From f41bb34dedd79b374a3a38eebd4b3e8fb9d6e2a5 Mon Sep 17 00:00:00 2001
From: klinesjiang <klinesjiang@google.com>
Date: Mon, 3 Jun 2019 18:13:50 +0800
Subject: [PATCH 1/9] Add sepolicy for RamdumpService to access property
 sys.boot.reason on Pixel 2

Denied pattern is:
avc: denied { read } for name="u:object_r:system_boot_reason_prop:s0" dev="tmpfs" ino=21223 scontext=u:r:ramdump_app:s0:c206,c256,c512,c768 tcontext=u:object_r:system_boot_reason_prop:s0 tclass=file permissive=0

Bug: 132220248

Change-Id: Id391450303a19b14a77ae564a0b79606f9c984fc
---
 sepolicy/vendor/ramdump_app.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sepolicy/vendor/ramdump_app.te b/sepolicy/vendor/ramdump_app.te
index ed9bf33b..af710d68 100644
--- a/sepolicy/vendor/ramdump_app.te
+++ b/sepolicy/vendor/ramdump_app.te
@@ -11,4 +11,5 @@ userdebug_or_eng(`
 
   set_prop(ramdump_app, vendor_ramdump_prop);
   get_prop(system_app, vendor_ssr_prop)
+  get_prop(ramdump_app, system_boot_reason_prop)
 ')

From 7caa0ca4339503e83cfabd25e443e4c8789ab5ef Mon Sep 17 00:00:00 2001
From: Rick Yiu <rickyiu@google.com>
Date: Fri, 14 Jun 2019 16:37:41 +0800
Subject: [PATCH 2/9] Fix avc denied to dump some useful hals for user build.

To get thermal/power/power_stats hals debug info in user build.

Bug: 134545528
Test: tested in userdebug with dumpstate.unroot set to true
Change-Id: I5594bb7b1a444529c6c4fa0e566b9aeca9792fb4
---
 sepolicy/public/te_macros    | 9 +++++++++
 sepolicy/vendor/dumpstate.te | 4 ++++
 2 files changed, 13 insertions(+)
 create mode 100644 sepolicy/public/te_macros

diff --git a/sepolicy/public/te_macros b/sepolicy/public/te_macros
new file mode 100644
index 00000000..701ef555
--- /dev/null
+++ b/sepolicy/public/te_macros
@@ -0,0 +1,9 @@
+###########################################
+# dump_hal(hal_type)
+# Ability to dump the hal debug info
+#
+define(`dump_hal', `
+  hal_client_domain(dumpstate, $1);
+  allow $1_server dumpstate:fifo_file write;
+  allow $1_server dumpstate:fd use;
+')
diff --git a/sepolicy/vendor/dumpstate.te b/sepolicy/vendor/dumpstate.te
index faa81a65..a0a8af40 100644
--- a/sepolicy/vendor/dumpstate.te
+++ b/sepolicy/vendor/dumpstate.te
@@ -1,3 +1,7 @@
+dump_hal(hal_thermal)
+dump_hal(hal_power)
+dump_hal(hal_power_stats)
+
 userdebug_or_eng(`
   allow dumpstate proc_modules:file r_file_perms;
   allow dumpstate proc_stat:file r_file_perms;

From a7e7c11e77781d3c57e1ddea7c63840b5d456bed Mon Sep 17 00:00:00 2001
From: Benjamin Schwartz <bsschwar@google.com>
Date: Fri, 21 Jun 2019 17:08:23 -0700
Subject: [PATCH 3/9] LowPowerMonitor: Enable Interactive bugreports

Bug: 118192245
Test: Configured LPM to trigger a bug report and verified that it is a
full bug report.

