Merge 062c4adf81 on remote branch

Change-Id: I28726ad2f01b16c8534c27872d82abb598b80942

generic/vendor/common/port-bridge.te

@@ -1,4 +1,4 @@
-# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018-2019, 2021, The Linux Foundation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are
@@ -52,3 +52,4 @@ allow vendor_port-bridge vendor_port_bridge_data_file:file create_file_perms;
 allow vendor_port-bridge vendor_port_bridge_data_file:dir w_dir_perms;
 allow vendor_port-bridge vendor_port-bridge_socket:dir w_dir_perms;
 allow vendor_port-bridge vendor_port-bridge_socket:sock_file create_file_perms;
+allow vendor_port-bridge self:tipc_socket { read };

generic/vendor/common/system_server.te

@@ -55,4 +55,6 @@ get_prop(system_server, vendor_display_notch_prop)
 # allow system_server to read/acess peripheral manager.
 get_prop(system_server, vendor_per_mgr_state_prop);
 
-hal_client_domain(system_server, vendor_hal_dataconnection_qti)
+hal_client_domain(system_server, vendor_hal_dataconnection_qti)
+
+dontaudit system_server vendor_proc_shs:dir search;

generic/vendor/common/vendor_lowirpcd.te

@@ -29,7 +29,6 @@ type vendor_lowirpcd_service_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(vendor_lowirpcd_service)
 
 allow vendor_lowirpcd_service ion_device:chr_file r_file_perms;
-allow vendor_lowirpcd_service vendor_qdsp_device:chr_file r_file_perms;
 allow vendor_lowirpcd_service vendor_xdsp_device:chr_file r_file_perms;
 
 # For reading adsprpc_prop

generic/vendor/test/file_contexts

@@ -77,8 +77,8 @@
 /(vendor|system/vendor)/bin/test-fake-ap                        u:object_r:vendor_location_exec:s0
 /(vendor|system/vendor)/bin/test-fdal                           u:object_r:vendor_location_exec:s0
 
-#### Context for hang_guard
-/(vendor|system/vendor)/bin/hang_guard        u:object_r:vendor_hang_guard_exec:s0
+#### Context for qguard
+/(vendor|system/vendor)/bin/qguard        u:object_r:vendor_qguard_exec:s0
 
 #For debug script
 /(vendor|system/vendor)/bin/init\.qti\.kernel\.debug\.sh        u:object_r:vendor_qti_init_shell_exec:s0

generic/vendor/test/qguard.te

@@ -25,29 +25,32 @@
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-type vendor_hang_guard, domain, mlstrustedsubject;
-type vendor_hang_guard_exec, exec_type, vendor_file_type, file_type;
+type vendor_qguard, domain, mlstrustedsubject;
+type vendor_qguard_exec, exec_type, vendor_file_type, file_type;
 
-init_daemon_domain(vendor_hang_guard)
+init_daemon_domain(vendor_qguard)
 
 userdebug_or_eng(`
-  allow vendor_hang_guard self:global_capability_class_set kill;
-  allow vendor_hang_guard kmsg_device:chr_file w_file_perms;
-  allow vendor_hang_guard domain:process { signal sigstop sigkill };
+  allow vendor_qguard self:global_capability_class_set kill;
+  allow vendor_qguard kmsg_device:chr_file w_file_perms;
+  allow vendor_qguard domain:process { signal sigstop sigkill };
 
   # sh
-  allow vendor_hang_guard { vendor_shell_exec vendor_toolbox_exec }:file rx_file_perms;
+  allow vendor_qguard { vendor_shell_exec vendor_toolbox_exec }:file rx_file_perms;
 
   # look through /proc
-  allow vendor_hang_guard domain:dir r_dir_perms;
-  allow vendor_hang_guard domain:file r_file_perms;
-  allow vendor_hang_guard domain:lnk_file read;
+  allow vendor_qguard domain:dir r_dir_perms;
+  allow vendor_qguard domain:file r_file_perms;
+  allow vendor_qguard domain:lnk_file read;
+
+  # write into hung_task_enh
+  allow vendor_qguard proc:file { write open };
 
