Merge zumapro/ripcurrentpro from master to udc-qpr-dev

Bug: 272725898 Change-Id: I4ee509f3f367b4c886fef2942bf6d77fe750092b
2023-05-24 10:13:02 +00:00 · 2023-05-24 10:13:02 +00:00 · 43484307cf
commit 43484307cf
parent 7047067ea4 30ab759177
180 changed files with 3253 additions and 0 deletions
--- a/3
+++ b/3
@ -0,0 +1,3 @@
+include platform/system/sepolicy:/OWNERS
+
+rurumihong@google.com
--- a/1
+++ b/1
@ -0,0 +1 @@
+vendor_init device_config_configuration_prop property_service b/267843409
--- a/legacy/private/property_contexts
+++ b/legacy/private/property_contexts
@ -0,0 +1,5 @@
+# Boot animation dynamic colors
+persist.bootanim.color1     u:object_r:bootanim_system_prop:s0     exact    int
+persist.bootanim.color2     u:object_r:bootanim_system_prop:s0     exact    int
+persist.bootanim.color3     u:object_r:bootanim_system_prop:s0     exact    int
+persist.bootanim.color4     u:object_r:bootanim_system_prop:s0     exact    int
--- a/legacy/system_ext/private/property_contexts
+++ b/legacy/system_ext/private/property_contexts
@ -0,0 +1,2 @@
+# Fingerprint (UDFPS) GHBM/LHBM toggle
+persist.fingerprint.ghbm    u:object_r:fingerprint_ghbm_prop:s0    exact    bool
--- a/legacy/system_ext/public/property.te
+++ b/legacy/system_ext/public/property.te
@ -0,0 +1,2 @@
+# Fingerprint (UDFPS) GHBM/LHBM toggle
+system_vendor_config_prop(fingerprint_ghbm_prop)
--- a/legacy/whitechapel_pro/attributes
+++ b/legacy/whitechapel_pro/attributes
@ -0,0 +1 @@
+attribute vendor_persist_type;
--- a/legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem
+++ b/legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem
@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIF2zCCA8OgAwIBAgIVAIFP2e+Gh4wn4YFsSI7fRB6AXjIsMA0GCSqGSIb3DQEBCwUAMH4xCzAJ
+BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQw
+EgYDVQQKEwtHb29nbGUgSW5jLjEQMA4GA1UECxMHQW5kcm9pZDEaMBgGA1UEAxMRRXVpY2NTdXBw
+b3J0UGl4ZWwwHhcNMTkwMjI4MTkyMjE4WhcNNDkwMjI4MTkyMjE4WjB+MQswCQYDVQQGEwJVUzET
+MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLR29v
+Z2xlIEluYy4xEDAOBgNVBAsTB0FuZHJvaWQxGjAYBgNVBAMTEUV1aWNjU3VwcG9ydFBpeGVsMIIC
+IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqklePqeltzqnyXVch9eJRXFBRQQIBIJWhcXb
+WIP/kZ28ISnQ2SrZisdxqtvRIeInxb7lU1rRQDfqCFSp/vMZ3l25Ryn6OVLFP4bxV1vO797t7Ef/
+amYA1mFKBsD4KLaIGj0/2RpGesneCOb0jWl2yRgIO2Ez7Y4YgWU/IoickZDLp1u6/7e7E/Qq9OXK
+aXvtBSzooGrYC7eyKn7O21FOfz5cQRo4BipjJqXG5Ez8Vi+m/dL1IFRZheYttEf3v390vBcb0oJ0
+oYPzLxmnb1LchjZC3yLAknRA0hNt8clvJ3tjXFjtzCGKsQsT4rnvvGFFABJTCf3EdEiwBNS5U4ho
+9+EtH7PpuoC+uVv2rLv/Gb7stlGQGx32KmK2CfKED3PdNqoT7WRx6nvVjCk3i7afdUcxQxcS9td
+5r80CB1bQEhS2sWLWB21PJrfMugWUJO5Bwz6u0es8dP+4FAHojIaF6iwB5ZYIuHGcEaOviHm4jOK
+rrGMlLqTwuEhq2aVIP55u7XRV98JLs2hlE5DJOWCIsPxybUDiddFvR+yzi/4FimsxJlEmaQAQcki
+uJ9DceVP03StPzFJSDRlqa4yF6xkZW5piNoANQ4MyI67V2Qf8g/L1UPYAi4hUMxQGo7Clw2hBRag
+ZTm65Xc7+ovBYxl5YaXAmNoJbss34Lw8tdrn4EECAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNV
+HQ4EFgQU+hQdFrOGuCDI+bbebssw9TL5FcYwHwYDVR0jBBgwFoAU+hQdFrOGuCDI+bbebssw9TL5
+FcYwDQYJKoZIhvcNAQELBQADggIBAGmyZHXddei/zUUMowiyi/MTtqXf9hKDEN4zhAXkuiuHxqA9
+Ii0J1Sxz2dd5NkqMmtePKYFSGA884yVm1KAne/uoCWj57IK3jswiRYnKhXa293DxA/K9wY27IGbp
+ulSuuxbpjjV2tqGUuoNQGKX7Oy6s0GcibyZFc+LpD7ttGk5QoLC9qQdpXZgUv/yG2B99ERSXLCaL
+EWMNP/oVZQOCQGfsFM1fPLn3X0ZuCOQg9bljxFf3jTl+H6PIAhpCjKeeUQYLc41eQkCyR/f67aRB
+GvO4YDpXLn9eH23B+26rjPyFiVtMJ/jJZ7UEPeJ3XBj1COS/X7p9gGRS5rtfr9z7XxuMxvG0JU9U
+XA+bMfOOfCqflvw6IyUg+oxjBFIhgiP4fxna51+BqpctvB0OeRwUm6y4nN06AwqtD8SteQrEn0b0
+IDWOKlVeh0lJWrDDEHr55dXSF+CbOPUDmMxmGoulOEOy/qSWIQi8BfvdX+e88CmracNRYVffLuQj
+pRYN3TeiCJd+6/X9/x1Q8VLW7vOAb6uRyE2lOjX40DYBxK3xSq6J7Vp38f6z0vtQm2sAAQ4xqqon
+A9tB5p+nJlYHgSxXOZx3C13Rs/eMmiGCKkSpCTnGCgBC7PfJDdMK6SLw5Gn4oyGoZo4fXbADuHrU
+0JD1T1qdCm3aUSEmFgEA4rOL/0K3
+-----END CERTIFICATE-----
--- a/legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem
+++ b/legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem
@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIF1TCCA72gAwIBAgIVALSpAFqvtr1ntTS7YgB0Y5R6WqEtMA0GCSqGSIb3DQEBCwUAMHoxCzAJ
+BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQw
+EgYDVQQKEwtHb29nbGUgSW5jLjEQMA4GA1UECxMHQW5kcm9pZDEWMBQGA1UEAwwNY29tX3FvcnZv
+X3V3YjAgFw0yMTA1MDQwNTAyMDlaGA8yMDUxMDUwNDA1MDIwOVowejELMAkGA1UEBhMCVVMxEzAR
+BgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC0dvb2ds
+ZSBJbmMuMRAwDgYDVQQLEwdBbmRyb2lkMRYwFAYDVQQDDA1jb21fcW9ydm9fdXdiMIICIjANBgkq
+hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyoe1/UDAyMZd5iWqaKPDKN0cCESsWBTTkuLFpzMfcTEa
+IyMORaIYriuAxvWhNzidPQvvRPyw0XQbl7GZLjXLF004G5xPTXFHIdtWv/scuC53INqTerppcHeW
+fP4hfJPbZMQNcDB9EHa2bhA0wPdfoJD4cz8T7sgQcbRirdR8KoiOVWYe5UTSdk0df2IbiMZav2DJ
+KhFql323emi4QHoDeUMAYy35mTh5vhfJ8NrCRAUwMh0zlw6LwZw/Dr8AbzDXl4Mo6Ij2pTn3/1zW
+BPNkJonvONiMvuUUDl6LnP/41qhxYSg9RBp3wBJLknmfD/hEaXxTSLdkJyF43t61sU12mDQbLu4s
+ZoiQKeKMJ0VpC56gUzkpnx3pzusq+/bAlTXf8Tfqrm7nizwR/69kntNYp8iaUJnvQQzlChc2lg2X
+QNzf6zShPptpPqJIgmWawH6DL8JPHgkpguWyz47dWHCLnTfp8miEZPrQkPKL13SCMYCwxmlNYNWG
+gUFPX5UJfnNVH4y2gPpXssROyKQKp/ArZkWb2zURrC1RUvNFADvvFt+hb2iXXVnfVeEtKAkSdhOj
+RHwXhc/EtraSMMYUeO/uhUiPmPFR0FVLxCIm6i91/xqgWhKgRN0uatornO3lSNgzk4c7b0JCncEn
+iArWJ516/nqWIvEdYjcqIBDAdSx8S1sCAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQU
+EGKtCMO6w0UKLbAmd/laZERZZrkwHwYDVR0jBBgwFoAUEGKtCMO6w0UKLbAmd/laZERZZrkwDQYJ
+KoZIhvcNAQELBQADggIBAIRowmuGiFeZdyDsbYi0iYISNW2HID4uLM3Pp8CEx5swlntJu1Z19R9t
+fzzY9lvcMgdbdVJYnGrHzUGUCVqbhfDH7GxP9ybg1QUqYxi6AvZU3wrRqjoUoDw7HlecNBXFZI6z
+0f2J3XSzST3kq5lCuUaEKGHkU8jVgwqVGMcz1foLGzBXQhMgIKl966c5DWoXsLToBCXrNgDokkHe
+cj9tI1ufsWrSxl5/AT0/DMjHkcBmZk78RiTcGJtSZU8YwqNIQa+U2hpDE34iy2LC6YEqMKggjCm0
+6nOBbIH0EXnrr0iBX3YJmDM8O4a9eDpI7FSjabPx9YvfQne08pNwYkExOMafibyAwt7Du0cpxNkg
+NE3xeDZ+TVr+4I10HF1gKpJ+rQsBOIYVTWLKATO4TMQxLNLY9oy2gt12PcsCdkOIThX4bAHXq1eY
+ulAxoA7Hba2xq/wnh2JH5VZIjz3yZBJXX/GyFeHkqv7wFRVrx4DjZC1s5uTdqDh6y8pfM49w9/Zp
+BKtz5B+37bC9FmM+ux39MElqx+kbsITzBDtDWa2Q8onWQR0R4WHI43n1mJSvW4cdR6Xf/a1msPXh
+NHc3XCJYq4WvlMuXWEGVka20LPJXIjiuU3sB088YpjAG1+roSn//CL8N9iDWHCRXy+UKElIbhWLz
+lHV8gmlwBAuAx9ITcTJr
+-----END CERTIFICATE-----
--- a/legacy/whitechapel_pro/device.te
+++ b/legacy/whitechapel_pro/device.te
@ -0,0 +1,7 @@
+type sg_device, dev_type;
+type vendor_toe_device, dev_type;
+type lwis_device, dev_type;
+type rls_device, dev_type;
+
+# Raw HID device
+type hidraw_device, dev_type;
--- a/legacy/whitechapel_pro/file.te
+++ b/legacy/whitechapel_pro/file.te
@ -0,0 +1,32 @@
+# Data
+type updated_wifi_firmware_data_file, file_type, data_file_type;
+type vendor_misc_data_file, file_type, data_file_type;
+type per_boot_file, file_type, data_file_type, core_data_file_type;
+type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type;
+type uwb_data_vendor, file_type, data_file_type;
+type powerstats_vendor_data_file, file_type, data_file_type;
+type sensor_debug_data_file, file_type, data_file_type;
+
+# sysfs
+type bootdevice_sysdev, dev_type;
+type sysfs_wifi, sysfs_type, fs_type;
+type sysfs_bcmdhd, sysfs_type, fs_type;
+type sysfs_chargelevel, sysfs_type, fs_type;
+type sysfs_camera, sysfs_type, fs_type;
+
+# debugfs
+type vendor_regmap_debugfs, fs_type, debugfs_type;
+
+# persist
+type persist_ss_file, file_type, vendor_persist_type;
+type persist_uwb_file, file_type, vendor_persist_type;
+
+# Storage Health HAL
+type proc_f2fs, proc_type, fs_type;
+
+# Vendor tools
+type vendor_dumpsys, vendor_file_type, file_type;
+
+# USB-C throttling stats
+type sysfs_usbc_throttling_stats, sysfs_type, fs_type;
+
--- a/legacy/whitechapel_pro/file_contexts
+++ b/legacy/whitechapel_pro/file_contexts
@ -0,0 +1,53 @@
+# Binaries
+/vendor/bin/dumpsys                                                         u:object_r:vendor_dumpsys:s0
+/vendor/bin/hw/android\.hardware\.gatekeeper-service\.trusty                u:object_r:hal_gatekeeper_default_exec:s0
+/vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service\.trusty           u:object_r:hal_gatekeeper_default_exec:s0
+/vendor/bin/hw/android\.hardware\.nfc-service\.st                           u:object_r:hal_nfc_default_exec:s0
+
+# Vendor libraries
+/vendor/lib(64)?/libdrm\.so                                                 u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libion_google\.so                                          u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/arm\.graphics-V1-ndk\.so                                   u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libOpenCL-pixel\.so                                        u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libOpenCL\.so                                              u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/lib_aion_buffer\.so                                        u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libGralloc4Wrapper\.so                                     u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/pixel-power-ext-V1-ndk\.so                                 u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/android\.frameworks\.stats-V1-ndk\.so                      u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/vendor-pixelatoms-cpp\.so                                  u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libprotobuf-cpp-lite-(\d+\.){2,3}so                        u:object_r:same_process_hal_file:s0
+
+# Graphics
+/vendor/lib(64)?/hw/vulkan\.mali\.so                                        u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libgpudataproducer\.so                                     u:object_r:same_process_hal_file:s0
+
+# Devices
+/dev/ttySAC0                                                                u:object_r:tty_device:s0
+/dev/bigwave                                                                u:object_r:video_device:s0
