm.qti.auth.fidocryptoservice domain=
 # AtFwd app
 user=_app seinfo=platform name=com.qualcomm.telephony domain=vendor_qtelephony type=app_data_file levelFrom=all
 
-#Add new domain for QDMA
-user=system seinfo=platform name=com.qualcomm.qti.qdma domain=qdma_app type=system_app_data_file
-
 # Add time service app
 user=_app seinfo=platform name=com.qualcomm.timeservice domain=timeservice_app type=app_data_file levelFrom=all
 

legacy/vendor/ssg/ssg_app.te

@@ -34,14 +34,13 @@ type ssg_app, domain;
 app_domain(ssg_app)
 net_domain(ssg_app)
 
+hal_client_domain(ssg_app, vendor_qccsyshal);
+
 # Allow access to sockets
 unix_socket_connect(ssg_app, mlid, mlid)
 unix_socket_connect(ssg_app, ssgqmig, ssgqmigd)
 unix_socket_connect(ssg_app, ssgtzd, ssgtzd)
 
-#access to qdma socket
-qdma_file_socket(ssg_app)
-
 allow ssg_app radio_service:service_manager find;
 allow ssg_app surfaceflinger_service:service_manager find;
 allow ssg_app app_api_service:service_manager find;

qva/private/qcc_utils_app.te

@@ -25,7 +25,6 @@
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-type vendor_qcc_utils_app, domain, coredomain;
 app_domain(vendor_qcc_utils_app)
 net_domain(vendor_qcc_utils_app)
 binder_use(vendor_qcc_utils_app)

qva/public/qcc_utils_app.te

@@ -0,0 +1,29 @@
+# Copyright (c) 2017-2020, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_qcc_utils_app, domain, coredomain;
+