sm8250-common: sepolicy: Initial vendor sepolicy

Change-Id: I28ae7907209b5aae9806466556dc49639dd7c9e4

sepolicy/vendor/attributes

@@ -0,0 +1,20 @@
+# HALs
+attribute hal_cameraHIDL;
+attribute hal_cameraHIDL_client;
+attribute hal_cameraHIDL_server;
+
+attribute hal_display;
+attribute hal_display_client;
+attribute hal_display_server;
+
+attribute hal_display_iris;
+attribute hal_display_iris_client;
+attribute hal_display_iris_server;
+
+attribute hal_hdcpkey;
+attribute hal_hdcpkey_client;
+attribute hal_hdcpkey_server;
+
+attribute hal_param;
+attribute hal_param_client;
+attribute hal_param_server;

sepolicy/vendor/cameraserver.te

@@ -0,0 +1 @@
+binder_call(cameraserver, hal_cameraHIDL_default)

sepolicy/vendor/dashd.te

@@ -2,3 +2,15 @@ type dashd, domain;
 type dashd_exec, exec_type, vendor_file_type, file_type;
 
 init_daemon_domain(dashd)
+
+allow dashd vendor_sysfs_battery_supply:file w_file_perms;
+allow dashd vendor_sysfs_usb_supply:file w_file_perms;
+
+allow dashd proc_cmdline:file r_file_perms;
+
+allow dashd dash_device:chr_file rw_file_perms;
+allow dashd kmsg_device:chr_file rw_file_perms;
+
+r_dir_file(dashd, vendor_sysfs_battery_supply)
+r_dir_file(dashd, vendor_sysfs_usb_supply)
+r_dir_file(dashd, sysfs_dash_charger)

sepolicy/vendor/device.te

@@ -0,0 +1,18 @@
+type backuprestore_socket, dev_type;
+type byte_cntr_device, dev_type;
+type dash_device, dev_type;
+type fingerprintd_device, dev_type;
+type fragment_monitor_device, dev_type;
+type memplus_device, dev_type;
+type oemlogkit_socket, dev_type;
+type op1_block_device, dev_type;
+type op2_block_device, dev_type;
+type param_block_device, dev_type;
+type param_device, dev_type;
+type ramboost_socket, dev_type;
+type reserve1_block_device, dev_type;
+type reserve2_block_device, dev_type;
+type therm_device, dev_type;
+type vendor_rawdump_block_device, dev_type;
+type vl53l1_device, dev_type;
+type wlchg_device, dev_type;

sepolicy/vendor/domain.te

@@ -0,0 +1 @@
+allow domain opf_file:file r_file_perms;

sepolicy/vendor/file.te

@@ -0,0 +1,23 @@
+# files
+type oem_file, file_type;
+type op1_file, file_type;
+type op2_file, file_type;
+type opf_file, file_type;
+
+# procfs
+type proc_direct_swappiness, fs_type, proc_type;
+type proc_swappiness, fs_type, proc_type;
+type proc_touchpanel, fs_type, proc_type;
+type proc_watermark_boost_factor, fs_type, proc_type;
+type procfs_oem_wireless, fs_type, proc_type;
+
+# sysfs
+type sysfs_dash_charger, fs_type, proc_type, sysfs_type;
+type sysfs_dbg, fs_type, sysfs_type;
+type sysfs_fod, fs_type, sysfs_type;
+type sysfs_fsc, fs_type, sysfs_type;
+type sysfs_fuse, fs_type, sysfs_type;
+type sysfs_memplus, fs_type, sysfs_type;
+type sysfs_project_info, fs_type, sysfs_type;
+type sysfs_tpd, fs_type, sysfs_type;
+type vendor_sysfs_video_call_on, fs_type, sysfs_type;

