Snap for 6948038 from d8d2b19584c3bfedac0e163e4d3048146380bbb9 to rvc-platform-releaseandroid-platform-11.0.0_r4android-platform-11.0.0_r3android11-platform-release

Change-Id: I5b8a8ef872d53cf3e21817a4bf0a8a2b5cca413a

18 files changed, 49 insertions, 17 deletions

diff --git a/vendor/google/fastbootd.te b/vendor/google/fastbootd.te
index 996a114..9b54250 100644
--- a/vendor/google/fastbootd.te
+++ b/vendor/google/fastbootd.te
@@ -6,4 +6,5 @@ recovery_only(`
   allow fastbootd modem_block_device:blk_file getattr;
   allow fastbootd sysfs_scsi_devices_0000:dir r_dir_perms;
   allow fastbootd sg_device:chr_file rw_file_perms;
+  allow fastbootd citadel_device:chr_file rw_file_perms;
 ')
diff --git a/vendor/google/file.te b/vendor/google/file.te
index fd2bd46..9b0f504 100644
--- a/vendor/google/file.te
+++ b/vendor/google/file.te
@@ -35,6 +35,7 @@ type hal_rebootescrow_citadel_data_file, file_type, data_file_type;
 type sysfs_knowles_info, fs_type, sysfs_type;
 type sysfs_fingerprint, sysfs_type, fs_type;
 type per_boot_file, file_type, data_file_type, core_data_file_type;
+type proc_sched_lib_mask_cpuinfo, proc_type, fs_type;
 
 # Dumpstates bootloader logs
 type proc_bldrlog, fs_type, proc_type;
diff --git a/vendor/google/genfs_contexts b/vendor/google/genfs_contexts
index a1866b7..85caf53 100644
--- a/vendor/google/genfs_contexts
+++ b/vendor/google/genfs_contexts
@@ -40,6 +40,8 @@ genfscon proc /sys/kernel/sched_upmigrate
 genfscon proc /sys/kernel/sched_downmigrate                                     u:object_r:proc_sched_updown_migrate:s0
 genfscon proc /sys/kernel/sched_upmigrate_boosted                               u:object_r:proc_sched_updown_migrate:s0
 genfscon proc /sys/kernel/sched_downmigrate_boosted                             u:object_r:proc_sched_updown_migrate:s0
+genfscon proc /sys/kernel/sched_lib_name                                        u:object_r:proc_sched_lib_mask_cpuinfo:s0
+genfscon proc /sys/kernel/sched_lib_mask_force                                  u:object_r:proc_sched_lib_mask_cpuinfo:s0
 
 # PowerStatsHal
 genfscon sysfs /power/system_sleep/stats           u:object_r:sysfs_power_stats:s0
diff --git a/vendor/google/grilservice_app.te b/vendor/google/grilservice_app.te
index ef2430f..1d1ff57 100644
--- a/vendor/google/grilservice_app.te
+++ b/vendor/google/grilservice_app.te
@@ -4,6 +4,6 @@ app_domain(grilservice_app)
 
 allow grilservice_app hal_radioext_hwservice:hwservice_manager find;
 allow grilservice_app hal_wifi_ext_hwservice:hwservice_manager find;
-allow grilservice_app activity_service:service_manager find;
+allow grilservice_app app_api_service:service_manager find;
 binder_call(grilservice_app, hal_radioext_default)
 binder_call(grilservice_app, hal_wifi_ext)
diff --git a/vendor/google/hal_dumpstate_impl.te b/vendor/google/hal_dumpstate_impl.te
index a3cdab7..6455e36 100644
--- a/vendor/google/hal_dumpstate_impl.te
+++ b/vendor/google/hal_dumpstate_impl.te
@@ -65,6 +65,9 @@ userdebug_or_eng(`
   allow hal_dumpstate_impl debugfs_ipa:file r_file_perms;
 ')
 
+#Dumpstats fastrpc buffer
+allow hal_dumpstate_impl sysfs_fastrpc:file r_file_perms;
+
 # dump Battery/Charger/Guage
 allow hal_dumpstate_impl debugfs_batteryinfo:dir r_dir_perms;
 allow hal_dumpstate_impl debugfs_batteryinfo:file r_file_perms;
diff --git a/vendor/google/hal_power_stats_default.te b/vendor/google/hal_power_stats_default.te
index b5cc289..059b6d0 100644
--- a/vendor/google/hal_power_stats_default.te
+++ b/vendor/google/hal_power_stats_default.te
@@ -3,6 +3,7 @@ get_prop(hal_power_stats_default, exported_wifi_prop) # Needed to detect wifi on
 r_dir_file(hal_power_stats_default, sysfs_iio_devices) # Needed to traverse odpm files
 r_dir_file(hal_power_stats_default, sysfs_power_stats) # Needed to traverse platform low power stats
 r_dir_file(hal_power_stats_default, sysfs_msm_subsys) # Needed to traverse subsystem low power stats
+r_dir_file(hal_power_stats_default, sysfs_leds) # Needed to track display stats
 