   # write into sysrq
-  allow vendor_hang_guard proc_sysrq:file w_file_perms;
+  allow vendor_qguard proc_sysrq:file w_file_perms;
 
   # reboot
-  set_prop(vendor_hang_guard, powerctl_prop)
+  set_prop(vendor_qguard, powerctl_prop)
 
-  dontaudit vendor_hang_guard default_prop:file read;
+  dontaudit vendor_qguard default_prop:file read;
 ')

legacy/vendor/common/qcomsysd.te

@@ -44,7 +44,7 @@ allow vendor_qcomsysd {
 #Needed to get image info from socinfo
 allow vendor_qcomsysd sysfs_socinfo:file w_file_perms;
 
-allow vendor_qcomsysd self:capability { sys_boot };
+allow vendor_qcomsysd self:capability { sys_boot kill };
 allow vendor_qcomsysd self:qipcrtr_socket create_socket_perms_no_ioctl;
 use_vendor_per_mgr(vendor_qcomsysd);
 #allow qcomsysd access boot mode switch

qva/vendor/bengal/file_contexts

@@ -1,4 +1,4 @@
-# Copyright (c) 2020, The Linux Foundation. All rights reserved.
+# Copyright (c) 2020-2021, The Linux Foundation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are
@@ -167,7 +167,7 @@
 ###################################
 # sysfs files
 #
-/sys/devices/platform/soc/1b40000.qfprom/qfprom0/feat_conf10            u:object_r:vendor_sysfs_qfprom:s0
+/sys/devices/platform/soc/1b40000.qfprom/qfprom0/feat_conf1[0-1]            u:object_r:vendor_sysfs_qfprom:s0
 /sys/devices/platform/soc/4744000.sdhci/mmc_host/mmc0/mmc0:0001/block/mmcblk0/queue/read_ahead_kb u:object_r:vendor_sysfs_mmc_host:s0
 /sys/devices/virtual/bdi/[0-9]+:[0-9]+/read_ahead_kb                                              u:object_r:vendor_sysfs_mmc_host:s0
 
@@ -194,3 +194,6 @@
 
 #Brightness
 /sys/devices/platform/soc/5e00000.qcom,mdss_mdp/backlight(/.*)?  u:object_r:vendor_sysfs_graphics:s0
+
+#Graphics
+/sys/devices/platform/soc/5900000.qcom,kgsl-3d0/kgsl/kgsl-3d0/gpubusy u:object_r:vendor_sysfs_kgsl_gpubusy:s0

qva/vendor/bengal/genfs_contexts

@@ -127,6 +127,12 @@ genfscon sysfs /devices/platform/soc/soc:qcom,cpu-cpu-ddr-bw/devfreq u:object_r:
 genfscon sysfs /devices/platform/soc/c800000.qcom,icnss u:object_r:sysfs_net:s0
 
 #fps sysfs-node
+genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/sde-crtc-0/measured_fps u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/sde-crtc-1/measured_fps u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/sde-crtc-2/measured_fps u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/sde-crtc-0/fps_periodicity_ms u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/sde-crtc-1/fps_periodicity_ms u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/sde-crtc-2/fps_periodicity_ms u:object_r:vendor_sysfs_graphics:s0
 
 #ssr nodes
 genfscon sysfs /devices/platform/soc/5ab0000.qcom,venus/subsys1/name u:object_r:vendor_sysfs_ssr:s0

qva/vendor/bengal/mediatranscoding.te

@@ -0,0 +1,30 @@
+# Copyright (c) 2021, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED"AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#Allow mediatranscoder to access hal_allocator
+hal_client_domain(mediatranscoding, hal_allocator)
+

qva/vendor/common/hal_sensors_default.te

@@ -25,4 +25,5 @@
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
+allow hal_sensors_default vendor_qvrd:fd use;
 allow hal_sensors_default vendor_qvrd_vndr:fd use;

qva/vendor/common/modem_manager.te

@@ -30,4 +30,5 @@ type vendor_modem_manager_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(vendor_modem_manager)
 
 get_prop(vendor_modem_manager, vendor_cnd_vendor_prop)
+crash_dump_fallback(vendor_modem_manager);
 

qva/vendor/common/qcomsysd.te

@@ -42,7 +42,7 @@ r_dir_file(vendor_qcomsysd, vendor_sysfs_soc)
 allow vendor_qcomsysd vendor_sysfs_soc:file w_file_perms;
 allow vendor_qcomsysd self:socket create;
 