sepolicy/vendor/file_contexts

@@ -0,0 +1,105 @@
+# Binaries
+/(vendor|system/vendor)/bin/dashd          u:object_r:dashd_exec:s0
+/(vendor|system/vendor)/bin/opf-service    u:object_r:opf_exec:s0
+/(vendor|system/vendor)/bin/wlchgd         u:object_r:wlchgd_exec:s0
+
+# Block devices
+/dev/block/platform/soc/1d84000.ufshc/by-name/config             u:object_r:frp_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/fw_ufs1_[ab]       u:object_r:vendor_custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/fw_ufs2_[ab]       u:object_r:vendor_custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/logo_[ab]          u:object_r:vendor_custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/mdm1oemnvbktmp     u:object_r:vendor_efs_boot_dev:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/mdm_oem_dycnvbk    u:object_r:vendor_efs_boot_dev:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/mdm_oem_stanvbk    u:object_r:vendor_efs_boot_dev:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/oem_cust1_[ab]     u:object_r:vendor_custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/oem_cust2_[ab]     u:object_r:vendor_custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/oem_dycnvbk        u:object_r:vendor_modem_efs_partition_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/oem_stanvbk        u:object_r:vendor_modem_efs_partition_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/op1                u:object_r:op1_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/op2                u:object_r:op2_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/opproduct_[ab]     u:object_r:vendor_custom_ab_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/param              u:object_r:param_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/rawdump            u:object_r:vendor_rawdump_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/reserve1           u:object_r:reserve1_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/reserve2           u:object_r:reserve2_block_device:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/spunvm             u:object_r:vendor_efs_boot_dev:s0
+/dev/block/platform/soc/1d84000.ufshc/by-name/storsec_[ab]       u:object_r:vendor_custom_ab_block_device:s0
+
+# Data files
+#/data/fpc_images(/.*)?            u:object_r:fpc_images_file:s0
+#/data/vendor/oemnvitems/4678_0    u:object_r:wifi_nv_data_file:s0
+#/data/vendor/oemnvitems/4678_1    u:object_r:wifi_nv_data_file:s0
+
+# Devices
+/dev/byte-cntr            u:object_r:byte_cntr_device:s0
+/dev/cc_ctl               u:object_r:graphics_device:s0
+/dev/dash                 u:object_r:dash_device:s0
+/dev/fragment_monitor     u:object_r:fragment_monitor_device:s0
+/dev/goodix_fp            u:object_r:fingerprintd_device:s0
+/dev/ht_ctl               u:object_r:graphics_device:s0
+/dev/memplus              u:object_r:memplus_device:s0
+/dev/mmw0_thermal         u:object_r:therm_device:s0
+/dev/mmw1_thermal         u:object_r:therm_device:s0
+/dev/mmw2_thermal         u:object_r:therm_device:s0
+/dev/opfeature            u:object_r:opf_file:s0
+/dev/param                u:object_r:param_device:s0
+/dev/skin_thermal         u:object_r:therm_device:s0
+/dev/stmvl53l1_ranging    u:object_r:vl53l1_device:s0
+/dev/wlchg                u:object_r:wlchg_device:s0
+
+# HALs
+/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.oneplus_kona            u:object_r:hal_fingerprint_default_exec:s0
+/(vendor|system/vendor)/bin/hw/vendor\.lineage\.biometrics\.fingerprint\.inscreen@1\.0-service\.oneplus_kona    u:object_r:hal_lineage_fod_default_exec:s0
+/(vendor|system/vendor)/bin/hw/vendor\.lineage\.livedisplay@2\.0-service\.oneplus_kona                          u:object_r:hal_lineage_livedisplay_qti_exec:s0
+/(vendor|system/vendor)/bin/hw/vendor\.lineage\.powershare@1\.0-service\.oneplus_kona                           u:object_r:hal_lineage_powershare_default_exec:s0
+/(vendor|system/vendor)/bin/hw/vendor\.lineage\.touch@1\.0-service\.oneplus_kona                                u:object_r:hal_lineage_touch_default_exec:s0
+/(vendor|system/vendor)/bin/hw/vendor\.oneplus\.hardware\.camera@1\.0-service                                   u:object_r:hal_cameraHIDL_default_exec:s0
+/(vendor|system/vendor)/bin/hw/vendor\.oneplus\.hardware\.CameraMDMHIDL@1\.0-service                            u:object_r:hal_cameraHIDL_default_exec:s0
+/(vendor|system/vendor)/bin/hw/vendor\.oneplus\.hardware\.display@1\.0-service                                  u:object_r:hal_display_default_exec:s0
+/(vendor|system/vendor)/bin/hw/vendor\.oneplus\.hardware\.hdcpkey@1\.0-service                                  u:object_r:hal_hdcpkey_default_exec:s0
+/(vendor|system/vendor)/bin/hw/vendor\.oneplus\.hardware\.param@1\.0-service                                    u:object_r:hal_param_default_exec:s0
+/(vendor|system/vendor)/bin/hw/vendor\.pixelworks\.hardware\.display\.iris-service                              u:object_r:hal_graphics_composer_default_exec:s0
+/(vendor|system/vendor)/bin/hw/vendor\.pixelworks\.hardware\.feature\.irisfeature-service                       u:object_r:hal_graphics_composer_default_exec:s0
+
+# OP1, OP2 files
+/mnt/vendor/op1(/.*)?    u:object_r:op1_file:s0
+/mnt/vendor/op2(/.*)?    u:object_r:op2_file:s0
+
+# Persist files
+/mnt/vendor/persist                                  u:object_r:vendor_data_file:s0
+/mnt/vendor/persist/camera(/.*)?                     u:object_r:oem_file:s0
+/mnt/vendor/persist/camera_ae_sync(/.*)?             u:object_r:oem_file:s0
+/mnt/vendor/persist/dual_camera_calibration(/.*)?    u:object_r:oem_file:s0
+/mnt/vendor/persist/engineermode(/.*)?               u:object_r:oem_file:s0
+/mnt/vendor/persist/OPDiagnose(/.*)?                 u:object_r:oem_file:s0
+
+# Socket files
+/dev/socket/backuprestore    u:object_r:backuprestore_socket:s0
+/dev/socket/oemlogkit        u:object_r:oemlogkit_socket:s0
+/dev/socket/ramboost         u:object_r:ramboost_socket:s0
+
+# Sys files
+/sys/module/fsc(/.*)?      u:object_r:sysfs_fsc:s0
+/sys/module/fuse(/.*)?     u:object_r:sysfs_fuse:s0
+/sys/module/proc(/.*)?     u:object_r:sysfs_dbg:s0
+/sys/module/tpd(/.*)?      u:object_r:sysfs_tpd:s0
+/sys/project_info(/.*)?    u:object_r:sysfs_project_info:s0
+
+# Sys files (wakeup)
+/sys/devices/platform/soc/c440000\.qcom,spmi/spmi-0/spmi0-00/c440000\.qcom,spmi:qcom,pm8150@0:qcom,pm8150_rtc/rtc/rtc0/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0
+/sys/devices/platform/soc/soc:oneplus_wlchg/power_supply/wireless/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0
+/sys/devices/virtual/diag/diag/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0
+/sys/devices/virtual/misc/msm_aac/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0
+/sys/devices/virtual/misc/msm_alac/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0
+/sys/devices/virtual/misc/msm_amrnb/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0
+/sys/devices/virtual/misc/msm_amrwb/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0
+/sys/devices/virtual/misc/msm_amrwbplus/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0
+/sys/devices/virtual/misc/msm_ape/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0
+/sys/devices/virtual/misc/msm_evrc/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0
+/sys/devices/virtual/misc/msm_g711alaw/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0
+/sys/devices/virtual/misc/msm_g711mlaw/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0
+/sys/devices/virtual/misc/msm_mp3/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0
+/sys/devices/virtual/misc/msm_multi_aac/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0
+/sys/devices/virtual/misc/msm_qcelp/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0
+/sys/devices/virtual/misc/msm_wma/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0
+/sys/devices/virtual/misc/msm_wmapro/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0