+/dev/watchdog0                                                              u:object_r:watchdog_device:s0
+/dev/dri/card0                                                              u:object_r:graphics_device:s0
+/dev/fimg2d                                                                 u:object_r:graphics_device:s0
+/dev/g2d                                                                    u:object_r:graphics_device:s0
+/dev/dit2                                                                   u:object_r:vendor_toe_device:s0
+/dev/sg1                                                                    u:object_r:sg_device:s0
+/dev/st21nfc                                                                u:object_r:nfc_device:s0
+/dev/sys/block/bootdevice(/.*)?                                             u:object_r:bootdevice_sysdev:s0
+/dev/socket/chre                                                            u:object_r:chre_socket:s0
+
+# Data
+/data/vendor/ss(/.*)?                                                       u:object_r:tee_data_file:s0
+/data/nfc(/.*)?                                                             u:object_r:nfc_data_file:s0
+/data/vendor/firmware/wifi(/.*)?                                            u:object_r:updated_wifi_firmware_data_file:s0
+/data/vendor/misc(/.*)?                                                     u:object_r:vendor_misc_data_file:s0
+/data/per_boot(/.*)?                                                        u:object_r:per_boot_file:s0
+/data/vendor/sensors/registry(/.*)?                                         u:object_r:sensor_reg_data_file:s0
+/data/vendor/uwb(/.*)?                                                      u:object_r:uwb_data_vendor:s0
+/dev/battery_history                                                        u:object_r:battery_history_device:s0
+/data/vendor/powerstats(/.*)?                                               u:object_r:powerstats_vendor_data_file:s0
+
+# Persist
+/mnt/vendor/persist/sensors/registry(/.*)?                                  u:object_r:persist_sensor_reg_file:s0
+/mnt/vendor/persist/uwb(/.*)?                                               u:object_r:persist_uwb_file:s0
+
+# Raw HID device
+/dev/hidraw[0-9]*                        u:object_r:hidraw_device:s0
--- a/legacy/whitechapel_pro/genfs_contexts
+++ b/legacy/whitechapel_pro/genfs_contexts
@ -0,0 +1,78 @@
+genfscon sysfs /devices/soc0/machine                                           u:object_r:sysfs_soc:s0
+genfscon sysfs /devices/soc0/revision                                          u:object_r:sysfs_soc:s0
+
+# tracefs
+genfscon tracefs /events/dmabuf_heap/dma_heap_stat                             u:object_r:debugfs_tracing:s0
+
+# WiFi
+genfscon sysfs /wifi                                                           u:object_r:sysfs_wifi:s0
+
+# Broadcom
+genfscon sysfs /module/bcmdhd4389                                              u:object_r:sysfs_bcmdhd:s0
+
+# GPU
+genfscon sysfs /devices/platform/28000000.mali/hint_min_freq                   u:object_r:sysfs_gpu:s0
+genfscon sysfs /devices/platform/28000000.mali/power_policy                    u:object_r:sysfs_gpu:s0
+
+# Fabric
+genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/min_freq                u:object_r:sysfs_fabric:s0
+genfscon sysfs /devices/platform/17000020.devfreq_int/devfreq/17000020.devfreq_int/min_freq                u:object_r:sysfs_fabric:s0
+genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/interactive/target_load u:object_r:sysfs_fabric:s0
+
+# sscoredump (per device)
+genfscon sysfs /devices/platform/aoc/sscoredump/sscd_aoc/report_count                                   u:object_r:sysfs_sscoredump_subsystem_report_count:s0
+genfscon sysfs /devices/platform/bigocean/sscoredump/sscd_bigocean/report_count                         u:object_r:sysfs_sscoredump_subsystem_report_count:s0
+genfscon sysfs /devices/platform/debugcore/sscoredump/sscd_debugcore/report_count                       u:object_r:sysfs_sscoredump_subsystem_report_count:s0
+genfscon sysfs /devices/platform/mfc-core/sscoredump/sscd_mfc-core/report_count                         u:object_r:sysfs_sscoredump_subsystem_report_count:s0
+genfscon sysfs /devices/platform/wlan/sscoredump/sscd_wlan/report_count                                 u:object_r:sysfs_sscoredump_subsystem_report_count:s0
+
+# Storage
+genfscon proc /fs/f2fs                                                  u:object_r:proc_f2fs:s0
+genfscon proc /sys/vm/swappiness                                        u:object_r:proc_dirty:s0
+
+# debugfs
+genfscon debugfs /regmap                                                u:object_r:vendor_regmap_debugfs:s0
+
+# Haptics
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/i2c-cs40l26a      u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-6/i2c-cs40l26a      u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-7/i2c-cs40l26a      u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/i2c-cs40l26a      u:object_r:sysfs_vibrator:s0
+
+# Thermal
+genfscon sysfs /devices/platform/100a0000.LITTLE                          u:object_r:sysfs_thermal:s0
+genfscon sysfs /devices/platform/100a0000.MID                             u:object_r:sysfs_thermal:s0
+genfscon sysfs /devices/platform/100a0000.BIG                             u:object_r:sysfs_thermal:s0
+genfscon sysfs /devices/platform/100a0000.ISP                             u:object_r:sysfs_thermal:s0
+genfscon sysfs /devices/platform/100b0000.G3D                             u:object_r:sysfs_thermal:s0
+genfscon sysfs /devices/platform/100b0000.TPU                             u:object_r:sysfs_thermal:s0
+genfscon sysfs /devices/platform/100b0000.AUR                             u:object_r:sysfs_thermal:s0
+
+genfscon sysfs /module/gs_thermal/parameters/tmu_reg_dump_state            u:object_r:sysfs_thermal:s0
+genfscon sysfs /module/gs_thermal/parameters/tmu_reg_dump_current_temp     u:object_r:sysfs_thermal:s0
+genfscon sysfs /module/gs_thermal/parameters/tmu_top_reg_dump_rise_thres   u:object_r:sysfs_thermal:s0
+genfscon sysfs /module/gs_thermal/parameters/tmu_top_reg_dump_fall_thres   u:object_r:sysfs_thermal:s0
+genfscon sysfs /module/gs_thermal/parameters/tmu_sub_reg_dump_rise_thres   u:object_r:sysfs_thermal:s0
+genfscon sysfs /module/gs_thermal/parameters/tmu_sub_reg_dump_fall_thres   u:object_r:sysfs_thermal:s0
+
+genfscon sysfs /thermal_zone14/mode                                        u:object_r:sysfs_thermal:s0
+
+# Camera
+genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/min_freq    u:object_r:sysfs_camera:s0
+genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/min_freq          u:object_r:sysfs_camera:s0
+
+# USB-C throttling stats
+genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/cleared_time      u:object_r:sysfs_usbc_throttling_stats:s0
+genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/hysteresis_time   u:object_r:sysfs_usbc_throttling_stats:s0
+genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/trip_time         u:object_r:sysfs_usbc_throttling_stats:s0
+
+# Coresight ETM
+genfscon sysfs /devices/platform/2b840000.etm    u:object_r:sysfs_devices_cs_etm:s0
+genfscon sysfs /devices/platform/2b940000.etm    u:object_r:sysfs_devices_cs_etm:s0
+genfscon sysfs /devices/platform/2ba40000.etm    u:object_r:sysfs_devices_cs_etm:s0
+genfscon sysfs /devices/platform/2bb40000.etm    u:object_r:sysfs_devices_cs_etm:s0
+genfscon sysfs /devices/platform/2bc40000.etm    u:object_r:sysfs_devices_cs_etm:s0
+genfscon sysfs /devices/platform/2bd40000.etm    u:object_r:sysfs_devices_cs_etm:s0
+genfscon sysfs /devices/platform/2be40000.etm    u:object_r:sysfs_devices_cs_etm:s0
+genfscon sysfs /devices/platform/2bf40000.etm    u:object_r:sysfs_devices_cs_etm:s0
+
--- a/legacy/whitechapel_pro/hal_input_processor_default.te
+++ b/legacy/whitechapel_pro/hal_input_processor_default.te
@ -0,0 +1,2 @@
+# allow InputProcessor HAL to read the display resolution system property
+get_prop(hal_input_processor_default, vendor_display_prop)
--- a/legacy/whitechapel_pro/keys.conf
+++ b/legacy/whitechapel_pro/keys.conf
@ -0,0 +1,5 @@
+[@UWB]
+ALL : device/google/zumapro-sepolicy/legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem
+
+[@EUICCSUPPORTPIXEL]
+ALL : device/google/zumapro-sepolicy/legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem
--- a/legacy/whitechapel_pro/mac_permissions.xml
+++ b/legacy/whitechapel_pro/mac_permissions.xml
@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="utf-8"?>
+<policy>
+
+<!--
+
+    * A signature is a hex encoded X.509 certificate or a tag defined in
+      keys.conf and is required for each signer tag.
+    * A signer tag may contain a seinfo tag and multiple package stanzas.
+    * A default tag is allowed that can contain policy for all apps not signed with a
+      previously listed cert. It may not contain any inner package stanzas.
+    * Each signer/default/package tag is allowed to contain one seinfo tag. This tag
+      represents additional info that each app can use in setting a SELinux security
+      context on the eventual process.
+    * When a package is installed the following logic is used to determine what seinfo
+      value, if any, is assigned.
+      - All signatures used to sign the app are checked first.
+      - If a signer stanza has inner package stanzas, those stanza will be checked
+        to try and match the package name of the app. If the package name matches
+        then that seinfo tag is used. If no inner package matches then the outer
+        seinfo tag is assigned.
+      - The default tag is consulted last if needed.
