Snap for 10453563 from 34210357f5e8bae13927a5ab67ef93ff0266a704 to mainline-os-statsd-release
Change-Id: Ie6548463a3ab3b33ecd2e530c027e67809702484
diff --git a/aoc/aocd.te b/aoc/aocd.te
deleted file mode 100644
index 69b0af0..0000000
--- a/aoc/aocd.te
+++ /dev/null
@@ -1,21 +0,0 @@
-type aocd, domain;
-type aocd_exec, vendor_file_type, exec_type, file_type;
-init_daemon_domain(aocd)
-
-# access persist files
-allow aocd mnt_vendor_file:dir search;
-allow aocd persist_file:dir search;
-r_dir_file(aocd, persist_aoc_file);
-
-# sysfs operations
-allow aocd sysfs_aoc:dir search;
-allow aocd sysfs_aoc_firmware:file w_file_perms;
-
-# dev operations
-allow aocd aoc_device:chr_file rw_file_perms;
-
-# allow inotify to watch for additions/removals from /dev
-allow aocd device:dir r_dir_perms;
-
-# set properties
-set_prop(aocd, vendor_aoc_prop)
diff --git a/aoc/aocdump.te b/aoc/aocdump.te
deleted file mode 100644
index 0801ec0..0000000
--- a/aoc/aocdump.te
+++ /dev/null
@@ -1,18 +0,0 @@
-type aocdump, domain;
-type aocdump_exec, vendor_file_type, exec_type, file_type;
-init_daemon_domain(aocdump)
-
-userdebug_or_eng(`
- # Permit communication with AoC
- allow aocdump aoc_device:chr_file rw_file_perms;
-
- allow aocdump radio_vendor_data_file:dir rw_dir_perms;
- allow aocdump radio_vendor_data_file:file create_file_perms;
- allow aocdump wifi_logging_data_file:dir create_dir_perms;
- allow aocdump wifi_logging_data_file:file create_file_perms;
- set_prop(aocdump, vendor_audio_prop);
- r_dir_file(aocdump, proc_asound)
-
- allow aocdump self:unix_stream_socket create_stream_socket_perms;
- allow aocdump audio_vendor_data_file:sock_file { create unlink };
-')
diff --git a/aoc/device.te b/aoc/device.te
deleted file mode 100644
index fbd2b32..0000000
--- a/aoc/device.te
+++ /dev/null
@@ -1,5 +0,0 @@
-# AOC device
-type aoc_device, dev_type;
-
-# AMCS device
-type amcs_device, dev_type;
diff --git a/aoc/file.te b/aoc/file.te
deleted file mode 100644
index 3e0baf8..0000000
--- a/aoc/file.te
+++ /dev/null
@@ -1,17 +0,0 @@
-# sysfs
-type sysfs_aoc_dumpstate, sysfs_type, fs_type;
-type sysfs_aoc_boottime, sysfs_type, fs_type;
-type sysfs_aoc_firmware, sysfs_type, fs_type;
-type sysfs_aoc, sysfs_type, fs_type;
-type sysfs_aoc_reset, sysfs_type, fs_type;
-type sysfs_pixelstats, fs_type, sysfs_type;
-
-# persist
-type persist_aoc_file, file_type, vendor_persist_type;
-type persist_audio_file, file_type, vendor_persist_type;
-
-# vendor
-type aoc_audio_file, file_type, vendor_file_type;
-
-# data
-type audio_vendor_data_file, file_type, data_file_type;
diff --git a/aoc/file_contexts b/aoc/file_contexts
deleted file mode 100644
index 71fb097..0000000
--- a/aoc/file_contexts
+++ /dev/null
@@ -1,34 +0,0 @@
-# AoC devices
-/dev/acd-audio_output_tuning u:object_r:aoc_device:s0
-/dev/acd-audio_bulk_tx u:object_r:aoc_device:s0
-/dev/acd-audio_bulk_rx u:object_r:aoc_device:s0
-/dev/acd-audio_input_tuning u:object_r:aoc_device:s0
-/dev/acd-audio_input_bulk_tx u:object_r:aoc_device:s0
-/dev/acd-audio_input_bulk_rx u:object_r:aoc_device:s0
-/dev/acd-sound_trigger u:object_r:aoc_device:s0
-/dev/acd-hotword_notification u:object_r:aoc_device:s0
-/dev/acd-hotword_pcm u:object_r:aoc_device:s0
-/dev/acd-ambient_pcm u:object_r:aoc_device:s0
-/dev/acd-model_data u:object_r:aoc_device:s0
-/dev/acd-debug u:object_r:aoc_device:s0
-/dev/acd-audio_tap[0-9]* u:object_r:aoc_device:s0