sepolicy/vendor/genfs_contexts

@@ -0,0 +1,91 @@
+# procfs
+genfscon proc /dash_4300_4p45_exit                  u:object_r:sysfs_dash_charger:s0
+genfscon proc /dash_4320_4p45_exit                  u:object_r:sysfs_dash_charger:s0
+genfscon proc /dash_4510_4p45_exit                  u:object_r:sysfs_dash_charger:s0
+genfscon proc /dash_firmware_ok                     u:object_r:sysfs_dash_charger:s0
+genfscon proc /enhance_dash                         u:object_r:sysfs_dash_charger:s0
+genfscon proc /n76e_exit                            u:object_r:sysfs_dash_charger:s0
+genfscon proc /ship_mode                            u:object_r:sysfs_dash_charger:s0
+genfscon proc /skin_temp_thrd/fastchg_lcdoff_thd    u:object_r:procfs_oem_wireless:s0
+genfscon proc /skin_temp_thrd/fastchg_thd           u:object_r:procfs_oem_wireless:s0
+genfscon proc /skin_temp_thrd/norchg_lcdoff_thd     u:object_r:procfs_oem_wireless:s0
+genfscon proc /skin_temp_thrd/norchg_thd            u:object_r:procfs_oem_wireless:s0
+genfscon proc /swarp_chg_exist                      u:object_r:sysfs_dash_charger:s0
+genfscon proc /touchpanel                           u:object_r:proc_touchpanel:s0
+genfscon proc /warp_chg_exit                        u:object_r:sysfs_dash_charger:s0
+genfscon proc /wireless/charge_pump_en              u:object_r:procfs_oem_wireless:s0
+genfscon proc /wireless/current_out                 u:object_r:procfs_oem_wireless:s0
+genfscon proc /wireless/deviated                    u:object_r:procfs_oem_wireless:s0
+genfscon proc /wireless/enable_rx                   u:object_r:procfs_oem_wireless:s0
+genfscon proc /wireless/enable_tx                   u:object_r:procfs_oem_wireless:s0
+genfscon proc /wireless/epp_or_bpp                  u:object_r:procfs_oem_wireless:s0
+genfscon proc /wireless/fast_skin_threld            u:object_r:procfs_oem_wireless:s0
+genfscon proc /wireless/ftm_mode                    u:object_r:procfs_oem_wireless:s0
+genfscon proc /wireless/ftm_test                    u:object_r:procfs_oem_wireless:s0
+genfscon proc /wireless/quiet_mode                  u:object_r:procfs_oem_wireless:s0
+genfscon proc /wireless/rx_voltage                  u:object_r:procfs_oem_wireless:s0
+
+# sysfs
+genfscon sysfs /devices/platform/soc/a8c000.i2c/i2c-3/3-005a/leds/vibrator                                             u:object_r:sysfs_leds:s0
+genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/DCI_P3                                u:object_r:sysfs_livedisplay_tuneable:s0
+genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/dim_alpha                             u:object_r:sysfs_fod:s0
+genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/hbm                                   u:object_r:sysfs_livedisplay_tuneable:s0
+genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/native_display_loading_effect_mode    u:object_r:sysfs_livedisplay_tuneable:s0
+genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/native_display_p3_mode                u:object_r:sysfs_livedisplay_tuneable:s0
+genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/native_display_srgb_color_mode        u:object_r:sysfs_livedisplay_tuneable:s0
+genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/native_display_wide_color_mode        u:object_r:sysfs_livedisplay_tuneable:s0
+genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/night_mode                            u:object_r:sysfs_livedisplay_tuneable:s0
+genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/notify_dim                            u:object_r:sysfs_fod:s0
+genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/notify_fppress                        u:object_r:sysfs_fod:s0
+genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/op_friginer_print_hbm                 u:object_r:sysfs_fod:s0
+genfscon sysfs /devices/platform/soc/soc:oneplus_wlchg/power_supply/wireless                                           u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /module/memplus_core/parameters                                                                         u:object_r:sysfs_memplus:s0
+genfscon sysfs /module/qpnp_smb5/parameters/call_on                                                                    u:object_r:sysfs_dash_charger:s0
+genfscon sysfs /module/qpnp_smb5/parameters/video_call_on                                                              u:object_r:vendor_sysfs_video_call_on:s0
+
+# sysfs (wakeup)
