Add 'sepolicy/' from tag 'android-14.0.0_r1'

git-subtree-dir: sepolicy git-subtree-mainline: a61212cb07 git-subtree-split: e215ee0263 Change-Id: I0e9a57b8d151d69586815602262bc425a75dc6d2
2026-02-01 05:38:17 +00:00 · 2023-10-12 16:16:11 +03:00
parent a61212cb07 e215ee0263
commit c26d44d7b5
171 changed files with 3342 additions and 0 deletions
--- a/sepolicy/OWNERS
+++ b/sepolicy/OWNERS
@@ -0,0 +1,3 @@
+include platform/system/sepolicy:/OWNERS
+
+rurumihong@google.com
--- a/sepolicy/gs201-sepolicy.mk
+++ b/sepolicy/gs201-sepolicy.mk
@@ -0,0 +1,23 @@
+# sepolicy that are shared among devices using whitechapel
+BOARD_SEPOLICY_DIRS += device/google/gs201-sepolicy/whitechapel_pro
+
+# unresolved SELinux error log with bug tracking
+BOARD_SEPOLICY_DIRS += device/google/gs201-sepolicy/tracking_denials
+
+PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/gs201-sepolicy/private
+
+# system_ext
+SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += device/google/gs201-sepolicy/system_ext/public
+SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/gs201-sepolicy/system_ext/private
+
+#
+# Pixel-wide
+#
+# Dauntless sepolicy (b/199685763)
+BOARD_SEPOLICY_DIRS += device/google/gs201-sepolicy/dauntless
+
+#   PowerStats HAL
+BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/powerstats
+
+# Health HAL
+BOARD_SEPOLICY_DIRS += device/google/gs201-sepolicy/health
--- a/sepolicy/health/file_contexts
+++ b/sepolicy/health/file_contexts
@@ -0,0 +1 @@
+/vendor/bin/hw/android\.hardware\.health-service\.gs201  u:object_r:hal_health_default_exec:s0
--- a/sepolicy/private/permissioncontroller_app.te
+++ b/sepolicy/private/permissioncontroller_app.te
@@ -0,0 +1,2 @@
+allow permissioncontroller_app proc_vendor_sched:dir r_dir_perms;
+allow permissioncontroller_app proc_vendor_sched:file w_file_perms;
--- a/sepolicy/private/property_contexts
+++ b/sepolicy/private/property_contexts
@@ -0,0 +1,5 @@
+# Boot animation dynamic colors
+persist.bootanim.color1     u:object_r:bootanim_system_prop:s0     exact    int
+persist.bootanim.color2     u:object_r:bootanim_system_prop:s0     exact    int
+persist.bootanim.color3     u:object_r:bootanim_system_prop:s0     exact    int
+persist.bootanim.color4     u:object_r:bootanim_system_prop:s0     exact    int
--- a/sepolicy/private/radio.te
+++ b/sepolicy/private/radio.te
@@ -0,0 +1 @@
+add_service(radio, uce_service)
--- a/sepolicy/private/service_contexts
+++ b/sepolicy/private/service_contexts
@@ -0,0 +1 @@
+telephony.oem.oemrilhook        u:object_r:radio_service:s0
--- a/sepolicy/system_ext/private/platform_app.te
+++ b/sepolicy/system_ext/private/platform_app.te
@@ -0,0 +1,2 @@
+# allow systemui access to fingerprint
+hal_client_domain(platform_app, hal_fingerprint)
--- a/sepolicy/system_ext/private/property_contexts
+++ b/sepolicy/system_ext/private/property_contexts
@@ -0,0 +1,2 @@
+# Fingerprint (UDFPS) GHBM/LHBM toggle
+persist.fingerprint.ghbm    u:object_r:fingerprint_ghbm_prop:s0    exact    bool
--- a/sepolicy/system_ext/public/property.te
+++ b/sepolicy/system_ext/public/property.te
@@ -0,0 +1,2 @@
+# Fingerprint (UDFPS) GHBM/LHBM toggle
+system_vendor_config_prop(fingerprint_ghbm_prop)
--- a/sepolicy/tracking_denials/README.txt
+++ b/sepolicy/tracking_denials/README.txt
@@ -0,0 +1,2 @@
+This folder stores known errors detected by PTS. Be sure to remove relevant
+files to reproduce error log on latest ROMs.
--- a/sepolicy/tracking_denials/bug_map
+++ b/sepolicy/tracking_denials/bug_map
@@ -0,0 +1,30 @@
+cat_engine_service_app system_app_data_file dir b/238705599
+dex2oat privapp_data_file dir b/276386138
+dump_pixel_metrics sysfs file b/268147113
+dumpstate app_zygote process b/237491813
+dumpstate system_data_file dir b/239484651
+hal_camera_default boot_status_prop file b/275001783
+hal_camera_default edgetpu_app_service service_manager b/275001783
+hal_contexthub_default fwk_stats_service service_manager b/241714943
+hal_dumpstate_default dump_thermal process b/268566483
+hal_power_default hal_power_default capability b/237492146
+hal_radioext_default radio_vendor_data_file file b/237093466
+incidentd debugfs_wakeup_sources file b/237492091
+incidentd incidentd anon_inode b/268147092
+init-insmod-sh vendor_ready_prop property_service b/239364360
+kernel vendor_charger_debugfs dir b/238571150
+kernel vendor_usb_debugfs dir b/227121550
+shell adb_keys_file file b/239484612
+shell cache_file lnk_file b/239484612
+shell init_exec lnk_file b/239484612
+shell linkerconfig_file dir b/239484612
+shell metadata_file dir b/239484612
+shell mirror_data_file dir b/239484612
+shell postinstall_mnt_dir dir b/239484612
+shell rootfs file b/239484612
+shell sscoredump_vendor_data_crashinfo_file dir b/241714944
+shell system_dlkm_file dir b/239484612
+su modem_img_file filesystem b/240653918
+system_app proc_pagetypeinfo file b/275645892
+system_server privapp_data_file lnk_file b/276385494
+system_server system_userdir_file dir b/282096141
--- a/sepolicy/tracking_denials/dumpstate.te
+++ b/sepolicy/tracking_denials/dumpstate.te
@@ -0,0 +1,6 @@
+# b/185723618
+dontaudit dumpstate hal_power_stats_vendor_service:service_manager { find };
+# b/237491813
+dontaudit dumpstate app_zygote:process { signal };
+# b/277155245
+dontaudit dumpstate default_android_service:service_manager { find };
--- a/sepolicy/tracking_denials/hal_drm_widevine.te
+++ b/sepolicy/tracking_denials/hal_drm_widevine.te
@@ -0,0 +1,2 @@
+# b/229209076
+dontaudit hal_drm_widevine vndbinder_device:chr_file { read };
--- a/sepolicy/tracking_denials/hal_power_default.te
+++ b/sepolicy/tracking_denials/hal_power_default.te
@@ -0,0 +1,3 @@
+# b/237492146
+dontaudit hal_power_default hal_power_default:capability { dac_override };
+dontaudit hal_power_default hal_power_default:capability { dac_read_search };
--- a/sepolicy/tracking_denials/hal_thermal_default.te
+++ b/sepolicy/tracking_denials/hal_thermal_default.te
@@ -0,0 +1,7 @@
+# b/205904328
+dontaudit hal_thermal_default hal_thermal_default:netlink_generic_socket { bind };
+dontaudit hal_thermal_default hal_thermal_default:netlink_generic_socket { create };
+dontaudit hal_thermal_default hal_thermal_default:netlink_generic_socket { getattr };
+dontaudit hal_thermal_default hal_thermal_default:netlink_generic_socket { read };
+dontaudit hal_thermal_default hal_thermal_default:netlink_generic_socket { setopt };
+dontaudit hal_thermal_default hal_thermal_default:netlink_generic_socket { write };
--- a/sepolicy/tracking_denials/hal_uwb_vendor_default.te
+++ b/sepolicy/tracking_denials/hal_uwb_vendor_default.te
@@ -0,0 +1,3 @@
+# b/208721505
+dontaudit hal_uwb_vendor_default dumpstate:fd { use };
+dontaudit hal_uwb_vendor_default dumpstate:fifo_file { write };
--- a/sepolicy/tracking_denials/hal_vibrator_default.te
+++ b/sepolicy/tracking_denials/hal_vibrator_default.te
@@ -0,0 +1,2 @@
+# b/274727778
+dontaudit hal_vibrator_default default_android_service:service_manager { find };
--- a/sepolicy/tracking_denials/incidentd.te
+++ b/sepolicy/tracking_denials/incidentd.te
@@ -0,0 +1,2 @@
+# b/237492091
+dontaudit incidentd debugfs_wakeup_sources:file { read };
--- a/sepolicy/tracking_denials/kernel.te
+++ b/sepolicy/tracking_denials/kernel.te
@@ -0,0 +1,2 @@
+# b/227121550
+dontaudit kernel vendor_votable_debugfs:dir search;
--- a/sepolicy/tracking_denials/rebalance_interrupts_vendor.te
+++ b/sepolicy/tracking_denials/rebalance_interrupts_vendor.te
@@ -0,0 +1,2 @@
+# b/214472867
+dontaudit rebalance_interrupts_vendor rebalance_interrupts_vendor:capability { dac_override };
--- a/sepolicy/tracking_denials/servicemanager.te
+++ b/sepolicy/tracking_denials/servicemanager.te
@@ -0,0 +1,2 @@
+# b/214122471
+dontaudit servicemanager hal_fingerprint_default:binder { call };
--- a/sepolicy/tracking_denials/surfaceflinger.te
+++ b/sepolicy/tracking_denials/surfaceflinger.te
@@ -0,0 +1,4 @@
+# b/215042694
+dontaudit surfaceflinger kernel:process { setsched };
+# b/208721808
+dontaudit surfaceflinger hal_graphics_composer_default:dir { search };
--- a/sepolicy/tracking_denials/vendor_init.te
+++ b/sepolicy/tracking_denials/vendor_init.te
@@ -0,0 +1,2 @@
+# b/205656950
+dontaudit vendor_init thermal_link_device:file { create };
--- a/sepolicy/tracking_denials/vndservicemanager.te
+++ b/sepolicy/tracking_denials/vndservicemanager.te
@@ -0,0 +1,4 @@
+# b/278639040
+dontaudit vndservicemanager hal_keymint_citadel:binder { call };
+# b/278639040
+dontaudit vndservicemanager hal_keymint_citadel:binder { call };
--- a/sepolicy/whitechapel_pro/attributes
+++ b/sepolicy/whitechapel_pro/attributes
@@ -0,0 +1 @@
+attribute vendor_persist_type;
--- a/sepolicy/whitechapel_pro/audioserver.te
+++ b/sepolicy/whitechapel_pro/audioserver.te
@@ -0,0 +1,3 @@
+# allow access to ALSA MMAP FDs for AAudio API
+allow audioserver audio_device:chr_file r_file_perms;
+allow audioserver audio_service:service_manager find;
--- a/sepolicy/whitechapel_pro/bipchmgr.te
+++ b/sepolicy/whitechapel_pro/bipchmgr.te
@@ -0,0 +1,9 @@
+type bipchmgr, domain;
+type bipchmgr_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(bipchmgr)
+
+get_prop(bipchmgr, hwservicemanager_prop);
+
+allow bipchmgr hal_exynos_rild_hwservice:hwservice_manager find;
+hwbinder_use(bipchmgr)
+binder_call(bipchmgr, rild)
--- a/sepolicy/whitechapel_pro/bluetooth.te
+++ b/sepolicy/whitechapel_pro/bluetooth.te
@@ -0,0 +1,5 @@
+allow bluetooth proc_vendor_sched:dir r_dir_perms;
+allow bluetooth proc_vendor_sched:file w_file_perms;
+
+allow hal_bluetooth_btlinux aoc_device:chr_file { getattr open read write };
+allow hal_bluetooth_btlinux device:dir r_dir_perms;
--- a/sepolicy/whitechapel_pro/bootanim.te
+++ b/sepolicy/whitechapel_pro/bootanim.te
@@ -0,0 +1,5 @@
+# TODO(b/62954877). On Android Wear, bootanim reads the time
+# during boot to display. It currently gets that time from a file
+# in /data/system. This should be moved. In the meantime, suppress
+# this denial on phones since this functionality is not used.
+dontaudit bootanim system_data_file:dir r_dir_perms;
--- a/sepolicy/whitechapel_pro/bootdevice_sysdev.te
+++ b/sepolicy/whitechapel_pro/bootdevice_sysdev.te
@@ -0,0 +1 @@
+allow bootdevice_sysdev sysfs:filesystem associate;
--- a/sepolicy/whitechapel_pro/cat_engine_service_app.te
+++ b/sepolicy/whitechapel_pro/cat_engine_service_app.te
@@ -0,0 +1,8 @@
+type cat_engine_service_app, domain;
+
+userdebug_or_eng(`
+  app_domain(cat_engine_service_app)
+  get_prop(cat_engine_service_app, vendor_rild_prop)
+  allow cat_engine_service_app app_api_service:service_manager find;
+  allow cat_engine_service_app system_app_data_file:dir r_dir_perms;
+')
--- a/sepolicy/whitechapel_pro/cbd.te
+++ b/sepolicy/whitechapel_pro/cbd.te
@@ -0,0 +1,63 @@
+type cbd, domain;
+type cbd_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(cbd)
+
+set_prop(cbd, vendor_modem_prop)
+set_prop(cbd, vendor_cbd_prop)
+set_prop(cbd, vendor_rild_prop)
+
+# Allow cbd to set gid/uid from too to radio
+allow cbd self:capability { setgid setuid };
+
+allow cbd mnt_vendor_file:dir r_dir_perms;
+
+allow cbd kmsg_device:chr_file rw_file_perms;
+
+allow cbd vendor_shell_exec:file execute_no_trans;
+allow cbd vendor_toolbox_exec:file execute_no_trans;
+
+# Allow cbd to access modem block device
+allow cbd block_device:dir search;
+allow cbd modem_block_device:blk_file r_file_perms;
+
+# Allow cbd to access sysfs chosen files
+allow cbd sysfs_chosen:file r_file_perms;
+allow cbd sysfs_chosen:dir r_dir_perms;
+
+allow cbd radio_device:chr_file rw_file_perms;
+
+allow cbd proc_cmdline:file r_file_perms;
+
+allow cbd persist_modem_file:dir create_dir_perms;
+allow cbd persist_modem_file:file create_file_perms;
+allow cbd persist_file:dir search;
+
+allow cbd radio_vendor_data_file:dir create_dir_perms;
+allow cbd radio_vendor_data_file:file create_file_perms;
+
+# Allow cbd to operate with modem EFS file/dir
+allow cbd modem_efs_file:dir create_dir_perms;
+allow cbd modem_efs_file:file create_file_perms;
+
+# Allow cbd to operate with modem userdata file/dir
+allow cbd modem_userdata_file:dir create_dir_perms;
+allow cbd modem_userdata_file:file create_file_perms;
+
+# Allow cbd to access modem image file/dir
+allow cbd modem_img_file:dir r_dir_perms;
+allow cbd modem_img_file:file r_file_perms;
+allow cbd modem_img_file:lnk_file r_file_perms;
+
+# Allow cbd to collect crash info
+allow cbd sscoredump_vendor_data_crashinfo_file:dir create_dir_perms;
+allow cbd sscoredump_vendor_data_crashinfo_file:file create_file_perms;
+
+userdebug_or_eng(`
+  r_dir_file(cbd, vendor_slog_file)
+
+  allow cbd kernel:system syslog_read;
+
+  allow cbd sscoredump_vendor_data_coredump_file:dir create_dir_perms;
+  allow cbd sscoredump_vendor_data_coredump_file:file create_file_perms;
+')
+
--- a/sepolicy/whitechapel_pro/cbrs_setup.te
+++ b/sepolicy/whitechapel_pro/cbrs_setup.te
@@ -0,0 +1,13 @@
+# GoogleCBRS app
+type cbrs_setup_app, domain;
+
+userdebug_or_eng(`
+  app_domain(cbrs_setup_app)
+  net_domain(cbrs_setup_app)
+
+  allow cbrs_setup_app app_api_service:service_manager find;
+  allow cbrs_setup_app cameraserver_service:service_manager find;