 # The following folders are incidentally accessed by hal_power_stats_default and are not needed.
 dontaudit hal_power_stats_default sysfs_power_stats_ignore:dir r_dir_perms;
diff --git a/vendor/google/hal_sensors_default.te b/vendor/google/hal_sensors_default.te
index bb194bb..57dd450 100644
--- a/vendor/google/hal_sensors_default.te
+++ b/vendor/google/hal_sensors_default.te
@@ -15,3 +15,7 @@ allow hal_sensors_default sysfs_leds:file r_file_perms;
 # For Suez metrics collection
 allow hal_sensors_default fwk_stats_hwservice:hwservice_manager find;
 binder_call(hal_sensors_default, system_server);
+
+# Allow Suez nanoapp clients to connect to CHRE.
+allow hal_sensors_default chre_socket:sock_file write;
+allow hal_sensors_default chre:unix_stream_socket connectto;
diff --git a/vendor/google/hal_wifi_ext.te b/vendor/google/hal_wifi_ext.te
index 1be706b..55ea19e 100644
--- a/vendor/google/hal_wifi_ext.te
+++ b/vendor/google/hal_wifi_ext.te
@@ -27,7 +27,7 @@ r_dir_file(hal_wifi_ext, proc_wifi_dbg)
 # Allow wifi_ext to report callbacks to gril-service app
 binder_call(hal_wifi_ext, grilservice_app)
 
-allow hal_wifi_ext wlan_device:chr_file w_file_perms;
+allow hal_wifi_ext wlan_device:chr_file rw_file_perms;
 
 userdebug_or_eng(`
 # debugfs entries are only needed in user-debug or eng builds
diff --git a/vendor/google/hbmsvmanager_app.te b/vendor/google/hbmsvmanager_app.te
index 25c06c0..a14930a 100644
--- a/vendor/google/hbmsvmanager_app.te
+++ b/vendor/google/hbmsvmanager_app.te
@@ -1,7 +1,9 @@
-type hbmsvmanager_app, domain;
+type hbmsvmanager_app, domain, coredomain;
 
 app_domain(hbmsvmanager_app);
 hal_client_domain(hbmsvmanager_app, hal_light)
 
 # Standard system services
 allow hbmsvmanager_app app_api_service:service_manager find;
+
+allow hbmsvmanager_app hal_pixel_display_service:service_manager find;
diff --git a/vendor/google/modem_svc.te b/vendor/google/modem_svc.te
index 50f80b6..5e013c2 100644
--- a/vendor/google/modem_svc.te
+++ b/vendor/google/modem_svc.te
@@ -12,11 +12,9 @@ get_prop(modem_svc, exported3_radio_prop)
 get_prop(modem_svc, vendor_build_type_prop)
 
 # For bugreport collection
-userdebug_or_eng(`
-  allow modem_svc hal_dumpstate_impl:fd use;
-  allow modem_svc dumpstate:fd use;
-  allow modem_svc shell_data_file:file write;
-')
+allow modem_svc hal_dumpstate_impl:fd use;
+allow modem_svc dumpstate:fd use;
+allow modem_svc shell_data_file:file write;
 
 dontaudit modem_svc sysfs_msm_subsys:dir r_dir_perms;
 dontaudit modem_svc sysfs_esoc:dir r_dir_perms;
diff --git a/vendor/google/pixelstats_vendor.te b/vendor/google/pixelstats_vendor.te
index 9ddc742..b490abb 100644
--- a/vendor/google/pixelstats_vendor.te
+++ b/vendor/google/pixelstats_vendor.te
@@ -16,6 +16,8 @@ binder_call(pixelstats_vendor, stats_service_server)
 
 allow pixelstats_vendor sysfs_scsi_devices_0000:file rw_file_perms;
 r_dir_file(pixelstats_vendor, sysfs_batteryinfo)
+allow pixelstats_vendor sysfs_batteryinfo:file rw_file_perms;
+
 # UeventListener
 allow pixelstats_vendor self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
 r_dir_file(pixelstats_vendor, sysfs_pixelstats)
diff --git a/vendor/google/powerstatsservice.te b/vendor/google/powerstatsservice.te
new file mode 100644
index 0000000..af8e78b
--- /dev/null
+++ b/vendor/google/powerstatsservice.te
@@ -0,0 +1,10 @@
+# PowerStatsService app
+type powerstatsservice_app, domain, coredomain;
+
+userdebug_or_eng(`
+  app_domain(powerstatsservice_app)
+  binder_call(powerstatsservice_app, incidentd)
+  allow powerstatsservice_app activity_service:service_manager find;
+  allow powerstatsservice_app incident_service:service_manager find;
+  hal_client_domain(powerstatsservice_app, hal_power_stats);
+')
diff --git a/vendor/google/seapp_contexts b/vendor/google/seapp_contexts
index 1cc64e0..09d0ef0 100644
--- a/vendor/google/seapp_contexts
+++ b/vendor/google/seapp_contexts
@@ -17,6 +17,9 @@ user=_app seinfo=platform name=com.google.googlecbrs domain=cbrs_setup_app type=
 # Domain for Touch app
 user=_app seinfo=platform name=com.google.touch.touchinspector domain=google_touch_app type=app_data_file levelFrom=user
 