+genfscon sysfs /devices/0306_02.01.00/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/17300000.qcom,lpass/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/188101c.qcom,spss/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/1c00000.qcom,pcie/pci0000:00/0000:00:00.0/0000:01:00.0/1101_00.01.00/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/1c00000.qcom,pcie/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/1c10000.qcom,pcie/pci0002:00/0002:00:00.0/0002:01:00.0/0306_02.01.00_EFS/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/1c10000.qcom,pcie/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/1e00000.qcom,ipa/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/5c00000.qcom,ssc/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/8300000.qcom,turing/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/888000.i2c/i2c-8/8-0026/wakeup/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/888000.i2c/i2c-8/8-0055/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/888000.i2c/i2c-8/8-0055/wakeup/wakeup44 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/88e0000.qcom,msm-eud/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/9800000.qcom,npu/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/984000.i2c/i2c-5/5-0018/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/984000.i2c/i2c-5/5-0019/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/984000.i2c/i2c-5/5-0028/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/994000.i2c/i2c-7/7-003b/994000.i2c:op,wlchg_rx@3b:idt,p9415/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/994000.i2c/i2c-7/7-0066/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/998000.qcom,qup_uart/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/a8c000.i2c/i2c-3/3-005a/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/a94000.i2c/i2c-4/4-0048/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/aab0000.qcom,venus/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/abb0000.qcom,cvpss/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/b0000000.qcom,cnss-qca6390/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm8150@0:qcom,pm8150_rtc/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm8150@0:qcom,power-on@800/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8150b@2:qpnp,fg/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-04/c440000.qcom,spmi:qcom,pm8150l@4:qcom,power-on@800/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-08/c440000.qcom,spmi:qcom,pmxprairie@8:qcom,power-on@800/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:goodix_fp/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:gpio_keys/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:oem_rf_cable/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:oneplus_wlchg/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,ipa_fws/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,ipa_uc/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,kgsl-hyp/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,msm-audio-apr/soc:qcom,msm-audio-apr:qcom,q6core-audio/soc:qcom,msm-audio-apr:qcom,q6core-audio:bolero-cdc/rx-macro/rx_swr_ctrl/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,msm-audio-apr/soc:qcom,msm-audio-apr:qcom,q6core-audio/soc:qcom,msm-audio-apr:qcom,q6core-audio:bolero-cdc/tx-macro/tx_swr_ctrl/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,smp2p-adsp/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,smp2p-cdsp/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,smp2p-dsps/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,smp2p-npu/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,smp2p_sleepstate/wakeup u:object_r:sysfs_wakeup:s0

sepolicy/vendor/hal_bluetooth_default.te

@@ -0,0 +1,3 @@
+allow hal_bluetooth_default vendor_data_file:file r_file_perms;
+
+allow hal_bluetooth_default vendor_diag_device:chr_file rw_file_perms;

sepolicy/vendor/hal_cameraHIDL.te

@@ -0,0 +1,4 @@
+binder_call(hal_cameraHIDL_client, hal_cameraHIDL_server)
+binder_call(hal_cameraHIDL_server, hal_cameraHIDL_client)
+
+hal_attribute_hwservice(hal_cameraHIDL, hal_cameraHIDL_hwservice)

sepolicy/vendor/hal_cameraHIDL_default.te

@@ -0,0 +1,22 @@
+type hal_cameraHIDL_default, domain;
+hal_server_domain(hal_cameraHIDL_default, hal_cameraHIDL)
+
+type hal_cameraHIDL_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_cameraHIDL_default)
+
+add_hwservice(hal_cameraHIDL_default, hal_cameraHIDL_hwservice)
+
+hwbinder_use(hal_cameraHIDL_default)
+
+binder_call(hal_cameraHIDL_default, vendor_hal_perf_default)
+
+allow hal_cameraHIDL_default vendor_hal_perf_hwservice:hwservice_manager find;
+
+allow hal_cameraHIDL_default ion_device:chr_file r_file_perms;
+allow hal_cameraHIDL_default tee_device:chr_file rw_file_perms;
+
+allow hal_cameraHIDL_default vendor_camera_data_file:dir create_dir_perms;
+
+r_dir_file(hal_cameraHIDL_default, firmware_file)
+
+get_prop(hal_cameraHIDL_default, hwservicemanager_prop)