+-->
+    <!-- google apps key -->
+    <signer signature="@UWB" >
+        <seinfo value="uwb" />
+    </signer>
+    <signer signature="@EUICCSUPPORTPIXEL" >
+        <seinfo value="EuiccSupportPixel" />
+    </signer>
+</policy>
--- a/legacy/whitechapel_pro/property.te
+++ b/legacy/whitechapel_pro/property.te
@ -0,0 +1,14 @@
+vendor_internal_prop(vendor_nfc_prop)
+vendor_internal_prop(vendor_secure_element_prop)
+vendor_internal_prop(vendor_battery_profile_prop)
+vendor_internal_prop(vendor_camera_prop)
+vendor_internal_prop(vendor_camera_fatp_prop)
+vendor_internal_prop(vendor_ro_sys_default_prop)
+vendor_internal_prop(vendor_persist_sys_default_prop)
+vendor_internal_prop(vendor_display_prop)
+
+# UWB calibration
+system_vendor_config_prop(vendor_uwb_calibration_prop)
+
+# Trusty storage FS ready
+vendor_internal_prop(vendor_trusty_storage_prop)
--- a/legacy/whitechapel_pro/property_contexts
+++ b/legacy/whitechapel_pro/property_contexts
@ -0,0 +1,22 @@
+# test battery profile
+persist.vendor.testing_battery_profile     u:object_r:vendor_battery_profile_prop:s0
+
+# NFC
+persist.vendor.nfc.                        u:object_r:vendor_nfc_prop:s0
+
+# SecureElement
+persist.vendor.se.                         u:object_r:vendor_secure_element_prop:s0
+
+# for display
+ro.vendor.hwc.drm.device                   u:object_r:vendor_display_prop:s0
+persist.vendor.display.                    u:object_r:vendor_display_prop:s0
+
+# vendor default
+ro.vendor.sys.                             u:object_r:vendor_ro_sys_default_prop:s0
+persist.vendor.sys.                        u:object_r:vendor_persist_sys_default_prop:s0
+
+#uwb
+ro.vendor.uwb.calibration.                 u:object_r:vendor_uwb_calibration_prop:s0 exact string
+
+# Trusty
+ro.vendor.trusty.storage.fs_ready          u:object_r:vendor_trusty_storage_prop:s0
--- a/legacy/whitechapel_pro/service.te
+++ b/legacy/whitechapel_pro/service.te
@ -0,0 +1 @@
+type hal_uwb_vendor_service, service_manager_type, hal_service_type;
--- a/legacy/whitechapel_pro/service_contexts
+++ b/legacy/whitechapel_pro/service_contexts
@ -0,0 +1 @@
+hardware.qorvo.uwb.IUwbVendor/default                      u:object_r:hal_uwb_vendor_service:s0
--- a/legacy/whitechapel_pro/te_macros
+++ b/legacy/whitechapel_pro/te_macros
@ -0,0 +1,14 @@
+#
+# USF SELinux type enforcement macros.
+#
+
+#
+# usf_low_latency_transport(domain)
+#
+# Allows domain use of the USF low latency transport.
+#
+define(`usf_low_latency_transport', `
+  allow $1 hal_graphics_mapper_hwservice:hwservice_manager find;
+  hal_client_domain($1, hal_graphics_allocator)
+')
+
--- a/legacy/whitechapel_pro/vndservice.te
+++ b/legacy/whitechapel_pro/vndservice.te
@ -0,0 +1 @@
+type rls_service, vndservice_manager_type;
--- a/legacy/whitechapel_pro/vndservice_contexts
+++ b/legacy/whitechapel_pro/vndservice_contexts
@ -0,0 +1 @@
+rlsservice            u:object_r:rls_service:s0
--- a/private/vendor_init.te
+++ b/private/vendor_init.te
@ -0,0 +1,2 @@
+# b/277300125
+dontaudit vendor_init device_config_configuration_prop:property_service { set };
--- a/radio/bipchmgr.te
+++ b/radio/bipchmgr.te
@ -0,0 +1,9 @@
+type bipchmgr, domain;
+type bipchmgr_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(bipchmgr)
+
+get_prop(bipchmgr, hwservicemanager_prop);
+
+allow bipchmgr hal_exynos_rild_hwservice:hwservice_manager find;
+hwbinder_use(bipchmgr)
+binder_call(bipchmgr, rild)
--- a/radio/cat_engine_service_app.te
+++ b/radio/cat_engine_service_app.te
@ -0,0 +1,8 @@
+type cat_engine_service_app, domain;
+
+userdebug_or_eng(`
+  app_domain(cat_engine_service_app)
+  get_prop(cat_engine_service_app, vendor_rild_prop)
+  allow cat_engine_service_app app_api_service:service_manager find;
+  allow cat_engine_service_app system_app_data_file:dir r_dir_perms;
+')
--- a/radio/cbd.te
+++ b/radio/cbd.te
@ -0,0 +1,60 @@
+type cbd, domain;
+type cbd_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(cbd)
+
+set_prop(cbd, vendor_modem_prop)
+set_prop(cbd, vendor_cbd_prop)
+set_prop(cbd, vendor_rild_prop)
+
+allow cbd mnt_vendor_file:dir r_dir_perms;
+
+allow cbd kmsg_device:chr_file rw_file_perms;
+
+allow cbd vendor_shell_exec:file execute_no_trans;
+allow cbd vendor_toolbox_exec:file execute_no_trans;
+
+# Allow cbd to access modem block device
+allow cbd block_device:dir search;
+allow cbd modem_block_device:blk_file r_file_perms;
+
+# Allow cbd to access sysfs chosen files
+allow cbd sysfs_chosen:file r_file_perms;
+allow cbd sysfs_chosen:dir r_dir_perms;
+
+allow cbd radio_device:chr_file rw_file_perms;
+
+allow cbd proc_cmdline:file r_file_perms;
+
+allow cbd persist_modem_file:dir create_dir_perms;
+allow cbd persist_modem_file:file create_file_perms;
+allow cbd persist_file:dir search;
+
+allow cbd radio_vendor_data_file:dir create_dir_perms;
+allow cbd radio_vendor_data_file:file create_file_perms;
+
+# Allow cbd to operate with modem EFS file/dir
+allow cbd modem_efs_file:dir create_dir_perms;
+allow cbd modem_efs_file:file create_file_perms;
+
+# Allow cbd to operate with modem userdata file/dir
+allow cbd modem_userdata_file:dir create_dir_perms;
+allow cbd modem_userdata_file:file create_file_perms;
+
+# Allow cbd to access modem image file/dir
+allow cbd modem_img_file:dir r_dir_perms;
+allow cbd modem_img_file:file r_file_perms;
+allow cbd modem_img_file:lnk_file r_file_perms;
+
+# Allow cbd to collect crash info
+allow cbd sscoredump_vendor_data_crashinfo_file:dir create_dir_perms;
+allow cbd sscoredump_vendor_data_crashinfo_file:file create_file_perms;
+
+userdebug_or_eng(`
+  r_dir_file(cbd, vendor_slog_file)
+
+  allow cbd kernel:system syslog_read;
+
+  allow cbd sscoredump_vendor_data_coredump_file:dir create_dir_perms;
+  allow cbd sscoredump_vendor_data_coredump_file:file create_file_perms;
+')
+
--- a/radio/cbrs_setup.te
+++ b/radio/cbrs_setup.te
@ -0,0 +1,13 @@
+# GoogleCBRS app
+type cbrs_setup_app, domain;
+
+userdebug_or_eng(`
+  app_domain(cbrs_setup_app)
+  net_domain(cbrs_setup_app)
+
+  allow cbrs_setup_app app_api_service:service_manager find;
+  allow cbrs_setup_app cameraserver_service:service_manager find;
+  allow cbrs_setup_app radio_service:service_manager find;
+  set_prop(cbrs_setup_app, radio_prop)
+  set_prop(cbrs_setup_app, vendor_rild_prop)
+')
--- a/radio/certs/com_google_mds.x509.pem
+++ b/radio/certs/com_google_mds.x509.pem
@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIF1TCCA72gAwIBAgIVAPZ4KZV2jpxRBCoVAidCu62l3cDqMA0GCSqGSIb3DQEBCwUAMHsxCzAJ
+BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQw
+EgYDVQQKEwtHb29nbGUgSW5jLjEQMA4GA1UECxMHQW5kcm9pZDEXMBUGA1UEAwwOY29tX2dvb2ds
+ZV9tZHMwHhcNMTkwNDIyMTQ1NzA1WhcNNDkwNDIyMTQ1NzA1WjB7MQswCQYDVQQGEwJVUzETMBEG
+A1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLR29vZ2xl
+IEluYy4xEDAOBgNVBAsTB0FuZHJvaWQxFzAVBgNVBAMMDmNvbV9nb29nbGVfbWRzMIICIjANBgkq
+hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqgNC0hhI3NzaPUllJfe01hCTuEpl35D02+DKJ5prPFxv
+6KGTk6skjZOwV87Zf2pyj/cbnv28ioDjwvqMBe4ntFdKtH9gl2tTAVl69HMKXF4Iny/wnrt2mxzh
+WxFUd5PuW+mWug+UQw/NGUuaf5d/yys/RrchHKM1+zBV6aOzH6BXiwDoOF2i43d5GlNQ/tFuMySW
+LJftJN0QULFelxNDFFJZhw2P3c4opxjmF2yCoIiDfBEIhTZFKUbHX6YDLXmtUpXl35q+cxK4TCxP
+URyzwdfiyheF3TTxagfzhvXNg/ifrY67S4qCGfzoEMPxrTz02gS0u3D6r/2+hl9vAJChLKDNdIs6
+TqIw+YnABrELiZLLFnaABnjQ7xC3xv1s3W6dWxaxnoVMtC1YvdgwhC5gSpJ4A+AGcCLv96hoeB1I
+IoGV9Yt0Z97MFpXeHFpAxFZ1F9feBqwOCDbu50dmdKZvqGHZ4Ts3uy7ukDQ08dquHpT+NmqkmmW5
+GGhkuyZS3HHpU/QeVsZiyJCJBbDe5lz6NGXK56ruuF9ILeGHtldjQm40oYRc01ESScyVjSU0kpMO
+C7hn1B7rKAm8xxG7eH04ieQrNnbbee7atOO4C3157W5CqujfLMeo6OCRVtcYkYIuSi8hIPNySu/q
+OaEtEP4owVNZR0H6mCHy5pANsyBofMkCAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQU
+gk8pmLx8yP3RILwR5am1G10PBEowHwYDVR0jBBgwFoAUgk8pmLx8yP3RILwR5am1G10PBEowDQYJ
+KoZIhvcNAQELBQADggIBAC9iQ1huo6CzjcsB1IIw3WYPYVfHtvG7fiB49QO6cjth8fxM36YOxnMz
+K9Zh89cnFx7BeXG4MdbR3lAWO+wTbEpM/5azAQfqHB/ZEEAo1THtqS58C1bTwJ5zxkA+wL/x1ucT
+EV0QZtPHC1K5nIV5FuICiJjui5FHfj2HYu2A5a5729rdZ7sL8Vgx6TUFKpEPs5iCrlx5X/E+/wJa
+DM5iIjVvrGJJq0VWHHeDJEE+Sw1CDxWYRzvu1WvCvhk149hf4LlfrR0A5t8QJRGx0WwF10DLGgJx
+7epMBpzhMIXc529FTIx4Rx2PcufjTZC9EN7PkLgVfYahWEkt/YIfV/0F6U6viLxdNC5O0pimSV57
+vT6HIthX1OC34eZca0cPqH1kOuhRDKOhbP4yIgdYX6knpvw8aXsYcyTfAmDyrt0EWffeBPedaxMo
+xfijdlsBQUymviUQ8qBbfl1Ew9VoC+VEsiobK7Ubog0IK+82LQ7FOLMoNYnhk5wJ63i1kVvBVAgH
+64PMME2KG//BwYFfKK6jUXibabyNke72+1Jr0xpw1BHJPxNJ8Q8yCBLF0wmXmFJSM+9lSDd10Bni
+FJeMFMQ0T1Sf8GUSIxYYbMK5pDguRs+JOYkUID02ylJ3L6GAnxXCjGWzpdxw29/WWJc+qsYFEIbP
+kKzTUNQHaaLHmcLK22Ht
+-----END CERTIFICATE-----
--- a/radio/device.te
+++ b/radio/device.te
@ -0,0 +1,4 @@
+type modem_block_device, dev_type;
+type vendor_gnss_device, dev_type;
+type modem_userdata_block_device, dev_type;
+type efs_block_device, dev_type;
--- a/radio/dmd.te
+++ b/radio/dmd.te
@ -0,0 +1,32 @@
+type dmd, domain;
+type dmd_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(dmd)
+
+# Grant to access serial device for external logging tool
+allow dmd serial_device:chr_file rw_file_perms;
+
+# Grant to access radio device
+allow dmd radio_device:chr_file rw_file_perms;
+
+# Grant to access slog dir/file
+allow dmd vendor_slog_file:dir create_dir_perms;
+allow dmd vendor_slog_file:file create_file_perms;
+
+# Grant to access tcp socket
+allow dmd node:tcp_socket node_bind;
+allow dmd self:tcp_socket { create_socket_perms_no_ioctl listen accept bind };
+
+# Grant to access log related properties
+set_prop(dmd, vendor_diag_prop)
+set_prop(dmd, vendor_slog_prop)
+set_prop(dmd, vendor_modem_prop)
+get_prop(dmd, vendor_persist_config_default_prop)
+
+# Grant to access hwservice manager
+get_prop(dmd, hwservicemanager_prop)
+allow dmd hidl_base_hwservice:hwservice_manager add;
+allow dmd hal_vendor_oem_hwservice:hwservice_manager { add find };
+binder_call(dmd, hwservicemanager)
+binder_call(dmd, modem_diagnostic_app)
+binder_call(dmd, modem_logging_control)
+binder_call(dmd, vendor_telephony_silentlogging_app)
--- a/radio/file.te
+++ b/radio/file.te
@ -0,0 +1,41 @@
+# Data
+type rild_vendor_data_file, file_type, data_file_type;
+type vendor_gps_file, file_type, data_file_type;
+type modem_ml_data_file, file_type, data_file_type;
+type modem_stat_data_file, file_type, data_file_type;
+type vendor_log_file, file_type, data_file_type;
+type vendor_rfsd_log_file, file_type, data_file_type;
+type vendor_slog_file, file_type, data_file_type;
+userdebug_or_eng(`
+  typeattribute vendor_gps_file mlstrustedobject;
+  typeattribute vendor_slog_file mlstrustedobject;
+')
+
+# persist
+type persist_modem_file, file_type, vendor_persist_type;
+
+# Modem
+type modem_efs_file, file_type;
+type modem_userdata_file, file_type;
+type sysfs_modem, sysfs_type, fs_type;
+