-allow vendor_qcomsysd self:capability { sys_boot };
+allow vendor_qcomsysd self:capability { sys_boot kill };
 allow vendor_qcomsysd self:qipcrtr_socket create_socket_perms_no_ioctl;
 use_vendor_per_mgr(vendor_qcomsysd);
 #allow qcomsysd access boot mode switch

qva/vendor/common/qvrd.te

@@ -0,0 +1,98 @@
+# Copyright (c) 2016-2021, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#
+# General
+#
+
+userdebug_or_eng(` allow vendor_qvrd vendor_diag_device:chr_file rw_file_perms');
+
+#
+# Sensors
+#
+
+# Allow access to ADSP & SLPI
+allow vendor_qvrd { ion_device vendor_qdsp_device }:chr_file r_file_perms;
+
+
+#
+# Display
+#
+
+# Allow access to /sys/devices/virtual/graphics/fb* for lineptr interrupts
+allow vendor_qvrd vendor_sysfs_graphics:file rw_file_perms;
+
+#
+# Camera
+#
+
+hal_client_domain(vendor_qvrd, hal_camera);
+
+# Allow access to camera HAL and UVC nodes
+allow vendor_qvrd device:dir r_dir_perms;
+allow vendor_qvrd { gpu_device video_device camera_device sensors_device }:chr_file r_file_perms;
+
+
+#
+# Perfd
+#
+
+hal_client_domain(vendor_qvrd, vendor_hal_perf)
+
+allow vendor_qvrd fwk_sensor_hwservice:hwservice_manager find;
+hal_client_domain(vendor_qvrd, hal_sensors)
+
+# QVRD
+userdebug_or_eng(`
+allow vendor_qvrd debugfs:dir r_dir_perms;
+allow vendor_qvrd vendor_qti_debugfs:dir r_dir_perms;
+allow vendor_qvrd vendor_qti_debugfs:file rw_file_perms;
+')
+
+# Allow access to kgsl sysfs nodes for performance optimization
+r_dir_file(vendor_qvrd, vendor_sysfs_kgsl)
+
+# Allow access to qvr_external_sensor sysfs nodes for external viewers
+allow vendor_qvrd vendor_sysfs_qvr_external_sensor:dir r_dir_perms;
+allow vendor_qvrd vendor_sysfs_qvr_external_sensor:file rw_file_perms;
+
+# Allow access to qvr_external_sensor device nodes for external viewers
+allow vendor_qvrd vendor_qvr_external_sensor_device:chr_file rw_file_perms;
+
+# qvr properties
+get_prop(vendor_qvrd, vendor_qvr_prop)
+get_prop(vendor_qvrd, vendor_sxr_prop)
+get_prop(vendor_qvrd, vendor_qvrd_prop)
+get_prop(vendor_qvrd, vendor_qvr_persist_prop)
+get_prop(vendor_qvrd, vendor_qvrd_persist_prop)
+allow vendor_qvrd video_device:chr_file w_file_perms;
+
+allow vendor_qvrd tombstoned_crash_socket:sock_file write;
+
+#allow qvrd to access hid event
+allow vendor_qvrd vendor_sysfs_usb_node:dir r_dir_perms;
+allow vendor_qvrd vendor_sysfs_usb_node:file r_file_perms;