sepolicy/vendor/hal_camera_default.te

@@ -0,0 +1,22 @@
+hal_client_domain(hal_camera_default, hal_cameraHIDL)
+
+allow hal_camera_default mnt_vendor_file:dir w_dir_perms;
+allow hal_camera_default mnt_vendor_file:file create_file_perms;
+
+allow hal_camera_default oem_file:dir w_dir_perms;
+allow hal_camera_default oem_file:file create_file_perms;
+
+allow hal_camera_default vendor_persist_file:dir w_dir_perms;
+allow hal_camera_default vendor_persist_file:file create_file_perms;
+
+allow hal_camera_default input_device:dir r_dir_perms;
+allow hal_camera_default input_device:chr_file r_file_perms;
+
+allow hal_camera_default vl53l1_device:chr_file rw_file_perms;
+
+allow hal_camera_default proc_meminfo:file r_file_perms;
+allow hal_camera_default vendor_sysfs_video_call_on:file rw_file_perms;
+
+get_prop(hal_camera_default, ctl_default_prop)
+get_prop(hal_camera_default, vendor_db_security_prop)
+get_prop(hal_camera_default, vendor_mmi_prop)

sepolicy/vendor/hal_display.te

@@ -0,0 +1,4 @@
+binder_call(hal_display_client, hal_display_server)
+binder_call(hal_display_server, hal_display_client)
+
+hal_attribute_hwservice(hal_display, hal_display_hwservice)

sepolicy/vendor/hal_display_default.te

@@ -0,0 +1,18 @@
+type hal_display_default, domain;
+hal_server_domain(hal_display_default, hal_display)
+
+type hal_display_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_display_default)
+
+add_hwservice(hal_display_default, hal_display_hwservice)
+
+hwbinder_use(hal_display_default)
+
+binder_call(hal_display_default, vendor_hal_display_color)
+
+allow hal_display_default vendor_hal_display_postproc_hwservice:hwservice_manager find;
+
+allow hal_display_default sysfs:file rw_file_perms;
+allow hal_display_default sysfs_fod:file rw_file_perms;
+
+get_prop(hal_display_default, hwservicemanager_prop)

sepolicy/vendor/hal_display_iris.te

@@ -0,0 +1,4 @@
+binder_call(hal_display_iris_client, hal_display_iris_server)
+binder_call(hal_display_iris_server, hal_display_iris_client)
+
+hal_attribute_hwservice(hal_display_iris, hal_display_iris_hwservice)

sepolicy/vendor/hal_fingerprint_device.te

@@ -0,0 +1,19 @@
+allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl;
+
+binder_call(hal_fingerprint_default, hal_perf_default)
+
+allow hal_fingerprint_default vendor_hal_perf_hwservice:hwservice_manager find;
+
+allow hal_fingerprint_default fingerprintd_device:chr_file rw_file_perms;
+allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
+allow hal_fingerprint_default vendor_qdsp_device:chr_file rw_file_perms;
+allow hal_fingerprint_default vendor_xdsp_device:chr_file rw_file_perms;
+
+allow hal_fingerprint_default proc_touchpanel:dir search;
+allow hal_fingerprint_default proc_touchpanel:file rw_file_perms;
+
+allow hal_fingerprint_default sysfs_fod:file rw_file_perms;
+
+get_prop(hal_fingerprint_default, vendor_adsprpc_prop)
+get_prop(hal_fingerprint_default, vendor_default_prop)
+set_prop(hal_fingerprint_default, vendor_fingerprint_prop)

sepolicy/vendor/hal_graphics_composer_default.te

@@ -0,0 +1,10 @@
+hal_client_domain(hal_graphics_composer_default, hal_display_iris)
+hal_server_domain(hal_graphics_composer_default, hal_display_iris)
+
+add_hwservice(hal_graphics_composer_default, hal_display_iris_hwservice)
+
+allow hal_graphics_composer_default vendor_persist_file:file rw_file_perms;
+
+allow hal_graphics_composer_default sysfs_devices_system_cpu:file rw_file_perms;
+
+allow hal_graphics_composer_default vendor_diag_device:chr_file rw_file_perms;

sepolicy/vendor/hal_hdcpkey.te

@@ -0,0 +1,4 @@
+binder_call(hal_hdcpkey_client, hal_hdcpkey_server)
+binder_call(hal_hdcpkey_server, hal_hdcpkey_client)
+
+hal_attribute_hwservice(hal_hdcpkey, hal_hdcpkey_hwservice)

sepolicy/vendor/hal_hdcpkey_default.te

@@ -0,0 +1,7 @@
+type hal_hdcpkey_default, domain;
+hal_server_domain(hal_hdcpkey_default, hal_hdcpkey)
+
+type hal_hdcpkey_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_hdcpkey_default)
+
+allow hal_hdcpkey_default param_block_device:blk_file rw_file_perms;