+# Exynos Firmware
+type vendor_fw_file, vendor_file_type, file_type;
+
+# vendor extra images
+type modem_img_file, contextmount_type, file_type, vendor_file_type;
+allow modem_img_file self:filesystem associate;
+type modem_config_file, file_type, vendor_file_type;
+
+# sysfs
+type sysfs_chosen, sysfs_type, fs_type;
+type sysfs_sjtag, fs_type, sysfs_type;
+userdebug_or_eng(`
+    typeattribute sysfs_sjtag mlstrustedobject;
+')
+
+# Vendor sched files
+userdebug_or_eng(`
+    typeattribute proc_vendor_sched mlstrustedobject;
+')
+
--- a/radio/file_contexts
+++ b/radio/file_contexts
@ -0,0 +1,42 @@
+# Binaries
+/vendor/bin/init\.radio\.sh                                                 u:object_r:init_radio_exec:s0
+/vendor/bin/bipchmgr                                                        u:object_r:bipchmgr_exec:s0
+/vendor/bin/vcd                                                             u:object_r:vcd_exec:s0
+/vendor/bin/dmd                                                             u:object_r:dmd_exec:s0
+/vendor/bin/sced                                                            u:object_r:sced_exec:s0
+/vendor/bin/rfsd                                                            u:object_r:rfsd_exec:s0
+/vendor/bin/modem_logging_control                                           u:object_r:modem_logging_control_exec:s0
+/vendor/bin/modem_svc_sit                                                   u:object_r:modem_svc_sit_exec:s0
+/vendor/bin/modem_ml_svc_sit                                                u:object_r:modem_ml_svc_sit_exec:s0
+/vendor/bin/cbd                                                             u:object_r:cbd_exec:s0
+/vendor/bin/hw/rild_exynos                                                  u:object_r:rild_exec:s0
+/vendor/bin/hw/vendor\.google\.radioext@1\.0-service                        u:object_r:hal_radioext_default_exec:s0
+
+# Config files
+/vendor/etc/modem_ml_models\.conf                                           u:object_r:modem_config_file:s0
+
+# Data
+/data/vendor/log/rfsd(/.*)?                                                 u:object_r:vendor_rfsd_log_file:s0
+/data/vendor/log(/.*)?                                                      u:object_r:vendor_log_file:s0
+/data/vendor/slog(/.*)?                                                     u:object_r:vendor_slog_file:s0
+/data/vendor/modem_ml(/.*)?                                                 u:object_r:modem_ml_data_file:s0
+/data/vendor/modem_stat(/.*)?                                               u:object_r:modem_stat_data_file:s0
+/data/vendor/rild(/.*)?                                                     u:object_r:rild_vendor_data_file:s0
+
+# vendor extra images
+/mnt/vendor/efs(/.*)?                                                       u:object_r:modem_efs_file:s0
+/mnt/vendor/efs_backup(/.*)?                                                u:object_r:modem_efs_file:s0
+/mnt/vendor/modem_img(/.*)?                                                 u:object_r:modem_img_file:s0
+/mnt/vendor/modem_userdata(/.*)?                                            u:object_r:modem_userdata_file:s0
+/mnt/vendor/persist/modem(/.*)?                                             u:object_r:persist_modem_file:s0
+
+# Devices
+/dev/ttyGS[0-3]                                                             u:object_r:serial_device:s0
+/dev/oem_ipc[0-7]                                                           u:object_r:radio_device:s0
+/dev/oem_test                                                               u:object_r:radio_device:s0
+/dev/umts_boot0                                                             u:object_r:radio_device:s0
+/dev/umts_ipc0                                                              u:object_r:radio_device:s0
+/dev/umts_ipc1                                                              u:object_r:radio_device:s0
+/dev/umts_rfs0                                                              u:object_r:radio_device:s0
+/dev/umts_dm0                                                               u:object_r:radio_device:s0
+/dev/umts_router                                                            u:object_r:radio_device:s0
--- a/radio/fsck.te
+++ b/radio/fsck.te
@ -0,0 +1,4 @@
+allow fsck persist_block_device:blk_file rw_file_perms;
+allow fsck efs_block_device:blk_file rw_file_perms;
+allow fsck modem_userdata_block_device:blk_file rw_file_perms;
+
--- a/radio/genfs_contexts
+++ b/radio/genfs_contexts
@ -0,0 +1,11 @@
+# SJTAG
+genfscon sysfs /devices/platform/sjtag_ap/interface                       u:object_r:sysfs_sjtag:s0
+genfscon sysfs /devices/platform/sjtag_gsa/interface                      u:object_r:sysfs_sjtag:s0
+
+genfscon sysfs /firmware/devicetree/base/chosen                           u:object_r:sysfs_chosen:s0
+
+# GPS
+genfscon sysfs /devices/platform/111e0000.spi/spi_master/spi21/spi21.0/nstandby  u:object_r:sysfs_gps:s0
+
+# Modem
+genfscon sysfs /devices/platform/cp-tm1/cp_temp  u:object_r:sysfs_modem:s0
--- a/radio/gpsd.te
+++ b/radio/gpsd.te
@ -0,0 +1,7 @@
+type gpsd, domain;
+type gpsd_exec, vendor_file_type, exec_type, file_type;
+# Allow gpsd access PixelLogger unix socket in debug build only
+userdebug_or_eng(`
+    typeattribute gpsd mlstrustedsubject;
+    allow gpsd logger_app:unix_stream_socket connectto;
+')
--- a/radio/grilservice_app.te
+++ b/radio/grilservice_app.te
@ -0,0 +1,17 @@
+type grilservice_app, domain;
+app_domain(grilservice_app)
+
+allow grilservice_app app_api_service:service_manager find;
+allow grilservice_app hal_bluetooth_coexistence_hwservice:hwservice_manager find;
+allow grilservice_app hal_radioext_hwservice:hwservice_manager find;
+allow grilservice_app hal_wifi_ext_hwservice:hwservice_manager find;
+allow grilservice_app hal_wifi_ext_service:service_manager find;
+allow grilservice_app hal_audiometricext_hwservice:hwservice_manager find;
+allow grilservice_app hal_exynos_rild_hwservice:hwservice_manager find;
+allow grilservice_app radio_vendor_data_file:dir create_dir_perms;
+allow grilservice_app radio_vendor_data_file:file create_file_perms;
+binder_call(grilservice_app, hal_bluetooth_btlinux)
+binder_call(grilservice_app, hal_radioext_default)
+binder_call(grilservice_app, hal_wifi_ext)
+binder_call(grilservice_app, hal_audiometricext_default)
+binder_call(grilservice_app, rild)
--- a/radio/hal_radioext_default.te
+++ b/radio/hal_radioext_default.te
@ -0,0 +1,27 @@
+type hal_radioext_default, domain;
+type hal_radioext_default_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(hal_radioext_default)
+
+hwbinder_use(hal_radioext_default)
+get_prop(hal_radioext_default, hwservicemanager_prop)
+add_hwservice(hal_radioext_default, hal_radioext_hwservice)
+
+binder_call(hal_radioext_default, servicemanager)
+binder_call(hal_radioext_default, grilservice_app)
+binder_call(hal_radioext_default, hal_bluetooth_btlinux)
+
+# RW /dev/oem_ipc0
+allow hal_radioext_default radio_device:chr_file rw_file_perms;
+
+# RW MIPI Freq files
+allow hal_radioext_default radio_vendor_data_file:dir create_dir_perms;
+allow hal_radioext_default radio_vendor_data_file:file create_file_perms;
+
+# Bluetooth
+allow hal_radioext_default hal_bluetooth_coexistence_hwservice:hwservice_manager find;
+
+# Twoshay
+binder_use(hal_radioext_default)
+allow hal_radioext_default gril_antenna_tuning_service:service_manager find;
+binder_call(hal_radioext_default, gril_antenna_tuning_service)
+binder_call(hal_radioext_default, twoshay)
--- a/radio/hwservice.te
+++ b/radio/hwservice.te
@ -0,0 +1,9 @@
+# dmd servcie
+type hal_vendor_oem_hwservice, hwservice_manager_type;
+
+# GRIL service
+type hal_radioext_hwservice, hwservice_manager_type;
+
+# rild service
+type hal_exynos_rild_hwservice, hwservice_manager_type;
+
--- a/radio/hwservice_contexts
+++ b/radio/hwservice_contexts
@ -0,0 +1,8 @@
+# dmd HAL
+vendor.samsung_slsi.telephony.hardware.oemservice::IOemService                     u:object_r:hal_vendor_oem_hwservice:s0
+
+# rild HAL
+vendor.samsung_slsi.telephony.hardware.radioExternal::IOemSlsiRadioExternal        u:object_r:hal_exynos_rild_hwservice:s0
+
+# GRIL HAL
+vendor.google.radioext::IRadioExt                                                  u:object_r:hal_radioext_hwservice:s0
--- a/radio/hwservicemanager.te
+++ b/radio/hwservicemanager.te
@ -0,0 +1 @@
+binder_call(hwservicemanager, bipchmgr)
--- a/radio/init.te
+++ b/radio/init.te
@ -0,0 +1,4 @@
+allow init modem_efs_file:dir mounton;
+allow init modem_userdata_file:dir mounton;
+allow init modem_img_file:dir mounton;
+allow init modem_img_file:filesystem { getattr mount relabelfrom };
--- a/radio/init_radio.te
+++ b/radio/init_radio.te
@ -0,0 +1,8 @@
+type init_radio, domain;
+type init_radio_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(init_radio);
+
+allow init_radio vendor_toolbox_exec:file execute_no_trans;
+allow init_radio radio_vendor_data_file:dir create_dir_perms;
+allow init_radio radio_vendor_data_file:file create_file_perms;
--- a/radio/keys.conf
+++ b/radio/keys.conf
@ -0,0 +1,3 @@
+[@MDS]
+ALL : device/google/zumapro-sepolicy/radio/certs/com_google_mds.x509.pem
+
--- a/radio/logger_app.te
+++ b/radio/logger_app.te
@ -0,0 +1,27 @@
+userdebug_or_eng(`
+  allow logger_app vendor_gps_file:file create_file_perms;
+  allow logger_app vendor_gps_file:dir create_dir_perms;
+  allow logger_app vendor_slog_file:file {r_file_perms unlink};
+  allow logger_app radio_vendor_data_file:file create_file_perms;
+  allow logger_app radio_vendor_data_file:dir create_dir_perms;
+  allow logger_app sysfs_sscoredump_level:file r_file_perms;
+
+  r_dir_file(logger_app, sscoredump_vendor_data_coredump_file)
+  r_dir_file(logger_app, sscoredump_vendor_data_crashinfo_file)
+
+  set_prop(logger_app, vendor_audio_prop)
+  set_prop(logger_app, vendor_gps_prop)
+  set_prop(logger_app, vendor_logger_prop)
+  set_prop(logger_app, vendor_modem_prop)
+  set_prop(logger_app, vendor_ramdump_prop)
+  set_prop(logger_app, vendor_rild_prop)
+  set_prop(logger_app, vendor_ssrdump_prop)
+  set_prop(logger_app, vendor_tcpdump_log_prop)
+  set_prop(logger_app, vendor_usb_config_prop)
+  set_prop(logger_app, vendor_wifi_sniffer_prop)
+  set_prop(logger_app, logpersistd_logging_prop)
+  set_prop(logger_app, logd_prop)
+
+  # b/269383459 framework UI rendering properties
+  dontaudit logger_app default_prop:file { read };
+')
--- a/radio/mac_permissions.xml
+++ b/radio/mac_permissions.xml
@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<policy>
+
+<!--
+
+    * A signature is a hex encoded X.509 certificate or a tag defined in
+      keys.conf and is required for each signer tag.