Change-Id: I5f820b1e140cfd690bc5eaac75bb74dc4476d70e
---
 sepolicy/vendor/con_monitor.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sepolicy/vendor/con_monitor.te b/sepolicy/vendor/con_monitor.te
index e1ba346c..eeb6bf5e 100644
--- a/sepolicy/vendor/con_monitor.te
+++ b/sepolicy/vendor/con_monitor.te
@@ -4,6 +4,7 @@ type con_monitor_app, domain;
 app_domain(con_monitor_app)
 
 set_prop(con_monitor_app, radio_prop)
+userdebug_or_eng(`set_prop(con_monitor_app, dumpstate_options_prop)')
 allow con_monitor_app app_api_service:service_manager find;
 allow con_monitor_app radio_vendor_data_file:dir rw_dir_perms;
 allow con_monitor_app radio_vendor_data_file:file create_file_perms;

From b8e404540da1ff822943ab7c3f1483dbb8ec63da Mon Sep 17 00:00:00 2001
From: Inseob Kim <inseob@google.com>
Date: Mon, 29 Jul 2019 15:22:02 +0900
Subject: [PATCH 4/9] Add vendor prefix to slpi property

For devices launching with Android Q or later, properties defined by
vendor should have the prefix "vendor."

Bug: 138278883
Test: m
Change-Id: I728b4d8ab2f46936e7954bece94e53e6628992fb
---
 init.qcom.devstart.sh             | 2 +-
 sepolicy/vendor/property_contexts | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/init.qcom.devstart.sh b/init.qcom.devstart.sh
index 3589ac22..9650775c 100644
--- a/init.qcom.devstart.sh
+++ b/init.qcom.devstart.sh
@@ -7,4 +7,4 @@ setprop sys.qcom.devup 1
 version=`grep -ao "OEM_IMAGE_VERSION_STRING[ -~]*" \
               /vendor/firmware/slpi_v2.b04 | \
          sed -e s/OEM_IMAGE_VERSION_STRING=SLPI.version.// -e s/\(.*\).//`
-setprop sys.slpi.firmware.version "$version"
+setprop vendor.sys.slpi.firmware.version "$version"
diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts
index 01019b28..49135b08 100644
--- a/sepolicy/vendor/property_contexts
+++ b/sepolicy/vendor/property_contexts
@@ -65,7 +65,7 @@ vendor.gralloc.enable_ahardware_buffer  u:object_r:public_vendor_default_prop:s0
 # They are public_vendor_system_props for vendor-specific extension.
 sys.all.modules.ready      u:object_r:public_vendor_system_prop:s0
 sys.qcom.devup             u:object_r:public_vendor_system_prop:s0
-sys.slpi.firmware.version  u:object_r:public_vendor_system_prop:s0
+vendor.sys.slpi.firmware.version  u:object_r:public_vendor_system_prop:s0
 
 # vendor_default_prop
 # default_prop isn't accessible from vendor components.

From a55b49f5d05246941bb84facef2ff2e5152f34b4 Mon Sep 17 00:00:00 2001
From: Paul Scovanner <pscovanner@google.com>
Date: Fri, 2 Aug 2019 13:48:53 -0700
Subject: [PATCH 5/9] [DO NOT MERGE] Update Wahoo SVN to 30

Bug:126590667
Change-Id: I7eebbe6e9f4c39d8a0d60d074b344d0f4208e800
---
 device.mk | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/device.mk b/device.mk
index e03a5555..29841a79 100755
--- a/device.mk
+++ b/device.mk
@@ -36,7 +36,7 @@ PRODUCT_COPY_FILES += \
 
 # Set the SVN for the targeted MR release
 PRODUCT_PROPERTY_OVERRIDES += \
-    ro.vendor.build.svn=29
+    ro.vendor.build.svn=30
 
 # Enforce privapp-permissions whitelist
 PRODUCT_PROPERTY_OVERRIDES += \

From d46799a735c1f3086a3d3e07bcc70b9a00c58b09 Mon Sep 17 00:00:00 2001
From: Paul Scovanner <pscovanner@google.com>
Date: Fri, 2 Aug 2019 16:37:59 -0700
Subject: [PATCH 6/9] Update Wahoo SVN to 31

Bug:126590667
Change-Id: I048357eb4b33d84c4fac303c0f5dd44aae7614cb
---
 device.mk | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/device.mk b/device.mk
index 780eb481..837010d6 100755
--- a/device.mk
+++ b/device.mk
@@ -47,7 +47,7 @@ PRODUCT_COPY_FILES += \
 