sepolicy/vendor/hal_lineage_fod_default.te

@@ -0,0 +1,10 @@
+hal_client_domain(hal_lineage_fod_default, hal_display)
+hal_client_domain(hal_lineage_fod_default, hal_fingerprint)
+
+#binder_call(hal_lineage_fod_default, hal_display_default)
+#binder_call(hal_lineage_fod_default, hal_fingerprint)
+
+#allow hal_lineage_fod_default hal_display_hwservice:hwservice_manager find;
+#allow hal_lineage_fod_default hal_fingerprint_hwservice:hwservice_manager find;
+
+allow hal_lineage_fod_default sysfs_fod:file rw_file_perms;

sepolicy/vendor/hal_lineage_livedisplay_qti.te

@@ -0,0 +1,8 @@
+allow hal_lineage_livedisplay_qti vendor_display_vendor_data_file:dir rw_dir_perms;
+allow hal_lineage_livedisplay_qti vendor_display_vendor_data_file:file create_file_perms;
+
+allow hal_lineage_livedisplay_qti sysfs_graphics:dir r_dir_perms;
+allow hal_lineage_livedisplay_qti sysfs_fod:file rw_file_perms;
+allow hal_lineage_livedisplay_qti sysfs_livedisplay_tuneable:file rw_file_perms;
+
+set_prop(hal_lineage_livedisplay_qti, vendor_display_prop)

sepolicy/vendor/hal_lineage_powershare_default.te

@@ -0,0 +1,2 @@
+allow hal_lineage_powershare_default procfs_oem_wireless:dir search;
+allow hal_lineage_powershare_default procfs_oem_wireless:file rw_file_perms;

sepolicy/vendor/hal_lineage_touch_default.te

@@ -0,0 +1,2 @@
+allow hal_lineage_touch_default proc_touchpanel:dir search;
+allow hal_lineage_touch_default proc_touchpanel:file rw_file_perms;

sepolicy/vendor/hal_nfc_default.te

@@ -0,0 +1,2 @@
+allow hal_nfc_default vendor_nfc_vendor_data_file:dir create_dir_perms;
+allow hal_nfc_default vendor_nfc_vendor_data_file:file create_file_perms;

sepolicy/vendor/hal_param.te

@@ -0,0 +1,4 @@
+binder_call(hal_param_client, hal_param_server)
+binder_call(hal_param_server, hal_param_client)
+
+hal_attribute_hwservice(hal_param, hal_param_hwservice)

sepolicy/vendor/hal_param_default.te

@@ -0,0 +1,18 @@
+type hal_param_default, domain;
+hal_server_domain(hal_param_default, hal_param)
+
+type hal_param_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_param_default)
+
+allow hal_param_default self:qipcrtr_socket create_socket_perms_no_ioctl;
+
+allow hal_param_default block_device:dir search;
+
+allow hal_param_default param_block_device:blk_file rw_file_perms;
+
+allow hal_param_default param_device:chr_file rw_file_perms;
+
+r_dir_file(hal_param_default, sysfs_project_info)
+
+get_prop(hal_param_default, exported_default_prop)
+get_prop(hal_param_default, exported2_default_prop)

sepolicy/vendor/hal_power_default.te

@@ -0,0 +1,2 @@
+allow hal_power_default proc_touchpanel:dir search;
+allow hal_power_default proc_touchpanel:file rw_file_perms;

sepolicy/vendor/hwservice.te

@@ -0,0 +1,5 @@
+type hal_cameraHIDL_hwservice, hwservice_manager_type;
+type hal_display_hwservice, hwservice_manager_type;
+type hal_display_iris_hwservice, hwservice_manager_type;
+type hal_hdcpkey_hwservice, hwservice_manager_type;
+type hal_param_hwservice, hwservice_manager_type;

sepolicy/vendor/hwservice_contexts

@@ -0,0 +1,10 @@
+vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemon    u:object_r:hal_fingerprint_hwservice:s0
+vendor.oneplus.camera.CameraHIDL::IOnePlusCameraProvider                   u:object_r:hal_cameraHIDL_hwservice:s0
+vendor.oneplus.fingerprint.extension::IVendorFingerprintExtensions         u:object_r:hal_fingerprint_hwservice:s0
+vendor.oneplus.hardware.camera::IOnePlusCameraProvider                     u:object_r:hal_cameraHIDL_hwservice:s0
+vendor.oneplus.hardware.CameraMDMHIDL::IOnePlusCameraMDM                   u:object_r:hal_cameraHIDL_hwservice:s0
+vendor.oneplus.hardware.display::IOneplusDisplay                           u:object_r:hal_display_hwservice:s0
+vendor.oneplus.hardware.hdcpkey::IOneplusHdcpKey                           u:object_r:hal_hdcpkey_hwservice:s0
+vendor.oneplus.hardware.param::IOneplusParam                               u:object_r:hal_param_hwservice:s0
+vendor.pixelworks.hardware.display::IIris                                  u:object_r:hal_display_iris_hwservice:s0
+vendor.pixelworks.hardware.feature::IIrisFeature                           u:object_r:hal_display_iris_hwservice:s0