-/dev/acd-audio_dcdoff_ref u:object_r:aoc_device:s0
-/dev/acd-com.google.usf u:object_r:aoc_device:s0
-/dev/acd-logging u:object_r:aoc_device:s0
-/dev/aoc u:object_r:aoc_device:s0
-/dev/amcs u:object_r:amcs_device:s0
-
-# AoC vendor binaries
-/vendor/bin/aocd u:object_r:aocd_exec:s0
-/vendor/bin/aocdump u:object_r:aocdump_exec:s0
-/vendor/bin/hw/vendor\.google\.audiometricext@1\.0-service-vendor u:object_r:hal_audiometricext_default_exec:s0
-
-# AoC audio files
-/vendor/etc/aoc(/.*)? u:object_r:aoc_audio_file:s0
-
-# Aoc persist files
-/mnt/vendor/persist/aoc(/.*)? u:object_r:persist_aoc_file:s0
-/mnt/vendor/persist/audio(/.*)? u:object_r:persist_audio_file:s0
-
-# Audio data files
-/data/vendor/audio(/.*)? u:object_r:audio_vendor_data_file:s0
diff --git a/aoc/genfs_contexts b/aoc/genfs_contexts
deleted file mode 100644
index 46773bb..0000000
--- a/aoc/genfs_contexts
+++ /dev/null
@@ -1,28 +0,0 @@
-# AOC
-genfscon sysfs /devices/platform/19000000.aoc/aoc_clock_and_kernel_boottime u:object_r:sysfs_aoc_boottime:s0
-genfscon sysfs /devices/platform/19000000.aoc/firmware u:object_r:sysfs_aoc_firmware:s0
-genfscon sysfs /devices/platform/19000000.aoc u:object_r:sysfs_aoc:s0
-genfscon sysfs /devices/platform/19000000.aoc/reset u:object_r:sysfs_aoc_reset:s0
-genfscon sysfs /devices/platform/19000000.aoc/services u:object_r:sysfs_aoc_dumpstate:s0
-genfscon sysfs /devices/platform/19000000.aoc/restart_count u:object_r:sysfs_aoc_dumpstate:s0
-genfscon sysfs /devices/platform/19000000.aoc/coredump_count u:object_r:sysfs_aoc_dumpstate:s0
-genfscon sysfs /devices/platform/19000000.aoc/control/ring_buffer_wakeup u:object_r:sysfs_aoc_dumpstate:s0
-genfscon sysfs /devices/platform/19000000.aoc/control/host_ipc_wakeup u:object_r:sysfs_aoc_dumpstate:s0
-genfscon sysfs /devices/platform/19000000.aoc/control/usf_wakeup u:object_r:sysfs_aoc_dumpstate:s0
-genfscon sysfs /devices/platform/19000000.aoc/control/audio_wakeup u:object_r:sysfs_aoc_dumpstate:s0
-genfscon sysfs /devices/platform/19000000.aoc/control/logging_wakeup u:object_r:sysfs_aoc_dumpstate:s0
-genfscon sysfs /devices/platform/19000000.aoc/control/hotword_wakeup u:object_r:sysfs_aoc_dumpstate:s0
-genfscon sysfs /devices/platform/19000000.aoc/control/memory_exception u:object_r:sysfs_aoc_dumpstate:s0
-genfscon sysfs /devices/platform/19000000.aoc/control/memory_votes u:object_r:sysfs_aoc_dumpstate:s0
-
-# pixelstat_vendor
-genfscon sysfs /devices/platform/audiometrics/codec_state u:object_r:sysfs_pixelstats:s0
-genfscon sysfs /devices/platform/audiometrics/hs_codec_state u:object_r:sysfs_pixelstats:s0
-genfscon sysfs /devices/platform/audiometrics/speaker_impedance u:object_r:sysfs_pixelstats:s0
-genfscon sysfs /devices/platform/audiometrics/speaker_excursion u:object_r:sysfs_pixelstats:s0
-genfscon sysfs /devices/platform/audiometrics/speaker_heartbeat u:object_r:sysfs_pixelstats:s0
-genfscon sysfs /devices/platform/audiometrics/speaker_temp u:object_r:sysfs_pixelstats:s0
-genfscon sysfs /devices/platform/audiometrics/mic_broken_degrade u:object_r:sysfs_pixelstats:s0
-genfscon sysfs /devices/platform/audiometrics/codec_crashed_counter u:object_r:sysfs_pixelstats:s0
-genfscon sysfs /devices/platform/audiometrics/hwinfo_part_number u:object_r:sysfs_pixelstats:s0
-
diff --git a/aoc/hal_audio_default.te b/aoc/hal_audio_default.te
deleted file mode 100644
index 0755cba..0000000