+  allow cbrs_setup_app radio_service:service_manager find;
+  set_prop(cbrs_setup_app, radio_prop)
+  set_prop(cbrs_setup_app, vendor_rild_prop)
+')
--- a/sepolicy/whitechapel_pro/cccdk_timesync_app.te
+++ b/sepolicy/whitechapel_pro/cccdk_timesync_app.te
@@ -0,0 +1,10 @@
+type vendor_cccdktimesync_app, domain;
+app_domain(vendor_cccdktimesync_app)
+
+allow vendor_cccdktimesync_app app_api_service:service_manager find;
+
+binder_call(vendor_cccdktimesync_app, hal_bluetooth_btlinux)
+allow vendor_cccdktimesync_app hal_bluetooth_coexistence_hwservice:hwservice_manager find;
+
+# allow the HAL to call our registered callbacks
+binder_call(hal_bluetooth_btlinux, vendor_cccdktimesync_app)
--- a/sepolicy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem
+++ b/sepolicy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIF2zCCA8OgAwIBAgIVAIFP2e+Gh4wn4YFsSI7fRB6AXjIsMA0GCSqGSIb3DQEBCwUAMH4xCzAJ
+BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQw
+EgYDVQQKEwtHb29nbGUgSW5jLjEQMA4GA1UECxMHQW5kcm9pZDEaMBgGA1UEAxMRRXVpY2NTdXBw
+b3J0UGl4ZWwwHhcNMTkwMjI4MTkyMjE4WhcNNDkwMjI4MTkyMjE4WjB+MQswCQYDVQQGEwJVUzET
+MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLR29v
+Z2xlIEluYy4xEDAOBgNVBAsTB0FuZHJvaWQxGjAYBgNVBAMTEUV1aWNjU3VwcG9ydFBpeGVsMIIC
+IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqklePqeltzqnyXVch9eJRXFBRQQIBIJWhcXb
+WIP/kZ28ISnQ2SrZisdxqtvRIeInxb7lU1rRQDfqCFSp/vMZ3l25Ryn6OVLFP4bxV1vO797t7Ef/
+amYA1mFKBsD4KLaIGj0/2RpGesneCOb0jWl2yRgIO2Ez7Y4YgWU/IoickZDLp1u6/7e7E/Qq9OXK
+aXvtBSzooGrYC7eyKn7O21FOfz5cQRo4BipjJqXG5Ez8Vi+m/dL1IFRZheYttEf3v390vBcb0oJ0
+oYPzLxmnb1LchjZC3yLAknRA0hNt8clvJ3tjXFjtzCGKsQsT4rnvvGFFABJTCf3EdEiwBNS5U4ho
+9+EtH7PpuoC+uVv2rLv/Gb7stlGQGx32KmK2CfKED3PdNqoT7WRx6nvVjCk3i7afdUcxQxcS9td
+5r80CB1bQEhS2sWLWB21PJrfMugWUJO5Bwz6u0es8dP+4FAHojIaF6iwB5ZYIuHGcEaOviHm4jOK
+rrGMlLqTwuEhq2aVIP55u7XRV98JLs2hlE5DJOWCIsPxybUDiddFvR+yzi/4FimsxJlEmaQAQcki
+uJ9DceVP03StPzFJSDRlqa4yF6xkZW5piNoANQ4MyI67V2Qf8g/L1UPYAi4hUMxQGo7Clw2hBRag
+ZTm65Xc7+ovBYxl5YaXAmNoJbss34Lw8tdrn4EECAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNV
+HQ4EFgQU+hQdFrOGuCDI+bbebssw9TL5FcYwHwYDVR0jBBgwFoAU+hQdFrOGuCDI+bbebssw9TL5
+FcYwDQYJKoZIhvcNAQELBQADggIBAGmyZHXddei/zUUMowiyi/MTtqXf9hKDEN4zhAXkuiuHxqA9
+Ii0J1Sxz2dd5NkqMmtePKYFSGA884yVm1KAne/uoCWj57IK3jswiRYnKhXa293DxA/K9wY27IGbp
+ulSuuxbpjjV2tqGUuoNQGKX7Oy6s0GcibyZFc+LpD7ttGk5QoLC9qQdpXZgUv/yG2B99ERSXLCaL
+EWMNP/oVZQOCQGfsFM1fPLn3X0ZuCOQg9bljxFf3jTl+H6PIAhpCjKeeUQYLc41eQkCyR/f67aRB
+GvO4YDpXLn9eH23B+26rjPyFiVtMJ/jJZ7UEPeJ3XBj1COS/X7p9gGRS5rtfr9z7XxuMxvG0JU9U
+XA+bMfOOfCqflvw6IyUg+oxjBFIhgiP4fxna51+BqpctvB0OeRwUm6y4nN06AwqtD8SteQrEn0b0
+IDWOKlVeh0lJWrDDEHr55dXSF+CbOPUDmMxmGoulOEOy/qSWIQi8BfvdX+e88CmracNRYVffLuQj
+pRYN3TeiCJd+6/X9/x1Q8VLW7vOAb6uRyE2lOjX40DYBxK3xSq6J7Vp38f6z0vtQm2sAAQ4xqqon
+A9tB5p+nJlYHgSxXOZx3C13Rs/eMmiGCKkSpCTnGCgBC7PfJDdMK6SLw5Gn4oyGoZo4fXbADuHrU
+0JD1T1qdCm3aUSEmFgEA4rOL/0K3
+-----END CERTIFICATE-----
--- a/sepolicy/whitechapel_pro/certs/app.x509.pem
+++ b/sepolicy/whitechapel_pro/certs/app.x509.pem
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEqDCCA5CgAwIBAgIJANWFuGx90071MA0GCSqGSIb3DQEBBAUAMIGUMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4g
+VmlldzEQMA4GA1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UE
+AxMHQW5kcm9pZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTAe
+Fw0wODA0MTUyMzM2NTZaFw0zNTA5MDEyMzM2NTZaMIGUMQswCQYDVQQGEwJVUzET
+MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4G
+A1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9p
+ZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTCCASAwDQYJKoZI
+hvcNAQEBBQADggENADCCAQgCggEBANbOLggKv+IxTdGNs8/TGFy0PTP6DHThvbbR
+24kT9ixcOd9W+EaBPWW+wPPKQmsHxajtWjmQwWfna8mZuSeJS48LIgAZlKkpFeVy
+xW0qMBujb8X8ETrWy550NaFtI6t9+u7hZeTfHwqNvacKhp1RbE6dBRGWynwMVX8X
+W8N1+UjFaq6GCJukT4qmpN2afb8sCjUigq0GuMwYXrFVee74bQgLHWGJwPmvmLHC
+69EH6kWr22ijx4OKXlSIx2xT1AsSHee70w5iDBiK4aph27yH3TxkXy9V89TDdexA
+cKk/cVHYNnDBapcavl7y0RiQ4biu8ymM8Ga/nmzhRKya6G0cGw8CAQOjgfwwgfkw
+HQYDVR0OBBYEFI0cxb6VTEM8YYY6FbBMvAPyT+CyMIHJBgNVHSMEgcEwgb6AFI0c
+xb6VTEM8YYY6FbBMvAPyT+CyoYGapIGXMIGUMQswCQYDVQQGEwJVUzETMBEGA1UE
+CBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4GA1UEChMH
+QW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9pZDEiMCAG
+CSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbYIJANWFuGx90071MAwGA1Ud
+EwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADggEBABnTDPEF+3iSP0wNfdIjIz1AlnrP
+zgAIHVvXxunW7SBrDhEglQZBbKJEk5kT0mtKoOD1JMrSu1xuTKEBahWRbqHsXcla
+XjoBADb0kkjVEJu/Lh5hgYZnOjvlba8Ld7HCKePCVePoTJBdI4fvugnL8TsgK05a
+IskyY0hKI9L8KfqfGTl1lzOv2KoWD0KWwtAWPoGChZxmQ+nBli+gwYMzM1vAkP+a
+ayLe0a1EQimlOalO762r0GXO0ks+UeXde2Z4e+8S/pf7pITEI/tP+MxJTALw9QUW
+Ev9lKTk+jkbqxbsh8nfBUapfKqYn0eidpwq2AzVp3juYl7//fKnaPhJD9gs=
+-----END CERTIFICATE-----
--- a/sepolicy/whitechapel_pro/certs/camera_eng.x509.pem
+++ b/sepolicy/whitechapel_pro/certs/camera_eng.x509.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICpzCCAmWgAwIBAgIEUAV8QjALBgcqhkjOOAQDBQAwNzELMAkGA1UEBhMCVVMx
+EDAOBgNVBAoTB0FuZHJvaWQxFjAUBgNVBAMTDUFuZHJvaWQgRGVidWcwHhcNMTIw
+NzE3MTQ1MjUwWhcNMjIwNzE1MTQ1MjUwWjA3MQswCQYDVQQGEwJVUzEQMA4GA1UE
+ChMHQW5kcm9pZDEWMBQGA1UEAxMNQW5kcm9pZCBEZWJ1ZzCCAbcwggEsBgcqhkjO
+OAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR
+1k9jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb
+DtX58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdg
+UI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlX
+TAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCj
+rh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQB
+TDv+z0kqA4GEAAKBgGrRG9fVZtJ69DnALkForP1FtL6FvJmMe5uOHHdUaT+MDUKK
+pPzhEISBOEJPpozRMFJO7/bxNzhjgi+mNymL/k1GoLhmZe7wQRc5AQNbHIBqoxgY
+DTA6qMyeWSPgam+r+nVoPEU7sgd3fPL958+xmxQwOBSqHfe0PVsiK1cGtIuUMAsG
+ByqGSM44BAMFAAMvADAsAhQJ0tGwRwIptb7SkCZh0RLycMXmHQIUZ1ACBqeAULp4
+rscXTxYEf4Tqovc=
+-----END CERTIFICATE-----
--- a/sepolicy/whitechapel_pro/certs/camera_fishfood.x509.pem
+++ b/sepolicy/whitechapel_pro/certs/camera_fishfood.x509.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICUjCCAbsCBEk0mH4wDQYJKoZIhvcNAQEEBQAwcDELMAkGA1UEBhMCVVMxCzAJ
+BgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtHb29n
+bGUsIEluYzEUMBIGA1UECxMLR29vZ2xlLCBJbmMxEDAOBgNVBAMTB1Vua25vd24w
+HhcNMDgxMjAyMDIwNzU4WhcNMzYwNDE5MDIwNzU4WjBwMQswCQYDVQQGEwJVUzEL
+MAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC0dv
+b2dsZSwgSW5jMRQwEgYDVQQLEwtHb29nbGUsIEluYzEQMA4GA1UEAxMHVW5rbm93
+bjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAn0gDGZD5sUcmOE4EU9GPjAu/
+jcd7JQSksSB8TGxEurwArcZhD6a2qy2oDjPy7vFrJqP2uFua+sqQn/u+s/TJT36B
+IqeY4OunXO090in6c2X0FRZBWqnBYX3Vg84Zuuigu9iF/BeptL0mQIBRIarbk3fe
+tAATOBQYiC7FIoL8WA0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQBAhmae1jHaQ4Td
+0GHSJuBzuYzEuZ34teS+njy+l1Aeg98cb6lZwM5gXE/SrG0chM7eIEdsurGb6PIg
+Ov93F61lLY/MiQcI0SFtqERXWSZJ4OnTxLtM9Y2hnbHU/EG8uVhPZOZfQQ0FKf1b
+aIOMFB0Km9HbEZHLKg33kOoMsS2zpA==
+-----END CERTIFICATE-----
--- a/sepolicy/whitechapel_pro/certs/com_google_mds.x509.pem
+++ b/sepolicy/whitechapel_pro/certs/com_google_mds.x509.pem
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIF1TCCA72gAwIBAgIVAPZ4KZV2jpxRBCoVAidCu62l3cDqMA0GCSqGSIb3DQEBCwUAMHsxCzAJ
+BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQw
+EgYDVQQKEwtHb29nbGUgSW5jLjEQMA4GA1UECxMHQW5kcm9pZDEXMBUGA1UEAwwOY29tX2dvb2ds
+ZV9tZHMwHhcNMTkwNDIyMTQ1NzA1WhcNNDkwNDIyMTQ1NzA1WjB7MQswCQYDVQQGEwJVUzETMBEG
+A1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLR29vZ2xl
+IEluYy4xEDAOBgNVBAsTB0FuZHJvaWQxFzAVBgNVBAMMDmNvbV9nb29nbGVfbWRzMIICIjANBgkq
+hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqgNC0hhI3NzaPUllJfe01hCTuEpl35D02+DKJ5prPFxv
+6KGTk6skjZOwV87Zf2pyj/cbnv28ioDjwvqMBe4ntFdKtH9gl2tTAVl69HMKXF4Iny/wnrt2mxzh
+WxFUd5PuW+mWug+UQw/NGUuaf5d/yys/RrchHKM1+zBV6aOzH6BXiwDoOF2i43d5GlNQ/tFuMySW
+LJftJN0QULFelxNDFFJZhw2P3c4opxjmF2yCoIiDfBEIhTZFKUbHX6YDLXmtUpXl35q+cxK4TCxP
+URyzwdfiyheF3TTxagfzhvXNg/ifrY67S4qCGfzoEMPxrTz02gS0u3D6r/2+hl9vAJChLKDNdIs6
+TqIw+YnABrELiZLLFnaABnjQ7xC3xv1s3W6dWxaxnoVMtC1YvdgwhC5gSpJ4A+AGcCLv96hoeB1I
+IoGV9Yt0Z97MFpXeHFpAxFZ1F9feBqwOCDbu50dmdKZvqGHZ4Ts3uy7ukDQ08dquHpT+NmqkmmW5
+GGhkuyZS3HHpU/QeVsZiyJCJBbDe5lz6NGXK56ruuF9ILeGHtldjQm40oYRc01ESScyVjSU0kpMO
+C7hn1B7rKAm8xxG7eH04ieQrNnbbee7atOO4C3157W5CqujfLMeo6OCRVtcYkYIuSi8hIPNySu/q
+OaEtEP4owVNZR0H6mCHy5pANsyBofMkCAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQU
+gk8pmLx8yP3RILwR5am1G10PBEowHwYDVR0jBBgwFoAUgk8pmLx8yP3RILwR5am1G10PBEowDQYJ
+KoZIhvcNAQELBQADggIBAC9iQ1huo6CzjcsB1IIw3WYPYVfHtvG7fiB49QO6cjth8fxM36YOxnMz
+K9Zh89cnFx7BeXG4MdbR3lAWO+wTbEpM/5azAQfqHB/ZEEAo1THtqS58C1bTwJ5zxkA+wL/x1ucT
+EV0QZtPHC1K5nIV5FuICiJjui5FHfj2HYu2A5a5729rdZ7sL8Vgx6TUFKpEPs5iCrlx5X/E+/wJa
+DM5iIjVvrGJJq0VWHHeDJEE+Sw1CDxWYRzvu1WvCvhk149hf4LlfrR0A5t8QJRGx0WwF10DLGgJx
+7epMBpzhMIXc529FTIx4Rx2PcufjTZC9EN7PkLgVfYahWEkt/YIfV/0F6U6viLxdNC5O0pimSV57
+vT6HIthX1OC34eZca0cPqH1kOuhRDKOhbP4yIgdYX6knpvw8aXsYcyTfAmDyrt0EWffeBPedaxMo
+xfijdlsBQUymviUQ8qBbfl1Ew9VoC+VEsiobK7Ubog0IK+82LQ7FOLMoNYnhk5wJ63i1kVvBVAgH
+64PMME2KG//BwYFfKK6jUXibabyNke72+1Jr0xpw1BHJPxNJ8Q8yCBLF0wmXmFJSM+9lSDd10Bni
+FJeMFMQ0T1Sf8GUSIxYYbMK5pDguRs+JOYkUID02ylJ3L6GAnxXCjGWzpdxw29/WWJc+qsYFEIbP
+kKzTUNQHaaLHmcLK22Ht
+-----END CERTIFICATE-----
--- a/sepolicy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem
+++ b/sepolicy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIF1TCCA72gAwIBAgIVALSpAFqvtr1ntTS7YgB0Y5R6WqEtMA0GCSqGSIb3DQEBCwUAMHoxCzAJ
+BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQw
+EgYDVQQKEwtHb29nbGUgSW5jLjEQMA4GA1UECxMHQW5kcm9pZDEWMBQGA1UEAwwNY29tX3FvcnZv
+X3V3YjAgFw0yMTA1MDQwNTAyMDlaGA8yMDUxMDUwNDA1MDIwOVowejELMAkGA1UEBhMCVVMxEzAR
+BgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC0dvb2ds
+ZSBJbmMuMRAwDgYDVQQLEwdBbmRyb2lkMRYwFAYDVQQDDA1jb21fcW9ydm9fdXdiMIICIjANBgkq
+hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyoe1/UDAyMZd5iWqaKPDKN0cCESsWBTTkuLFpzMfcTEa
+IyMORaIYriuAxvWhNzidPQvvRPyw0XQbl7GZLjXLF004G5xPTXFHIdtWv/scuC53INqTerppcHeW
+fP4hfJPbZMQNcDB9EHa2bhA0wPdfoJD4cz8T7sgQcbRirdR8KoiOVWYe5UTSdk0df2IbiMZav2DJ
+KhFql323emi4QHoDeUMAYy35mTh5vhfJ8NrCRAUwMh0zlw6LwZw/Dr8AbzDXl4Mo6Ij2pTn3/1zW
+BPNkJonvONiMvuUUDl6LnP/41qhxYSg9RBp3wBJLknmfD/hEaXxTSLdkJyF43t61sU12mDQbLu4s
+ZoiQKeKMJ0VpC56gUzkpnx3pzusq+/bAlTXf8Tfqrm7nizwR/69kntNYp8iaUJnvQQzlChc2lg2X
+QNzf6zShPptpPqJIgmWawH6DL8JPHgkpguWyz47dWHCLnTfp8miEZPrQkPKL13SCMYCwxmlNYNWG
+gUFPX5UJfnNVH4y2gPpXssROyKQKp/ArZkWb2zURrC1RUvNFADvvFt+hb2iXXVnfVeEtKAkSdhOj
+RHwXhc/EtraSMMYUeO/uhUiPmPFR0FVLxCIm6i91/xqgWhKgRN0uatornO3lSNgzk4c7b0JCncEn
+iArWJ516/nqWIvEdYjcqIBDAdSx8S1sCAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQU
+EGKtCMO6w0UKLbAmd/laZERZZrkwHwYDVR0jBBgwFoAUEGKtCMO6w0UKLbAmd/laZERZZrkwDQYJ
+KoZIhvcNAQELBQADggIBAIRowmuGiFeZdyDsbYi0iYISNW2HID4uLM3Pp8CEx5swlntJu1Z19R9t
+fzzY9lvcMgdbdVJYnGrHzUGUCVqbhfDH7GxP9ybg1QUqYxi6AvZU3wrRqjoUoDw7HlecNBXFZI6z
+0f2J3XSzST3kq5lCuUaEKGHkU8jVgwqVGMcz1foLGzBXQhMgIKl966c5DWoXsLToBCXrNgDokkHe
+cj9tI1ufsWrSxl5/AT0/DMjHkcBmZk78RiTcGJtSZU8YwqNIQa+U2hpDE34iy2LC6YEqMKggjCm0
+6nOBbIH0EXnrr0iBX3YJmDM8O4a9eDpI7FSjabPx9YvfQne08pNwYkExOMafibyAwt7Du0cpxNkg
+NE3xeDZ+TVr+4I10HF1gKpJ+rQsBOIYVTWLKATO4TMQxLNLY9oy2gt12PcsCdkOIThX4bAHXq1eY
+ulAxoA7Hba2xq/wnh2JH5VZIjz3yZBJXX/GyFeHkqv7wFRVrx4DjZC1s5uTdqDh6y8pfM49w9/Zp
+BKtz5B+37bC9FmM+ux39MElqx+kbsITzBDtDWa2Q8onWQR0R4WHI43n1mJSvW4cdR6Xf/a1msPXh
+NHc3XCJYq4WvlMuXWEGVka20LPJXIjiuU3sB088YpjAG1+roSn//CL8N9iDWHCRXy+UKElIbhWLz
+lHV8gmlwBAuAx9ITcTJr
+-----END CERTIFICATE-----
--- a/sepolicy/whitechapel_pro/charger_vendor.te
+++ b/sepolicy/whitechapel_pro/charger_vendor.te
@@ -0,0 +1,10 @@
+allow charger_vendor mnt_vendor_file:dir search;
+allow charger_vendor sysfs_batteryinfo:file w_file_perms;
+allow charger_vendor persist_file:dir search;
+allow charger_vendor persist_battery_file:dir search;
+allow charger_vendor persist_battery_file:file rw_file_perms;
+allow charger_vendor sysfs_scsi_devices_0000:file r_file_perms;
+allow charger_vendor sysfs_thermal:file w_file_perms;
+allow charger_vendor sysfs_thermal:lnk_file read;
+allow charger_vendor thermal_link_device:dir search;
+set_prop(charger_vendor, vendor_battery_defender_prop)
--- a/sepolicy/whitechapel_pro/chre.te
+++ b/sepolicy/whitechapel_pro/chre.te
@@ -0,0 +1,31 @@
+type chre, domain;
+type chre_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(chre)
+
+# Permit communication with AoC
+allow chre aoc_device:chr_file rw_file_perms;
+
+# Allow CHRE to determine AoC's current clock
+allow chre sysfs_aoc:dir search;
+allow chre sysfs_aoc_boottime:file r_file_perms;
+
+# Allow CHRE to create thread to watch AOC's device
+allow chre device:dir r_dir_perms;
+
+# Allow CHRE to use the USF low latency transport
+usf_low_latency_transport(chre)
+
+# Allow CHRE to talk to the WiFi HAL
+allow chre hal_wifi_ext:binder { call transfer };
+allow chre hal_wifi_ext_hwservice:hwservice_manager find;
+allow chre hal_wifi_ext_service:service_manager find;
+
+# Allow CHRE host to talk to stats service
+allow chre fwk_stats_service:service_manager find;
+binder_call(chre, stats_service_server)
+
+# Allow CHRE to use WakeLock
+wakelock_use(chre)
+
+# Allow CHRE to block suspend, which is required to use EPOLLWAKEUP.