sepolicy/vendor/init.te

@@ -0,0 +1 @@
+allow hal_hdcpkey_default param_block_device:blk_file rw_file_perms;

sepolicy/vendor/kernel.te

@@ -0,0 +1,2 @@
+allow kernel param_block_device:dir search;
+allow kernel param_block_device:blk_file rw_file_perms;

sepolicy/vendor/opf.te

@@ -0,0 +1,11 @@
+type opf, domain;
+type opf_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(opf)
+
+type_transition opf device:file opf_file;
+
+allow opf device:dir create_dir_perms;
+allow opf device:file create_file_perms;
+
+allow opf opf_file:file create_file_perms;

sepolicy/vendor/property.te

@@ -0,0 +1,11 @@
+type vendor_cwb_prop, property_type;
+type vendor_db_security_prop, property_type;
+type vendor_fingerprint_prop, property_type;
+type vendor_gps_prop, property_type;
+type vendor_memplus_prop, property_type;
+type vendor_nfc_prop, property_type;
+type vendor_oem_bluetooth_prop, property_type;
+type vendor_oem_wifi_prop, property_type;
+type vendor_rild_prop, property_type;
+type vendor_set_wlan_prop, property_type;
+type vendor_shell_prop, property_type;

sepolicy/vendor/property_contexts

@@ -0,0 +1,51 @@
+persist.vendor.bluetooth.a2dp.            u:object_r:vendor_bluetooth_prop:s0
+persist.vendor.bluetooth.bt.uart.log      u:object_r:vendor_oem_bluetooth_prop:s0
+persist.vendor.cwb.debug                  u:object_r:vendor_cwb_prop:s0
+persist.vendor.cwb.dump                   u:object_r:vendor_cwb_prop:s0
+persist.vendor.ese.                       u:object_r:vendor_nfc_prop:s0
+persist.vendor.nfc.                       u:object_r:vendor_nfc_prop:s0
+persist.vendor.oem.bt.debug               u:object_r:vendor_oem_bluetooth_prop:s0
+persist.vendor.oem.btenhanced.debug       u:object_r:vendor_oem_bluetooth_prop:s0
+persist.vendor.oem.btsnoop.debug          u:object_r:vendor_oem_bluetooth_prop:s0
+persist.vendor.oem.fp.version             u:object_r:vendor_fingerprint_prop:s0
+persist.vendor.oem.gps.debug              u:object_r:vendor_gps_prop:s0
+persist.vendor.oem.wifi.chain             u:object_r:vendor_oem_wifi_prop:s0
+persist.vendor.oem.wifi.cnssdiag          u:object_r:vendor_oem_wifi_prop:s0
+persist.vendor.oem.wifi.copytosd          u:object_r:vendor_oem_wifi_prop:s0
+persist.vendor.oem.wifi.debug             u:object_r:vendor_oem_wifi_prop:s0
+persist.vendor.oem.wifi.logpath           u:object_r:vendor_oem_wifi_prop:s0
+persist.vendor.oem.wifi.txenable          u:object_r:vendor_oem_wifi_prop:s0
+persist.vendor.oneplus.bt                 u:object_r:vendor_oem_bluetooth_prop:s0
+persist.vendor.oneplus.bttestmode         u:object_r:vendor_oem_bluetooth_prop:s0
+persist.vendor.sdx50m.online              u:object_r:vendor_usb_prop:s0
+persist.vendor.service.bdroid.snooplog    u:object_r:vendor_bluetooth_prop:s0
+persist.vendor.service.bdroid.soclog      u:object_r:vendor_bluetooth_prop:s0
+persist.vendor.tcpdump.copy               u:object_r:vendor_oem_wifi_prop:s0
+persist.vendor.tcpdump.dir                u:object_r:vendor_oem_wifi_prop:s0
+persist.vendor.tcpdump.location           u:object_r:vendor_oem_wifi_prop:s0
+persist.vendor.tcpdump.mdpermission       u:object_r:vendor_oem_wifi_prop:s0
+ro.vendor.build.display.full_id           u:object_r:vendor_rild_prop:s0
+ro.vendor.product.device.db               u:object_r:vendor_db_security_prop:s0
+ro.vendor.product.manufacturer.db         u:object_r:vendor_db_security_prop:s0
+vendor.calibration.fingerprint            u:object_r:vendor_fingerprint_prop:s0
+vendor.copy.opdiagnose.data               u:object_r:vendor_shell_prop:s0
+vendor.nfc.                               u:object_r:vendor_nfc_prop:s0
+vendor.oem.rbr.log.clean                  u:object_r:vendor_default_prop:s0
+vendor.oem.wifi.socket.quit               u:object_r:vendor_set_wlan_prop:s0
+vendor.service.wifi.socket.enable         u:object_r:vendor_oem_wifi_prop:s0
+vendor.service.wifi.socket.mdm.enable     u:object_r:vendor_oem_wifi_prop:s0
+vendor.sys.memplus.postboot               u:object_r:vendor_memplus_prop:s0
+vendor.wlan.driver.status                 u:object_r:vendor_set_wlan_prop:s0
+vendor.wlan.ftm.daemon                    u:object_r:vendor_set_wlan_prop:s0
+vendor.wlan.ftm.up                        u:object_r:vendor_set_wlan_prop:s0
+vendor.wlan.hotspot.forceChannel          u:object_r:vendor_oem_wifi_prop:s0
+vendor.wlan.sniffer.bandwidth             u:object_r:vendor_oem_wifi_prop:s0
+vendor.wlan.sniffer.channel               u:object_r:vendor_oem_wifi_prop:s0
+vendor.wlan.sniffer.dump                  u:object_r:vendor_oem_wifi_prop:s0
+vendor.wlan.sniffer.enabled               u:object_r:vendor_oem_wifi_prop:s0
+vendor.wlan.sniffer.file                  u:object_r:vendor_oem_wifi_prop:s0
+vendor.wlan.sniffer.iface                 u:object_r:vendor_oem_wifi_prop:s0
+vendor.wlan.sniffer.output_dir            u:object_r:vendor_oem_wifi_prop:s0
+vendor.wlan.sniffer.status                u:object_r:vendor_oem_wifi_prop:s0
+vendor.wlan.sniffer.vendor_dir            u:object_r:vendor_oem_wifi_prop:s0
+vendor.wlan.write.con_mode                u:object_r:vendor_set_wlan_prop:s0