--- a/aoc/hal_audio_default.te
+++ /dev/null
@@ -1,35 +0,0 @@
-vndbinder_use(hal_audio_default)
-hwbinder_use(hal_audio_default)
-
-allow hal_audio_default audio_vendor_data_file:dir rw_dir_perms;
-allow hal_audio_default audio_vendor_data_file:file create_file_perms;
-
-r_dir_file(hal_audio_default, aoc_audio_file);
-r_dir_file(hal_audio_default, mnt_vendor_file);
-r_dir_file(hal_audio_default, persist_audio_file);
-
-allow hal_audio_default persist_file:dir search;
-allow hal_audio_default aoc_device:file rw_file_perms;
-allow hal_audio_default aoc_device:chr_file rw_file_perms;
-
-allow hal_audio_default hal_audio_ext_hwservice:hwservice_manager { find add };
-
-allow hal_audio_default amcs_device:file rw_file_perms;
-allow hal_audio_default amcs_device:chr_file rw_file_perms;
-allow hal_audio_default sysfs_pixelstats:file rw_file_perms;
-
-#allow access to DMABUF Heaps for AAudio API
-allow hal_audio_default dmabuf_heap_device:chr_file r_file_perms;
-
-get_prop(hal_audio_default, vendor_audio_prop);
-
-hal_client_domain(hal_audio_default, hal_health);
-hal_client_domain(hal_audio_default, hal_thermal);
-allow hal_audio_default fwk_sensor_hwservice:hwservice_manager find;
-
-userdebug_or_eng(`
- allow hal_audio_default self:unix_stream_socket create_stream_socket_perms;
- allow hal_audio_default audio_vendor_data_file:sock_file { create unlink };
-')
-
-wakelock_use(hal_audio_default);
diff --git a/aoc/hal_audiometricext_default.te b/aoc/hal_audiometricext_default.te
deleted file mode 100644
index 5358eac..0000000
--- a/aoc/hal_audiometricext_default.te
+++ /dev/null
@@ -1,12 +0,0 @@
-type hal_audiometricext_default, domain;
-type hal_audiometricext_default_exec, vendor_file_type, exec_type, file_type;
-init_daemon_domain(hal_audiometricext_default)
-
-allow hal_audiometricext_default amcs_device:chr_file rw_file_perms;
-allow hal_audiometricext_default sysfs_pixelstats:file rw_file_perms;
-
-get_prop(hal_audiometricext_default, vendor_audio_prop);
-get_prop(hal_audiometricext_default, hwservicemanager_prop);
-
-hwbinder_use(hal_audiometricext_default);
-add_hwservice(hal_audiometricext_default, hal_audiometricext_hwservice);
diff --git a/aoc/hwservice.te b/aoc/hwservice.te
deleted file mode 100644
index b7bf5d9..0000000
--- a/aoc/hwservice.te
+++ /dev/null
@@ -1,6 +0,0 @@
-# Audio
-type hal_audio_ext_hwservice, hwservice_manager_type;
-
-# AudioMetric
-type hal_audiometricext_hwservice, hwservice_manager_type;
-
diff --git a/aoc/hwservice_contexts b/aoc/hwservice_contexts
deleted file mode 100644
index f06c846..0000000
--- a/aoc/hwservice_contexts
+++ /dev/null
@@ -1,4 +0,0 @@
-# Audio
-vendor.google.whitechapel.audio.audioext::IAudioExt u:object_r:hal_audio_ext_hwservice:s0
-vendor.google.audiometricext::IAudioMetricExt u:object_r:hal_audiometricext_hwservice:s0
-
diff --git a/aoc/property.te b/aoc/property.te
deleted file mode 100644
index d38e3ec..0000000
--- a/aoc/property.te
+++ /dev/null
@@ -1,4 +0,0 @@
-# AoC
-vendor_internal_prop(vendor_aoc_prop)
-# Audio
-vendor_internal_prop(vendor_audio_prop)
diff --git a/aoc/property_contexts b/aoc/property_contexts
deleted file mode 100644
index d502830..0000000
--- a/aoc/property_contexts
+++ /dev/null
@@ -1,11 +0,0 @@
-# AoC
-vendor.aoc.firmware.version u:object_r:vendor_aoc_prop:s0
-
-# for audio
-vendor.audio_hal.period_multiplier u:object_r:vendor_audio_prop:s0