+    * A signer tag may contain a seinfo tag and multiple package stanzas.
+    * A default tag is allowed that can contain policy for all apps not signed with a
+      previously listed cert. It may not contain any inner package stanzas.
+    * Each signer/default/package tag is allowed to contain one seinfo tag. This tag
+      represents additional info that each app can use in setting a SELinux security
+      context on the eventual process.
+    * When a package is installed the following logic is used to determine what seinfo
+      value, if any, is assigned.
+      - All signatures used to sign the app are checked first.
+      - If a signer stanza has inner package stanzas, those stanza will be checked
+        to try and match the package name of the app. If the package name matches
+        then that seinfo tag is used. If no inner package matches then the outer
+        seinfo tag is assigned.
+      - The default tag is consulted last if needed.
+-->
+    <!-- google apps key -->
+    <signer signature="@MDS" >
+        <seinfo value="mds" />
+    </signer>
+</policy>
--- a/radio/modem_diagnostic_app.te
+++ b/radio/modem_diagnostic_app.te
@ -0,0 +1,37 @@
+type modem_diagnostic_app, domain;
+
+app_domain(modem_diagnostic_app)
+net_domain(modem_diagnostic_app)
+
+allow modem_diagnostic_app app_api_service:service_manager find;
+allow modem_diagnostic_app radio_service:service_manager find;
+
+userdebug_or_eng(`
+  binder_call(modem_diagnostic_app, dmd)
+
+  set_prop(modem_diagnostic_app, vendor_cbd_prop)
+  set_prop(modem_diagnostic_app, vendor_rild_prop)
+  set_prop(modem_diagnostic_app, vendor_modem_prop)
+
+  allow modem_diagnostic_app sysfs_chosen:dir r_dir_perms;
+  allow modem_diagnostic_app sysfs_chosen:file r_file_perms;
+
+  allow modem_diagnostic_app vendor_fw_file:file r_file_perms;
+
+  allow modem_diagnostic_app radio_vendor_data_file:dir create_dir_perms;
+  allow modem_diagnostic_app radio_vendor_data_file:file create_file_perms;
+
+  allow modem_diagnostic_app mnt_vendor_file:dir r_dir_perms;
+  allow modem_diagnostic_app mnt_vendor_file:file r_file_perms;
+
+  allow modem_diagnostic_app modem_img_file:dir r_dir_perms;
+  allow modem_diagnostic_app modem_img_file:file r_file_perms;
+  allow modem_diagnostic_app modem_img_file:lnk_file r_file_perms;
+
+  allow modem_diagnostic_app hal_vendor_oem_hwservice:hwservice_manager find;
+
+  allow modem_diagnostic_app sysfs_batteryinfo:file r_file_perms;
+  allow modem_diagnostic_app sysfs_batteryinfo:dir search;
+
+  dontaudit modem_diagnostic_app default_prop:file r_file_perms;
+')
--- a/radio/modem_logging_control.te
+++ b/radio/modem_logging_control.te
@ -0,0 +1,17 @@
+type modem_logging_control, domain;
+type modem_logging_control_exec, vendor_file_type, exec_type, file_type;
+
+init_daemon_domain(modem_logging_control)
+
+hwbinder_use(modem_logging_control)
+binder_call(modem_logging_control, dmd)
+
+allow modem_logging_control radio_device:chr_file rw_file_perms;
+allow modem_logging_control hal_vendor_oem_hwservice:hwservice_manager find;
+allow modem_logging_control radio_vendor_data_file:dir create_dir_perms;
+allow modem_logging_control radio_vendor_data_file:file create_file_perms;
+allow modem_logging_control vendor_slog_file:dir create_dir_perms;
+allow modem_logging_control vendor_slog_file:file create_file_perms;
+
+set_prop(modem_logging_control, vendor_modem_prop)
+get_prop(modem_logging_control, hwservicemanager_prop)
--- a/radio/modem_ml_svc_sit.te
+++ b/radio/modem_ml_svc_sit.te
@ -0,0 +1,26 @@
+type modem_ml_svc_sit, domain;
+type modem_ml_svc_sit_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(modem_ml_svc_sit)
+
+binder_use(modem_ml_svc_sit)
+
+# Grant radio device access
+allow modem_ml_svc_sit radio_device:chr_file rw_file_perms;
+
+# Grant vendor radio and modem file/dir creation permission
+allow modem_ml_svc_sit radio_vendor_data_file:dir create_dir_perms;
+allow modem_ml_svc_sit radio_vendor_data_file:file create_file_perms;
+
+# Grant modem ml data file/dir creation permission
+allow modem_ml_svc_sit modem_ml_data_file:dir create_dir_perms;
+allow modem_ml_svc_sit modem_ml_data_file:file create_file_perms;
+
+# Grant modem ml models config files access
+allow modem_ml_svc_sit modem_config_file:file r_file_perms;
+
+# RIL property
+get_prop(modem_ml_svc_sit, vendor_rild_prop)
+
+# Access to NNAPI service
+hal_client_domain(modem_ml_svc_sit, hal_neuralnetworks)
+allow modem_ml_svc_sit edgetpu_nnapi_service:service_manager find;
--- a/radio/modem_svc_sit.te
+++ b/radio/modem_svc_sit.te
@ -0,0 +1,35 @@
+type modem_svc_sit, domain;
+type modem_svc_sit_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(modem_svc_sit)
+
+hwbinder_use(modem_svc_sit)
+binder_call(modem_svc_sit, rild)
+
+# Grant sysfs_modem access
+allow modem_svc_sit sysfs_modem:file rw_file_perms;
+
+# Grant radio device access
+allow modem_svc_sit radio_device:chr_file rw_file_perms;
+
+# Grant vendor radio and modem file/dir creation permission
+allow modem_svc_sit radio_vendor_data_file:dir create_dir_perms;
+allow modem_svc_sit radio_vendor_data_file:file create_file_perms;
+allow modem_svc_sit modem_stat_data_file:dir create_dir_perms;
+allow modem_svc_sit modem_stat_data_file:file create_file_perms;
+
+allow modem_svc_sit vendor_fw_file:dir search;
+allow modem_svc_sit vendor_fw_file:file r_file_perms;
+
+allow modem_svc_sit mnt_vendor_file:dir search;
+allow modem_svc_sit modem_userdata_file:dir create_dir_perms;
+allow modem_svc_sit modem_userdata_file:file create_file_perms;
+
+# RIL property
+get_prop(modem_svc_sit, vendor_rild_prop)
+
+# Modem property
+set_prop(modem_svc_sit, vendor_modem_prop)
+
+# hwservice permission
+allow modem_svc_sit hal_exynos_rild_hwservice:hwservice_manager find;
+get_prop(modem_svc_sit, hwservicemanager_prop)
--- a/radio/oemrilservice_app.te
+++ b/radio/oemrilservice_app.te
@ -0,0 +1,9 @@
+type oemrilservice_app, domain;
+app_domain(oemrilservice_app)
+
+allow oemrilservice_app app_api_service:service_manager find;
+allow oemrilservice_app hal_exynos_rild_hwservice:hwservice_manager find;
+allow oemrilservice_app radio_service:service_manager find;
+
+binder_call(oemrilservice_app, rild)
+set_prop(oemrilservice_app, vendor_rild_prop)
--- a/radio/private/radio.te
+++ b/radio/private/radio.te
@ -0,0 +1 @@
+add_service(radio, uce_service)
--- a/radio/private/service_contexts
+++ b/radio/private/service_contexts
@ -0,0 +1,2 @@
+telephony.oem.oemrilhook        u:object_r:radio_service:s0
+
--- a/radio/property.te
+++ b/radio/property.te
@ -0,0 +1,17 @@
+# P23 vendor properties
+vendor_internal_prop(vendor_carrier_prop)
+vendor_internal_prop(vendor_cbd_prop)
+vendor_internal_prop(vendor_slog_prop)
+vendor_internal_prop(vendor_persist_config_default_prop)
+vendor_internal_prop(vendor_diag_prop)
+vendor_internal_prop(vendor_modem_prop)
+vendor_internal_prop(vendor_rild_prop)
+vendor_internal_prop(vendor_ssrdump_prop)
+vendor_internal_prop(vendor_wifi_version)
+vendor_internal_prop(vendor_imssvc_prop)
+vendor_internal_prop(vendor_gps_prop)
+vendor_internal_prop(vendor_tcpdump_log_prop)
+
+# Telephony debug app
+vendor_internal_prop(vendor_telephony_app_prop)
+
--- a/radio/property_contexts
+++ b/radio/property_contexts
@ -0,0 +1,59 @@
+# for cbd
+vendor.cbd.                                u:object_r:vendor_cbd_prop:s0
+persist.vendor.cbd.                        u:object_r:vendor_cbd_prop:s0
+
+# for ims service
+persist.vendor.ims.                        u:object_r:vendor_imssvc_prop:s0
+
+# for slog
+vendor.sys.silentlog.                      u:object_r:vendor_slog_prop:s0
+vendor.sys.exynos.slog.                    u:object_r:vendor_slog_prop:s0
+persist.vendor.sys.silentlog               u:object_r:vendor_slog_prop:s0
+
+# for dmd
+persist.vendor.sys.dm.                     u:object_r:vendor_diag_prop:s0
+persist.vendor.sys.diag.                   u:object_r:vendor_diag_prop:s0
+vendor.sys.dmd.                            u:object_r:vendor_diag_prop:s0
+vendor.sys.diag.                           u:object_r:vendor_diag_prop:s0
+persist.vendor.config.                     u:object_r:vendor_persist_config_default_prop:s0
+
+# for logger app
+vendor.pixellogger.                        u:object_r:vendor_logger_prop:s0
+persist.vendor.pixellogger.                u:object_r:vendor_logger_prop:s0
+
+# Modem
+persist.vendor.modem.                      u:object_r:vendor_modem_prop:s0
+vendor.modem.                              u:object_r:vendor_modem_prop:s0
+vendor.sys.modem.                          u:object_r:vendor_modem_prop:s0
+vendor.sys.modem_reset                     u:object_r:vendor_modem_prop:s0
+ro.vendor.sys.modem.                       u:object_r:vendor_modem_prop:s0
+vendor.sys.exynos.modempath                u:object_r:vendor_modem_prop:s0
+persist.vendor.sys.modem.                  u:object_r:vendor_modem_prop:s0
+
+# for rild
+persist.vendor.ril.                        u:object_r:vendor_rild_prop:s0
+vendor.ril.                                u:object_r:vendor_rild_prop:s0
+vendor.radio.                              u:object_r:vendor_rild_prop:s0
+vendor.sys.rild_reset                      u:object_r:vendor_rild_prop:s0
+persist.vendor.radio.                      u:object_r:vendor_rild_prop:s0
+ro.vendor.config.build_carrier             u:object_r:vendor_carrier_prop:s0
+
+# SSR Detector
+vendor.debug.ssrdump.                      u:object_r:vendor_ssrdump_prop:s0
+persist.vendor.sys.ssr.                    u:object_r:vendor_ssrdump_prop:s0
+
+# WiFi
+vendor.wlan.driver.version                 u:object_r:vendor_wifi_version:s0
+vendor.wlan.firmware.version               u:object_r:vendor_wifi_version:s0
+
+# for vendor telephony debug app
+vendor.config.debug.                       u:object_r:vendor_telephony_app_prop:s0
+
+# for gps
+vendor.gps.                                u:object_r:vendor_gps_prop:s0