sepolicy/vendor/rild.te

@@ -0,0 +1,15 @@
+hal_client_domain(rild, hal_param)
+
+allow rild vendor_data_file:dir rw_dir_perms;
+allow rild vendor_data_file:file create_file_perms;
+
+allow rild block_device:dir search;
+
+allow rild param_block_device:blk_file rw_file_perms;
+
+allow rild vendor_diag_device:chr_file rw_file_perms;
+
+allow rild proc:file w_file_perms;
+allow rild proc_net:file w_file_perms;
+
+set_prop(rild, vendor_rild_prop)

sepolicy/vendor/vendor_init-qcom-sensors-sh.te

@@ -0,0 +1,2 @@
+allow vendor_init-qcom-sensors-sh vendor_persist_sensors_file:dir setattr;
+allow vendor_init-qcom-sensors-sh vendor_persist_sensors_file:file setattr;

sepolicy/vendor/vendor_init.te

@@ -0,0 +1,14 @@
+allow vendor_init tmpfs:chr_file { read open };
+allow vendor_init tmpfs:dir { create_dir_perms mounton };
+
+allow vendor_init op2_file:file create_file_perms;
+
+allow vendor_init proc_direct_swappiness:file w_file_perms;
+allow vendor_init proc_hung_task:file w_file_perms;
+allow vendor_init proc_swappiness:file w_file_perms;
+allow vendor_init proc_watermark_boost_factor:file rw_file_perms;
+
+get_prop(vendor_init, vendor_db_security_prop)
+set_prop(vendor_init, vendor_oem_bluetooth_prop)
+set_prop(vendor_init, vendor_oem_wifi_prop)
+set_prop(vendor_init, vendor_persist_camera_prop)

sepolicy/vendor/vendor_mdm_helper.te

@@ -0,0 +1 @@
+r_dir_file(vendor_mdm_helper, sysfs_project_info)

sepolicy/vendor/vendor_qti_init_shell.te

@@ -0,0 +1,26 @@
+allow vendor_qti_init_shell proc_modules:file r_file_perms;
+
+allow vendor_qti_init_shell sysfs:file write;
+
+allow vendor_qti_init_shell sysfs_fsc:dir r_dir_perms;
+allow vendor_qti_init_shell sysfs_fsc:file rw_file_perms;
+
+allow vendor_qti_init_shell sysfs_memplus:file rw_file_perms;
+
+allow vendor_qti_init_shell vendor_data_file:dir create_dir_perms;
+allow vendor_qti_init_shell vendor_data_file:file create_file_perms;
+
+allow vendor_qti_init_shell vendor_debugfs_wlan:dir r_dir_perms;
+
+allow vendor_qti_init_shell vendor_file:file execute_no_trans;
+allow vendor_qti_init_shell vendor_file:system module_load;
+
+allow vendor_qti_init_shell vendor_sysfs_scsi_host:dir r_dir_perms;
+allow vendor_qti_init_shell vendor_sysfs_scsi_host:file rw_file_perms;
+
+allow vendor_qti_init_shell vendor_wcnss_service_exec:file execute_no_trans;
+
+get_prop(vendor_qti_init_shell, exported_system_prop)
+set_prop(vendor_qti_init_shell, ctl_default_prop)
+set_prop(vendor_qti_init_shell, vendor_memplus_prop)
+set_prop(vendor_qti_init_shell, vendor_set_wlan_prop)

sepolicy/vendor/wlchgd.te

@@ -2,3 +2,6 @@ type wlchgd, domain;
 type wlchgd_exec, exec_type, vendor_file_type, file_type;
 
 init_daemon_domain(wlchgd)
+
+allow wlchgd kmsg_device:chr_file rw_file_perms;
+allow wlchgd wlchg_device:chr_file rw_file_perms;