+allow chre self:global_capability2_class_set block_suspend;
--- a/sepolicy/whitechapel_pro/con_monitor.te
+++ b/sepolicy/whitechapel_pro/con_monitor.te
@@ -0,0 +1,10 @@
+# ConnectivityMonitor app
+type con_monitor_app, domain, coredomain;
+
+app_domain(con_monitor_app)
+
+set_prop(con_monitor_app, radio_prop)
+allow con_monitor_app app_api_service:service_manager find;
+allow con_monitor_app radio_service:service_manager find;
+allow con_monitor_app radio_vendor_data_file:dir rw_dir_perms;
+allow con_monitor_app radio_vendor_data_file:file create_file_perms;
--- a/sepolicy/whitechapel_pro/convert-to-ext4-sh.te
+++ b/sepolicy/whitechapel_pro/convert-to-ext4-sh.te
@@ -0,0 +1,34 @@
+type convert-to-ext4-sh, domain, coredomain;
+type convert-to-ext4-sh_exec, system_file_type, exec_type, file_type;
+
+userdebug_or_eng(`
+  permissive convert-to-ext4-sh;
+
+  init_daemon_domain(convert-to-ext4-sh)
+
+  allow convert-to-ext4-sh block_device:dir search;
+  allow convert-to-ext4-sh e2fs_exec:file rx_file_perms;
+  allow convert-to-ext4-sh efs_block_device:blk_file rw_file_perms;
+  allow convert-to-ext4-sh kernel:process setsched;
+  allow convert-to-ext4-sh kmsg_device:chr_file rw_file_perms;
+  allow convert-to-ext4-sh persist_block_device:blk_file { getattr ioctl open read write };
+  allow convert-to-ext4-sh shell_exec:file rx_file_perms;
+  allow convert-to-ext4-sh sysfs_fs_ext4_features:dir { read search };
+  allow convert-to-ext4-sh sysfs_fs_ext4_features:file read;
+  allow convert-to-ext4-sh tmpfs:dir { add_name create mounton open };
+  allow convert-to-ext4-sh tmpfs:dir { remove_name rmdir rw_file_perms setattr };
+  allow convert-to-ext4-sh tmpfs:file { create rw_file_perms unlink };
+  allow convert-to-ext4-sh toolbox_exec:file rx_file_perms;
+  allow convert-to-ext4-sh vendor_persist_type:dir { rw_file_perms search };
+  allow convert-to-ext4-sh vendor_persist_type:file rw_file_perms;
+
+  allowxperm convert-to-ext4-sh { efs_block_device persist_block_device}:blk_file ioctl {
+    BLKDISCARD BLKPBSZGET BLKDISCARDZEROES BLKROGET LOOP_CLR_FD
+  };
+
+  dontaudit convert-to-ext4-sh labeledfs:filesystem  { mount unmount };
+  dontaudit convert-to-ext4-sh self:capability { chown fowner fsetid dac_read_search sys_admin sys_rawio };
+  dontaudit convert-to-ext4-sh unlabeled:dir { add_name create mounton open rw_file_perms search setattr };
+  dontaudit convert-to-ext4-sh unlabeled:file { create rw_file_perms setattr };
+  dontaudit convert-to-ext4-sh convert-to-ext4-sh:capability { dac_override };
+')
--- a/sepolicy/whitechapel_pro/debug_camera_app.te
+++ b/sepolicy/whitechapel_pro/debug_camera_app.te
@@ -0,0 +1,27 @@
+type debug_camera_app, domain, coredomain;
+
+userdebug_or_eng(`
+	app_domain(debug_camera_app)
+	net_domain(debug_camera_app)
+
+	allow debug_camera_app app_api_service:service_manager find;
+	allow debug_camera_app audioserver_service:service_manager find;
+	allow debug_camera_app cameraserver_service:service_manager find;
+	allow debug_camera_app mediaextractor_service:service_manager find;
+	allow debug_camera_app mediametrics_service:service_manager find;
+	allow debug_camera_app mediaserver_service:service_manager find;
+
+	# Allows camera app to access the GXP device.
+	allow debug_camera_app gxp_device:chr_file rw_file_perms;
+
+	# Allows camera app to search for GXP firmware file.
+	allow debug_camera_app vendor_fw_file:dir search;
+
+	# Allows camera app to access the PowerHAL.
+	hal_client_domain(debug_camera_app, hal_power)
+')
+userdebug_or_eng(`
+	# Allows GCA-Eng to find and access the EdgeTPU.
+	allow debug_camera_app edgetpu_app_service:service_manager find;
+	allow debug_camera_app edgetpu_device:chr_file { getattr read write ioctl map };
+')
--- a/sepolicy/whitechapel_pro/device.te
+++ b/sepolicy/whitechapel_pro/device.te
@@ -0,0 +1,30 @@
+type sda_block_device, dev_type;
+type devinfo_block_device, dev_type;
+type modem_block_device, dev_type;
+type custom_ab_block_device, dev_type;
+type persist_block_device, dev_type;
+type efs_block_device, dev_type;
+type modem_userdata_block_device, dev_type;
+type mfg_data_block_device, dev_type;
+type sg_device, dev_type;
+type vendor_toe_device, dev_type;
+type lwis_device, dev_type;
+type logbuffer_device, dev_type;
+type rls_device, dev_type;
+type fingerprint_device, dev_type;
+type gxp_device, dev_type, mlstrustedobject;
+type sensor_direct_heap_device, dmabuf_heap_device_type, dev_type;
+type faceauth_heap_device, dmabuf_heap_device_type, dev_type;
+type vframe_heap_device, dmabuf_heap_device_type, dev_type;
+type vscaler_heap_device, dmabuf_heap_device_type, dev_type;
+type radio_test_device, dev_type;
+type vendor_gnss_device, dev_type;
+type fips_block_device, dev_type;
+
+# SecureElement SPI device
+type st54spi_device, dev_type;
+type st33spi_device, dev_type;
+
+# Raw HID device
+type hidraw_device, dev_type;
+
--- a/sepolicy/whitechapel_pro/disable-contaminant-detection-sh.te
+++ b/sepolicy/whitechapel_pro/disable-contaminant-detection-sh.te
@@ -0,0 +1,7 @@
+type disable-contaminant-detection-sh, domain;
+type disable-contaminant-detection-sh_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(disable-contaminant-detection-sh)
+
+allow disable-contaminant-detection-sh vendor_toolbox_exec:file execute_no_trans;
+allow disable-contaminant-detection-sh sysfs_batteryinfo:dir r_dir_perms;
+allow disable-contaminant-detection-sh sysfs_batteryinfo:file rw_file_perms;
--- a/sepolicy/whitechapel_pro/dmd.te
+++ b/sepolicy/whitechapel_pro/dmd.te
@@ -0,0 +1,32 @@
+type dmd, domain;
+type dmd_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(dmd)
+
+# Grant to access serial device for external logging tool
+allow dmd serial_device:chr_file rw_file_perms;
+
+# Grant to access radio device
+allow dmd radio_device:chr_file rw_file_perms;
+
+# Grant to access slog dir/file
+allow dmd vendor_slog_file:dir create_dir_perms;
+allow dmd vendor_slog_file:file create_file_perms;
+
+# Grant to access tcp socket
+allow dmd node:tcp_socket node_bind;
+allow dmd self:tcp_socket { create_socket_perms_no_ioctl listen accept bind };
+
+# Grant to access log related properties
+set_prop(dmd, vendor_diag_prop)
+set_prop(dmd, vendor_slog_prop)
+set_prop(dmd, vendor_modem_prop)
+get_prop(dmd, vendor_persist_config_default_prop)
+
+# Grant to access hwservice manager
+get_prop(dmd, hwservicemanager_prop)
+allow dmd hidl_base_hwservice:hwservice_manager add;
+allow dmd hal_vendor_oem_hwservice:hwservice_manager { add find };
+binder_call(dmd, hwservicemanager)
+binder_call(dmd, modem_diagnostic_app)
+binder_call(dmd, modem_logging_control)
+binder_call(dmd, vendor_telephony_silentlogging_app)
--- a/sepolicy/whitechapel_pro/domain.te
+++ b/sepolicy/whitechapel_pro/domain.te
@@ -0,0 +1,6 @@
+allow {domain -appdomain -rs} proc_vendor_sched:dir r_dir_perms;
+allow {domain -appdomain -rs} proc_vendor_sched:file w_file_perms;
+
+# Mali
+get_prop(domain, vendor_arm_runtime_option_prop)
+
--- a/sepolicy/whitechapel_pro/dump_power_gs201.te
+++ b/sepolicy/whitechapel_pro/dump_power_gs201.te
@@ -0,0 +1,30 @@
+
+pixel_bugreport(dump_power_gs201)
+allow dump_power_gs201 sysfs_acpm_stats:dir r_dir_perms;
+allow dump_power_gs201 sysfs_acpm_stats:file r_file_perms;
+allow dump_power_gs201 sysfs_cpu:file r_file_perms;
+allow dump_power_gs201 vendor_toolbox_exec:file execute_no_trans;
+allow dump_power_gs201 logbuffer_device:chr_file r_file_perms;
+allow dump_power_gs201 mitigation_vendor_data_file:dir r_dir_perms;
+allow dump_power_gs201 sysfs:dir r_dir_perms;
+allow dump_power_gs201 sysfs_batteryinfo:dir r_dir_perms;
+allow dump_power_gs201 sysfs_batteryinfo:file r_file_perms;
+allow dump_power_gs201 sysfs_bcl:dir r_dir_perms;
+allow dump_power_gs201 sysfs_bcl:file r_file_perms;
+allow dump_power_gs201 sysfs_wlc:dir r_dir_perms;
+allow dump_power_gs201 sysfs_wlc:file r_file_perms;
+allow dump_power_gs201 battery_history_device:chr_file r_file_perms;
+allow dump_power_gs201 mitigation_vendor_data_file:file r_file_perms;
+
+userdebug_or_eng(`
+  allow dump_power_gs201 debugfs:dir r_dir_perms;
+  allow dump_power_gs201 vendor_battery_debugfs:dir r_dir_perms;
+  allow dump_power_gs201 vendor_battery_debugfs:file r_file_perms;
+  allow dump_power_gs201 vendor_charger_debugfs:dir r_dir_perms;
+  allow dump_power_gs201 vendor_charger_debugfs:file r_file_perms;
+  allow dump_power_gs201 vendor_pm_genpd_debugfs:file r_file_perms;
+  allow dump_power_gs201 vendor_maxfg_debugfs:dir r_dir_perms;
+  allow dump_power_gs201 vendor_maxfg_debugfs:file r_file_perms;
+  allow dump_power_gs201 vendor_votable_debugfs:dir r_dir_perms;
+  allow dump_power_gs201 vendor_votable_debugfs:file r_file_perms;
+')
--- a/sepolicy/whitechapel_pro/dumpstate.te
+++ b/sepolicy/whitechapel_pro/dumpstate.te
@@ -0,0 +1,16 @@
+dump_hal(hal_health)
+dump_hal(hal_graphics_composer)
+dump_hal(hal_telephony)
+dump_hal(hal_uwb_vendor)
+
+userdebug_or_eng(`
+  allow dumpstate media_rw_data_file:file append;
+')
+
+allow dumpstate sysfs_scsi_devices_0000:file r_file_perms;
+allow dumpstate persist_file:dir r_dir_perms;
+allow dumpstate modem_efs_file:dir r_dir_perms;
+allow dumpstate modem_userdata_file:dir r_dir_perms;
+allow dumpstate modem_img_file:dir r_dir_perms;
+allow dumpstate fuse:dir search;
+
--- a/sepolicy/whitechapel_pro/e2fs.te
+++ b/sepolicy/whitechapel_pro/e2fs.te
@@ -0,0 +1,8 @@
+allow e2fs persist_block_device:blk_file rw_file_perms;
+allow e2fs efs_block_device:blk_file rw_file_perms;
+allow e2fs modem_userdata_block_device:blk_file rw_file_perms;
+allowxperm e2fs { persist_block_device efs_block_device modem_userdata_block_device }:blk_file ioctl {
+  BLKSECDISCARD BLKDISCARD BLKPBSZGET BLKDISCARDZEROES BLKROGET
+};
+allow e2fs sysfs_scsi_devices_0000:dir r_dir_perms;
+allow e2fs sysfs_scsi_devices_0000:file r_file_perms;
--- a/sepolicy/whitechapel_pro/euiccpixel_app.te
+++ b/sepolicy/whitechapel_pro/euiccpixel_app.te
@@ -0,0 +1,26 @@
+# EuiccSupportPixel app
+
+type euiccpixel_app, domain;
+app_domain(euiccpixel_app)
+
+allow euiccpixel_app app_api_service:service_manager find;
+allow euiccpixel_app radio_service:service_manager find;
+allow euiccpixel_app nfc_service:service_manager find;
+allow euiccpixel_app sysfs_st33spi:dir search;
+allow euiccpixel_app sysfs_st33spi:file rw_file_perms;
+
+set_prop(euiccpixel_app, vendor_secure_element_prop)
+set_prop(euiccpixel_app, vendor_modem_prop)
+get_prop(euiccpixel_app, dck_prop)
+
+userdebug_or_eng(`
+    net_domain(euiccpixel_app)
+
+    # Access to directly upgrade firmware on st54spi_device used for engineering devices
+    typeattribute st54spi_device mlstrustedobject;
+    allow euiccpixel_app st54spi_device:chr_file rw_file_perms;
+    # Access to directly upgrade firmware on st33spi_device used for engineering devices
+    typeattribute st33spi_device mlstrustedobject;
+    allow euiccpixel_app st33spi_device:chr_file rw_file_perms;
+')
+
--- a/sepolicy/whitechapel_pro/fastbootd.te
+++ b/sepolicy/whitechapel_pro/fastbootd.te
@@ -0,0 +1,7 @@
+# Required by the bootcontrol HAL for the 'set_active' command.
