Merge cf2b4aabd0 on remote branch

Change-Id: I8b1f4573be15fd79fba52fed47eabe97b65aa6fe

qva/vendor/anorak/qvrd_vndr.te

@@ -37,3 +37,6 @@ allow vendor_qvrd_vndr vendor_qvrd_vndr_cam:fd use;
 
 get_prop(vendor_qvrd_vndr, vendor_camera_prop)
 hal_server_domain_bypass(vendor_qvrd_vndr, vendor_hal_qvrcamservice_qti)
+
+# Allow to access heap
+allow vendor_qvrd_vndr vendor_dmabuf_system_heap_device:chr_file r_file_perms;

qva/vendor/anorak/qvrd_vndr_cam.te

@@ -11,6 +11,9 @@ binder_service(vendor_qvrd_vndr_cam)
 hal_server_domain(vendor_qvrd_vndr_cam, vendor_hal_qvrcamservice_qti)
 hal_attribute_service(vendor_hal_qvrcamservice_qti, vendor_hal_qvrd_camservice)
 
+allow vendor_qvrd_vndr_cam vendor_hal_qvrcamservice_qti_socket_client:unix_stream_socket { getopt read setopt shutdown write };
+allow vendor_hal_qvrcamservice_qti_socket_fd_use_client vendor_qvrd_vndr_cam: fd use;
+
 binder_use(vendor_qvrd_vndr_cam);
 
 # Allow access to our socket
@@ -69,3 +72,5 @@ allow vendor_qvrd_vndr_cam video_device:chr_file rw_file_perms;
 
 allow vendor_qvrd_vndr_cam proc_uptime:file r_file_perms;
 crash_dump_fallback(vendor_qvrd_vndr_cam);
+
+allow vendor_qvrd_vndr_cam appdomain:process setsched;

qva/vendor/common/service_contexts

@@ -25,6 +25,10 @@
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
+# Changes from Qualcomm Innovation Center, Inc. are provided under the following license:
+# Copyright (c) 2024 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
 vendor.qti.hardware.qxr.IQXRCoreService/default        u:object_r:vendor_hal_qvrd_service:s0
 vendor.qti.hardware.qxr.IQXRCamService/default         u:object_r:vendor_hal_qvrd_camservice:s0
 vendor.qti.hardware.qxr.IQXRModService/default         u:object_r:vendor_hal_qvrd_service:s0
@@ -33,3 +37,6 @@ vendor.qti.hardware.qxr.IQXRAudioService/default        u:object_r:vendor_hal_sx
 vendor.qti.gnss.ILocAidlGnss/default                   u:object_r:hal_gnss_service:s0
 vendor.qti.hardware.data.connectionfactory.IFactory/slot0 u:object_r:vendor_hal_dataconnection_service:s0
 vendor.qti.hardware.data.connectionfactory.IFactory/slot1 u:object_r:vendor_hal_dataconnection_service:s0
+android.hardware.security.keymint.IKeyMintDevice/strongbox                      u:object_r:hal_keymint_service:s0
+android.hardware.security.sharedsecret.ISharedSecret/strongbox                  u:object_r:hal_sharedsecret_service:s0
+android.hardware.security.keymint.IRemotelyProvisionedComponent/strongbox       u:object_r:hal_keymint_service:s0

qva/vendor/parrot/file_contexts

@@ -25,12 +25,12 @@
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-# Changes from Qualcomm Innovation Center are provided under the following license:
-#
-# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# Changes from Qualcomm Innovation Center, Inc. are provided under the following license:
+# Copyright (c) 2024 Qualcomm Innovation Center, Inc. All rights reserved.
 # SPDX-License-Identifier: BSD-3-Clause-Clear
 
 ###################################
 #Dev nodes
 #
 /dev/st54spi_gpio                     u:object_r:vendor_ese_gpio_device:s0
+/vendor/bin/hw/android\.hardware\.security\.keymint-service-stm\.strongbox    u:object_r:hal_keymint_strongbox_exec:s0

qva/vendor/parrot/hal_keymint_strongbox.te

@@ -0,0 +1,40 @@
+# Copyright (c) 2017, 2021 The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# Changes from Qualcomm Innovation Center, Inc. are provided under the following license:
+# Copyright (c) 2024 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+type hal_keymint_strongbox, domain;
+type hal_keymint_strongbox_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_keymint_strongbox)
+
+hal_server_domain(hal_keymint_strongbox, hal_keymint)
+hal_client_domain(hal_keymint_strongbox, hal_secure_element)
+
+vndbinder_use(hal_keymint_strongbox)
+get_prop(hal_keymint_strongbox, vendor_security_patch_level_prop);