-vendor.audiodump.enable u:object_r:vendor_audio_prop:s0
-persist.vendor.audio. u:object_r:vendor_audio_prop:s0
-vendor.audiodump.log.ondemand u:object_r:vendor_audio_prop:s0
-vendor.audiodump.log.config u:object_r:vendor_audio_prop:s0
-vendor.audiodump.output.dir u:object_r:vendor_audio_prop:s0
-vendor.audiodump.encode.disable u:object_r:vendor_audio_prop:s0
diff --git a/dauntless/citadel_provision.te b/dauntless/citadel_provision.te
deleted file mode 100644
index 5605085..0000000
--- a/dauntless/citadel_provision.te
+++ /dev/null
@@ -1,6 +0,0 @@
-type citadel_provision, domain;
-type citadel_provision_exec, exec_type, vendor_file_type, file_type;
-
-userdebug_or_eng(`
- init_daemon_domain(citadel_provision)
-')
diff --git a/dauntless/citadeld.te b/dauntless/citadeld.te
deleted file mode 100644
index 86cb61c..0000000
--- a/dauntless/citadeld.te
+++ /dev/null
@@ -1,13 +0,0 @@
-type citadeld, domain;
-type citadeld_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(citadeld)
-
-add_service(citadeld, citadeld_service)
-binder_use(citadeld)
-vndbinder_use(citadeld)
-binder_call(citadeld, system_server)
-
-allow citadeld citadel_device:chr_file rw_file_perms;
-allow citadeld fwk_stats_service:service_manager find;
-allow citadeld hal_power_stats_vendor_service:service_manager find;
diff --git a/dauntless/device.te b/dauntless/device.te
deleted file mode 100644
index f63186f..0000000
--- a/dauntless/device.te
+++ /dev/null
@@ -1 +0,0 @@
-type citadel_device, dev_type;
diff --git a/dauntless/file.te b/dauntless/file.te
deleted file mode 100644
index cfc0dea..0000000
--- a/dauntless/file.te
+++ /dev/null
@@ -1 +0,0 @@
-type citadel_updater, vendor_file_type, file_type;
diff --git a/dauntless/file_contexts b/dauntless/file_contexts
deleted file mode 100644
index 76a2502..0000000
--- a/dauntless/file_contexts
+++ /dev/null
@@ -1,9 +0,0 @@
-/vendor/bin/CitadelProvision u:object_r:citadel_provision_exec:s0
-/vendor/bin/hw/init_citadel u:object_r:init_citadel_exec:s0
-/vendor/bin/hw/android\.hardware\.security\.keymint-service\.citadel u:object_r:hal_keymint_citadel_exec:s0
-/vendor/bin/hw/android\.hardware\.weaver@1\.0-service\.citadel u:object_r:hal_weaver_citadel_exec:s0
-/vendor/bin/hw/android\.hardware\.identity@1\.0-service\.citadel u:object_r:hal_identity_citadel_exec:s0
-/vendor/bin/hw/citadel_updater u:object_r:citadel_updater:s0
-/vendor/bin/hw/citadeld u:object_r:citadeld_exec:s0
-
-/dev/gsc0 u:object_r:citadel_device:s0
diff --git a/dauntless/hal_identity_citadel.te b/dauntless/hal_identity_citadel.te
deleted file mode 100644
index c181e27..0000000
--- a/dauntless/hal_identity_citadel.te
+++ /dev/null
@@ -1,11 +0,0 @@
-type hal_identity_citadel, domain;
-type hal_identity_citadel_exec, exec_type, vendor_file_type, file_type;
-
-vndbinder_use(hal_identity_citadel)
-binder_call(hal_identity_citadel, citadeld)
-allow hal_identity_citadel citadeld_service:service_manager find;
-allow hal_identity_citadel hal_keymint_citadel:binder call;
-
-hal_server_domain(hal_identity_citadel, hal_identity)
-hal_server_domain(hal_identity_citadel, hal_keymint)
-init_daemon_domain(hal_identity_citadel)
diff --git a/dauntless/hal_keymint_citadel.te b/dauntless/hal_keymint_citadel.te
deleted file mode 100644
index e1a6177..0000000
--- a/dauntless/hal_keymint_citadel.te
+++ /dev/null
@@ -1,9 +0,0 @@
-type hal_keymint_citadel, domain;