+# Domain for power stats service
+user=_app isPrivApp=true seinfo=platform name=com.android.powerstatsservice domain=powerstatsservice_app type=app_data_file levelFrom=all
+
 # Domain for Display
 user=_app seinfo=platform name=com.android.hbmsvmanager domain=hbmsvmanager_app type=app_data_file levelFrom=all
 
diff --git a/vendor/google/service.te b/vendor/google/service.te
new file mode 100644
index 0000000..9c935e9
--- /dev/null
+++ b/vendor/google/service.te
@@ -0,0 +1 @@
+type hal_pixel_display_service, service_manager_type, vendor_service;
diff --git a/vendor/google/service_contexts b/vendor/google/service_contexts
new file mode 100644
index 0000000..d7a1e46
--- /dev/null
+++ b/vendor/google/service_contexts
@@ -0,0 +1 @@
+com.google.hardware.pixel.display.IDisplay/default                            u:object_r:hal_pixel_display_service:s0
diff --git a/vendor/google/uv_exposure_reporter.te b/vendor/google/uv_exposure_reporter.te
index 1d9ae56..af7e0d6 100644
--- a/vendor/google/uv_exposure_reporter.te
+++ b/vendor/google/uv_exposure_reporter.te
@@ -1,13 +1,10 @@
 type uv_exposure_reporter, domain;
 
-userdebug_or_eng(`
-  app_domain(uv_exposure_reporter)
+app_domain(uv_exposure_reporter)
 
-  allow uv_exposure_reporter app_api_service:service_manager find;
-  allow uv_exposure_reporter fwk_stats_hwservice:hwservice_manager find;
-  allow uv_exposure_reporter sysfs_msm_subsys:dir search;
-  allow uv_exposure_reporter sysfs_msm_subsys:file r_file_perms;
-  binder_call(uv_exposure_reporter, gpuservice);
-  binder_call(uv_exposure_reporter, stats_service_server);
-')
+allow uv_exposure_reporter app_api_service:service_manager find;
+allow uv_exposure_reporter fwk_stats_hwservice:hwservice_manager find;
+allow uv_exposure_reporter sysfs_msm_subsys:dir search;
+allow uv_exposure_reporter sysfs_msm_subsys:file r_file_perms;
+binder_call(uv_exposure_reporter, stats_service_server);
 
diff --git a/vendor/google/vendor_init.te b/vendor/google/vendor_init.te
index 8672d3f..c7afffb 100644
--- a/vendor/google/vendor_init.te
+++ b/vendor/google/vendor_init.te
@@ -35,6 +35,7 @@ allow vendor_init proc_sched_energy_aware:file w_file_perms;
 allow vendor_init proc_sched_updown_migrate:file w_file_perms;
 allow vendor_init proc_swappiness:file w_file_perms;
 allow vendor_init proc_dirty:file w_file_perms;
+allow vendor_init proc_sched_lib_mask_cpuinfo:file w_file_perms;
 
 allow vendor_init self:global_capability2_class_set block_suspend;
 allow vendor_init sysfs_wake_lock:file rw_file_perms;
diff --git a/vendor/qcom/common/file_contexts b/vendor/qcom/common/file_contexts
index 907d5b9..7931a55 100644
--- a/vendor/qcom/common/file_contexts
+++ b/vendor/qcom/common/file_contexts
@@ -150,6 +150,7 @@
 /vendor/lib(64)?/libqservice\.so           u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/libqdutils\.so            u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/libadreno_utils\.so       u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libgpudataproducer\.so    u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/libgsl\.so                u:object_r:same_process_hal_file:s0
 
 /vendor/lib(64)?/libEGL_adreno\.so         u:object_r:same_process_hal_file:s0
@@ -179,6 +180,10 @@
 # libGLESv2_adreno depends on this
 /vendor/lib(64)?/libllvm-glnext\.so         u:object_r:same_process_hal_file:s0
 
+# Game profiling library
+/vendor/lib(64)?/libadreno_app_profiles\.so    u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/vendor\.qti\.qspmhal@1\.0\.so u:object_r:same_process_hal_file:s0
+
 # libOpenCL-pixel and its dependencies
 /vendor/lib(64)?/libOpenCL-pixel\.so        u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/libOpenCL\.so              u:object_r:same_process_hal_file:s0