Merge "Add vendor_sjtag_lock_state_prop and init-check_ap_pd_auth-sh" into main

radio/file_contexts

@@ -11,6 +11,7 @@
 /vendor/bin/cbd                                                             u:object_r:cbd_exec:s0
 /vendor/bin/hw/rild_exynos                                                  u:object_r:rild_exec:s0
 /vendor/bin/hw/vendor\.google\.radioext@1\.0-service                        u:object_r:hal_radioext_default_exec:s0
+/vendor/bin/init\.check_ap_pd_auth\.sh                                      u:object_r:init-check_ap_pd_auth-sh_exec:s0
 
 # Config files
 /vendor/etc/modem_ml_models\.conf                                           u:object_r:modem_config_file:s0

radio/init-check_ap_pd_auth-sh.te

@@ -0,0 +1,14 @@
+type init-check_ap_pd_auth-sh, domain;
+type init-check_ap_pd_auth-sh_exec, vendor_file_type, exec_type, file_type;
+
+userdebug_or_eng(`
+  init_daemon_domain(init-check_ap_pd_auth-sh)
+
+  set_prop(init-check_ap_pd_auth-sh, vendor_sjtag_lock_state_prop)
+
+  allow init-check_ap_pd_auth-sh sysfs_sjtag:dir r_dir_perms;
+  allow init-check_ap_pd_auth-sh sysfs_sjtag:file r_file_perms;
+
+  allow init-check_ap_pd_auth-sh vendor_shell_exec:file rx_file_perms;
+  allow init-check_ap_pd_auth-sh vendor_toolbox_exec:file rx_file_perms;
+')

radio/property.te

@@ -15,3 +15,5 @@ vendor_internal_prop(vendor_tcpdump_log_prop)
 # Telephony debug app
 vendor_internal_prop(vendor_telephony_app_prop)
 
+# SJTAG lock state
+vendor_internal_prop(vendor_sjtag_lock_state_prop)

radio/property_contexts

@@ -57,3 +57,6 @@ persist.vendor.gps.                        u:object_r:vendor_gps_prop:s0
 persist.vendor.tcpdump.log.alwayson        u:object_r:vendor_tcpdump_log_prop:s0
 vendor.tcpdump.                            u:object_r:vendor_tcpdump_log_prop:s0
 
+# SJTAG lock state
+ro.vendor.sjtag_ap_is_unlocked             u:object_r:vendor_sjtag_lock_state_prop:s0
+ro.vendor.sjtag_gsa_is_unlocked            u:object_r:vendor_sjtag_lock_state_prop:s0

radio/ssr_detector.te

@@ -13,11 +13,13 @@ userdebug_or_eng(`
   allow ssr_detector_app sscoredump_vendor_data_coredump_file:dir r_dir_perms;
   allow ssr_detector_app sscoredump_vendor_data_coredump_file:file r_file_perms;
   get_prop(ssr_detector_app, vendor_aoc_prop)
+  set_prop(ssr_detector_app, vendor_sjtag_lock_state_prop)
   allow ssr_detector_app sysfs_sjtag:dir r_dir_perms;
   allow ssr_detector_app sysfs_sjtag:file rw_file_perms;
   allow ssr_detector_app proc_vendor_sched:dir search;
   allow ssr_detector_app proc_vendor_sched:file rw_file_perms;
   allow ssr_detector_app cgroup:file write;
+  allow ssr_detector_app vendor_toolbox_exec:file execute_no_trans;
 ')
 
 get_prop(ssr_detector_app, vendor_ssrdump_prop)