Merge Android U (ab/10368041)

Bug: 291102124
Merged-In: Ie1bb2b3ef049978fe782a0bc997556c7d9fdef07
Change-Id: I695299ffd51ac7fce8b49d33705cd24a1582187b

vendor/google/e2fs.te

@@ -0,0 +1,2 @@
+allow e2fs sysfs_scsi_devices_0000:dir r_dir_perms;
+allow e2fs sysfs_scsi_devices_0000:file r_file_perms;

vendor/google/file.te

@@ -12,7 +12,6 @@ type sysfs_touch, sysfs_type, fs_type;
 type sysfs_power_stats_ignore, sysfs_type, fs_type;
 type sysfs_camera, sysfs_type, fs_type;
 type sysfs_pixelstats, fs_type, sysfs_type;
-type sysfs_wlc, sysfs_type, fs_type;
 type sysfs_pstore, sysfs_type, fs_type;
 type debugfs_f2fs, debugfs_type, fs_type;
 type proc_f2fs, proc_type, fs_type;
@@ -50,3 +49,5 @@ type updated_wifi_firmware_data_file, file_type, data_file_type;
 # Firmware mount
 type firmware_file, file_type, contextmount_type, vendor_file_type;
 allow firmware_file self:filesystem associate;
+
+type sysfs_wlc, sysfs_type, fs_type;

vendor/google/fsck.te

@@ -1 +1,3 @@
 allow fsck persist_block_device:blk_file rw_file_perms;
+allow fsck sysfs_scsi_devices_0000:dir r_dir_perms;
+allow fsck sysfs_scsi_devices_0000:file r_file_perms;

vendor/google/genfs_contexts

@@ -94,7 +94,6 @@ genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.q
 genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm7250b@2:qcom,qpnp-smb5/power_supply              u:object_r:sysfs_batteryinfo:s0
 genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm7250b@2:qcom,usb-pdphy@1700/usbpd0/power_supply  u:object_r:sysfs_batteryinfo:s0
 genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm7250b@2:google,bms/power_supply                  u:object_r:sysfs_batteryinfo:s0
-genfscon sysfs /devices/platform/soc/98c000.i2c/i2c-1/1-003b                    u:object_r:sysfs_wlc:s0
 genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm7250b@2:qpnp,qg/power_supply                     u:object_r:sysfs_batteryinfo:s0
 genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm7250b@2:qcom,qpnp-smb5/power_supply              u:object_r:sysfs_batteryinfo:s0
 genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm7250b@2:qcom,usb-pdphy@1700/usbpd0/power_supply  u:object_r:sysfs_batteryinfo:s0

vendor/google/hal_health_default.te

@@ -1,5 +1,4 @@
 r_dir_file(hal_health_default, sysfs_scsi_devices_0000)
-r_dir_file(hal_health_default, sysfs_wlc)
 set_prop(hal_health_default, vendor_shutdown_prop)
 set_prop(hal_health_default, vendor_battery_defender_prop)
 
@@ -7,7 +6,6 @@ allow hal_health_default fwk_stats_hwservice:hwservice_manager find;
 allow hal_health_default fwk_stats_service:service_manager find;
 binder_use(hal_health_default)
 
-allow hal_health_default sysfs_wlc:dir r_dir_perms;
 allow hal_health_default sysfs_thermal:dir r_dir_perms;
 allow hal_health_default sysfs_thermal:file rw_file_perms;
 allow hal_health_default persist_file:dir search;

vendor/google/hal_wireless_charger.te

@@ -0,0 +1,8 @@
+type hal_wireless_charger, domain;
+type hal_wireless_charger_exec, exec_type, vendor_file_type, file_type;
+
+# QCOM device only
+allow hal_wireless_charger sysfs_chargelevel:file rw_file_perms;
+
+allow hal_wlc sysfs_wlc:dir r_dir_perms;
+allow hal_wlc sysfs_wlc:file rw_file_perms;

vendor/google/hal_wlc.te

@@ -9,7 +9,5 @@ get_prop(hal_wlc, hwservicemanager_prop)
 
