From 2d76a6ac6119493b66e2b72211586810804a82ab Mon Sep 17 00:00:00 2001
From: Max Bires <jbires@google.com>
Date: Tue, 16 May 2017 14:56:38 -0700
Subject: [PATCH 1/3] Adding vndbinder_use statements to support the new
 qualcomm patches

Leaving in the binder call until I can independently verify that none of
these domains are running anything through binder, and if they are then
file bug reports on it.

Some of these domains don't seem to use the transfer/call permissions,
so refraining from adding the full vndbinder_use statement until those
are apparent

Denials:

denied { getattr } for pid=556 comm="vndservicemanag"
scontext=u:r:vndservicemanager:s0 tcontext=u:r:hal_gnss_qti:s0
tclass=process

denied { open } for pid=556 comm="vndservicemanag"
path="/proc/744/attr/current" dev="proc" ino=25957
scontext=u:r:vndservicemanager:s0 tcontext=u:r:hal_gnss_qti:s0
tclass=file

denied { read } for pid=556 comm="vndservicemanag" name="current"
dev="proc" ino=25957 scontext=u:r:vndservicemanager:s0
tcontext=u:r:hal_gnss_qti:s0 tclass=file

denied { call } for pid=744 comm="Loc_hal" scontext=u:r:hal_gnss_qti:s0
tcontext=u:r:vndservicemanager:s0 tclass=binder

denied { ioctl open read write } for pid=744 comm="Loc_hal"
path="/dev/vndbinder" dev="tmpfs" ino=19167 ioctlcmd=6209
scontext=u:r:hal_gnss_qti:s0 tcontext=u:object_r:vndbinder_device:s0
tclass=chr_file

denied { ioctl } for pid=770 comm="Binder:770_2" path="/dev/vndbinder"
dev="tmpfs" ino=19167 ioctlcmd=6201 scontext=u:r:per_mgr:s0
tcontext=u:object_r:vndbinder_device:s0 tclass=chr_file

denied { getattr } for pid=556 comm="vndservicemanag"
scontext=u:r:vndservicemanager:s0 tcontext=u:r:per_mgr:s0 tclass=process

denied { open } for pid=556 comm="vndservicemanag"
path="/proc/770/attr/current" dev="proc" ino=24336
scontext=u:r:vndservicemanager:s0 tcontext=u:r:per_mgr:s0 tclass=file

denied { read } for pid=556 comm="vndservicemanag" name="current"
dev="proc" ino=24336 scontext=u:r:vndservicemanager:s0
tcontext=u:r:per_mgr:s0 tclass=file

denied { search } for pid=556 comm="vndservicemanag" name="770"
dev="proc" ino=8315 scontext=u:r:vndservicemanager:s0
tcontext=u:r:per_mgr:s0 tclass=dir

denied { transfer } for pid=770 comm="pm-service"
scontext=u:r:per_mgr:s0 tcontext=u:r:vndservicemanager:s0 tclass=binder

denied { call } for pid=770 comm="pm-service" scontext=u:r:per_mgr:s0
tcontext=u:r:vndservicemanager:s0 tclass=binder

denied { ioctl open read write } for pid=770 comm="pm-service"
path="/dev/vndbinder" dev="tmpfs" ino=19167 ioctlcmd=6209
scontext=u:r:per_mgr:s0 tcontext=u:object_r:vndbinder_device:s0
tclass=chr_file

denied { read write } for pid=886 comm="cnss-daemon" name="vndbinder"
dev="tmpfs" ino=19167 scontext=u:r:wcnss_service:s0
tcontext=u:object_r:vndbinder_device:s0 tclass=chr_file

denied { ioctl } for pid=886 comm="cnss-daemon" path="/dev/vndbinder"
dev="tmpfs" ino=19167 ioctlcmd=6201 scontext=u:r:wcnss_service:s0
tcontext=u:object_r:vndbinder_device:s0 tclass=chr_file

denied { ioctl } for pid=875 comm="rild" path="/dev/vndbinder"
dev="tmpfs" ino=19167 ioctlcmd=6201 scontext=u:r:rild:s0
tcontext=u:object_r:vndbinder_device:s0 tclass=chr_file

denied { ioctl open read write } for pid=853 comm="pm-proxy"
name="vndbinder" dev="tmpfs" ino=19167 scontext=u:r:per_proxy:s0
tcontext=u:object_r:vndbinder_device:s0 tclass=chr_file

denied { call } for pid=853 comm="pm-proxy" scontext=u:r:per_proxy:s0
tcontext=u:r:vndservicemanager:s0 tclass=binder

denied { search } for pid=556 comm="vndservicemanag" name="853"
dev="proc" ino=28401 scontext=u:r:vndservicemanager:s0
tcontext=u:r:per_proxy:s0 tclass=dir

denied { read } for pid=556 comm="vndservicemanag" name="current"
dev="proc" ino=28421 scontext=u:r:vndservicemanager:s0
tcontext=u:r:per_proxy:s0 tclass=file

denied { open } for pid=556 comm="vndservicemanag"
path="/proc/853/attr/current" dev="proc" ino=28421
scontext=u:r:vndservicemanager:s0 tcontext=u:r:per_proxy:s0 tclass=file