+persist.vendor.gps.                        u:object_r:vendor_gps_prop:s0
+
+# Tcpdump_logger
+persist.vendor.tcpdump.log.alwayson        u:object_r:vendor_tcpdump_log_prop:s0
+vendor.tcpdump.                            u:object_r:vendor_tcpdump_log_prop:s0
+
--- a/radio/radio.te
+++ b/radio/radio.te
@ -0,0 +1,6 @@
+allow radio radio_vendor_data_file:dir rw_dir_perms;
+allow radio radio_vendor_data_file:file create_file_perms;
+allow radio vendor_ims_app:udp_socket { getattr read write setopt shutdown };
+allow radio aoc_device:chr_file rw_file_perms;
+allow radio hal_audio_ext_hwservice:hwservice_manager find;
+binder_call(radio, hal_audio_default)
--- a/radio/rfsd.te
+++ b/radio/rfsd.te
@ -0,0 +1,36 @@
+type rfsd, domain;
+type rfsd_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(rfsd)
+
+# Allow to search block device and mnt dir for modem EFS partitions
+allow rfsd mnt_vendor_file:dir search;
+allow rfsd block_device:dir search;
+
+# Allow to operate with modem EFS file/dir
+allow rfsd modem_efs_file:dir create_dir_perms;
+allow rfsd modem_efs_file:file create_file_perms;
+
+allow rfsd radio_vendor_data_file:dir r_dir_perms;
+allow rfsd radio_vendor_data_file:file r_file_perms;
+
+r_dir_file(rfsd, vendor_fw_file)
+
+# Allow to access rfsd log file/dir
+allow rfsd vendor_log_file:dir search;
+allow rfsd vendor_rfsd_log_file:dir create_dir_perms;
+allow rfsd vendor_rfsd_log_file:file create_file_perms;
+
+# Allow to read/write modem block device
+allow rfsd modem_block_device:blk_file rw_file_perms;
+
+# Allow to operate with radio device
+allow rfsd radio_device:chr_file rw_file_perms;
+
+# Allow to set rild and modem property
+set_prop(rfsd, vendor_modem_prop)
+set_prop(rfsd, vendor_rild_prop)
+
+# Allow rfsd to access modem image file/dir
+allow rfsd modem_img_file:dir r_dir_perms;
+allow rfsd modem_img_file:file r_file_perms;
+allow rfsd modem_img_file:lnk_file r_file_perms;
--- a/radio/rild.te
+++ b/radio/rild.te
@ -0,0 +1,40 @@
+set_prop(rild, vendor_rild_prop)
+set_prop(rild, vendor_modem_prop)
+get_prop(rild, vendor_persist_config_default_prop)
+get_prop(rild, vendor_carrier_prop)
+
+get_prop(rild, sota_prop)
+get_prop(rild, system_boot_reason_prop)
+
+allow rild proc_net:file rw_file_perms;
+allow rild radio_vendor_data_file:dir create_dir_perms;
+allow rild radio_vendor_data_file:file create_file_perms;
+allow rild rild_vendor_data_file:dir create_dir_perms;
+allow rild rild_vendor_data_file:file create_file_perms;
+allow rild vendor_fw_file:file r_file_perms;
+allow rild mnt_vendor_file:dir r_dir_perms;
+
+r_dir_file(rild, modem_img_file)
+
+binder_call(rild, bipchmgr)
+binder_call(rild, gpsd)
+binder_call(rild, hal_audio_default)
+binder_call(rild, modem_svc_sit)
+binder_call(rild, vendor_ims_app)
+binder_call(rild, vendor_rcs_app)
+binder_call(rild, oemrilservice_app)
+binder_call(rild, hal_secure_element_uicc)
+binder_call(rild, grilservice_app)
+binder_call(rild, vendor_engineermode_app)
+binder_call(rild, vendor_telephony_debug_app)
+binder_call(rild, logger_app)
+
+crash_dump_fallback(rild)
+
+# for hal service
+add_hwservice(rild, hal_exynos_rild_hwservice)
+
+# Allow rild to access files on modem img.
+allow rild modem_img_file:dir r_dir_perms;
+allow rild modem_img_file:file r_file_perms;
+allow rild modem_img_file:lnk_file r_file_perms;
--- a/radio/sced.te
+++ b/radio/sced.te
@ -0,0 +1,23 @@
+type sced, domain;
+type sced_exec, vendor_file_type, exec_type, file_type;
+
+userdebug_or_eng(`
+  init_daemon_domain(sced)
+  typeattribute sced vendor_executes_system_violators;
+
+  hwbinder_use(sced)
+  binder_call(sced, dmd)
+  binder_call(sced, vendor_telephony_silentlogging_app)
+
+  get_prop(sced, hwservicemanager_prop)
+  allow sced self:packet_socket create_socket_perms_no_ioctl;
+
+  allow sced self:capability net_raw;
+  allow sced shell_exec:file rx_file_perms;
+  allow sced tcpdump_exec:file rx_file_perms;
+  allow sced vendor_shell_exec:file x_file_perms;
+  allow sced vendor_slog_file:dir create_dir_perms;
+  allow sced vendor_slog_file:file create_file_perms;
+  allow sced hidl_base_hwservice:hwservice_manager add;
+  allow sced hal_vendor_oem_hwservice:hwservice_manager { add find };
+')
--- a/radio/seapp_contexts
+++ b/radio/seapp_contexts
@ -0,0 +1,34 @@
+# Sub System Ramdump
+user=system seinfo=platform name=com.google.SSRestartDetector domain=ssr_detector_app type=system_app_data_file levelFrom=user
+
+# CBRS setup app
+user=_app seinfo=platform name=com.google.googlecbrs domain=cbrs_setup_app type=app_data_file levelFrom=user
+
+# Modem Diagnostic System
+user=_app isPrivApp=true seinfo=mds name=com.google.mds domain=modem_diagnostic_app type=app_data_file levelFrom=user
+
+# grilservice
+user=_app isPrivApp=true name=com.google.android.grilservice domain=grilservice_app levelFrom=all
+
+# exynos apps
+user=_app isPrivApp=true name=com.samsung.slsi.telephony.oemril domain=oemrilservice_app levelFrom=all
+user=_app isPrivApp=true name=com.shannon.qualifiednetworksservice domain=vendor_qualifiednetworks_app levelFrom=all
+user=_app isPrivApp=true name=com.shannon.rcsservice domain=vendor_rcs_app levelFrom=all
+user=_app isPrivApp=true name=com.shannon.rcsservice:shannonrcsservice domain=vendor_rcs_service_app levelFrom=all
+user=_app isPrivApp=true name=com.shannon.imsservice domain=vendor_ims_app levelFrom=all
+user=_app isPrivApp=true name=.ShannonImsService domain=vendor_ims_app levelFrom=all
+user=_app isPrivApp=true name=com.shannon.imsservice:remote domain=vendor_ims_remote_app levelFrom=all
+
+
+# slsi logging apps
+user=system seinfo=platform name=com.samsung.slsi.telephony.silentlogging domain=vendor_telephony_silentlogging_app levelFrom=all
+user=system seinfo=platform name=com.samsung.slsi.telephony.silentlogging:remote domain=vendor_silentlogging_remote_app levelFrom=all
+user=system seinfo=platform name=com.samsung.slsi.sysdebugmode domain=vendor_telephony_debug_app levelFrom=all
+user=system seinfo=platform name=com.samsung.slsi.telephony.testmode domain=vendor_telephony_test_app levelFrom=all
+
+# Samsung S.LSI engineer mode
+user=_app seinfo=platform name=com.samsung.slsi.engineermode domain=vendor_engineermode_app levelFrom=all
+
+# Domain for CatEngineService
+user=system seinfo=platform name=com.google.android.CatEngine domain=cat_engine_service_app type=system_app_data_file levelFrom=all
+
--- a/radio/ssr_detector.te
+++ b/radio/ssr_detector.te
@ -0,0 +1,24 @@
+type ssr_detector_app, domain;
+
+app_domain(ssr_detector_app)
+allow ssr_detector_app app_api_service:service_manager find;
+allow ssr_detector_app radio_service:service_manager find;
+
+allow ssr_detector_app system_app_data_file:dir create_dir_perms;
+allow ssr_detector_app system_app_data_file:file create_file_perms;
+
+allow ssr_detector_app sscoredump_vendor_data_crashinfo_file:dir r_dir_perms;
+allow ssr_detector_app sscoredump_vendor_data_crashinfo_file:file r_file_perms;
+userdebug_or_eng(`
+  allow ssr_detector_app sscoredump_vendor_data_coredump_file:dir r_dir_perms;
+  allow ssr_detector_app sscoredump_vendor_data_coredump_file:file r_file_perms;
+  get_prop(ssr_detector_app, vendor_aoc_prop)
+  allow ssr_detector_app sysfs_sjtag:dir r_dir_perms;
+  allow ssr_detector_app sysfs_sjtag:file rw_file_perms;
+  allow ssr_detector_app proc_vendor_sched:dir search;
+  allow ssr_detector_app proc_vendor_sched:file rw_file_perms;
+  allow ssr_detector_app cgroup:file write;
+')
+
+get_prop(ssr_detector_app, vendor_ssrdump_prop)
+get_prop(ssr_detector_app, vendor_wifi_version)
--- a/radio/vcd.te
+++ b/radio/vcd.te
@ -0,0 +1,13 @@
+type vcd, domain;
+type vcd_exec, vendor_file_type, exec_type, file_type;
+userdebug_or_eng(`
+  init_daemon_domain(vcd)
+
+  get_prop(vcd, vendor_rild_prop);
+  get_prop(vcd, vendor_persist_config_default_prop);
+
+  allow vcd serial_device:chr_file rw_file_perms;
+  allow vcd radio_device:chr_file rw_file_perms;
+  allow vcd self:tcp_socket { create_socket_perms_no_ioctl listen accept };
+  allow vcd node:tcp_socket node_bind;
+')
--- a/radio/vendor_engineermode_app.te
+++ b/radio/vendor_engineermode_app.te
@ -0,0 +1,12 @@
+type vendor_engineermode_app, domain;
+app_domain(vendor_engineermode_app)
+
+binder_call(vendor_engineermode_app, rild)
+
+allow vendor_engineermode_app app_api_service:service_manager find;
+allow vendor_engineermode_app hal_exynos_rild_hwservice:hwservice_manager find;
+
+userdebug_or_eng(`
+  dontaudit vendor_engineermode_app default_prop:file r_file_perms;
+')
+
--- a/radio/vendor_ims_app.te
+++ b/radio/vendor_ims_app.te
@ -0,0 +1,20 @@
+type vendor_ims_app, domain;
+app_domain(vendor_ims_app)
+net_domain(vendor_ims_app)
+
+allow vendor_ims_app app_api_service:service_manager find;
+allow vendor_ims_app audioserver_service:service_manager find;
+
+allow vendor_ims_app hal_exynos_rild_hwservice:hwservice_manager find;
+allow vendor_ims_app radio_service:service_manager find;
+
+allow vendor_ims_app mediaserver_service:service_manager find;
+allow vendor_ims_app cameraserver_service:service_manager find;
+allow vendor_ims_app mediametrics_service:service_manager find;
+
+allow vendor_ims_app self:udp_socket { create_socket_perms_no_ioctl };
+
+binder_call(vendor_ims_app, rild)
+set_prop(vendor_ims_app, vendor_rild_prop)
+set_prop(vendor_ims_app, radio_prop)
+get_prop(vendor_ims_app, vendor_imssvc_prop)
--- a/radio/vendor_ims_remote_app.te
+++ b/radio/vendor_ims_remote_app.te
@ -0,0 +1,4 @@
+type vendor_ims_remote_app, domain;
+app_domain(vendor_ims_remote_app)
+
+allow vendor_ims_remote_app app_api_service:service_manager find;
--- a/radio/vendor_init.te
+++ b/radio/vendor_init.te
@ -0,0 +1,6 @@
+set_prop(vendor_init, vendor_cbd_prop)
+set_prop(vendor_init, vendor_carrier_prop)
+set_prop(vendor_init, vendor_modem_prop)
+set_prop(vendor_init, vendor_rild_prop)
+set_prop(vendor_init, vendor_logger_prop)
