Merge "Add se-policy for new GRIL service and RadioExt hal APIs"
diff --git a/vendor/google/bug_map b/vendor/google/bug_map
index c2ec5c3..de4630d 100644
--- a/vendor/google/bug_map
+++ b/vendor/google/bug_map
@@ -14,6 +14,10 @@
rild socket_device dir b/78460200
rmt_storage sysfs_msm_subsys dir b/78460200
sensors vendor_modem_diag_prop file b/78460200
+shell debugfs file b/175106535
+shell device_config_runtime_native_boot_prop file b/175106535
+shell sysfs file b/175106535
+shell sysfs_mmc dir b/175106535
shell sysfs_wlc dir b/79757453
ssr_setup vendor_ssr_prop file b/78460200
system_app vendor_default_prop file b/78460200
diff --git a/vendor/google/pixelstats_vendor.te b/vendor/google/pixelstats_vendor.te
index 08cedbf..4aba1be 100644
--- a/vendor/google/pixelstats_vendor.te
+++ b/vendor/google/pixelstats_vendor.te
@@ -20,11 +20,8 @@
allow pixelstats_vendor sysfs_scsi_devices_0000:file rw_file_perms;
allow pixelstats_vendor sysfs_mmc:dir search;
allow pixelstats_vendor sysfs_mmc:file rw_file_perms;
-allow pixelstats_vendor sysfs_batteryinfo:dir search;
-allow pixelstats_vendor sysfs_batteryinfo:file r_file_perms;
allow pixelstats_vendor sysfs_pixelstats:dir search;
allow pixelstats_vendor sysfs_pixelstats:file rw_file_perms;
-allow pixelstats_vendor self:netlink_kobject_uevent_socket { create getopt setopt bind read };
allow pixelstats_vendor sysfs_msm_subsys:dir search;
allow pixelstats_vendor sysfs_usb_c:dir search;
diff --git a/vendor/qcom/common/device.te b/vendor/qcom/common/device.te
index 60f1373..11ec49b 100644
--- a/vendor/qcom/common/device.te
+++ b/vendor/qcom/common/device.te
@@ -10,6 +10,7 @@
type ipa_dev, dev_type;
type modem_block_device, dev_type;
type persist_block_device, dev_type;
+type qce_device, dev_type;
type qsee_ipc_irq_spss_device, dev_type;
type qdsp_device, dev_type, mlstrustedobject;
type ramdump_device, dev_type;
diff --git a/vendor/qcom/common/file_contexts b/vendor/qcom/common/file_contexts
index b273044..05e1461 100644
--- a/vendor/qcom/common/file_contexts
+++ b/vendor/qcom/common/file_contexts
@@ -34,6 +34,7 @@
/dev/mnh_sm u:object_r:easel_device:s0
/dev/easelcomm-client u:object_r:easel_device:s0
/dev/pn81a u:object_r:secure_element_device:s0
+/dev/qce u:object_r:qce_device:s0
# camera rainbow sensor
/dev/vd6281 u:object_r:camera_device:s0
# pcm device receiving rainbow sensor data
@@ -127,7 +128,7 @@
/vendor/bin/msm_irqbalance u:object_r:irqbalance_exec:s0
/vendor/bin/cnd u:object_r:cnd_exec:s0
/vendor/bin/easelmanagerd u:object_r:easel_exec:s0
-/vendor/bin/hw/android\.hardware\.usb@1\.1-service\.bonito u:object_r:hal_usb_impl_exec:s0
+/vendor/bin/hw/android\.hardware\.usb@1\.2-service\.bonito u:object_r:hal_usb_impl_exec:s0
/vendor/bin/chre u:object_r:chre_exec:s0
/vendor/bin/time_daemon u:object_r:time_daemon_exec:s0
/vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0
diff --git a/vendor/qcom/common/hal_drm_widevine.te b/vendor/qcom/common/hal_drm_widevine.te
index a5c125e..b4a3c18 100644
--- a/vendor/qcom/common/hal_drm_widevine.te
+++ b/vendor/qcom/common/hal_drm_widevine.te
@@ -15,4 +15,5 @@
allow hal_drm_widevine mediadrm_vendor_data_file:dir create_dir_perms;
allow hal_drm_widevine mediadrm_vendor_data_file:file create_file_perms;
allow hal_drm_widevine hal_display_config_hwservice:hwservice_manager find;
+allow hal_drm_widevine qce_device:chr_file rw_file_perms;
binder_call(hal_drm_widevine, hal_graphics_composer_default)
diff --git a/vendor/qcom/common/logger_app.te b/vendor/qcom/common/logger_app.te
index 74309d1..1abc3d7 100644
--- a/vendor/qcom/common/logger_app.te
+++ b/vendor/qcom/common/logger_app.te
@@ -17,6 +17,5 @@
set_prop(logger_app, vendor_bluetooth_log_prop)
set_prop(logger_app, vendor_tcpdump_log_prop)
set_prop(logger_app, vendor_wifi_sniffer_prop)
-
- get_prop(logger_app, vendor_usb_config_prop)
+ set_prop(logger_app, vendor_usb_config_prop)
')
diff --git a/vendor/qcom/common/tee.te b/vendor/qcom/common/tee.te
index 693d7c8..665fe65 100644
--- a/vendor/qcom/common/tee.te
+++ b/vendor/qcom/common/tee.te
@@ -35,3 +35,6 @@
allowxperm tee rpmb_device:blk_file ioctl MMC_IOC_CMD;
allow tee hal_display_config_hwservice:hwservice_manager find;
+
+# allow tee access for secure UI to work
+allow tee graphics_device:chr_file rw_file_perms;