-type hal_keymint_citadel_exec, exec_type, vendor_file_type, file_type;
-
-hal_server_domain(hal_keymint_citadel, hal_keymint)
-init_daemon_domain(hal_keymint_citadel)
-vndbinder_use(hal_keymint_citadel)
-get_prop(hal_keymint_citadel, vendor_security_patch_level_prop)
-allow hal_keymint_citadel citadeld_service:service_manager find;
-binder_call(hal_keymint_citadel, citadeld)
diff --git a/dauntless/hal_weaver_citadel.te b/dauntless/hal_weaver_citadel.te
deleted file mode 100644
index c47287b..0000000
--- a/dauntless/hal_weaver_citadel.te
+++ /dev/null
@@ -1,11 +0,0 @@
-type hal_weaver_citadel, domain;
-type hal_weaver_citadel_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(hal_weaver_citadel)
-hal_server_domain(hal_weaver_citadel, hal_weaver)
-hal_server_domain(hal_weaver_citadel, hal_oemlock)
-hal_server_domain(hal_weaver_citadel, hal_authsecret)
-vndbinder_use(hal_weaver_citadel)
-binder_call(hal_weaver_citadel, citadeld)
-
-allow hal_weaver_citadel citadeld_service:service_manager find;
diff --git a/dauntless/init_citadel.te b/dauntless/init_citadel.te
deleted file mode 100644
index 2e986d0..0000000
--- a/dauntless/init_citadel.te
+++ /dev/null
@@ -1,15 +0,0 @@
-type init_citadel, domain;
-type init_citadel_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(init_citadel)
-
-# Citadel communication must be via citadeld
-vndbinder_use(init_citadel)
-binder_call(init_citadel, citadeld)
-allow init_citadel citadeld_service:service_manager find;
-
-# Many standard utils are actually vendor_toolbox (like xxd)
-allow init_citadel vendor_toolbox_exec:file rx_file_perms;
-
-# init_citadel needs to invoke citadel_updater
-allow init_citadel citadel_updater:file rx_file_perms;
diff --git a/dauntless/service_contexts b/dauntless/service_contexts
deleted file mode 100644
index ac6a186..0000000
--- a/dauntless/service_contexts
+++ /dev/null
@@ -1,3 +0,0 @@
-android.hardware.security.keymint.IKeyMintDevice/strongbox u:object_r:hal_keymint_service:s0
-android.hardware.security.sharedsecret.ISharedSecret/strongbox u:object_r:hal_sharedsecret_service:s0
-android.hardware.security.keymint.IRemotelyProvisionedComponent/strongbox u:object_r:hal_remotelyprovisionedcomponent_service:s0
diff --git a/dauntless/vndservice.te b/dauntless/vndservice.te
deleted file mode 100644
index 880c09c..0000000
--- a/dauntless/vndservice.te
+++ /dev/null
@@ -1 +0,0 @@
-type citadeld_service, vndservice_manager_type;
diff --git a/dauntless/vndservice_contexts b/dauntless/vndservice_contexts
deleted file mode 100644
index b4df996..0000000
--- a/dauntless/vndservice_contexts
+++ /dev/null
@@ -1 +0,0 @@
-android.hardware.citadel.ICitadeld u:object_r:citadeld_service:s0
diff --git a/edgetpu/file_contexts b/edgetpu/file_contexts
deleted file mode 100644
index 7b5d25a..0000000
--- a/edgetpu/file_contexts
+++ /dev/null
@@ -1,2 +0,0 @@
-# EdgeTPU device (DarwiNN)
-/dev/janeiro u:object_r:edgetpu_device:s0
diff --git a/edgetpu/genfs_contexts b/edgetpu/genfs_contexts
deleted file mode 100644
index 78e7e95..0000000
--- a/edgetpu/genfs_contexts
+++ /dev/null
@@ -1,2 +0,0 @@
-# EdgeTPU
-genfscon sysfs /devices/platform/1ce00000.janeiro u:object_r:sysfs_edgetpu:s0
diff --git a/edgetpu/google_camera_app.te b/edgetpu/google_camera_app.te
deleted file mode 100644
index a0ad731..0000000
--- a/edgetpu/google_camera_app.te
+++ /dev/null
@@ -1,3 +0,0 @@
-# Allows GCA to find and access the EdgeTPU.