+recovery_only(`
+allow fastbootd devinfo_block_device:blk_file rw_file_perms;
+allow fastbootd sda_block_device:blk_file rw_file_perms;
+allow fastbootd sysfs_ota:file rw_file_perms;
+allow fastbootd st54spi_device:chr_file rw_file_perms;
+')
--- a/sepolicy/whitechapel_pro/file.te
+++ b/sepolicy/whitechapel_pro/file.te
@@ -0,0 +1,101 @@
+# Data
+type rild_vendor_data_file, file_type, data_file_type;
+type vendor_log_file, file_type, data_file_type;
+type vendor_rfsd_log_file, file_type, data_file_type;
+type modem_stat_data_file, file_type, data_file_type;
+type vendor_slog_file, file_type, data_file_type;
+type updated_wifi_firmware_data_file, file_type, data_file_type;
+type vendor_media_data_file, file_type, data_file_type;
+type vendor_misc_data_file, file_type, data_file_type;
+type sensor_debug_data_file, file_type, data_file_type;
+type sensor_reg_data_file, file_type, data_file_type;
+type per_boot_file, file_type, data_file_type, core_data_file_type;
+type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type;
+type uwb_data_vendor, file_type, data_file_type;
+type powerstats_vendor_data_file, file_type, data_file_type;
+type vendor_gps_file, file_type, data_file_type;
+userdebug_or_eng(`
+  typeattribute vendor_gps_file mlstrustedobject;
+  typeattribute vendor_slog_file mlstrustedobject;
+')
+
+# Exynos Firmware
+type vendor_fw_file, vendor_file_type, file_type;
+
+# Trusty
+type sysfs_trusty, sysfs_type, fs_type;
+
+# EM Profile
+type sysfs_em_profile, sysfs_type, fs_type;
+
+# sysfs
+type sysfs_chosen, sysfs_type, fs_type;
+type sysfs_ota, sysfs_type, fs_type;
+type bootdevice_sysdev, dev_type;
+type sysfs_fabric, sysfs_type, fs_type;
+type sysfs_acpm_stats, sysfs_type, fs_type;
+type sysfs_wifi, sysfs_type, fs_type;
+type sysfs_exynos_pcie_stats, sysfs_type, fs_type;
+type sysfs_bcmdhd, sysfs_type, fs_type;
+type sysfs_chargelevel, sysfs_type, fs_type;
+type sysfs_mfc, sysfs_type, fs_type;
+type sysfs_camera, sysfs_type, fs_type;
+type sysfs_write_leds, sysfs_type, fs_type;
+type sysfs_pca, sysfs_type, fs_type;
+type sysfs_ptracker, sysfs_type, fs_type;
+# debugfs
+type vendor_maxfg_debugfs, fs_type, debugfs_type;
+type vendor_pm_genpd_debugfs, fs_type, debugfs_type;
+type vendor_regmap_debugfs, fs_type, debugfs_type;
+type vendor_usb_debugfs, fs_type, debugfs_type;
+type vendor_charger_debugfs, fs_type, debugfs_type;
+type vendor_votable_debugfs, fs_type, debugfs_type;
+type vendor_battery_debugfs, fs_type, debugfs_type;
+
+# vendor extra images
+type modem_img_file, contextmount_type, file_type, vendor_file_type;
+allow modem_img_file self:filesystem associate;
+
+# persist
+type persist_battery_file, file_type, vendor_persist_type;
+type persist_camera_file, file_type, vendor_persist_type;
+type persist_modem_file, file_type, vendor_persist_type;
+type persist_sensor_reg_file, file_type, vendor_persist_type;
+type persist_ss_file, file_type, vendor_persist_type;
+type persist_uwb_file, file_type, vendor_persist_type;
+type persist_display_file, file_type, vendor_persist_type;
+
+# CHRE
+type chre_socket, file_type;
+
+# Storage Health HAL
+type proc_f2fs, proc_type, fs_type;
+
+# Vendor tools
+type vendor_dumpsys, vendor_file_type, file_type;
+
+# Modem
+type modem_efs_file, file_type;
+type modem_userdata_file, file_type;
+type sysfs_modem, sysfs_type, fs_type;
+
+# SecureElement
+type sysfs_st33spi, sysfs_type, fs_type;
+typeattribute sysfs_st33spi mlstrustedobject;
+
+# Vendor sched files
+userdebug_or_eng(`
+    typeattribute proc_vendor_sched mlstrustedobject;
+')
+
+# SJTAG
+type sysfs_sjtag, fs_type, sysfs_type;
+userdebug_or_eng(`
+    typeattribute sysfs_sjtag mlstrustedobject;
+')
+
+# USB-C throttling stats
+type sysfs_usbc_throttling_stats, sysfs_type, fs_type;
+
+# WLC
+type sysfs_wlc, sysfs_type, fs_type;
--- a/sepolicy/whitechapel_pro/file_contexts
+++ b/sepolicy/whitechapel_pro/file_contexts
@@ -0,0 +1,231 @@
+# Binaries
+/vendor/bin/dmd                                                             u:object_r:dmd_exec:s0
+/vendor/bin/modem_logging_control                                           u:object_r:modem_logging_control_exec:s0
+/vendor/bin/sced                                                            u:object_r:sced_exec:s0
+/vendor/bin/vcd                                                             u:object_r:vcd_exec:s0
+/vendor/bin/chre                                                            u:object_r:chre_exec:s0
+/vendor/bin/cbd                                                             u:object_r:cbd_exec:s0
+/vendor/bin/modem_svc_sit                                                   u:object_r:modem_svc_sit_exec:s0
+/vendor/bin/rfsd                                                            u:object_r:rfsd_exec:s0
+/vendor/bin/bipchmgr                                                        u:object_r:bipchmgr_exec:s0
+/vendor/bin/storageproxyd                                                   u:object_r:tee_exec:s0
+/vendor/bin/init\.radio\.sh                                                 u:object_r:init_radio_exec:s0
+/vendor/bin/tcpdump_logger                                                  u:object_r:tcpdump_logger_exec:s0
+/vendor/bin/init\.display\.sh                                               u:object_r:init-display-sh_exec:s0
+/vendor/bin/trusty_apploader                                                u:object_r:trusty_apploader_exec:s0
+/vendor/bin/trusty_metricsd                                                 u:object_r:trusty_metricsd_exec:s0
+/vendor/bin/dumpsys                                                         u:object_r:vendor_dumpsys:s0
+/vendor/bin/init\.uwb\.calib\.sh                                            u:object_r:vendor_uwb_init_exec:s0
+/vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service\.trusty           u:object_r:hal_gatekeeper_default_exec:s0
+/vendor/bin/hw/android\.hardware\.gatekeeper-service\.trusty                u:object_r:hal_gatekeeper_default_exec:s0
+/vendor/bin/hw/android\.hardware\.security\.keymint-service\.trusty         u:object_r:hal_keymint_default_exec:s0
+/vendor/bin/hw/android\.hardware\.security\.keymint-service\.rust\.trusty   u:object_r:hal_keymint_default_exec:s0
+/vendor/bin/hw/vendor\.google\.radioext@1\.0-service                        u:object_r:hal_radioext_default_exec:s0
+/vendor/bin/hw/android\.hardware\.contexthub-service\.generic               u:object_r:hal_contexthub_default_exec:s0
+/vendor/bin/hw/android\.hardware\.boot@1\.2-service-gs201                   u:object_r:hal_bootctl_default_exec:s0
+/vendor/bin/hw/android\.hardware\.composer\.hwc3-service\.pixel             u:object_r:hal_graphics_composer_default_exec:s0
+/vendor/bin/hw/samsung\.hardware\.media\.c2@1\.0-service                    u:object_r:mediacodec_samsung_exec:s0
+/vendor/bin/hw/google\.hardware\.media\.c2@1\.0-service                     u:object_r:mediacodec_google_exec:s0
+/vendor/bin/hw/android\.hardware\.secure_element@1\.2-service-gto           u:object_r:hal_secure_element_st54spi_exec:s0
+/vendor/bin/hw/android\.hardware\.secure_element@1\.2-service-gto-ese2      u:object_r:hal_secure_element_st33spi_exec:s0
+/vendor/bin/hw/android\.hardware\.secure_element@1\.2-uicc-service          u:object_r:hal_secure_element_uicc_exec:s0
+/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix  u:object_r:hal_fingerprint_default_exec:s0
+/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.goodix   u:object_r:hal_fingerprint_default_exec:s0
+/vendor/bin/hw/android\.hardware\.nfc-service\.st                           u:object_r:hal_nfc_default_exec:s0
+/vendor/bin/hw/vendor\.google\.wireless_charger@1\.3-service-vendor         u:object_r:hal_wlc_exec:s0
+/vendor/bin/hw/android\.hardware\.usb-service                               u:object_r:hal_usb_impl_exec:s0
+/vendor/bin/hw/android\.hardware\.usb\.gadget-service                       u:object_r:hal_usb_gadget_impl_exec:s0
+/vendor/bin/hw/android\.hardware\.gxp\.logging@service-gxp-logging          u:object_r:gxp_logging_exec:s0
+/vendor/bin/hw/rild_exynos                                                  u:object_r:rild_exec:s0
+/vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service                       u:object_r:hal_uwb_vendor_default_exec:s0
+/vendor/bin/rlsservice                                                      u:object_r:rlsservice_exec:s0
+/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.fpc u:object_r:fingerprint_factory_service_exec:s0
+/vendor/bin/hw/android\.hardware\.memtrack-service\.pixel                   u:object_r:hal_memtrack_default_exec:s0
+/system_ext/bin/convert_to_ext4\.sh                                         u:object_r:convert-to-ext4-sh_exec:s0
+/vendor/bin/hw/disable_contaminant_detection\.sh                            u:object_r:disable-contaminant-detection-sh_exec:s0
+/vendor/bin/dump/dump_power_gs201\.sh                                       u:object_r:dump_power_gs201_exec:s0
+/vendor/bin/ufs_firmware_update\.sh                                         u:object_r:ufs_firmware_update_exec:s0
+
+# Vendor Firmwares
+/vendor/firmware(/.*)?                                                      u:object_r:vendor_fw_file:s0
+
+# Vendor libraries
+/vendor/lib(64)?/libdrm\.so                                                 u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libion_google\.so                                          u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/arm\.graphics-V1-ndk\.so                                   u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libOpenCL-pixel\.so                                        u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libOpenCL\.so                                              u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/lib_aion_buffer\.so                                        u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libGralloc4Wrapper\.so                                     u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/pixel-power-ext-V1-ndk\.so                                 u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/android\.frameworks\.stats-V1-ndk\.so                      u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/vendor-pixelatoms-cpp\.so                                  u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libprotobuf-cpp-lite-(\d+\.){2,3}so                        u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libgxp\.so                                                 u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/gxp_metrics_logger\.so                                     u:object_r:same_process_hal_file:s0
+
+# Graphics
+/vendor/lib(64)?/hw/gralloc\.gs201\.so                                      u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/hw/vulkan\.mali\.so                                        u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libgpudataproducer\.so                                     u:object_r:same_process_hal_file:s0
+
+# Devices
+/dev/dma_heap/sensor_direct_heap                                            u:object_r:sensor_direct_heap_device:s0
+/dev/ttySAC0                                                                u:object_r:tty_device:s0
+/dev/dma_heap/faceauth_tpu-secure                                           u:object_r:faceauth_heap_device:s0
+/dev/dma_heap/faimg-secure                                                  u:object_r:faceauth_heap_device:s0
+/dev/dma_heap/famodel-secure                                                u:object_r:faceauth_heap_device:s0
+/dev/dma_heap/faprev-secure                                                 u:object_r:faceauth_heap_device:s0
+/dev/dma_heap/farawimg-secure                                               u:object_r:faceauth_heap_device:s0
+/dev/dma_heap/vframe-secure                                                 u:object_r:dmabuf_system_secure_heap_device:s0
+/dev/dma_heap/vscaler-secure                                                u:object_r:vscaler_heap_device:s0
+/dev/dma_heap/vstream-secure                                                u:object_r:dmabuf_system_secure_heap_device:s0
+/dev/janeiro                                                                u:object_r:edgetpu_device:s0
+/dev/bigocean                                                               u:object_r:video_device:s0
+/dev/goodix_fp                                                              u:object_r:fingerprint_device:s0
+/dev/stmvl53l1_ranging                                                      u:object_r:rls_device:s0
+/dev/watchdog0                                                              u:object_r:watchdog_device:s0
+/dev/mali0                                                                  u:object_r:gpu_device:s0
+/dev/logbuffer_usbpd                                                        u:object_r:logbuffer_device:s0
+/dev/logbuffer_pogo_transport                                               u:object_r:logbuffer_device:s0
+/dev/logbuffer_ssoc                                                         u:object_r:logbuffer_device:s0
+/dev/logbuffer_wireless                                                     u:object_r:logbuffer_device:s0
+/dev/logbuffer_ttf                                                          u:object_r:logbuffer_device:s0
+/dev/logbuffer_maxq                                                         u:object_r:logbuffer_device:s0
+/dev/logbuffer_rtx                                                          u:object_r:logbuffer_device:s0
+/dev/logbuffer_maxfg                                                        u:object_r:logbuffer_device:s0
+/dev/logbuffer_maxfg_base                                                   u:object_r:logbuffer_device:s0
+/dev/logbuffer_maxfg_flip                                                   u:object_r:logbuffer_device:s0
+/dev/logbuffer_pca9468_tcpm                                                 u:object_r:logbuffer_device:s0
+/dev/logbuffer_pca9468                                                      u:object_r:logbuffer_device:s0
+/dev/logbuffer_cpm                                                          u:object_r:logbuffer_device:s0
+/dev/logbuffer_maxfg_monitor                                                u:object_r:logbuffer_device:s0
+/dev/logbuffer_maxfg_base_monitor                                           u:object_r:logbuffer_device:s0
+/dev/logbuffer_maxfg_flip_monitor                                           u:object_r:logbuffer_device:s0
+/dev/logbuffer_bd                                                           u:object_r:logbuffer_device:s0
+/dev/logbuffer_pcie0                                                        u:object_r:logbuffer_device:s0
+/dev/logbuffer_pcie1                                                        u:object_r:logbuffer_device:s0
+/dev/bbd_pwrstat                                                            u:object_r:power_stats_device:s0
+/dev/lwis-act-jotnar                                                        u:object_r:lwis_device:s0
+/dev/lwis-act-slenderman                                                    u:object_r:lwis_device:s0
+/dev/lwis-act-slenderman-sandworm                                           u:object_r:lwis_device:s0
+/dev/lwis-csi                                                               u:object_r:lwis_device:s0
+/dev/lwis-dpm                                                               u:object_r:lwis_device:s0
+/dev/lwis-eeprom-gargoyle                                                   u:object_r:lwis_device:s0
+/dev/lwis-eeprom-jotnar                                                     u:object_r:lwis_device:s0
+/dev/lwis-eeprom-smaug-buraq                                                u:object_r:lwis_device:s0
+/dev/lwis-eeprom-smaug-dokkaebi                                             u:object_r:lwis_device:s0
+/dev/lwis-eeprom-smaug-sandworm                                             u:object_r:lwis_device:s0
+/dev/lwis-flash-lm3644                                                      u:object_r:lwis_device:s0
+/dev/lwis-g3aa                                                              u:object_r:lwis_device:s0
+/dev/lwis-gdc0                                                              u:object_r:lwis_device:s0
+/dev/lwis-gdc1                                                              u:object_r:lwis_device:s0
+/dev/lwis-gtnr-align                                                        u:object_r:lwis_device:s0
+/dev/lwis-gtnr-merge                                                        u:object_r:lwis_device:s0
+/dev/lwis-ipp                                                               u:object_r:lwis_device:s0
+/dev/lwis-itp                                                               u:object_r:lwis_device:s0
+/dev/lwis-mcsc                                                              u:object_r:lwis_device:s0
+/dev/lwis-ois-gargoyle                                                      u:object_r:lwis_device:s0
+/dev/lwis-ois-jotnar                                                        u:object_r:lwis_device:s0
+/dev/lwis-pdp                                                               u:object_r:lwis_device:s0
+/dev/lwis-scsc                                                              u:object_r:lwis_device:s0
+/dev/lwis-sensor-buraq                                                      u:object_r:lwis_device:s0
+/dev/lwis-sensor-dokkaebi                                                   u:object_r:lwis_device:s0
+/dev/lwis-sensor-kraken                                                     u:object_r:lwis_device:s0
+/dev/lwis-sensor-lamassu                                                    u:object_r:lwis_device:s0
+/dev/lwis-sensor-nagual                                                     u:object_r:lwis_device:s0
+/dev/lwis-sensor-sandworm                                                   u:object_r:lwis_device:s0
+/dev/lwis-slc                                                               u:object_r:lwis_device:s0
+/dev/lwis-top                                                               u:object_r:lwis_device:s0
+/dev/lwis-votf                                                              u:object_r:lwis_device:s0
+/dev/dri/card0                                                              u:object_r:graphics_device:s0
+/dev/fimg2d                                                                 u:object_r:graphics_device:s0
+/dev/g2d                                                                    u:object_r:graphics_device:s0
+/dev/gxp                                                                    u:object_r:gxp_device:s0
+/dev/dit2                                                                   u:object_r:vendor_toe_device:s0
+/dev/trusty-ipc-dev0                                                        u:object_r:tee_device:s0
+/dev/sg1                                                                    u:object_r:sg_device:s0
+/dev/st21nfc                                                                u:object_r:nfc_device:s0
+/dev/st54spi                                                                u:object_r:st54spi_device:s0
+/dev/st33spi                                                                u:object_r:st33spi_device:s0
+/dev/ttyGS[0-3]                                                             u:object_r:serial_device:s0
+/dev/oem_ipc[0-7]                                                           u:object_r:radio_device:s0
+/dev/oem_test                                                               u:object_r:radio_test_device:s0
+/dev/umts_boot0                                                             u:object_r:radio_device:s0
+/dev/umts_ipc0                                                              u:object_r:radio_device:s0
+/dev/umts_ipc1                                                              u:object_r:radio_device:s0
+/dev/umts_rfs0                                                              u:object_r:radio_device:s0
+/dev/umts_dm0                                                               u:object_r:radio_device:s0
+/dev/umts_router                                                            u:object_r:radio_device:s0
+/dev/logbuffer_tcpm                                                         u:object_r:logbuffer_device:s0
+/dev/sys/block/bootdevice(/.*)?                                             u:object_r:bootdevice_sysdev:s0
+/dev/socket/chre                                                            u:object_r:chre_socket:s0
+/dev/block/sda                                                              u:object_r:sda_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/abl_[ab]                          u:object_r:custom_ab_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/bl1_[ab]                          u:object_r:custom_ab_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/bl2_[ab]                          u:object_r:custom_ab_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/bl31_[ab]                         u:object_r:custom_ab_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/boot_[ab]                         u:object_r:boot_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/init_boot_[ab]                    u:object_r:boot_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/devinfo                           u:object_r:devinfo_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/dram_train_[ab]                   u:object_r:custom_ab_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/dtbo_[ab]                         u:object_r:custom_ab_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/efs                               u:object_r:efs_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/efs_backup                        u:object_r:efs_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/frp                               u:object_r:frp_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/gsa_[ab]                          u:object_r:custom_ab_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/ldfw_[ab]                         u:object_r:custom_ab_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/metadata                          u:object_r:metadata_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/mfg_data                          u:object_r:mfg_data_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/misc                              u:object_r:misc_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/modem_[ab]                        u:object_r:modem_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/modem_userdata                    u:object_r:modem_userdata_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/pbl_[ab]                          u:object_r:custom_ab_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/persist                           u:object_r:persist_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/pvmfw_[ab]                        u:object_r:custom_ab_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/super                             u:object_r:super_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/tzsw_[ab]                         u:object_r:custom_ab_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/userdata                          u:object_r:userdata_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/vbmeta_[ab]                       u:object_r:custom_ab_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/vbmeta_system_[ab]                u:object_r:custom_ab_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/vbmeta_vendor_[ab]                u:object_r:custom_ab_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/vendor_boot_[ab]                  u:object_r:custom_ab_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/vendor_kernel_boot_[ab]           u:object_r:custom_ab_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/fips                              u:object_r:fips_block_device:s0
+
+# Data
+/data/vendor/slog(/.*)?                                                     u:object_r:vendor_slog_file:s0
+/data/vendor/modem_stat(/.*)?                                               u:object_r:modem_stat_data_file:s0
+/data/vendor/log(/.*)?                                                      u:object_r:vendor_log_file:s0
+/data/vendor/log/rfsd(/.*)?                                                 u:object_r:vendor_rfsd_log_file:s0