denied { getattr } for pid=556 comm="vndservicemanag"
scontext=u:r:vndservicemanager:s0 tcontext=u:r:per_proxy:s0
tclass=process

denied  { add } for interface=vendor.qti.qcril.am::IQcRilAudio pid=875
scontext=u:r:rild:s0 tcontext=u:object_r:default_android_hwservice:s0
tclass=hwservice_manager

denied  { find } for service=vendor.qcom.PeripheralManager pid=774
uid=1001 scontext=u:r:rild:s0
tcontext=u:object_r:default_android_vndservice:s0 tclass=service_manager

denied { call } for pid=792 comm="cnss-daemon"
scontext=u:r:wcnss_service:s0 tcontext=u:r:vndservicemanager:s0
tclass=binder

denied { read write } for pid=1197 comm="rild" name="vndbinder"
dev="tmpfs" ino=19957 scontext=u:r:rild:s0
tcontext=u:object_r:vndbinder_device:s0 tclass=chr_file

denied { call } for pid=773 comm="rild" scontext=u:r:rild:s0
tcontext=u:r:vndservicemanager:s0 tclass=binder

Bug: 34784662
Test: vndbinder functionality for these domains is working
Change-Id: Ife7d4b4734ab4aca1d314b1b6cbac3203b216adc
---
 sepolicy/hal_gnss_qti.te     | 2 ++
 sepolicy/hwservice_contexts  | 3 ++-
 sepolicy/per_mgr.te          | 2 ++
 sepolicy/per_proxy.te        | 2 ++
 sepolicy/rild.te             | 2 ++
 sepolicy/service.te          | 1 -
 sepolicy/service_contexts    | 1 -
 sepolicy/system_server.te    | 1 -
 sepolicy/vndservice.te       | 1 +
 sepolicy/vndservice_contexts | 1 +
 sepolicy/wcnss_service.te    | 2 ++
 11 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/sepolicy/hal_gnss_qti.te b/sepolicy/hal_gnss_qti.te
index 79d3ad55..0bbca1b4 100644
--- a/sepolicy/hal_gnss_qti.te
+++ b/sepolicy/hal_gnss_qti.te
@@ -6,6 +6,8 @@ init_daemon_domain(hal_gnss_qti)
 
 r_dir_file(hal_gnss_qti, sysfs_msm_subsys)
 
+vndbinder_use(hal_gnss_qti)
+
 allow hal_gnss_qti sysfs_soc:dir search;
 allow hal_gnss_qti sysfs_soc:file r_file_perms;
 
diff --git a/sepolicy/hwservice_contexts b/sepolicy/hwservice_contexts
index 9dc4a366..1c0860b5 100644
--- a/sepolicy/hwservice_contexts
+++ b/sepolicy/hwservice_contexts
@@ -1,3 +1,4 @@
 com.qualcomm.qti.ims.radio::IImsRadio                           u:object_r:vnd_ims_radio_hwservice:s0
 com.qualcomm.qti.qcril.qcrilhook::IQtiOemHook                   u:object_r:vnd_qcrilhook_hwservice:s0
-com.qualcomm.qti.uceservice::IUceService                        u:object_r:vnd_uce_hwservice:s0
\ No newline at end of file
+com.qualcomm.qti.uceservice::IUceService                        u:object_r:vnd_uce_hwservice:s0
+vendor.qti.qcril.am::IQcRilAudio                                u:object_r:vnd_qcrilhook_hwservice:s0
diff --git a/sepolicy/per_mgr.te b/sepolicy/per_mgr.te
index 83c40df7..4c87c2ca 100644
--- a/sepolicy/per_mgr.te
+++ b/sepolicy/per_mgr.te
@@ -6,6 +6,8 @@ init_daemon_domain(per_mgr);
 
 add_service(per_mgr, per_mgr_service)
 
+vndbinder_use(per_mgr)
+
 # TODO(b/36570300): Remove this once per_mgr stops using Binder
 typeattribute per_mgr binder_in_vendor_violators;
 binder_use(per_mgr)
diff --git a/sepolicy/per_proxy.te b/sepolicy/per_proxy.te
index afdf63d8..dd34a184 100644
--- a/sepolicy/per_proxy.te
+++ b/sepolicy/per_proxy.te
@@ -7,6 +7,8 @@ init_daemon_domain(per_proxy)
 allow per_proxy per_mgr_service:service_manager find;
 r_dir_file(per_proxy, sysfs_type)
 
+vndbinder_use(per_proxy)
+
 # TODO(b/36570130): Remove this once per_proxy stops using Binder
 typeattribute per_proxy binder_in_vendor_violators;
 binder_use(per_proxy)
diff --git a/sepolicy/rild.te b/sepolicy/rild.te
index d9b19882..2e109996 100644
--- a/sepolicy/rild.te
+++ b/sepolicy/rild.te
@@ -4,6 +4,8 @@ binder_use(rild)
 binder_call(rild, per_mgr)
 binder_call(rild, audioserver)
 