-allow google_camera_app edgetpu_app_service:service_manager find;
-allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map };
diff --git a/gps/device.te b/gps/device.te
deleted file mode 100644
index 15d049f..0000000
--- a/gps/device.te
+++ /dev/null
@@ -1 +0,0 @@
-type vendor_gnss_device, dev_type;
diff --git a/gps/file.te b/gps/file.te
deleted file mode 100644
index 537afdb..0000000
--- a/gps/file.te
+++ /dev/null
@@ -1,7 +0,0 @@
-type vendor_gps_file, file_type, data_file_type;
-userdebug_or_eng(`
- typeattribute vendor_gps_file mlstrustedobject;
-')
-
-type sysfs_gps, sysfs_type, fs_type;
-type sysfs_gps_assert, sysfs_type, fs_type;
diff --git a/gps/file_contexts b/gps/file_contexts
deleted file mode 100644
index 8ae128e..0000000
--- a/gps/file_contexts
+++ /dev/null
@@ -1,12 +0,0 @@
-# gnss/gps data/log files
-/data/vendor/gps(/.*)? u:object_r:vendor_gps_file:s0
-
-# devices
-/dev/bbd_control u:object_r:vendor_gnss_device:s0
-/dev/ttyBCM u:object_r:vendor_gnss_device:s0
-
-# vendor binaries
-/vendor/bin/hw/scd u:object_r:scd_exec:s0
-/vendor/bin/hw/lhd u:object_r:lhd_exec:s0
-/vendor/bin/hw/gpsd u:object_r:gpsd_exec:s0
-/vendor/bin/hw/android\.hardware\.gnss@[0-9]\.[0-9]-service-brcm u:object_r:hal_gnss_default_exec:s0
diff --git a/gps/genfs_contexts b/gps/genfs_contexts
deleted file mode 100644
index 49dfdd0..0000000
--- a/gps/genfs_contexts
+++ /dev/null
@@ -1,4 +0,0 @@
-# GPS
-genfscon sysfs /devices/platform/10940000.spi/spi_master/spi5/spi5.0/nstandby u:object_r:sysfs_gps:s0
-genfscon sysfs /devices/virtual/pps/pps0/assert_elapsed u:object_r:sysfs_gps_assert:s0
-
diff --git a/gps/gpsd.te b/gps/gpsd.te
deleted file mode 100644
index 791a02e..0000000
--- a/gps/gpsd.te
+++ /dev/null
@@ -1,28 +0,0 @@
-type gpsd, domain;
-type gpsd_exec, vendor_file_type, exec_type, file_type;
-init_daemon_domain(gpsd)
-
-# Allow gpsd access PixelLogger unix socket in debug build only
-userdebug_or_eng(`
- typeattribute gpsd mlstrustedsubject;
- allow gpsd logger_app:unix_stream_socket connectto;
-')
-
-# Allow gpsd to obtain wakelock
-wakelock_use(gpsd)
-
-# Allow gpsd access data vendor gps files
-allow gpsd vendor_gps_file:dir create_dir_perms;
-allow gpsd vendor_gps_file:file create_file_perms;
-allow gpsd vendor_gps_file:fifo_file create_file_perms;
-
-# Allow gpsd to access rild
-binder_call(gpsd, rild);
-allow gpsd hal_exynos_rild_hwservice:hwservice_manager find;
-
-# Allow gpsd to access sensor service
-binder_call(gpsd, system_server);
-allow gpsd fwk_sensor_hwservice:hwservice_manager find;
-
-# Allow gpsd to access pps gpio
-allow gpsd sysfs_gps_assert:file r_file_perms;
diff --git a/gps/hal_gnss_default.te b/gps/hal_gnss_default.te
deleted file mode 100644
index e300423..0000000
--- a/gps/hal_gnss_default.te
+++ /dev/null
@@ -1,4 +0,0 @@
-# Allow hal_gnss_default access data vendor gps files
-allow hal_gnss_default vendor_gps_file:dir create_dir_perms;
-allow hal_gnss_default vendor_gps_file:file create_file_perms;
-allow hal_gnss_default vendor_gps_file:fifo_file create_file_perms;