+/data/vendor/rild(/.*)?                                                     u:object_r:rild_vendor_data_file:s0
+/data/vendor/ss(/.*)?                                                       u:object_r:tee_data_file:s0
+/data/nfc(/.*)?                                                             u:object_r:nfc_data_file:s0
+/data/vendor/firmware/wifi(/.*)?                                            u:object_r:updated_wifi_firmware_data_file:s0
+/data/vendor/media(/.*)?                                                    u:object_r:vendor_media_data_file:s0
+/data/vendor/misc(/.*)?                                                     u:object_r:vendor_misc_data_file:s0
+/data/per_boot(/.*)?                                                        u:object_r:per_boot_file:s0
+/data/vendor/sensors/debug(/.*)?                                            u:object_r:sensor_debug_data_file:s0
+/data/vendor/sensors/registry(/.*)?                                         u:object_r:sensor_reg_data_file:s0
+/data/vendor/uwb(/.*)?                                                      u:object_r:uwb_data_vendor:s0
+/dev/maxfg_history                                                          u:object_r:battery_history_device:s0
+/dev/battery_history                                                        u:object_r:battery_history_device:s0
+/data/vendor/powerstats(/.*)?                                               u:object_r:powerstats_vendor_data_file:s0
+
+# Persist
+/mnt/vendor/persist/battery(/.*)?                                           u:object_r:persist_battery_file:s0
+/mnt/vendor/persist/camera(/.*)?                                            u:object_r:persist_camera_file:s0
+/mnt/vendor/persist/modem(/.*)?                                             u:object_r:persist_modem_file:s0
+/mnt/vendor/persist/sensors/registry(/.*)?                                  u:object_r:persist_sensor_reg_file:s0
+/mnt/vendor/persist/ss(/.*)?                                                u:object_r:persist_ss_file:s0
+/mnt/vendor/persist/uwb(/.*)?                                               u:object_r:persist_uwb_file:s0
+/mnt/vendor/persist/display(/.*)?                                           u:object_r:persist_display_file:s0
+
+# Extra mount images
+/mnt/vendor/modem_img(/.*)?                                                 u:object_r:modem_img_file:s0
+/mnt/vendor/efs(/.*)?                                                       u:object_r:modem_efs_file:s0
+/mnt/vendor/efs_backup(/.*)?                                                u:object_r:modem_efs_file:s0
+/mnt/vendor/modem_userdata(/.*)?                                            u:object_r:modem_userdata_file:s0
+
+# Raw HID device
+/dev/hidraw[0-9]*                        u:object_r:hidraw_device:s0
--- a/sepolicy/whitechapel_pro/fingerprint_factory_service.te
+++ b/sepolicy/whitechapel_pro/fingerprint_factory_service.te
@@ -0,0 +1,3 @@
+type fingerprint_factory_service, service_manager_type;
+type fingerprint_factory_service_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(fingerprint_factory_service)
--- a/sepolicy/whitechapel_pro/fsck.te
+++ b/sepolicy/whitechapel_pro/fsck.te
@@ -0,0 +1,5 @@
+allow fsck persist_block_device:blk_file rw_file_perms;
+allow fsck efs_block_device:blk_file rw_file_perms;
+allow fsck modem_userdata_block_device:blk_file rw_file_perms;
+allow fsck sysfs_scsi_devices_0000:dir r_dir_perms;
+allow fsck sysfs_scsi_devices_0000:file r_file_perms;
--- a/sepolicy/whitechapel_pro/genfs_contexts
+++ b/sepolicy/whitechapel_pro/genfs_contexts
@@ -0,0 +1,434 @@
+genfscon sysfs /firmware/devicetree/base/chosen                                u:object_r:sysfs_chosen:s0
+
+# EdgeTPU
+genfscon sysfs /devices/platform/1ce00000.janeiro   u:object_r:sysfs_edgetpu:s0
+
+# CPU
+genfscon sysfs /devices/platform/28000000.mali/time_in_state                                           u:object_r:sysfs_cpu:s0
+genfscon sysfs /devices/platform/28000000.mali/uid_time_in_state                                       u:object_r:sysfs_cpu:s0
+
+genfscon sysfs /devices/soc0/machine                                           u:object_r:sysfs_soc:s0
+genfscon sysfs /devices/soc0/revision                                          u:object_r:sysfs_soc:s0
+
+# tracefs
+genfscon tracefs /events/dmabuf_heap/dma_heap_stat                             u:object_r:debugfs_tracing:s0
+
+# Networking
+genfscon sysfs /devices/platform/10db0000.spi/spi_master/spi16/spi16.0/ieee802154/phy0/net  u:object_r:sysfs_net:s0
+
+# WiFi
+genfscon sysfs /wifi                                                           u:object_r:sysfs_wifi:s0
+genfscon sysfs /wlan_ptracker                                                  u:object_r:sysfs_ptracker:s0
+
+# ACPM
+genfscon sysfs /devices/platform/acpm_stats                                    u:object_r:sysfs_acpm_stats:s0
+
+# Broadcom
+genfscon sysfs /module/bcmdhd4389                                              u:object_r:sysfs_bcmdhd:s0
+
+# GPU
+genfscon sysfs /devices/platform/28000000.mali/hint_min_freq                   u:object_r:sysfs_gpu:s0
+genfscon sysfs /devices/platform/28000000.mali/power_policy                    u:object_r:sysfs_gpu:s0
+genfscon sysfs /devices/platform/28000000.mali/dma_buf_gpu_mem                 u:object_r:sysfs_gpu:s0
+genfscon sysfs /devices/platform/28000000.mali/total_gpu_mem                   u:object_r:sysfs_gpu:s0
+genfscon sysfs /devices/platform/28000000.mali/kprcs                           u:object_r:sysfs_gpu:s0
+genfscon sysfs /devices/platform/28000000.mali/dvfs_period                     u:object_r:sysfs_gpu:s0
+
+# Fabric
+genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/min_freq                u:object_r:sysfs_fabric:s0
+genfscon sysfs /devices/platform/17000020.devfreq_int/devfreq/17000020.devfreq_int/min_freq                u:object_r:sysfs_fabric:s0
+genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/interactive/target_load u:object_r:sysfs_fabric:s0
+
+# sscoredump (per device)
+genfscon sysfs /devices/platform/aoc/sscoredump/sscd_aoc/report_count                  u:object_r:sysfs_sscoredump_subsystem_report_count:s0
+genfscon sysfs /devices/platform/bigocean/sscoredump/sscd_bigocean/report_count        u:object_r:sysfs_sscoredump_subsystem_report_count:s0
+genfscon sysfs /devices/platform/debugcore/sscoredump/sscd_debugcore/report_count      u:object_r:sysfs_sscoredump_subsystem_report_count:s0
+genfscon sysfs /devices/platform/mfc-core/sscoredump/sscd_mfc-core/report_count        u:object_r:sysfs_sscoredump_subsystem_report_count:s0
+genfscon sysfs /devices/platform/wlan/sscoredump/sscd_wlan/report_count                u:object_r:sysfs_sscoredump_subsystem_report_count:s0
+genfscon sysfs /devices/platform/mali/sscoredump/sscd_mali/report_count                u:object_r:sysfs_sscoredump_subsystem_report_count:s0
+
+# Power Stats
+genfscon sysfs /devices/platform/cpif/modem/power_stats                                u:object_r:sysfs_power_stats:s0
+genfscon sysfs /devices/platform/11920000.pcie/power_stats                             u:object_r:sysfs_power_stats:s0
+genfscon sysfs /devices/platform/14520000.pcie/power_stats                             u:object_r:sysfs_power_stats:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-2/i2c-st21nfc/power_stats          u:object_r:sysfs_power_stats:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-3/i2c-st21nfc/power_stats          u:object_r:sysfs_power_stats:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/i2c-st21nfc/power_stats          u:object_r:sysfs_power_stats:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/i2c-st21nfc/power_stats          u:object_r:sysfs_power_stats:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-6/i2c-st21nfc/power_stats          u:object_r:sysfs_power_stats:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-7/i2c-st21nfc/power_stats          u:object_r:sysfs_power_stats:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/i2c-st21nfc/power_stats          u:object_r:sysfs_power_stats:s0
+genfscon sysfs /devices/platform/10db0000.spi/spi_master/spi16/spi16.0/uwb/power_stats u:object_r:sysfs_power_stats:s0
+
+# Modem
+genfscon sysfs /devices/platform/cp-tm1/cp_temp		u:object_r:sysfs_modem:s0
+
+# Power ODPM
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-0/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device   u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-1/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device   u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-2/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device   u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-3/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device   u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-4/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device   u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-5/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device   u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-6/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device   u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-7/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device   u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-8/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device   u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-0/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/wakeup       u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-1/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/wakeup       u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-2/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/wakeup       u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-3/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/wakeup       u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-4/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/wakeup       u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-5/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/wakeup       u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-6/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/wakeup       u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-7/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/wakeup       u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-8/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/wakeup       u:object_r:sysfs_wakeup:s0
+
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-0/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device   u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-1/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device   u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-2/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device   u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-3/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device   u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-4/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device   u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-5/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device   u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-6/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device   u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-7/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device   u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-8/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device   u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-9/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device   u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-0/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/wakeup       u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-1/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/wakeup       u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-2/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/wakeup       u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-3/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/wakeup       u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-4/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/wakeup       u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-5/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/wakeup       u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-6/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/wakeup       u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-7/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/wakeup       u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-8/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/wakeup       u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-9/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/wakeup       u:object_r:sysfs_wakeup:s0
+
+# Devfreq current frequency
+genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/cur_freq             u:object_r:sysfs_devfreq_cur:s0
+genfscon sysfs /devices/platform/17000020.devfreq_int/devfreq/17000020.devfreq_int/cur_freq             u:object_r:sysfs_devfreq_cur:s0
+genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/cur_freq       u:object_r:sysfs_devfreq_cur:s0
+genfscon sysfs /devices/platform/17000040.devfreq_disp/devfreq/17000040.devfreq_disp/cur_freq           u:object_r:sysfs_devfreq_cur:s0
+genfscon sysfs /devices/platform/17000050.devfreq_cam/devfreq/17000050.devfreq_cam/cur_freq             u:object_r:sysfs_devfreq_cur:s0
+genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/cur_freq             u:object_r:sysfs_devfreq_cur:s0
+genfscon sysfs /devices/platform/17000070.devfreq_mfc/devfreq/17000070.devfreq_mfc/cur_freq             u:object_r:sysfs_devfreq_cur:s0
+genfscon sysfs /devices/platform/17000080.devfreq_bo/devfreq/17000080.devfreq_bo/cur_freq               u:object_r:sysfs_devfreq_cur:s0
+
+# OTA
+genfscon sysfs /devices/platform/14700000.ufs/pixel/boot_lun_enabled           u:object_r:sysfs_ota:s0
+
+# Input
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb2/2-1        u:object_r:sysfs_uhid:s0
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/usb2/2-1        u:object_r:sysfs_uhid:s0
+
+# Display
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/gamma                                u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/min_vrefresh                         u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/idle_delay_ms                        u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_idle                           u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_need_handle_idle_exit          u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/osc2_clk_khz                         u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/hs_clock                                                u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c240000.drmdecon/early_wakeup                                           u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c242000.drmdecon/early_wakeup                                           u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c240000.drmdecon/counters                                               u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c241000.drmdecon/counters                                               u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c242000.drmdecon/counters                                               u:object_r:sysfs_display:s0
+
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/backlight                            u:object_r:sysfs_leds:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_extinfo                        u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_name                           u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/serial_number                        u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/refresh_rate                         u:object_r:sysfs_display:s0
+
+genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/backlight                            u:object_r:sysfs_leds:s0
+genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/panel_extinfo                        u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/panel_name                           u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/serial_number                        u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/refresh_rate                         u:object_r:sysfs_display:s0
+
+genfscon sysfs /devices/platform/1c240000.drmdecon/dqe0/atc                                               u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c241000.drmdecon/dqe1/atc                                               u:object_r:sysfs_display:s0
+
+genfscon sysfs /module/drm/parameters/vblankoffdelay                                                      u:object_r:sysfs_display:s0
+
+genfscon sysfs /devices/platform/exynos-drm/tui_status                                                    u:object_r:sysfs_display:s0
+
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/backlight/panel0-backlight/als_table u:object_r:sysfs_write_leds:s0
+
+# mediacodec_samsung
+genfscon sysfs /devices/platform/mfc/video4linux/video                         u:object_r:sysfs_mfc:s0
+
+# Storage
+genfscon proc /fs/f2fs                                                  u:object_r:proc_f2fs:s0
+genfscon proc /sys/vm/swappiness                                        u:object_r:proc_dirty:s0
+genfscon sysfs /devices/platform/14700000.ufs/slowio_read_cnt           u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/14700000.ufs/slowio_write_cnt          u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/14700000.ufs/slowio_unmap_cnt          u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/14700000.ufs/slowio_sync_cnt           u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/14700000.ufs/manual_gc                 u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/14700000.ufs/io_stats                  u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/14700000.ufs/req_stats                 u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/14700000.ufs/err_stats                 u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/14700000.ufs/device_descriptor         u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/14700000.ufs/clkgate_enable            u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/14700000.ufs/hibern8_on_idle_enable    u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/14700000.ufs/health_descriptor         u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/14700000.ufs/host0/target0:0:0/0:0:0:  u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/14700000.ufs/ufs_stats                 u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/14700000.ufs/attributes/wb_avail_buf   u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/14700000.ufs/vendor                    u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/14700000.ufs/model                     u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/14700000.ufs/rev                       u:object_r:sysfs_scsi_devices_0000:s0
+
+# debugfs
+genfscon debugfs /maxfg                                                 u:object_r:vendor_maxfg_debugfs:s0
+genfscon debugfs /maxfg_base                                            u:object_r:vendor_maxfg_debugfs:s0
+genfscon debugfs /maxfg_secondary                                       u:object_r:vendor_maxfg_debugfs:s0
+genfscon debugfs /pm_genpd/pm_genpd_summary                             u:object_r:vendor_pm_genpd_debugfs:s0
+genfscon debugfs /regmap                                                u:object_r:vendor_regmap_debugfs:s0
+genfscon debugfs /usb                                                   u:object_r:vendor_usb_debugfs:s0
+genfscon debugfs /google_charger                                        u:object_r:vendor_charger_debugfs:s0
+genfscon debugfs /max77759_chg                                          u:object_r:vendor_charger_debugfs:s0
+genfscon debugfs /max77729_pmic                                         u:object_r:vendor_charger_debugfs:s0
+genfscon debugfs /gvotables                                             u:object_r:vendor_votable_debugfs:s0
+genfscon debugfs /google_battery                                        u:object_r:vendor_battery_debugfs:s0
+
+# Battery
+genfscon sysfs /devices/platform/google,battery/power_supply/battery            u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/google,cpm                                     u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/google,charger                                 u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c                                 u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/pseudo_0/adapter0/host1/target1:0:0/1:0:0:0/block/sde   u:object_r:sysfs_devices_block:s0
+
+# P22 battery
+genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-2/2-0050/eeprom             u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-2/i2c-p9412/power_supply    u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-3/3-0050/eeprom             u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-3/i2c-p9412/power_supply    u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-4/4-0050/eeprom             u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-4/i2c-p9412/power_supply    u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-5/5-0050/eeprom             u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-5/i2c-p9412/power_supply    u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-6/6-0050/eeprom             u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-6/i2c-p9412/power_supply    u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/7-0050/eeprom             u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9412/power_supply    u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-8/8-0050/eeprom             u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-8/i2c-p9412/power_supply    u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-9/9-0050/eeprom             u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-2/2-0069/power_supply       u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-3/3-0069/power_supply       u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-4/4-0069/power_supply       u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-5/5-0069/power_supply       u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-6/6-0069/power_supply       u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-7/7-0069/power_supply       u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-8/8-0069/power_supply       u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-2/2-0057/chg_stats          u:object_r:sysfs_pca:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-3/3-0057/chg_stats          u:object_r:sysfs_pca:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-4/4-0057/chg_stats          u:object_r:sysfs_pca:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-5/5-0057/chg_stats          u:object_r:sysfs_pca:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-6/6-0057/chg_stats          u:object_r:sysfs_pca:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-7/7-0057/chg_stats          u:object_r:sysfs_pca:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-8/8-0057/chg_stats          u:object_r:sysfs_pca:s0
+
+# Extcon
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-2/i2c-max77759tcpc/extcon   u:object_r:sysfs_extcon:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-3/i2c-max77759tcpc/extcon   u:object_r:sysfs_extcon:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-4/i2c-max77759tcpc/extcon   u:object_r:sysfs_extcon:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-5/i2c-max77759tcpc/extcon   u:object_r:sysfs_extcon:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-6/i2c-max77759tcpc/extcon   u:object_r:sysfs_extcon:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-7/i2c-max77759tcpc/extcon   u:object_r:sysfs_extcon:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-8/i2c-max77759tcpc/extcon   u:object_r:sysfs_extcon:s0