 # Allow access to /sys/class/power_supply/wireless
 r_dir_file(hal_wlc, sysfs_batteryinfo)
-allow hal_wlc sysfs_wlc:dir r_dir_perms;
-allow hal_wlc sysfs_wlc:file rw_file_perms;
 
 allow hal_wlc self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;

vendor/google/platform_app.te

@@ -8,3 +8,6 @@ allow platform_app nfc_service:service_manager find;
 
 allow platform_app fwk_stats_service:service_manager find;
 binder_use(platform_app)
+
+allow platform_app hal_wireless_charger_service:service_manager find;
+binder_call(platform_app, hal_wireless_charger)

vendor/google/service.te

@@ -1,2 +1,4 @@
 type hal_pixel_display_service, service_manager_type, hal_service_type;
 type hal_wifi_ext_service, service_manager_type, hal_service_type;
+
+type hal_wireless_charger_service, hal_service_type, protected_service, service_manager_type;

vendor/google/service_contexts

@@ -1,3 +1,5 @@
 android.hardware.drm.IDrmFactory/widevine    u:object_r:hal_drm_service:s0
 com.google.hardware.pixel.display.IDisplay/default                            u:object_r:hal_pixel_display_service:s0
 vendor.google.wifi_ext.IWifiExt/default                                       u:object_r:hal_wifi_ext_service:s0
+
+vendor.google.wireless_charger.IWirelessCharger/default                      u:object_r:hal_wireless_charger_service:s0

vendor/google/system_app.te

@@ -2,4 +2,7 @@ allow system_app hal_wlc_hwservice:hwservice_manager find;
 binder_call(system_app, hal_wlc)
 binder_call(hal_wlc, system_app)
 
-allow system_app fwk_stats_hwservice:hwservice_manager find;
+allow system_app fwk_stats_hwservice:hwservice_manager find;
+
+allow system_app hal_wireless_charger_service:service_manager find;
+binder_call(system_app, hal_wireless_charger)

vendor/qcom/common/file_contexts

@@ -53,7 +53,7 @@
 /(vendor|system/vendor)/bin/ssr_diag            u:object_r:vendor_ssr_diag_exec:s0
 /(vendor|system/vendor)/bin/hw/qcrild           u:object_r:rild_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.drm@[0-9]+\.[0-9]+-(service|service-lazy)\.clearkey    u:object_r:hal_drm_clearkey_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.drm(@[0-9]+\.[0-9]+)?-(service|service-lazy)\.widevine    u:object_r:hal_drm_widevine_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.drm(@[0-9]+\.[0-9]+)?-(service|service-lazy)\.widevine(-v17)?    u:object_r:hal_drm_widevine_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.gnss@.*-service-qti u:object_r:hal_gnss_qti_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.qti\.gnss@.*-service u:object_r:hal_gnss_qti_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.0-service-qti  u:object_r:hal_bluetooth_default_exec:s0

vendor/qcom/common/qtelephony.te

@@ -2,8 +2,6 @@
 type qtelephony, domain;
 app_domain(qtelephony)
 
-add_hwservice(qtelephony, vnd_atcmdfwd_hwservice)
-
 allow qtelephony app_api_service:service_manager find;
 allow qtelephony hal_imsrtp_hwservice:hwservice_manager find;
 allow qtelephony hal_telephony_service:service_manager find;
@@ -28,3 +26,6 @@ set_prop(qtelephony, vendor_qcom_ims_prop)
 userdebug_or_eng(`
     allow qtelephony diag_device:chr_file rw_file_perms;
 ')
+
+# b/265255811#comment26 Ignore access AIDL as we freezed target for HIDL
+dontaudit qtelephony default_android_service:service_manager { find };

vendor/qcom/common/radio.te

@@ -4,6 +4,9 @@ binder_call(radio, hal_rcsservice)
 allow radio hal_imsrtp_hwservice:hwservice_manager find;
 
 allow radio mediaextractor_service:service_manager find;
+
+add_hwservice(radio, vnd_atcmdfwd_hwservice)
+
 userdebug_or_eng(`
   allow radio diag_device:chr_file rw_file_perms;
 ')

vendor/qcom/common/service_contexts

@@ -1,3 +1,10 @@
 vendor.qti.hardware.radio.ims.IImsRadio/default        u:object_r:hal_telephony_service:s0
 vendor.qti.hardware.radio.ims.IImsRadio/imsradio0         u:object_r:hal_telephony_service:s0
 vendor.qti.hardware.radio.ims.IImsRadio/imsradio1         u:object_r:hal_telephony_service:s0
+vendor.qti.hardware.radio.am.IQcRilAudio/slot1            u:object_r:hal_telephony_service:s0
+vendor.qti.hardware.radio.am.IQcRilAudio/slot2            u:object_r:hal_telephony_service:s0
+vendor.qti.hardware.radio.qcrilhook.IQtiOemHook/oemhook0  u:object_r:radio_service:s0
+vendor.qti.hardware.radio.qcrilhook.IQtiOemHook/oemhook1  u:object_r:radio_service:s0
+
+vendor.qti.hardware.radio.atcmdfwd.IAtCmdFwd/AtCmdFwdAidl u:object_r:radio_service:s0
+vendor.qti.hardware.radio.atfwd.IAtFwd/AtFwdAidl          u:object_r:radio_service:s0