diff --git a/gps/lhd.te b/gps/lhd.te
deleted file mode 100644
index e980897..0000000
--- a/gps/lhd.te
+++ /dev/null
@@ -1,23 +0,0 @@
-type lhd, domain;
-type lhd_exec, vendor_file_type, exec_type, file_type;
-init_daemon_domain(lhd)
-
-# Allow lhd access PixelLogger unix socket in debug build only
-userdebug_or_eng(`
- typeattribute lhd mlstrustedsubject;
- allow lhd logger_app:unix_stream_socket connectto;
-')
-
-# Allow lhd access data vendor gps files
-allow lhd vendor_gps_file:dir create_dir_perms;
-allow lhd vendor_gps_file:file create_file_perms;
-allow lhd vendor_gps_file:fifo_file create_file_perms;
-
-# Allow lhd to obtain wakelock
-wakelock_use(lhd)
-
-# Allow lhd access /dev/bbd_control file
-allow lhd vendor_gnss_device:chr_file rw_file_perms;
-
-# Allow lhd access nstandby gpio
-allow lhd sysfs_gps:file rw_file_perms;
diff --git a/gps/scd.te b/gps/scd.te
deleted file mode 100644
index 28aaee0..0000000
--- a/gps/scd.te
+++ /dev/null
@@ -1,17 +0,0 @@
-type scd, domain;
-type scd_exec, vendor_file_type, exec_type, file_type;
-init_daemon_domain(scd)
-
-# Allow scd access PixelLogger unix socket in debug build only
-userdebug_or_eng(`
- typeattribute scd mlstrustedsubject;
- allow scd logger_app:unix_stream_socket connectto;
-')
-
-# Allow a base set of permissions required for network access.
-net_domain(scd);
-
-# Allow scd access data vendor gps files
-allow scd vendor_gps_file:dir create_dir_perms;
-allow scd vendor_gps_file:file create_file_perms;
-allow scd vendor_gps_file:fifo_file create_file_perms;
diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map
new file mode 100644
index 0000000..f821732
--- /dev/null
+++ b/tracking_denials/bug_map
@@ -0,0 +1,30 @@
+cat_engine_service_app system_app_data_file dir b/238705599
+dex2oat privapp_data_file dir b/276386138
+dump_pixel_metrics sysfs file b/268147113
+dumpstate app_zygote process b/237491813
+dumpstate system_data_file dir b/239484651
+hal_camera_default boot_status_prop file b/275001783
+hal_camera_default edgetpu_app_service service_manager b/275001783
+hal_contexthub_default fwk_stats_service service_manager b/241714943
+hal_dumpstate_default dump_thermal process b/268566483
+hal_power_default hal_power_default capability b/237492146
+hal_radioext_default radio_vendor_data_file file b/237093466
+incidentd debugfs_wakeup_sources file b/237492091
+incidentd incidentd anon_inode b/268147092
+init-insmod-sh vendor_ready_prop property_service b/239364360
+kernel vendor_charger_debugfs dir b/238571150
+kernel vendor_usb_debugfs dir b/227121550
+shell adb_keys_file file b/239484612
+shell cache_file lnk_file b/239484612
+shell init_exec lnk_file b/239484612
+shell linkerconfig_file dir b/239484612
+shell metadata_file dir b/239484612
+shell mirror_data_file dir b/239484612
+shell postinstall_mnt_dir dir b/239484612
+shell rootfs file b/239484612
+shell sscoredump_vendor_data_crashinfo_file dir b/241714944
+shell system_dlkm_file dir b/239484612
+su modem_img_file filesystem b/240653918
+system_app proc_pagetypeinfo file b/275645892