+set_prop(vendor_init, vendor_slog_prop)
--- a/radio/vendor_qualifiednetworks_app.te
+++ b/radio/vendor_qualifiednetworks_app.te
@ -0,0 +1,5 @@
+type vendor_qualifiednetworks_app, domain;
+app_domain(vendor_qualifiednetworks_app)
+
+allow vendor_qualifiednetworks_app app_api_service:service_manager find;
+allow vendor_qualifiednetworks_app radio_service:service_manager find;
--- a/radio/vendor_rcs_app.te
+++ b/radio/vendor_rcs_app.te
@ -0,0 +1,9 @@
+type vendor_rcs_app, domain;
+app_domain(vendor_rcs_app)
+net_domain(vendor_rcs_app)
+
+allow vendor_rcs_app app_api_service:service_manager find;
+allow vendor_rcs_app radio_service:service_manager find;
+allow vendor_rcs_app hal_exynos_rild_hwservice:hwservice_manager find;
+
+binder_call(vendor_rcs_app, rild)
--- a/radio/vendor_rcs_service_app.te
+++ b/radio/vendor_rcs_service_app.te
@ -0,0 +1,5 @@
+type vendor_rcs_service_app, domain;
+app_domain(vendor_rcs_service_app)
+
+allow vendor_rcs_service_app app_api_service:service_manager find;
+allow vendor_rcs_service_app radio_service:service_manager find;
--- a/radio/vendor_silentlogging_remote_app.te
+++ b/radio/vendor_silentlogging_remote_app.te
@ -0,0 +1,13 @@
+type vendor_silentlogging_remote_app, domain;
+app_domain(vendor_silentlogging_remote_app)
+
+allow vendor_silentlogging_remote_app vendor_slog_file:dir create_dir_perms;
+allow vendor_silentlogging_remote_app vendor_slog_file:file create_file_perms;
+
+allow vendor_silentlogging_remote_app app_api_service:service_manager find;
+
+userdebug_or_eng(`
+# Silent Logging Remote
+dontaudit vendor_silentlogging_remote_app system_app_data_file:dir create_dir_perms;
+dontaudit vendor_silentlogging_remote_app system_app_data_file:file create_file_perms;
+')
--- a/radio/vendor_telephony_debug_app.te
+++ b/radio/vendor_telephony_debug_app.te
@ -0,0 +1,20 @@
+type vendor_telephony_debug_app, domain;
+app_domain(vendor_telephony_debug_app)
+
+allow vendor_telephony_debug_app app_api_service:service_manager find;
+allow vendor_telephony_debug_app hal_exynos_rild_hwservice:hwservice_manager find;
+
+binder_call(vendor_telephony_debug_app, rild)
+
+# RIL property
+set_prop(vendor_telephony_debug_app, vendor_rild_prop)
+
+# Debug property
+set_prop(vendor_telephony_debug_app, vendor_telephony_app_prop)
+
+userdebug_or_eng(`
+# System Debug Mode
+dontaudit vendor_telephony_debug_app system_app_data_file:dir create_dir_perms;
+dontaudit vendor_telephony_debug_app system_app_data_file:file create_file_perms;
+dontaudit vendor_telephony_debug_app default_prop:file r_file_perms;
+')
--- a/radio/vendor_telephony_silentlogging_app.te
+++ b/radio/vendor_telephony_silentlogging_app.te
@ -0,0 +1,21 @@
+type vendor_telephony_silentlogging_app, domain;
+app_domain(vendor_telephony_silentlogging_app)
+
+set_prop(vendor_telephony_silentlogging_app, vendor_modem_prop)
+set_prop(vendor_telephony_silentlogging_app, vendor_slog_prop)
+
+allow vendor_telephony_silentlogging_app vendor_slog_file:dir create_dir_perms;
+allow vendor_telephony_silentlogging_app vendor_slog_file:file create_file_perms;
+
+allow vendor_telephony_silentlogging_app app_api_service:service_manager find;
+allow vendor_telephony_silentlogging_app hal_vendor_oem_hwservice:hwservice_manager find;
+binder_call(vendor_telephony_silentlogging_app, dmd)
+binder_call(vendor_telephony_silentlogging_app, sced)
+
+userdebug_or_eng(`
+# Silent Logging
+dontaudit vendor_telephony_silentlogging_app system_app_data_file:dir create_dir_perms;
+dontaudit vendor_telephony_silentlogging_app system_app_data_file:file create_file_perms;
+dontaudit vendor_telephony_silentlogging_app default_prop:file { getattr open read map };
+allow vendor_telephony_silentlogging_app selinuxfs:file { read open };
+')
--- a/radio/vendor_telephony_test_app.te
+++ b/radio/vendor_telephony_test_app.te
@ -0,0 +1,4 @@
+type vendor_telephony_test_app, domain;
+app_domain(vendor_telephony_test_app)
+
+allow vendor_telephony_test_app app_api_service:service_manager find;
--- a/radio/vold.te
+++ b/radio/vold.te
@ -0,0 +1,4 @@
+allow vold modem_efs_file:dir rw_dir_perms;
+allow vold modem_userdata_file:dir rw_dir_perms;
+allow vold efs_block_device:blk_file { getattr };
+allow vold modem_userdata_block_device:blk_file { getattr };
--- a/system_ext/private/platform_app.te
+++ b/system_ext/private/platform_app.te
@ -0,0 +1,2 @@
+# allow systemui access to fingerprint
+hal_client_domain(platform_app, hal_fingerprint)
--- a/tracking_denials/README.txt
+++ b/tracking_denials/README.txt
@ -0,0 +1,2 @@
+This folder stores known errors detected by PTS. Be sure to remove relevant
+files to reproduce error log on latest ROMs.
--- a/tracking_denials/bug_map
+++ b/tracking_denials/bug_map
@ -0,0 +1,43 @@
+con_monitor_app app_data_file dir b/264483670
+con_monitor_app app_data_file file b/264483670
+con_monitor_app dalvikcache_data_file dir b/264483670
+con_monitor_app dalvikcache_data_file file b/264483670
+con_monitor_app mnt_expand_file dir b/264483670
+con_monitor_app system_data_file lnk_file b/264483670
+dumpstate app_zygote process b/279680264
+google_camera_app audio_service service_manager b/264600171
+google_camera_app backup_service service_manager b/264483456
+google_camera_app legacy_permission_service service_manager b/264600171
+google_camera_app permission_checker_service service_manager b/264600171
+hal_audio_default hal_audio_default binder b/274374769
+hal_bootctl_default hal_bootctl_default capability b/274727372
+hal_camera_default edgetpu_app_server binder b/275001641
+hal_camera_default edgetpu_app_service service_manager b/275001641
+hal_input_processor_default vendor_display_prop file b/279680070
+hal_secure_element_uicc hal_secure_element_hwservice hwservice_manager b/264483151
+hal_secure_element_uicc hidl_base_hwservice hwservice_manager b/264483151
+hal_uwb_default debugfs file b/279680213
+incidentd apex_art_data_file file b/272628762
+incidentd incidentd anon_inode b/274374992
+insmod-sh insmod-sh key b/274374722
+insmod-sh vendor_regmap_debugfs dir b/274727542
+kernel vendor_fw_file dir b/272166737
+kernel vendor_fw_file dir b/272166787
+mtectrl unlabeled dir b/264483752
+platform_app bootanim_system_prop property_service b/264483532
+servicemanager hal_fingerprint_default binder b/264483753
+system_server default_android_service service_manager b/264483754
+systemui_app init unix_stream_socket b/269964574
+systemui_app property_socket sock_file b/269964574
+twoshay systemui_app binder b/269964558
+untrusted_app default_android_service service_manager b/264599934
+vendor_init device_config_configuration_prop property_service b/267714573
+vendor_init device_config_configuration_prop property_service b/268566481
+vendor_init device_config_configuration_prop property_service b/273143844
+vendor_init device_config_configuration_prop property_service b/275645636
+vendor_init device_config_configuration_prop property_service b/275646003
+vendor_init tee_data_file lnk_file b/267714573
+vendor_init tee_data_file lnk_file b/272166664
+vendor_init vendor_camera_prop property_service b/267714573
+vendor_init vendor_camera_prop property_service b/268566481
+vendor_init vendor_camera_prop property_service b/273143844
--- a/tracking_denials/con_monitor_app.te
+++ b/tracking_denials/con_monitor_app.te
@ -0,0 +1,36 @@
+# b/261518779
+dontaudit con_monitor_app activity_service:service_manager { find };
+dontaudit con_monitor_app content_capture_service:service_manager { find };
+dontaudit con_monitor_app game_service:service_manager { find };
+dontaudit con_monitor_app netstats_service:service_manager { find };
+dontaudit con_monitor_app system_server:binder { call };
+dontaudit con_monitor_app system_server:binder { transfer };
+dontaudit con_monitor_app system_server:fd { use };
+# b/261783158
+dontaudit con_monitor_app system_file:file { getattr };
+dontaudit con_monitor_app system_file:file { map };
+dontaudit con_monitor_app system_file:file { open };
+dontaudit con_monitor_app system_file:file { read };
+dontaudit con_monitor_app tmpfs:file { execute };
+dontaudit con_monitor_app tmpfs:file { map };
+dontaudit con_monitor_app tmpfs:file { read };
+dontaudit con_monitor_app tmpfs:file { write };
+# b/261933171
+dontaudit con_monitor_app dumpstate:fd { use };
+dontaudit con_monitor_app dumpstate:fifo_file { append };
+dontaudit con_monitor_app dumpstate:fifo_file { write };
+dontaudit con_monitor_app system_server:fifo_file { write };
+dontaudit con_monitor_app tombstoned:unix_stream_socket { connectto };
+dontaudit con_monitor_app tombstoned_java_trace_socket:sock_file { write };
+# b/262455571
+dontaudit con_monitor_app data_file_type:dir { search };
+dontaudit con_monitor_app servicemanager:binder { call };
+dontaudit con_monitor_app statsd:unix_dgram_socket { sendto };
+dontaudit con_monitor_app statsdw_socket:sock_file { write };
+dontaudit con_monitor_app system_file:file { execute };
+# b/264489520
+userdebug_or_eng(`
+  permissive con_monitor_app;
+')
+# b/267843291
+dontaudit con_monitor_app resourcecache_data_file:file { read };
--- a/tracking_denials/dumpstate.te
+++ b/tracking_denials/dumpstate.te
@ -0,0 +1,2 @@
+# b/277155496
+dontaudit dumpstate default_android_service:service_manager { find };
--- a/tracking_denials/fastbootd.te
+++ b/tracking_denials/fastbootd.te
@ -0,0 +1,4 @@
+# b/264489957
+userdebug_or_eng(`
+  permissive fastbootd;
+')
--- a/tracking_denials/hal_sensors_default.te
+++ b/tracking_denials/hal_sensors_default.te
@ -0,0 +1,3 @@
+# b/267260619
+dontaudit hal_sensors_default dumpstate:fd { use };
+dontaudit hal_sensors_default dumpstate:fifo_file { write };
--- a/tracking_denials/hal_usb_impl.te
+++ b/tracking_denials/hal_usb_impl.te
@ -0,0 +1,2 @@
+# b/267261163
+dontaudit hal_usb_impl dumpstate:fd { use };
--- a/tracking_denials/incidentd.te
+++ b/tracking_denials/incidentd.te
@ -0,0 +1,3 @@
+# b/261933310