+
+# Haptics
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-2/i2c-cs40l26a      u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-3/i2c-cs40l26a      u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/i2c-cs40l26a      u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-6/i2c-cs40l26a      u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-7/i2c-cs40l26a      u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/i2c-cs40l26a      u:object_r:sysfs_vibrator:s0
+
+# system suspend wakeup files
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-2/i2c-st21nfc/wakeup                                                    u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-3/i2c-st21nfc/wakeup                                                    u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/i2c-st21nfc/wakeup                                                    u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/i2c-st21nfc/wakeup                                                    u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-6/i2c-st21nfc/wakeup                                                    u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-7/i2c-st21nfc/wakeup                                                    u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/i2c-st21nfc/wakeup                                                    u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d10000.spi/spi_master/spi0/spi0.0/synaptics_tcm.0/wakeup                                 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-2/2-0036/power_supply/maxfg/wakeup                                      u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-2/2-0057/power_supply/pca94xx-mains/wakeup                              u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-2/2-0069/power_supply/dc/wakeup                                         u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-2/2-0069/power_supply/main-charger/wakeup                               u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-2/i2c-max77759tcpc/power_supply/tcpm-source-psy-i2c-max77759tcpc/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-2/i2c-max77759tcpc/power_supply/usb/wakeup                              u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-2/i2c-max77759tcpc/wakeup                                               u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-3/3-0036/power_supply/maxfg/wakeup                                      u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-3/3-0057/power_supply/pca94xx-mains/wakeup                              u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-3/3-0069/power_supply/dc/wakeup                                         u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-3/3-0069/power_supply/main-charger/wakeup                               u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-3/i2c-max77759tcpc/power_supply/tcpm-source-psy-i2c-max77759tcpc/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-3/i2c-max77759tcpc/power_supply/usb/wakeup                              u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-3/i2c-max77759tcpc/wakeup                                               u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-4/4-0036/power_supply/maxfg/wakeup                                      u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-4/4-0057/power_supply/pca94xx-mains/wakeup                              u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-4/4-0069/power_supply/dc/wakeup                                         u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-4/4-0069/power_supply/main-charger/wakeup                               u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-4/i2c-max77759tcpc/power_supply/tcpm-source-psy-i2c-max77759tcpc/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-4/i2c-max77759tcpc/power_supply/usb/wakeup                              u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-4/i2c-max77759tcpc/wakeup                                               u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-5/5-0036/power_supply/maxfg/wakeup                                      u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-5/5-0057/power_supply/pca94xx-mains/wakeup                              u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-5/5-0069/power_supply/dc/wakeup                                         u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-5/5-0069/power_supply/main-charger/wakeup                               u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-5/i2c-max77759tcpc/power_supply/tcpm-source-psy-i2c-max77759tcpc/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-5/i2c-max77759tcpc/power_supply/usb/wakeup                              u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-5/i2c-max77759tcpc/wakeup                                               u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-6/6-0036/power_supply/maxfg/wakeup                                      u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-6/6-0057/power_supply/pca94xx-mains/wakeup                              u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-6/6-0069/power_supply/dc/wakeup                                         u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-6/6-0069/power_supply/main-charger/wakeup                               u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-6/i2c-max77759tcpc/power_supply/tcpm-source-psy-i2c-max77759tcpc/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-6/i2c-max77759tcpc/power_supply/usb/wakeup                              u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-6/i2c-max77759tcpc/wakeup                                               u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-7/7-0036/power_supply/maxfg/wakeup                                      u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-7/7-0057/power_supply/pca94xx-mains/wakeup                              u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-7/7-0069/power_supply/dc/wakeup                                         u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-7/7-0069/power_supply/main-charger/wakeup                               u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-7/i2c-max77759tcpc/power_supply/tcpm-source-psy-i2c-max77759tcpc/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-7/i2c-max77759tcpc/power_supply/usb/wakeup                              u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-7/i2c-max77759tcpc/wakeup                                               u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-8/8-0036/power_supply/maxfg/wakeup                                      u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-8/8-0057/power_supply/pca94xx-mains/wakeup                              u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-8/8-0069/power_supply/dc/wakeup                                         u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-8/8-0069/power_supply/main-charger/wakeup                               u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-8/i2c-max77759tcpc/power_supply/tcpm-source-psy-i2c-max77759tcpc/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-8/i2c-max77759tcpc/power_supply/usb/wakeup                              u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-8/i2c-max77759tcpc/wakeup                                               u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-2/i2c-p9412/power_supply/wireless/wakeup                                u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-2/i2c-p9412/wakeup                                                      u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-3/i2c-p9412/power_supply/wireless/wakeup                                u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-3/i2c-p9412/wakeup                                                      u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-4/i2c-p9412/power_supply/wireless/wakeup                                u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-4/i2c-p9412/wakeup                                                      u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-5/i2c-p9412/power_supply/wireless/wakeup                                u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-5/i2c-p9412/wakeup                                                      u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-6/i2c-p9412/power_supply/wireless/wakeup                                u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-6/i2c-p9412/wakeup                                                      u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9412/power_supply/wireless/wakeup                                u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9412/wakeup                                                      u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-8/i2c-p9412/power_supply/wireless/wakeup                                u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-8/i2c-p9412/wakeup                                                      u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup                                                          u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/wakeup                                   u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb2                                     u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb3                                     u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/wakeup                                   u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/usb2                                     u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/usb3                                     u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.6.auto/wakeup                                   u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.6.auto/usb2                                     u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.6.auto/usb3                                     u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/11210000.usb/wakeup                                                                        u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/14520000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0/wakeup                                  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/14520000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/wakeup                                  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/19000000.aoc/com.google.usf/wakeup                                                         u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/19000000.aoc/com.google.usf.non_wake_up/wakeup                                             u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/19000000.aoc/com.google.chre/wakeup                                                        u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/19000000.aoc/com.google.chre.non_wake_up/wakeup                                            u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/19000000.aoc/wakeup                                                                        u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/19000000.aoc/usb_control/wakeup                                                            u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-7/i2c-s2mpg12mfd/s2mpg12-power-keys/wakeup                       u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-7/i2c-s2mpg12mfd/s2mpg12-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup   u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-7/i2c-s2mpg12mfd/s2mpg12-rtc/wakeup                              u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-7/i2c-s2mpg12mfd/wakeup                                          u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-8/i2c-s2mpg13mfd/wakeup                                          u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-0/i2c-s2mpg12mfd/s2mpg12-power-keys/wakeup                       u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-0/i2c-s2mpg12mfd/s2mpg12-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup   u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-0/i2c-s2mpg12mfd/s2mpg12-rtc/wakeup                              u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-0/i2c-s2mpg12mfd/wakeup                                          u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-1/i2c-s2mpg13mfd/wakeup                                          u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/cpif/wakeup                                                                                u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/google,battery/power_supply/battery/wakeup                                                 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm_pps/wakeup                                                    u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm/wakeup                                                        u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/wakeup                                                        u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/gpio_keys/wakeup                                                                           u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/odm/odm:btbcm/wakeup                                                                       u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/sound-aoc/wakeup                                                                           u:object_r:sysfs_wakeup:s0
+
+#SecureElement
+genfscon sysfs /devices/platform/181c0000.spi/spi_master/spi17/spi17.0/st33spi u:object_r:sysfs_st33spi:s0
+
+# Thermal
+genfscon sysfs /devices/platform/100a0000.LITTLE                          u:object_r:sysfs_thermal:s0
+genfscon sysfs /devices/platform/100a0000.MID                             u:object_r:sysfs_thermal:s0
+genfscon sysfs /devices/platform/100a0000.BIG                             u:object_r:sysfs_thermal:s0
+genfscon sysfs /devices/platform/100a0000.ISP                             u:object_r:sysfs_thermal:s0
+genfscon sysfs /devices/platform/100b0000.G3D                             u:object_r:sysfs_thermal:s0
+genfscon sysfs /devices/platform/100b0000.TPU                             u:object_r:sysfs_thermal:s0
+genfscon sysfs /devices/platform/100b0000.AUR                             u:object_r:sysfs_thermal:s0
+
+genfscon sysfs /thermal_zone14/mode                                        u:object_r:sysfs_thermal:s0
+
+# PCIe link
+genfscon sysfs /devices/platform/14520000.pcie/link_stats                 u:object_r:sysfs_exynos_pcie_stats:s0
+genfscon sysfs /devices/platform/11920000.pcie/link_stats                 u:object_r:sysfs_exynos_pcie_stats:s0
+
+# Camera
+genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/min_freq    u:object_r:sysfs_camera:s0
+genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/max_freq          u:object_r:sysfs_camera:s0
+genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/min_freq          u:object_r:sysfs_camera:s0
+
+# SJTAG
+genfscon sysfs /devices/platform/sjtag_ap/interface                       u:object_r:sysfs_sjtag:s0
+genfscon sysfs /devices/platform/sjtag_gsa/interface                      u:object_r:sysfs_sjtag:s0
+
+# USB-C throttling stats
+genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/cleared_time      u:object_r:sysfs_usbc_throttling_stats:s0
+genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/hysteresis_time   u:object_r:sysfs_usbc_throttling_stats:s0
+genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/trip_time         u:object_r:sysfs_usbc_throttling_stats:s0
+
+# Coresight ETM
+genfscon sysfs /devices/platform/2b840000.etm    u:object_r:sysfs_devices_cs_etm:s0
+genfscon sysfs /devices/platform/2b940000.etm    u:object_r:sysfs_devices_cs_etm:s0
+genfscon sysfs /devices/platform/2ba40000.etm    u:object_r:sysfs_devices_cs_etm:s0
+genfscon sysfs /devices/platform/2bb40000.etm    u:object_r:sysfs_devices_cs_etm:s0
+genfscon sysfs /devices/platform/2bc40000.etm    u:object_r:sysfs_devices_cs_etm:s0
+genfscon sysfs /devices/platform/2bd40000.etm    u:object_r:sysfs_devices_cs_etm:s0
+genfscon sysfs /devices/platform/2be40000.etm    u:object_r:sysfs_devices_cs_etm:s0
+genfscon sysfs /devices/platform/2bf40000.etm    u:object_r:sysfs_devices_cs_etm:s0
+
+# Trusty
+genfscon sysfs /module/trusty_virtio/parameters/use_high_wq               u:object_r:sysfs_trusty:s0
+genfscon sysfs /module/trusty_core/parameters/use_high_wq                 u:object_r:sysfs_trusty:s0
+
+# EM Profile
+genfscon sysfs /kernel/pixel_em/active_profile                            u:object_r:sysfs_em_profile:s0
+
+# Privacy LED
+genfscon sysfs /devices/platform/pwmleds/leds/green/brightness            u:object_r:sysfs_leds:s0
+genfscon sysfs /devices/platform/pwmleds/leds/green/max_brightness        u:object_r:sysfs_leds:s0
+
+# AOC
+genfscon sysfs /devices/platform/19000000.aoc/aoc_clock_and_kernel_boottime u:object_r:sysfs_aoc_boottime:s0
+genfscon sysfs /devices/platform/19000000.aoc/firmware                      u:object_r:sysfs_aoc_firmware:s0
+genfscon sysfs /devices/platform/19000000.aoc                               u:object_r:sysfs_aoc:s0
+genfscon sysfs /devices/platform/19000000.aoc/reset                         u:object_r:sysfs_aoc_reset:s0
+genfscon sysfs /devices/platform/19000000.aoc/services                      u:object_r:sysfs_aoc_dumpstate:s0
+genfscon sysfs /devices/platform/19000000.aoc/restart_count                 u:object_r:sysfs_aoc_dumpstate:s0
+genfscon sysfs /devices/platform/19000000.aoc/coredump_count                u:object_r:sysfs_aoc_dumpstate:s0
+genfscon sysfs /devices/platform/19000000.aoc/control/ring_buffer_wakeup    u:object_r:sysfs_aoc_dumpstate:s0
+genfscon sysfs /devices/platform/19000000.aoc/control/host_ipc_wakeup       u:object_r:sysfs_aoc_dumpstate:s0
+genfscon sysfs /devices/platform/19000000.aoc/control/usf_wakeup            u:object_r:sysfs_aoc_dumpstate:s0
+genfscon sysfs /devices/platform/19000000.aoc/control/audio_wakeup          u:object_r:sysfs_aoc_dumpstate:s0
+genfscon sysfs /devices/platform/19000000.aoc/control/logging_wakeup        u:object_r:sysfs_aoc_dumpstate:s0
+genfscon sysfs /devices/platform/19000000.aoc/control/hotword_wakeup        u:object_r:sysfs_aoc_dumpstate:s0
+genfscon sysfs /devices/platform/19000000.aoc/control/memory_exception      u:object_r:sysfs_aoc_dumpstate:s0
+genfscon sysfs /devices/platform/19000000.aoc/control/memory_votes_a32      u:object_r:sysfs_aoc_dumpstate:s0
+genfscon sysfs /devices/platform/19000000.aoc/control/memory_votes_ff1      u:object_r:sysfs_aoc_dumpstate:s0
+
+# GPS
+genfscon sysfs /devices/platform/10940000.spi/spi_master/spi5/spi5.0/nstandby   u:object_r:sysfs_gps:s0
--- a/sepolicy/whitechapel_pro/google_camera_app.te
+++ b/sepolicy/whitechapel_pro/google_camera_app.te
@@ -0,0 +1,26 @@
+type google_camera_app, domain, coredomain;
+app_domain(google_camera_app)
+net_domain(google_camera_app)
+
+allow google_camera_app app_api_service:service_manager find;
+allow google_camera_app audioserver_service:service_manager find;
+allow google_camera_app cameraserver_service:service_manager find;
+allow google_camera_app mediaextractor_service:service_manager find;
+allow google_camera_app mediametrics_service:service_manager find;
+allow google_camera_app mediaserver_service:service_manager find;
+
+# Allows camera app to access the GXP device.
+allow google_camera_app gxp_device:chr_file rw_file_perms;
+
+# Allows camera app to search for GXP firmware file.
+allow google_camera_app vendor_fw_file:dir search;
+
+# Allows camera app to access the PowerHAL.
+hal_client_domain(google_camera_app, hal_power)
+
+# Allows GCA to find and access the EdgeTPU.
+allow google_camera_app edgetpu_app_service:service_manager find;
+allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map };
+
+# Library code may try to access vendor properties, but should be denied
+dontaudit google_camera_app vendor_default_prop:file { getattr map open };
--- a/sepolicy/whitechapel_pro/gpsd.te
+++ b/sepolicy/whitechapel_pro/gpsd.te
@@ -0,0 +1,9 @@
+type gpsd, domain;
+type gpsd_exec, vendor_file_type, exec_type, file_type;
+# Allow gpsd access PixelLogger unix socket in debug build only
+userdebug_or_eng(`
+    typeattribute gpsd mlstrustedsubject;
+    allow gpsd logger_app:unix_stream_socket connectto;
+')
+
+
--- a/sepolicy/whitechapel_pro/grilservice_app.te
+++ b/sepolicy/whitechapel_pro/grilservice_app.te
@@ -0,0 +1,17 @@
+type grilservice_app, domain;
+app_domain(grilservice_app)
+
+allow grilservice_app app_api_service:service_manager find;
+allow grilservice_app hal_bluetooth_coexistence_hwservice:hwservice_manager find;
+allow grilservice_app hal_radioext_hwservice:hwservice_manager find;
+allow grilservice_app hal_wifi_ext_hwservice:hwservice_manager find;
+allow grilservice_app hal_wifi_ext_service:service_manager find;
+allow grilservice_app hal_audiometricext_hwservice:hwservice_manager find;
+allow grilservice_app hal_exynos_rild_hwservice:hwservice_manager find;
+allow grilservice_app radio_vendor_data_file:dir create_dir_perms;
+allow grilservice_app radio_vendor_data_file:file create_file_perms;
+binder_call(grilservice_app, hal_bluetooth_btlinux)
+binder_call(grilservice_app, hal_radioext_default)
+binder_call(grilservice_app, hal_wifi_ext)
+binder_call(grilservice_app, hal_audiometricext_default)
+binder_call(grilservice_app, rild)
--- a/sepolicy/whitechapel_pro/gxp_logging.te
+++ b/sepolicy/whitechapel_pro/gxp_logging.te
@@ -0,0 +1,9 @@
+type gxp_logging, domain;
+type gxp_logging_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(gxp_logging)
+
+# The logging service accesses /dev/gxp
+allow gxp_logging gxp_device:chr_file rw_file_perms;
+
+# Allow gxp tracing service to send packets to Perfetto
+userdebug_or_eng(`perfetto_producer(gxp_logging)')
--- a/sepolicy/whitechapel_pro/hal_bootctl_default.te
+++ b/sepolicy/whitechapel_pro/hal_bootctl_default.te
@@ -0,0 +1,3 @@
+allow hal_bootctl_default sda_block_device:blk_file rw_file_perms;
+allow hal_bootctl_default devinfo_block_device:blk_file rw_file_perms;
+allow hal_bootctl_default sysfs_ota:file rw_file_perms;
--- a/sepolicy/whitechapel_pro/hal_camera_default.te
+++ b/sepolicy/whitechapel_pro/hal_camera_default.te
@@ -0,0 +1,111 @@
+type hal_camera_default_tmpfs, file_type;
+
+allow hal_camera_default self:global_capability_class_set sys_nice;
+allow hal_camera_default kernel:process setsched;
+
+binder_use(hal_camera_default);
+vndbinder_use(hal_camera_default);
+
+allow hal_camera_default lwis_device:chr_file rw_file_perms;
+allow hal_camera_default gpu_device:chr_file rw_file_perms;
+allow hal_camera_default sysfs_chip_id:file r_file_perms;
+
+# Face authentication code that is part of the camera HAL needs to allocate
+# dma_bufs and access the Trusted Execution Environment device node
+allow hal_camera_default dmabuf_system_heap_device:chr_file r_file_perms;
+allow hal_camera_default tee_device:chr_file rw_file_perms;
+
+# Allow the camera hal to access the EdgeTPU service and the
+# Android shared memory allocated by the EdgeTPU service for
+# on-device compilation.
+allow hal_camera_default edgetpu_device:chr_file rw_file_perms;
+allow hal_camera_default sysfs_edgetpu:dir r_dir_perms;
+allow hal_camera_default sysfs_edgetpu:file r_file_perms;
+allow hal_camera_default edgetpu_vendor_service:service_manager find;
+binder_call(hal_camera_default, edgetpu_vendor_server)
+# Allow edgetpu_app_service as well, due to the EdgeTpu metrics logging
+# library has a dependency on edgetpu_app_service, see b/275016466.
+allow hal_camera_default edgetpu_app_service:service_manager find;
+binder_call(hal_camera_default, edgetpu_app_server)
+
+# Allow the camera hal to access the GXP device.