 # Set the SVN for the targeted MR release
 PRODUCT_PROPERTY_OVERRIDES += \
-    ro.vendor.build.svn=30
+    ro.vendor.build.svn=31
 
 # Enforce privapp-permissions whitelist
 PRODUCT_PROPERTY_OVERRIDES += \

From bc9e7660da9d5d39ef53ea1b075c42f58e63696f Mon Sep 17 00:00:00 2001
From: Paul Scovanner <pscovanner@google.com>
Date: Wed, 7 Aug 2019 12:45:53 -0700
Subject: [PATCH 7/9] Update Wahoo SVN to 32

Bug:139074978
Change-Id: I807f1d97205680ae0ac531c1b28101cef986cfda
---
 device.mk | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/device.mk b/device.mk
index 837010d6..3d31662a 100755
--- a/device.mk
+++ b/device.mk
@@ -47,7 +47,7 @@ PRODUCT_COPY_FILES += \
 
 # Set the SVN for the targeted MR release
 PRODUCT_PROPERTY_OVERRIDES += \
-    ro.vendor.build.svn=31
+    ro.vendor.build.svn=32
 
 # Enforce privapp-permissions whitelist
 PRODUCT_PROPERTY_OVERRIDES += \

From 1b1692d98a8e626fc40ea26b24b0c491715d7acd Mon Sep 17 00:00:00 2001
From: Paul Scovanner <pscovanner@google.com>
Date: Wed, 14 Aug 2019 14:00:40 -0700
Subject: [PATCH 8/9] Update Wahoo SVN to 33

Bug:139434268
Change-Id: Ief27255508e5fa4cef71df720b5bf9ea4e84d49f
---
 device.mk | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/device.mk b/device.mk
index 3d31662a..2e6132a5 100755
--- a/device.mk
+++ b/device.mk
@@ -47,7 +47,7 @@ PRODUCT_COPY_FILES += \
 
 # Set the SVN for the targeted MR release
 PRODUCT_PROPERTY_OVERRIDES += \
-    ro.vendor.build.svn=32
+    ro.vendor.build.svn=33
 
 # Enforce privapp-permissions whitelist
 PRODUCT_PROPERTY_OVERRIDES += \

From da27e1e3d7fd1b1ae0d2de90708fe1bd45f93b24 Mon Sep 17 00:00:00 2001
From: Steven Moreland <smoreland@google.com>
Date: Thu, 1 Aug 2019 14:08:26 -0700
Subject: [PATCH 9/9] Remove 'uce' service to move into core policy.

Because it is used by the AOSP framework.

Bug: 136023468
Test: TH
Change-Id: I62a4e92b0dac4098d640cca515d0dd8680442779
Merged-In: I62a4e92b0dac4098d640cca515d0dd8680442779
(cherry picked from commit d19df6d3bca6a69e81174b47afc6daac10cff80a)
---
 sepolicy/private/radio.te         | 1 -
 sepolicy/private/service.te       | 1 -
 sepolicy/private/service_contexts | 1 -
 3 files changed, 3 deletions(-)

diff --git a/sepolicy/private/radio.te b/sepolicy/private/radio.te
index d187ca8e..7986425a 100644
--- a/sepolicy/private/radio.te
+++ b/sepolicy/private/radio.te
@@ -1,2 +1 @@
-allow radio uce_service:service_manager find;
 add_service(radio, qchook_service)
diff --git a/sepolicy/private/service.te b/sepolicy/private/service.te
index e5abcaab..43044dcd 100644
--- a/sepolicy/private/service.te
+++ b/sepolicy/private/service.te
@@ -1,3 +1,2 @@
 type cne_service,                 service_manager_type;
-type uce_service,                 service_manager_type;
 type qchook_service,              service_manager_type;
diff --git a/sepolicy/private/service_contexts b/sepolicy/private/service_contexts
index 62f72485..d27bf4de 100644
--- a/sepolicy/private/service_contexts
+++ b/sepolicy/private/service_contexts
@@ -1,4 +1,3 @@
 qti.ims.ext                                          u:object_r:radio_service:s0
 cneservice                                           u:object_r:cne_service:s0
-uce                                                  u:object_r:uce_service:s0
 qchook                                               u:object_r:qchook_service:s0