+vndbinder_use(rild)
+
 allow rild qmuxd_socket:dir w_dir_perms;
 allow rild qmuxd_socket:sock_file create_file_perms;
 
diff --git a/sepolicy/service.te b/sepolicy/service.te
index bbf51dde..5e9b4c13 100644
--- a/sepolicy/service.te
+++ b/sepolicy/service.te
@@ -1,4 +1,3 @@
-type per_mgr_service,             service_manager_type;
 type cne_service,                 service_manager_type;
 type uce_service,                 service_manager_type;
 type imsuce_service,              service_manager_type;
diff --git a/sepolicy/service_contexts b/sepolicy/service_contexts
index b5cae855..ac1da934 100644
--- a/sepolicy/service_contexts
+++ b/sepolicy/service_contexts
@@ -1,4 +1,3 @@
-vendor.qcom.PeripheralManager                        u:object_r:per_mgr_service:s0
 rcs                                                  u:object_r:radio_service:s0
 cneservice                                           u:object_r:cne_service:s0
 com.fingerprints.extension.IFingerprintNavigation    u:object_r:fingerprint_service:s0
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
index cd3190f4..886b1cd9 100644
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@@ -6,7 +6,6 @@ binder_call(system_server, per_mgr)
 binder_call(system_server, folio_daemon)
 
 binder_call(system_server, hal_camera_default)
-allow system_server per_mgr_service:service_manager find;
 
 # TODO(b/36613917): Remove this once system_server no longer communicates with netmgrd over sockets.
 typeattribute netmgrd socket_between_core_and_vendor_violators;
diff --git a/sepolicy/vndservice.te b/sepolicy/vndservice.te
index 10354f2a..44c45ca5 100644
--- a/sepolicy/vndservice.te
+++ b/sepolicy/vndservice.te
@@ -1 +1,2 @@
 type qdisplay_service,             vndservice_manager_type;
+type per_mgr_service,              vndservice_manager_type;
diff --git a/sepolicy/vndservice_contexts b/sepolicy/vndservice_contexts
index b7e4bd9d..1db4aa0c 100644
--- a/sepolicy/vndservice_contexts
+++ b/sepolicy/vndservice_contexts
@@ -1 +1,2 @@
 display.qservice                        u:object_r:qdisplay_service:s0
+vendor.qcom.PeripheralManager           u:object_r:per_mgr_service:s0
diff --git a/sepolicy/wcnss_service.te b/sepolicy/wcnss_service.te
index f79bd5d7..8f4a8d74 100644
--- a/sepolicy/wcnss_service.te
+++ b/sepolicy/wcnss_service.te
@@ -4,6 +4,8 @@ type wcnss_service_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(wcnss_service)
 net_domain(wcnss_service)
 
+vndbinder_use(wcnss_service)
+
 # TODO(b/36599434): Remove this once wcnss_service stops using Binder services
 typeattribute wcnss_service binder_in_vendor_violators;
 binder_use(wcnss_service)

From 4e79aefebc57869df0c9476bdb8d77f072c3db75 Mon Sep 17 00:00:00 2001
From: Wileen Chiu <wileenc@codeaurora.org>
Date: Mon, 1 May 2017 17:57:25 -0700
Subject: [PATCH 2/3] Fix in-call audio issue

Update instance name of QcRilAudio HAL.
Mutliple (one per SIM) instances of
QcRilAudio HAL is required.

Change-Id: Ied34684509f1db37727880116bab785fddaaded3
---
 manifest.xml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/manifest.xml b/manifest.xml
index 8f2e6221..7243cc19 100644
--- a/manifest.xml
+++ b/manifest.xml
@@ -288,4 +288,14 @@
             <instance>default</instance>
         </interface>
     </hal>
+    <hal format="hidl">
+        <name>vendor.qti.qcril.am</name>
+        <transport>hwbinder</transport>
+        <version>1.0</version>
+        <interface>
+            <name>IQcRilAudio</name>
+            <instance>slot1</instance>
+            <instance>slot2</instance>
+        </interface>
+    </hal>
 </manifest>

From ae03bcef3cf9c17b94542fbbaeaace9cf9022d1d Mon Sep 17 00:00:00 2001
From: Sooraj Sasindran <sasindran@google.com>
Date: Wed, 17 May 2017 21:31:17 -0700
Subject: [PATCH 3/3] Enable IRTPService

Enable IRTPService

Change-Id: I37dd0e10ff082cae8e32fdedb77774adc9f21af5
---
 manifest.xml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/manifest.xml b/manifest.xml
index 7243cc19..f529a7c8 100644
--- a/manifest.xml
+++ b/manifest.xml
@@ -298,4 +298,15 @@
             <instance>slot2</instance>
         </interface>
     </hal>
+    <!-- IMS RTP Service -->
+    <hal format="hidl">
+        <name>com.qualcomm.qti.imsrtpservice</name>
+        <transport>hwbinder</transport>
+        <impl level="generic"></impl>
+        <version>1.0</version>
+        <interface>
+            <name>IRTPService</name>
+            <instance>rtpservice0</instance>
+        </interface>
+    </hal>
 </manifest>