+allow hal_camera_default gxp_device:chr_file rw_file_perms;
+
+# Allow access to data files used by the camera HAL
+allow hal_camera_default mnt_vendor_file:dir search;
+allow hal_camera_default persist_file:dir search;
+allow hal_camera_default persist_camera_file:dir rw_dir_perms;
+allow hal_camera_default persist_camera_file:file create_file_perms;
+allow hal_camera_default vendor_camera_data_file:dir rw_dir_perms;
+allow hal_camera_default vendor_camera_data_file:file create_file_perms;
+
+# Allow creating dump files for debugging in non-release builds
+userdebug_or_eng(`
+  allow hal_camera_default vendor_camera_data_file:dir create_dir_perms;
+  allow hal_camera_default vendor_camera_data_file:file create_file_perms;
+')
+
+# tmpfs is used by google3 prebuilts linked by the HAL to unpack data files
+# compiled into the shared libraries with cc_embed_data rules
+tmpfs_domain(hal_camera_default);
+
+# Allow access to camera-related system properties
+set_prop(hal_camera_default, vendor_camera_prop);
+set_prop(hal_camera_default, log_tag_prop);
+get_prop(hal_camera_default, vendor_camera_debug_prop);
+userdebug_or_eng(`
+  set_prop(hal_camera_default, vendor_camera_fatp_prop);
+  set_prop(hal_camera_default, vendor_camera_debug_prop);
+')
+
+# For camera hal to talk with rlsservice
+allow hal_camera_default rls_service:service_manager find;
+binder_call(hal_camera_default, rlsservice)
+
+hal_client_domain(hal_camera_default, hal_graphics_allocator);
+hal_client_domain(hal_camera_default, hal_graphics_composer)
+hal_client_domain(hal_camera_default, hal_power);
+hal_client_domain(hal_camera_default, hal_thermal);
+
+# Allow access to sensor service for sensor_listener
+binder_call(hal_camera_default, system_server);
+
+# Allow Binder calls to ECO service, needed by Entropy-Aware Filtering
+allow hal_camera_default eco_service:service_manager find;
+binder_call(hal_camera_default, mediacodec);
+binder_call(hal_camera_default, mediacodec_samsung);
+
+# Allow camera HAL to query preferred camera frequencies from the radio HAL
+# extensions to avoid interference with cellular antennas.
+allow hal_camera_default hal_radioext_hwservice:hwservice_manager find;
+binder_call(hal_camera_default, hal_radioext_default);
+
+# Allow camera HAL to connect to the stats service.
+allow hal_camera_default fwk_stats_service:service_manager find;
+
+# For observing apex file changes
+allow hal_camera_default apex_info_file:file r_file_perms;
+
+# Allow camera HAL to query current device clock frequencies.
+allow hal_camera_default sysfs_devfreq_cur:file r_file_perms;
+
+# Allow camera HAL to read backlight of display
+allow hal_camera_default sysfs_leds:dir r_dir_perms;
+allow hal_camera_default sysfs_leds:file r_file_perms;
+
+# Allow camera HAL to send trace packets to Perfetto
+userdebug_or_eng(`perfetto_producer(hal_camera_default)')
+
+# Some file searches attempt to access system data and are denied.
+# This is benign and can be ignored.
+dontaudit hal_camera_default system_data_file:dir { search };
+
+# google3 prebuilts attempt to connect to the wrong trace socket, ignore them.
+dontaudit hal_camera_default traced:unix_stream_socket { connectto };
+dontaudit hal_camera_default traced_producer_socket:sock_file { write };
+
+# Allow access to always-on compute device node
+allow hal_camera_default aoc_device:chr_file rw_file_perms;
+
+# Allow the Camera HAL to acquire wakelocks
+wakelock_use(hal_camera_default)
--- a/sepolicy/whitechapel_pro/hal_contexthub.te
+++ b/sepolicy/whitechapel_pro/hal_contexthub.te
@@ -0,0 +1,3 @@
+# Allow context hub HAL to communicate with daemon via socket
+allow hal_contexthub_default chre:unix_stream_socket connectto;
+allow hal_contexthub_default chre_socket:sock_file write;
--- a/sepolicy/whitechapel_pro/hal_fastboot_default.te
+++ b/sepolicy/whitechapel_pro/hal_fastboot_default.te
@@ -0,0 +1,24 @@
+binder_use(hal_fastboot_default)
+
+# For get-off-mode charge state
+allow hal_fastboot_default devinfo_block_device:blk_file { open read };
+allow hal_fastboot_default kmsg_device:chr_file { open write };
+
+# For dev/block/by-name dir
+allow hal_fastboot_default block_device:dir r_dir_perms;
+
+allow hal_fastboot_default tmpfs:dir rw_dir_perms;
+allow hal_fastboot_default rootfs:dir r_dir_perms;
+
+# For set-brightness
+allow hal_fastboot_default sysfs_leds:dir search;
+allow hal_fastboot_default sysfs_leds:file rw_file_perms;
+allow hal_fastboot_default sysfs_leds:lnk_file read;
+
+#for fastboot -w (wiping device)
+allow hal_fastboot_default citadel_device:chr_file { rw_file_perms };
+allow hal_fastboot_default proc_bootconfig:file { rw_file_perms };
+allow hal_fastboot_default proc_cmdline:file { rw_file_perms };
+allow hal_fastboot_default st54spi_device:chr_file { rw_file_perms };
+allow hal_fastboot_default metadata_block_device:blk_file { rw_file_perms };
+allowxperm hal_fastboot_default metadata_block_device:blk_file ioctl { BLKSECDISCARD BLKDISCARD };
--- a/sepolicy/whitechapel_pro/hal_fingerprint_default.te
+++ b/sepolicy/whitechapel_pro/hal_fingerprint_default.te
@@ -0,0 +1,39 @@
+allow hal_fingerprint_default fingerprint_device:chr_file rw_file_perms;
+allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
+allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl;
+allow hal_fingerprint_default dmabuf_system_heap_device:chr_file r_file_perms;
+
+allow hal_fingerprint_default fwk_stats_service:service_manager find;
+get_prop(hal_fingerprint_default, fingerprint_ghbm_prop)
+set_prop(hal_fingerprint_default, vendor_fingerprint_prop)
+add_hwservice(hal_fingerprint_default, hal_fingerprint_ext_hwservice)
+
+# allow fingerprint to access power hal
+hal_client_domain(hal_fingerprint_default, hal_power);
+
+# Allow access to the files of CDT information.
+r_dir_file(hal_fingerprint_default, sysfs_chosen)
+
+# Allow fingerprint to access calibration blk device.
+allow hal_fingerprint_default mfg_data_block_device:blk_file rw_file_perms;
+allow hal_fingerprint_default block_device:dir search;
+
+# Allow fingerprint to access fwk_sensor_hwservice
+allow hal_fingerprint_default fwk_sensor_hwservice:hwservice_manager find;
+
+# Allow fingerprint to read sysfs_display
+allow hal_fingerprint_default sysfs_display:file r_file_perms;
+
+# Allow fingerprint to access trusty sysfs
+allow hal_fingerprint_default sysfs_trusty:file rw_file_perms;
+
+# Allow fingerprint to access display hal
+allow hal_fingerprint_default hal_pixel_display_service:service_manager find;
+binder_call(hal_fingerprint_default, hal_graphics_composer_default)
+
+# allow fingerprint to access thermal hal
+hal_client_domain(hal_fingerprint_default, hal_thermal);
+
+# allow fingerprint to read sysfs_leds
+allow hal_fingerprint_default sysfs_leds:file r_file_perms;
+allow hal_fingerprint_default sysfs_leds:dir r_dir_perms;
--- a/sepolicy/whitechapel_pro/hal_graphics_allocator_default.te
+++ b/sepolicy/whitechapel_pro/hal_graphics_allocator_default.te
@@ -0,0 +1,4 @@
+allow hal_graphics_allocator_default sensor_direct_heap_device:chr_file r_file_perms;
+allow hal_graphics_allocator_default faceauth_heap_device:chr_file r_file_perms;
+allow hal_graphics_allocator_default dmabuf_system_secure_heap_device:chr_file r_file_perms;
+allow hal_graphics_allocator_default vscaler_heap_device:chr_file r_file_perms;
--- a/sepolicy/whitechapel_pro/hal_graphics_composer_default.te
+++ b/sepolicy/whitechapel_pro/hal_graphics_composer_default.te
@@ -0,0 +1,58 @@
+# allow HWC to access power hal
+hal_client_domain(hal_graphics_composer_default, hal_power)
+
+hal_client_domain(hal_graphics_composer_default, hal_graphics_allocator)
+
+# allow HWC to access vendor_displaycolor_service
+add_service(hal_graphics_composer_default, vendor_displaycolor_service)
+
+add_service(hal_graphics_composer_default, vendor_surfaceflinger_vndservice)
+
+add_service(hal_graphics_composer_default, hal_pixel_display_service)
+
+# access sysfs R/W
+allow hal_graphics_composer_default sysfs_display:dir search;
+allow hal_graphics_composer_default sysfs_display:file rw_file_perms;
+
+userdebug_or_eng(`
+# allow HWC to access vendor log file
+    allow hal_graphics_composer_default vendor_log_file:dir create_dir_perms;
+    allow hal_graphics_composer_default vendor_log_file:file create_file_perms;
+# For HWC/libdisplaycolor to generate calibration file.
+    allow hal_graphics_composer_default persist_display_file:file create_file_perms;
+    allow hal_graphics_composer_default persist_display_file:dir rw_dir_perms;
+')
+
+# allow HWC/libdisplaycolor to read calibration data
+allow hal_graphics_composer_default mnt_vendor_file:dir search;
+allow hal_graphics_composer_default persist_file:dir search;
+allow hal_graphics_composer_default persist_display_file:file r_file_perms;
+allow hal_graphics_composer_default persist_display_file:dir search;
+
+# allow HWC to r/w backlight
+allow hal_graphics_composer_default sysfs_leds:dir r_dir_perms;
+allow hal_graphics_composer_default sysfs_leds:file rw_file_perms;
+
+# allow HWC to get vendor_persist_sys_default_prop
+get_prop(hal_graphics_composer_default, vendor_persist_sys_default_prop)
+
+# allow HWC to get/set vendor_display_prop
+set_prop(hal_graphics_composer_default, vendor_display_prop)
+
+# boot stauts prop
+get_prop(hal_graphics_composer_default, boot_status_prop);
+
+# allow HWC to output to dumpstate via pipe fd
+allow hal_graphics_composer_default hal_dumpstate_default:fifo_file { append write };
+allow hal_graphics_composer_default hal_dumpstate_default:fd use;
+
+# socket / vnd service
+allow hal_graphics_composer_default self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
+vndbinder_use(hal_graphics_composer_default)
+
+# allow HWC to get device_config_surface_flinger_native_boot_prop for adpf flags
+get_prop(hal_graphics_composer_default, device_config_surface_flinger_native_boot_prop)
+
+# allow HWC to write log file
+allow hal_graphics_composer_default vendor_hwc_log_file:dir rw_dir_perms;
+allow hal_graphics_composer_default vendor_hwc_log_file:file create_file_perms;
--- a/sepolicy/whitechapel_pro/hal_health_default.te
+++ b/sepolicy/whitechapel_pro/hal_health_default.te
@@ -0,0 +1,20 @@
+allow hal_health_default mnt_vendor_file:dir search;
+allow hal_health_default persist_file:dir search;
+allow hal_health_default persist_battery_file:file create_file_perms;
+allow hal_health_default persist_battery_file:dir rw_dir_perms;
+
+set_prop(hal_health_default, vendor_battery_defender_prop)
+set_prop(hal_health_default, vendor_shutdown_prop)
+
+# Access to /sys/devices/platform/14700000.ufs/*
+allow hal_health_default sysfs_scsi_devices_0000:dir r_dir_perms;
+allow hal_health_default sysfs_scsi_devices_0000:file rw_file_perms;
+
+allow hal_health_default fwk_stats_service:service_manager find;
+binder_use(hal_health_default)
+
+allow hal_health_default sysfs_wlc:dir search;
+allow hal_health_default sysfs_batteryinfo:file w_file_perms;
+allow hal_health_default sysfs_thermal:dir search;
+allow hal_health_default sysfs_thermal:file w_file_perms;
+allow hal_health_default thermal_link_device:dir search;
--- a/sepolicy/whitechapel_pro/hal_health_storage_default.te
+++ b/sepolicy/whitechapel_pro/hal_health_storage_default.te
@@ -0,0 +1,3 @@
+# Access to /sys/devices/platform/14700000.ufs/*
+allow hal_health_storage_default sysfs_scsi_devices_0000:dir r_dir_perms;
+allow hal_health_storage_default sysfs_scsi_devices_0000:file rw_file_perms;
--- a/sepolicy/whitechapel_pro/hal_input_processor_default.te
+++ b/sepolicy/whitechapel_pro/hal_input_processor_default.te
@@ -0,0 +1,2 @@
+# allow InputProcessor HAL to read the display resolution system property
+get_prop(hal_input_processor_default, vendor_display_prop)
--- a/sepolicy/whitechapel_pro/hal_memtrack_default.te
+++ b/sepolicy/whitechapel_pro/hal_memtrack_default.te
@@ -0,0 +1 @@
+r_dir_file(hal_memtrack_default, sysfs_gpu)
--- a/sepolicy/whitechapel_pro/hal_nfc_default.te
+++ b/sepolicy/whitechapel_pro/hal_nfc_default.te
@@ -0,0 +1,17 @@
+# NFC property
+set_prop(hal_nfc_default, vendor_nfc_prop)
+
+# SecureElement property
+set_prop(hal_nfc_default, vendor_secure_element_prop)
+
+# Modem property
+set_prop(hal_nfc_default, vendor_modem_prop)
+
+# Access uwb cal for SecureRanging Applet
+allow hal_nfc_default uwb_data_vendor:dir r_dir_perms;
+allow hal_nfc_default uwb_data_vendor:file r_file_perms;
+
+# allow nfc to read uwb calibration file
+get_prop(hal_nfc_default, vendor_uwb_calibration_prop)
+get_prop(hal_nfc_default, vendor_uwb_calibration_country_code)
+
--- a/sepolicy/whitechapel_pro/hal_power_default.te
+++ b/sepolicy/whitechapel_pro/hal_power_default.te
@@ -0,0 +1,11 @@
+allow hal_power_default sysfs_scsi_devices_0000:file rw_file_perms;
+allow hal_power_default sysfs_fs_f2fs:dir r_dir_perms;
+allow hal_power_default sysfs_fs_f2fs:file rw_file_perms;
+allow hal_power_default sysfs_display:file rw_file_perms;
+allow hal_power_default proc_vendor_sched:file r_file_perms;
+allow hal_power_default sysfs_gpu:file rw_file_perms;
+allow hal_power_default sysfs_fabric:file rw_file_perms;
+allow hal_power_default sysfs_camera:file rw_file_perms;
+allow hal_power_default sysfs_trusty:file rw_file_perms;
+allow hal_power_default sysfs_em_profile:file rw_file_perms;
+set_prop(hal_power_default, vendor_camera_prop)
--- a/sepolicy/whitechapel_pro/hal_power_stats_default.te
+++ b/sepolicy/whitechapel_pro/hal_power_stats_default.te
@@ -0,0 +1,21 @@
+# allowed to access dislay stats sysfs node
+allow hal_power_stats_default sysfs_display:file r_file_perms;
+
+r_dir_file(hal_power_stats_default, sysfs_aoc)
+r_dir_file(hal_power_stats_default, sysfs_aoc_dumpstate)
+r_dir_file(hal_power_stats_default, sysfs_acpm_stats)
+r_dir_file(hal_power_stats_default, sysfs_cpu)
+r_dir_file(hal_power_stats_default, sysfs_edgetpu)
+r_dir_file(hal_power_stats_default, sysfs_iio_devices)
+r_dir_file(hal_power_stats_default, sysfs_leds)
+r_dir_file(hal_power_stats_default, sysfs_odpm)
+r_dir_file(hal_power_stats_default, sysfs_scsi_devices_0000)
+r_dir_file(hal_power_stats_default, sysfs_wifi)
+r_dir_file(hal_power_stats_default, powerstats_vendor_data_file)
+
+# Rail selection requires read/write permissions
+allow hal_power_stats_default sysfs_odpm:dir search;
+allow hal_power_stats_default sysfs_odpm:file rw_file_perms;
+
+# getStateResidency AIDL callback for Bluetooth HAL
+binder_call(hal_power_stats_default, hal_bluetooth_btlinux)
--- a/sepolicy/whitechapel_pro/hal_radioext_default.te
+++ b/sepolicy/whitechapel_pro/hal_radioext_default.te
@@ -0,0 +1,21 @@
+type hal_radioext_default, domain;
+type hal_radioext_default_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(hal_radioext_default)
+
+hwbinder_use(hal_radioext_default)
+get_prop(hal_radioext_default, hwservicemanager_prop)
+add_hwservice(hal_radioext_default, hal_radioext_hwservice)
+
+binder_call(hal_radioext_default, grilservice_app)
+binder_call(hal_radioext_default, hal_bluetooth_btlinux)
+
+# RW /dev/oem_ipc0
+allow hal_radioext_default radio_device:chr_file rw_file_perms;
+
+# RW Freq Config files
+allow hal_radioext_default radio_vendor_data_file:dir create_dir_perms;
+allow hal_radioext_default radio_vendor_data_file:file create_file_perms;
+allow hal_radioext_default sysfs_display:file rw_file_perms;
+
+# Bluetooth
+allow hal_radioext_default hal_bluetooth_coexistence_hwservice:hwservice_manager find;
--- a/sepolicy/whitechapel_pro/hal_secure_element_gto.te
+++ b/sepolicy/whitechapel_pro/hal_secure_element_gto.te
@@ -0,0 +1,5 @@
+type hal_secure_element_gto, domain;
+type hal_secure_element_gto_exec, exec_type, vendor_file_type, file_type;
+
+hal_server_domain(hal_secure_element_gto, hal_secure_element)
+init_daemon_domain(hal_secure_element_gto)
--- a/sepolicy/whitechapel_pro/hal_secure_element_gto_ese2.te
+++ b/sepolicy/whitechapel_pro/hal_secure_element_gto_ese2.te
@@ -0,0 +1,5 @@
+type hal_secure_element_gto_ese2, domain;
+type hal_secure_element_gto_ese2_exec, exec_type, vendor_file_type, file_type;
+
+hal_server_domain(hal_secure_element_gto_ese2, hal_secure_element)
+init_daemon_domain(hal_secure_element_gto_ese2)
--- a/sepolicy/whitechapel_pro/hal_secure_element_st33spi.te
+++ b/sepolicy/whitechapel_pro/hal_secure_element_st33spi.te
@@ -0,0 +1,6 @@
+type hal_secure_element_st33spi, domain;
+hal_server_domain(hal_secure_element_st33spi, hal_secure_element)
+type hal_secure_element_st33spi_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_secure_element_st33spi)
+allow hal_secure_element_st33spi st33spi_device:chr_file rw_file_perms;
+
--- a/sepolicy/whitechapel_pro/hal_secure_element_st54spi.te
+++ b/sepolicy/whitechapel_pro/hal_secure_element_st54spi.te
@@ -0,0 +1,8 @@
+type hal_secure_element_st54spi, domain;
+hal_server_domain(hal_secure_element_st54spi, hal_secure_element)
+type hal_secure_element_st54spi_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_secure_element_st54spi)
+allow hal_secure_element_st54spi st54spi_device:chr_file rw_file_perms;
+allow hal_secure_element_st54spi nfc_device:chr_file rw_file_perms;
+set_prop(hal_secure_element_st54spi, vendor_secure_element_prop)
+
--- a/sepolicy/whitechapel_pro/hal_secure_element_uicc.te
+++ b/sepolicy/whitechapel_pro/hal_secure_element_uicc.te
@@ -0,0 +1,11 @@
+type hal_secure_element_uicc, domain;
+type hal_secure_element_uicc_exec, exec_type, vendor_file_type, file_type;
+
+hal_server_domain(hal_secure_element_uicc, hal_secure_element)
+init_daemon_domain(hal_secure_element_uicc)
+
+# Allow hal_secure_element_uicc to access rild
+binder_call(hal_secure_element_uicc, rild);
+allow hal_secure_element_uicc hal_exynos_rild_hwservice:hwservice_manager find;
+
+
--- a/sepolicy/whitechapel_pro/hal_sensors_default.te
+++ b/sepolicy/whitechapel_pro/hal_sensors_default.te
@@ -0,0 +1,87 @@
+#
+# USF sensor HAL SELinux type enforcements.