qva/vendor/common/vppservice.te

@@ -56,7 +56,6 @@ allow vendor_vppservice mnt_vendor_file:dir search;
 allow vendor_vppservice ion_device:chr_file rw_file_perms;
 allow vendor_vppservice video_device:chr_file rw_file_perms;
 allow vendor_vppservice vendor_qdsp_device:chr_file r_file_perms;
-allow vendor_vppservice vendor_xdsp_device:chr_file r_file_perms;
 allow vendor_vppservice gpu_device:chr_file rw_file_perms;
 # allow vppservice to access dsp read_prop
 get_prop(vendor_vppservice, vendor_adsprpc_prop)

qva/vendor/holi/eid_app.te

@@ -0,0 +1,32 @@
+# Copyright (c) 2021, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#    * Redistributions of source code must retain the above copyright
+#      notice, this list of conditions and the following disclaimer.
+#    * Redistributions in binary form must reproduce the above
+#      copyright notice, this list of conditions and the following
+#      disclaimer in the documentation and/or other materials provided
+#      with the distribution.
+#    * Neither the name of The Linux Foundation nor the names of its
+#      contributors may be used to endorse or promote products derived
+#      from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_eid_app, domain;
+app_domain(vendor_eid_app);
+
+hal_client_domain(vendor_eid_app, vendor_hal_eid)
+allow vendor_eid_app app_api_service:service_manager find;

qva/vendor/holi/file_contexts

@@ -27,3 +27,6 @@
 
 #camera
 /sys/firmware/devicetree/base/memory/ddr_device_type                               u:object_r:vendor_sysfs_ddr:s0
+
+#eID
+/(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.eid@1\.0-service             u:object_r:vendor_hal_eid_qti_exec:s0

qva/vendor/holi/hal_eid_qti.te

@@ -0,0 +1,47 @@
+# Copyright (c) 2021 The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_hal_eid_qti, domain;
+hal_server_domain(vendor_hal_eid_qti, vendor_hal_eid)
+
+type vendor_hal_eid_qti_exec, exec_type, file_type, vendor_file_type;
+init_daemon_domain(vendor_hal_eid_qti)
+
+binder_call(vendor_hal_eid_client, vendor_hal_eid_server)
+binder_call(vendor_hal_eid_server, vendor_hal_eid_client)
+
+hal_attribute_hwservice(vendor_hal_eid, vendor_hal_eid_hwservice)
+
+# Allow access to load firmware images
+r_dir_file(vendor_hal_eid_qti, firmware_file)
+
+# Allow access to interract with ion_device
+allow vendor_hal_eid_qti ion_device:chr_file r_file_perms;
+
+get_prop(vendor_hal_eid_qti, vendor_tee_listener_prop)
+
+hal_client_domain(vendor_hal_eid_qti, vendor_hal_qteeconnector)

qva/vendor/holi/hwservice.te

@@ -0,0 +1,28 @@
+# Copyright (c) 2021, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED"AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_hal_eid_hwservice, hwservice_manager_type, protected_hwservice;

qva/vendor/holi/hwservice_contexts

@@ -0,0 +1,28 @@
+# Copyright (c) 2021, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED"AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+vendor.qti.hardware.eid::IEid                                u:object_r:vendor_hal_eid_hwservice:s0

qva/vendor/holi/qseecomd.te

@@ -0,0 +1,28 @@
+# Copyright (c) 2021, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED"AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+hal_client_domain(tee, vendor_hal_eid);

qva/vendor/holi/seapp_contexts

@@ -0,0 +1,29 @@
+# Copyright (c) 2021, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#Add new domain for eid app
+user=_app seinfo=platform name=.eidservices domain=vendor_eid_app type=app_data_file levelFrom=all

qva/vendor/lito/mediatranscoding.te

@@ -0,0 +1,30 @@
+# Copyright (c) 2021, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED"AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#Allow mediatranscoder to access hal_allocator
+hal_client_domain(mediatranscoding, hal_allocator)
+

qva/vendor/trinket/mediatranscoding.te

@@ -0,0 +1,30 @@
+# Copyright (c) 2021, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED"AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#Allow mediatranscoder to access hal_allocator
+hal_client_domain(mediatranscoding, hal_allocator)
+