+dontaudit incidentd debugfs_wakeup_sources:file { open };
+dontaudit incidentd debugfs_wakeup_sources:file { read };
--- a/tracking_denials/kernel.te
+++ b/tracking_denials/kernel.te
@ -0,0 +1,7 @@
+# b/262794429
+dontaudit kernel sepolicy_file:file { getattr };
+dontaudit kernel system_bootstrap_lib_file:dir { getattr };
+dontaudit kernel system_bootstrap_lib_file:file { getattr };
+dontaudit kernel system_dlkm_file:dir { getattr };
+# b/263185161
+dontaudit kernel kernel:capability { net_bind_service };
--- a/tracking_denials/rebalance_interrupts_vendor.te
+++ b/tracking_denials/rebalance_interrupts_vendor.te
@ -0,0 +1,2 @@
+# b/260366278
+dontaudit rebalance_interrupts_vendor rebalance_interrupts_vendor:capability { dac_override };
--- a/tracking_denials/ssr_detector_app.te
+++ b/tracking_denials/ssr_detector_app.te
@ -0,0 +1,6 @@
+# b/261651131
+dontaudit ssr_detector_app system_app_data_file:file { open };
+# b/264489567
+userdebug_or_eng(`
+  permissive ssr_detector_app;
+')
--- a/tracking_denials/systemui_app.te
+++ b/tracking_denials/systemui_app.te
@ -0,0 +1,2 @@
+# b/272628396
+dontaudit systemui_app service_manager_type:service_manager find;
--- a/tracking_denials/update_engine.te
+++ b/tracking_denials/update_engine.te
@ -0,0 +1,2 @@
+# b/267261048
+dontaudit update_engine dumpstate:fd { use };
--- a/tracking_denials/vendor_init.te
+++ b/tracking_denials/vendor_init.te
@ -0,0 +1,3 @@
+# b/260366195
+dontaudit vendor_init debugfs_trace_marker:file { getattr };
+dontaudit vendor_init vendor_init:capability2 { block_suspend };
--- a/vendor/audioserver.te
+++ b/vendor/audioserver.te
@ -0,0 +1,2 @@
+#allow access to ALSA MMAP FDs for AAudio API
+allow audioserver audio_device:chr_file r_file_perms;
--- a/vendor/bootanim.te
+++ b/vendor/bootanim.te
@ -0,0 +1,2 @@
+allow bootanim arm_mali_platform_service:service_manager find;
+dontaudit bootanim system_data_file:dir { search };
--- a/vendor/cccdk_timesync_app.te
+++ b/vendor/cccdk_timesync_app.te
@ -0,0 +1,7 @@
+type vendor_cccdktimesync_app, domain;
+app_domain(vendor_cccdktimesync_app)
+
+allow vendor_cccdktimesync_app app_api_service:service_manager find;
+
+binder_call(vendor_cccdktimesync_app, hal_bluetooth_btlinux)
+allow vendor_cccdktimesync_app hal_bluetooth_coexistence_hwservice:hwservice_manager find;
--- a/vendor/certs/app.x509.pem
+++ b/vendor/certs/app.x509.pem
@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEqDCCA5CgAwIBAgIJANWFuGx90071MA0GCSqGSIb3DQEBBAUAMIGUMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4g
+VmlldzEQMA4GA1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UE
+AxMHQW5kcm9pZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTAe
+Fw0wODA0MTUyMzM2NTZaFw0zNTA5MDEyMzM2NTZaMIGUMQswCQYDVQQGEwJVUzET
+MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4G
+A1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9p
+ZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTCCASAwDQYJKoZI
+hvcNAQEBBQADggENADCCAQgCggEBANbOLggKv+IxTdGNs8/TGFy0PTP6DHThvbbR
+24kT9ixcOd9W+EaBPWW+wPPKQmsHxajtWjmQwWfna8mZuSeJS48LIgAZlKkpFeVy
+xW0qMBujb8X8ETrWy550NaFtI6t9+u7hZeTfHwqNvacKhp1RbE6dBRGWynwMVX8X
+W8N1+UjFaq6GCJukT4qmpN2afb8sCjUigq0GuMwYXrFVee74bQgLHWGJwPmvmLHC
+69EH6kWr22ijx4OKXlSIx2xT1AsSHee70w5iDBiK4aph27yH3TxkXy9V89TDdexA
+cKk/cVHYNnDBapcavl7y0RiQ4biu8ymM8Ga/nmzhRKya6G0cGw8CAQOjgfwwgfkw
+HQYDVR0OBBYEFI0cxb6VTEM8YYY6FbBMvAPyT+CyMIHJBgNVHSMEgcEwgb6AFI0c
+xb6VTEM8YYY6FbBMvAPyT+CyoYGapIGXMIGUMQswCQYDVQQGEwJVUzETMBEGA1UE
+CBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4GA1UEChMH
+QW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9pZDEiMCAG
+CSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbYIJANWFuGx90071MAwGA1Ud
+EwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADggEBABnTDPEF+3iSP0wNfdIjIz1AlnrP
+zgAIHVvXxunW7SBrDhEglQZBbKJEk5kT0mtKoOD1JMrSu1xuTKEBahWRbqHsXcla
+XjoBADb0kkjVEJu/Lh5hgYZnOjvlba8Ld7HCKePCVePoTJBdI4fvugnL8TsgK05a
+IskyY0hKI9L8KfqfGTl1lzOv2KoWD0KWwtAWPoGChZxmQ+nBli+gwYMzM1vAkP+a
+ayLe0a1EQimlOalO762r0GXO0ks+UeXde2Z4e+8S/pf7pITEI/tP+MxJTALw9QUW
+Ev9lKTk+jkbqxbsh8nfBUapfKqYn0eidpwq2AzVp3juYl7//fKnaPhJD9gs=
+-----END CERTIFICATE-----
--- a/vendor/certs/camera_eng.x509.pem
+++ b/vendor/certs/camera_eng.x509.pem
@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICpzCCAmWgAwIBAgIEUAV8QjALBgcqhkjOOAQDBQAwNzELMAkGA1UEBhMCVVMx
+EDAOBgNVBAoTB0FuZHJvaWQxFjAUBgNVBAMTDUFuZHJvaWQgRGVidWcwHhcNMTIw
+NzE3MTQ1MjUwWhcNMjIwNzE1MTQ1MjUwWjA3MQswCQYDVQQGEwJVUzEQMA4GA1UE
+ChMHQW5kcm9pZDEWMBQGA1UEAxMNQW5kcm9pZCBEZWJ1ZzCCAbcwggEsBgcqhkjO
+OAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR
+1k9jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb
+DtX58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdg
+UI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlX
+TAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCj
+rh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQB
+TDv+z0kqA4GEAAKBgGrRG9fVZtJ69DnALkForP1FtL6FvJmMe5uOHHdUaT+MDUKK
+pPzhEISBOEJPpozRMFJO7/bxNzhjgi+mNymL/k1GoLhmZe7wQRc5AQNbHIBqoxgY
+DTA6qMyeWSPgam+r+nVoPEU7sgd3fPL958+xmxQwOBSqHfe0PVsiK1cGtIuUMAsG
+ByqGSM44BAMFAAMvADAsAhQJ0tGwRwIptb7SkCZh0RLycMXmHQIUZ1ACBqeAULp4
+rscXTxYEf4Tqovc=
+-----END CERTIFICATE-----
--- a/vendor/certs/camera_fishfood.x509.pem
+++ b/vendor/certs/camera_fishfood.x509.pem
@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICUjCCAbsCBEk0mH4wDQYJKoZIhvcNAQEEBQAwcDELMAkGA1UEBhMCVVMxCzAJ
+BgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtHb29n
+bGUsIEluYzEUMBIGA1UECxMLR29vZ2xlLCBJbmMxEDAOBgNVBAMTB1Vua25vd24w
+HhcNMDgxMjAyMDIwNzU4WhcNMzYwNDE5MDIwNzU4WjBwMQswCQYDVQQGEwJVUzEL
+MAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC0dv
+b2dsZSwgSW5jMRQwEgYDVQQLEwtHb29nbGUsIEluYzEQMA4GA1UEAxMHVW5rbm93
+bjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAn0gDGZD5sUcmOE4EU9GPjAu/
+jcd7JQSksSB8TGxEurwArcZhD6a2qy2oDjPy7vFrJqP2uFua+sqQn/u+s/TJT36B
+IqeY4OunXO090in6c2X0FRZBWqnBYX3Vg84Zuuigu9iF/BeptL0mQIBRIarbk3fe
+tAATOBQYiC7FIoL8WA0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQBAhmae1jHaQ4Td
+0GHSJuBzuYzEuZ34teS+njy+l1Aeg98cb6lZwM5gXE/SrG0chM7eIEdsurGb6PIg
+Ov93F61lLY/MiQcI0SFtqERXWSZJ4OnTxLtM9Y2hnbHU/EG8uVhPZOZfQQ0FKf1b
+aIOMFB0Km9HbEZHLKg33kOoMsS2zpA==
+-----END CERTIFICATE-----
--- a/vendor/charger_vendor.te
+++ b/vendor/charger_vendor.te
@ -0,0 +1,7 @@
+# charger_vendor for battery in off-mode charging
+allow charger_vendor mnt_vendor_file:dir search;
+allow charger_vendor persist_file:dir search;
+allow charger_vendor sysfs_batteryinfo:file w_file_perms;
+allow charger_vendor sysfs_scsi_devices_0000:file r_file_perms;
+dontaudit charger_vendor default_prop:file r_file_perms;
+set_prop(charger_vendor, vendor_battery_defender_prop)
--- a/vendor/chre.te
+++ b/vendor/chre.te
@ -0,0 +1,16 @@
+type chre, domain;
+type chre_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(chre)
+
+# Permit communication with AoC
+allow chre aoc_device:chr_file rw_file_perms;
+
+# Allow CHRE to determine AoC's current clock
+allow chre sysfs_aoc:dir search;
+allow chre sysfs_aoc_boottime:file r_file_perms;
+
+# Allow CHRE to create thread to watch AOC's device
+allow chre device:dir r_dir_perms;
+
+# Allow CHRE to use WakeLock
+wakelock_use(chre)
--- a/vendor/con_monitor_app.te
+++ b/vendor/con_monitor_app.te
@ -0,0 +1,3 @@
+# ConnectivityMonitor app
+type con_monitor_app, domain;
+app_domain(con_monitor_app);
--- a/vendor/debug_camera_app.te
+++ b/vendor/debug_camera_app.te
@ -0,0 +1,23 @@
+type debug_camera_app, domain, coredomain;
+
+userdebug_or_eng(`
+	app_domain(debug_camera_app)
+	net_domain(debug_camera_app)
+
+	allow debug_camera_app app_api_service:service_manager find;
+	allow debug_camera_app audioserver_service:service_manager find;
+	allow debug_camera_app cameraserver_service:service_manager find;
+	allow debug_camera_app mediaextractor_service:service_manager find;
+	allow debug_camera_app mediametrics_service:service_manager find;
+	allow debug_camera_app mediaserver_service:service_manager find;
+
+	# Allows GCA-Eng & GCA-Next access the GXP device.
+	allow debug_camera_app gxp_device:chr_file rw_file_perms;
+
+	# Allows GCA-Eng & GCA-Next to find and access the EdgeTPU.
+	allow debug_camera_app edgetpu_app_service:service_manager find;
+	allow debug_camera_app edgetpu_device:chr_file { getattr read write ioctl map };
+
+	# Allows GCA_Eng & GCA-Next to access the PowerHAL.
+	hal_client_domain(debug_camera_app, hal_power)
+')
--- a/vendor/device.te
+++ b/vendor/device.te
@ -0,0 +1,22 @@
+type persist_block_device, dev_type;
+type tee_persist_block_device, dev_type;
+type custom_ab_block_device, dev_type;
+type devinfo_block_device, dev_type;
+type mfg_data_block_device, dev_type;
+type ufs_internal_block_device, dev_type;
+type logbuffer_device, dev_type;
+type gxp_device, dev_type, mlstrustedobject;
+type fingerprint_device, dev_type;
+type uci_device, dev_type;
+
+# Dmabuf heaps
+type sensor_direct_heap_device, dmabuf_heap_device_type, dev_type;
+type faceauth_heap_device, dmabuf_heap_device_type, dev_type;
+type vscaler_secure_heap_device, dmabuf_heap_device_type, dev_type;
+type framebuffer_secure_heap_device, dmabuf_heap_device_type, dev_type;
+
+# SecureElement SPI device
+type st54spi_device, dev_type;
+
+# OTA
+type sda_block_device, dev_type;
--- a/vendor/domain.te
+++ b/vendor/domain.te
@ -0,0 +1,5 @@
+allow {domain -appdomain -rs} proc_vendor_sched:dir r_dir_perms;
+allow {domain -appdomain -rs} proc_vendor_sched:file w_file_perms;
+
+# Mali
+get_prop(domain, vendor_arm_runtime_option_prop)
--- a/Show more
+++ b/Show more
				`@ -0,0 +1 @@`
				`vendor_init device_config_configuration_prop property_service b/267843409`
				`@ -0,0 +1 @@`
				`type hal_uwb_vendor_service, service_manager_type, hal_service_type;`
				`@ -0,0 +1 @@`
				`hardware.qorvo.uwb.IUwbVendor/default u:object_r:hal_uwb_vendor_service:s0`
				`@ -0,0 +1,2 @@`
				`telephony.oem.oemrilhook u:object_r:radio_service:s0`