+#
+
+# Allow access to the AoC communication driver.
+allow hal_sensors_default aoc_device:chr_file rw_file_perms;
+
+# Allow access to CHRE socket to connect to nanoapps.
+allow hal_sensors_default chre:unix_stream_socket connectto;
+allow hal_sensors_default chre_socket:sock_file write;
+
+# Allow create thread to watch AOC's device.
+allow hal_sensors_default device:dir r_dir_perms;
+
+# Allow access for dynamic sensor properties.
+get_prop(hal_sensors_default, vendor_dynamic_sensor_prop)
+
+# Allow access to raw HID devices for dynamic sensors.
+allow hal_sensors_default hidraw_device:chr_file rw_file_perms;
+
+# Allow SensorSuez to connect AIDL stats.
+allow hal_sensors_default fwk_stats_service:service_manager find;
+
+# Allow reading of sensor registry persist files and camera persist files.
+allow hal_sensors_default mnt_vendor_file:dir search;
+allow hal_sensors_default persist_file:dir search;
+allow hal_sensors_default persist_file:file r_file_perms;
+allow hal_sensors_default persist_sensor_reg_file:dir r_dir_perms;
+allow hal_sensors_default persist_sensor_reg_file:file r_file_perms;
+r_dir_file(hal_sensors_default, persist_camera_file)
+
+# Allow creation and writing of sensor registry data files.
+allow hal_sensors_default sensor_reg_data_file:dir rw_dir_perms;
+allow hal_sensors_default sensor_reg_data_file:file create_file_perms;
+
+userdebug_or_eng(`
+    # Allow creation and writing of sensor debug data files.
+    allow hal_sensors_default sensor_debug_data_file:dir rw_dir_perms;
+    allow hal_sensors_default sensor_debug_data_file:file create_file_perms;
+')
+
+# Allow access to the display info for ALS.
+allow hal_sensors_default sysfs_display:file rw_file_perms;
+
+# Allow access to the sysfs_aoc.
+allow hal_sensors_default sysfs_aoc:dir search;
+allow hal_sensors_default sysfs_aoc:file r_file_perms;
+
+# Allow access for AoC properties.
+get_prop(hal_sensors_default, vendor_aoc_prop)
+
+# Allow sensor HAL to read AoC dumpstate.
+allow hal_sensors_default sysfs_aoc_dumpstate:file r_file_perms;
+
+# Allow access to the AoC clock and kernel boot time sys FS node. This is needed
+# to synchronize the AP and AoC clock timestamps.
+allow hal_sensors_default sysfs_aoc_boottime:file r_file_perms;
+
+# Allow access to the files of CDT information.
+allow hal_sensors_default sysfs_chosen:dir search;
+allow hal_sensors_default sysfs_chosen:file r_file_perms;
+
+# Allow access to sensor service for sensor_listener.
+binder_call(hal_sensors_default, system_server);
+
+# Allow sensor HAL to reset AOC.
+allow hal_sensors_default sysfs_aoc_reset:file rw_file_perms;
+
+# Allow sensor HAL to read AoC dumpstate.
+allow hal_sensors_default sysfs_aoc_dumpstate:file r_file_perms;
+
+# Allow sensor HAL to access the display service HAL
+allow hal_sensors_default hal_pixel_display_service:service_manager find;
+
+# Allow display_info_service access to the backlight driver.
+allow hal_sensors_default sysfs_leds:dir search;
+allow hal_sensors_default sysfs_leds:file r_file_perms;
+
+# Allow sensor HAL to access the graphics composer.
+binder_call(hal_sensors_default, hal_graphics_composer_default);
+
+# Allow display_info_service access to the backlight driver.
+allow hal_sensors_default sysfs_write_leds:file rw_file_perms;
+
+# Allow access to the power supply files for MagCC.
+r_dir_file(hal_sensors_default, sysfs_batteryinfo)
+allow hal_sensors_default sysfs_wlc:dir r_dir_perms;
--- a/sepolicy/whitechapel_pro/hal_thermal_default.te
+++ b/sepolicy/whitechapel_pro/hal_thermal_default.te
@@ -0,0 +1,2 @@
+r_dir_file(hal_thermal_default, sysfs_iio_devices)
+r_dir_file(hal_thermal_default, sysfs_odpm)
--- a/sepolicy/whitechapel_pro/hal_usb_gadget_impl.te
+++ b/sepolicy/whitechapel_pro/hal_usb_gadget_impl.te
@@ -0,0 +1,21 @@
+type hal_usb_gadget_impl, domain;
+hal_server_domain(hal_usb_gadget_impl, hal_usb)
+hal_server_domain(hal_usb_gadget_impl, hal_usb_gadget)
+
+type hal_usb_gadget_impl_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(hal_usb_gadget_impl)
+
+allow hal_usb_gadget_impl configfs:dir { create rmdir };
+allow hal_usb_gadget_impl functionfs:dir { watch watch_reads };
+set_prop(hal_usb_gadget_impl, vendor_usb_config_prop)
+
+# parser the number of dwc3 irq
+allow hal_usb_gadget_impl proc_interrupts:file r_file_perms;
+
+# change irq to other cores
+allow hal_usb_gadget_impl proc_irq:dir r_dir_perms;
+allow hal_usb_gadget_impl proc_irq:file w_file_perms;
+
+# allow gadget hal to search hsi2c dir and write to usb_limit_accessory_enable/current
+allow hal_usb_gadget_impl sysfs_batteryinfo:dir r_dir_perms;
+allow hal_usb_gadget_impl sysfs_batteryinfo:file rw_file_perms;
--- a/sepolicy/whitechapel_pro/hal_usb_impl.te
+++ b/sepolicy/whitechapel_pro/hal_usb_impl.te
@@ -0,0 +1,31 @@
+type hal_usb_impl, domain;
+
+type hal_usb_impl_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(hal_usb_impl)
+hal_server_domain(hal_usb_impl, hal_usb)
+hal_server_domain(hal_usb_impl, hal_usb_gadget)
+
+set_prop(hal_usb_impl, vendor_usb_config_prop)
+allow hal_usb_impl functionfs:dir { watch watch_reads };
+
+allow hal_usb_impl sysfs_batteryinfo:dir r_dir_perms;
+allow hal_usb_impl sysfs_batteryinfo:file rw_file_perms;
+
+# Needed for reporting Usb Overheat suez event through statsd
+allow hal_usb_impl fwk_stats_service:service_manager find;
+binder_call(hal_usb_impl, servicemanager)
+
+# Needed for monitoring usb port temperature
+allow hal_usb_impl self:capability2 wake_alarm;
+wakelock_use(hal_usb_impl);
+
+# For interfacing with ThermalHAL
+hal_client_domain(hal_usb_impl, hal_thermal);
+
+# For reading the usb-c throttling stats
+allow hal_usb_impl sysfs_usbc_throttling_stats:file r_file_perms;
+
+# For issuing vendor commands to USB hub via libusbhost
+allow hal_usb_impl device:dir r_dir_perms;
+allow hal_usb_impl usb_device:chr_file rw_file_perms;
+allow hal_usb_impl usb_device:dir r_dir_perms;
--- a/sepolicy/whitechapel_pro/hal_uwb_vendor.te
+++ b/sepolicy/whitechapel_pro/hal_uwb_vendor.te
@@ -0,0 +1,16 @@
+# HwBinder IPC from client to server
+binder_call(hal_uwb_vendor_client, hal_uwb_vendor_server)
+binder_call(hal_uwb_vendor_server, hal_uwb_vendor_client)
+
+hal_attribute_service(hal_uwb_vendor, hal_uwb_vendor_service)
+
+binder_call(hal_uwb_vendor_server, servicemanager)
+
+# allow hal_uwb_vendor to set wpan interfaces up and down
+allow hal_uwb_vendor self:udp_socket create_socket_perms;
+allowxperm hal_uwb_vendor self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFHWADDR SIOCETHTOOL };
+# TODO(b/190461440): Find a long term solution for this.
+allow hal_uwb_vendor self:global_capability_class_set { net_admin };
+
+# allow hal_uwb_vendor to speak to nl802154 in the kernel
+allow hal_uwb_vendor self:netlink_generic_socket create_socket_perms_no_ioctl;
--- a/sepolicy/whitechapel_pro/hal_uwb_vendor_default.te
+++ b/sepolicy/whitechapel_pro/hal_uwb_vendor_default.te
@@ -0,0 +1,14 @@
+type hal_uwb_vendor_default, domain;
+type hal_uwb_vendor_default_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(hal_uwb_vendor_default)
+
+hal_server_domain(hal_uwb_vendor_default, hal_uwb)
+add_service(hal_uwb_vendor_default, hal_uwb_vendor_service)
+
+hal_server_domain(hal_uwb_vendor_default, hal_uwb_vendor)
+binder_call(hal_uwb_vendor_default, uwb_vendor_app)
+
+allow hal_uwb_vendor_default uwb_data_vendor:dir create_dir_perms;
+allow hal_uwb_vendor_default uwb_data_vendor:file create_file_perms;
+
+get_prop(hal_uwb_vendor_default, vendor_uwb_calibration_prop)
--- a/sepolicy/whitechapel_pro/hal_wifi_ext.te
+++ b/sepolicy/whitechapel_pro/hal_wifi_ext.te
@@ -0,0 +1,9 @@
+# Allow wifi_ext to report callbacks to gril-service app
+binder_call(hal_wifi_ext, grilservice_app)
+
+# Write wlan driver/fw version into property
+set_prop(hal_wifi_ext, vendor_wifi_version)
+
+# Allow wifi_ext to read and write /data/vendor/firmware/wifi
+allow hal_wifi_ext updated_wifi_firmware_data_file:dir rw_dir_perms;
+allow hal_wifi_ext updated_wifi_firmware_data_file:file create_file_perms;
--- a/sepolicy/whitechapel_pro/hal_wireless_charger.te
+++ b/sepolicy/whitechapel_pro/hal_wireless_charger.te
@@ -0,0 +1,2 @@
+type hal_wireless_charger, domain;
+type hal_wireless_charger_exec, exec_type, vendor_file_type, file_type;
--- a/sepolicy/whitechapel_pro/hal_wlc.te
+++ b/sepolicy/whitechapel_pro/hal_wlc.te
@@ -0,0 +1,14 @@
+type hal_wlc, domain;
+type hal_wlc_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(hal_wlc)
+hwbinder_use(hal_wlc)
+add_hwservice(hal_wlc, hal_wlc_hwservice)
+get_prop(hal_wlc, hwservicemanager_prop)
+
+r_dir_file(hal_wlc, sysfs_batteryinfo)
+
+allow hal_wlc self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
+
+binder_call(hal_wlc, platform_app)
+binder_call(hal_wlc, system_app)
--- a/sepolicy/whitechapel_pro/hbmsvmanager_app.te
+++ b/sepolicy/whitechapel_pro/hbmsvmanager_app.te
@@ -0,0 +1,14 @@
+type hbmsvmanager_app, domain, coredomain;
+
+app_domain(hbmsvmanager_app);
+
+allow hbmsvmanager_app proc_vendor_sched:dir r_dir_perms;
+allow hbmsvmanager_app proc_vendor_sched:file w_file_perms;
+
+allow hbmsvmanager_app hal_pixel_display_service:service_manager find;
+binder_call(hbmsvmanager_app, hal_graphics_composer_default)
+
+# Standard system services
+allow hbmsvmanager_app app_api_service:service_manager find;
+
+allow hbmsvmanager_app cameraserver_service:service_manager find;
--- a/sepolicy/whitechapel_pro/hwservice.te
+++ b/sepolicy/whitechapel_pro/hwservice.te
@@ -0,0 +1,15 @@
+# dmd servcie
+type hal_vendor_oem_hwservice, hwservice_manager_type;
+
+# GRIL service
+type hal_radioext_hwservice, hwservice_manager_type;
+
+# WLC
+type hal_wlc_hwservice, hwservice_manager_type;
+
+# rild service
+type hal_exynos_rild_hwservice, hwservice_manager_type;
+
+# Fingerprint
+type hal_fingerprint_ext_hwservice, hwservice_manager_type;
+
--- a/sepolicy/whitechapel_pro/hwservice_contexts
+++ b/sepolicy/whitechapel_pro/hwservice_contexts
@@ -0,0 +1,14 @@
+# dmd HAL
+vendor.samsung_slsi.telephony.hardware.oemservice::IOemService                     u:object_r:hal_vendor_oem_hwservice:s0
+
+# Fingerprint
+vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemon            u:object_r:hal_fingerprint_ext_hwservice:s0
+
+# Wireless charger hal
+vendor.google.wireless_charger::IWirelessCharger                                   u:object_r:hal_wlc_hwservice:s0
+
+# rild HAL
+vendor.samsung_slsi.telephony.hardware.radioExternal::IOemSlsiRadioExternal        u:object_r:hal_exynos_rild_hwservice:s0
+
+# GRIL HAL
+vendor.google.radioext::IRadioExt                                                  u:object_r:hal_radioext_hwservice:s0
--- a/sepolicy/whitechapel_pro/hwservicemanager.te
+++ b/sepolicy/whitechapel_pro/hwservicemanager.te
@@ -0,0 +1 @@
+binder_call(hwservicemanager, bipchmgr)
--- a/sepolicy/whitechapel_pro/incident.te
+++ b/sepolicy/whitechapel_pro/incident.te
@@ -0,0 +1,4 @@
+userdebug_or_eng(`
+  allow incident logger_app:fd use;
+  allow incident media_rw_data_file:file append;
+')
--- a/sepolicy/whitechapel_pro/init-display-sh.te
+++ b/sepolicy/whitechapel_pro/init-display-sh.te
@@ -0,0 +1,10 @@
+type init-display-sh, domain;
+type init-display-sh_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(init-display-sh)
+
+allow init-display-sh self:capability sys_module;
+allow init-display-sh vendor_kernel_modules:system module_load;
+allow init-display-sh vendor_toolbox_exec:file execute_no_trans;
+
+dontaudit init-display-sh proc_cmdline:file r_file_perms;
+
--- a/sepolicy/whitechapel_pro/init.te
+++ b/sepolicy/whitechapel_pro/init.te
@@ -0,0 +1,21 @@
+allow init modem_img_file:dir mounton;
+allow init mnt_vendor_file:dir mounton;
+allow init modem_img_file:filesystem { getattr mount relabelfrom };
+allow init custom_ab_block_device:lnk_file relabelto;
+
+# This is needed for chaining a boot partition vbmeta
+# descriptor, where init will probe the boot partition
+# to read the chained vbmeta in the first-stage, then
+# relabel /dev/block/by-name/boot_[a|b] to block_device
+# after loading sepolicy in the second stage.
+allow init boot_block_device:lnk_file relabelto;
+
+allow init persist_file:dir mounton;
+allow init modem_efs_file:dir mounton;
+allow init modem_userdata_file:dir mounton;
+allow init ram_device:blk_file w_file_perms;
+allow init sysfs_scsi_devices_0000:file w_file_perms;
+
+# Workaround for b/193113005 that modem_img unlabeled after disable-verity
+dontaudit init overlayfs_file:file rename;
+dontaudit init overlayfs_file:chr_file unlink;
--- a/Show More
+++ b/Show More
				`@@ -0,0 +1 @@`
				`/vendor/bin/hw/android\.hardware\.health-service\.gs201 u:object_r:hal_health_default_exec:s0`
				`@@ -0,0 +1 @@`
				`telephony.oem.oemrilhook u:object_r:radio_service:s0`
				`@@ -0,0 +1 @@`
				`allow bootdevice_sysdev sysfs:filesystem associate;`
				`@@ -0,0 +1 @@`
				`r_dir_file(hal_memtrack_default, sysfs_gpu)`