+system_server privapp_data_file lnk_file b/276385494
+system_server system_userdir_file dir b/282096141
diff --git a/tracking_denials/clatd.te b/tracking_denials/clatd.te
deleted file mode 100644
index 3c27ad9..0000000
--- a/tracking_denials/clatd.te
+++ /dev/null
@@ -1,3 +0,0 @@
-# b/210363983
-#dontaudit clatd netd:rawip_socket { read write };
-#dontaudit clatd netd:rawip_socket { setopt };
diff --git a/tracking_denials/dumpstate.te b/tracking_denials/dumpstate.te
index aaff71e..0dc30ea 100644
--- a/tracking_denials/dumpstate.te
+++ b/tracking_denials/dumpstate.te
@@ -1,6 +1,6 @@
-# b/221384768
-dontaudit dumpstate app_zygote:process { signal };
+# b/185723618
dontaudit dumpstate hal_power_stats_vendor_service:service_manager { find };
-dontaudit dumpstate sysfs:file { read };
-# b/227694693
-dontaudit dumpstate incident:process { signal };
+# b/237491813
+dontaudit dumpstate app_zygote:process { signal };
+# b/277155245
+dontaudit dumpstate default_android_service:service_manager { find };
diff --git a/tracking_denials/google_camera_app.te b/tracking_denials/google_camera_app.te
deleted file mode 100644
index 72796c2..0000000
--- a/tracking_denials/google_camera_app.te
+++ /dev/null
@@ -1,8 +0,0 @@
-# b/209889068
-dontaudit google_camera_app edgetpu_app_service:service_manager { find };
-dontaudit google_camera_app edgetpu_device:chr_file { ioctl };
-dontaudit google_camera_app edgetpu_device:chr_file { map };
-dontaudit google_camera_app edgetpu_device:chr_file { read write };
-dontaudit google_camera_app vendor_default_prop:file { getattr };
-dontaudit google_camera_app vendor_default_prop:file { map };
-dontaudit google_camera_app vendor_default_prop:file { open };
diff --git a/tracking_denials/hal_camera_default.te b/tracking_denials/hal_camera_default.te
deleted file mode 100644
index f423e49..0000000
--- a/tracking_denials/hal_camera_default.te
+++ /dev/null
@@ -1,5 +0,0 @@
-# b/205780065
-dontaudit hal_camera_default system_data_file:dir { search };
-# b/218585004
-dontaudit hal_camera_default traced:unix_stream_socket { connectto };
-dontaudit hal_camera_default traced_producer_socket:sock_file { write };
diff --git a/tracking_denials/hal_drm_widevine.te b/tracking_denials/hal_drm_widevine.te
new file mode 100644
index 0000000..cfe7fcf
--- /dev/null
+++ b/tracking_denials/hal_drm_widevine.te
@@ -0,0 +1,2 @@
+# b/229209076
+dontaudit hal_drm_widevine vndbinder_device:chr_file { read };
diff --git a/tracking_denials/hal_neuralnetworks_armnn.te b/tracking_denials/hal_neuralnetworks_armnn.te
deleted file mode 100644
index b58f29f..0000000
--- a/tracking_denials/hal_neuralnetworks_armnn.te
+++ /dev/null
@@ -1,8 +0,0 @@
-# b/205073167
-dontaudit hal_neuralnetworks_armnn default_prop:file { open };
-dontaudit hal_neuralnetworks_armnn default_prop:file { read };
-# b/205202540
-dontaudit hal_neuralnetworks_armnn default_prop:file { getattr };
-dontaudit hal_neuralnetworks_armnn default_prop:file { map };
-# b/205779871
-dontaudit hal_neuralnetworks_armnn system_data_file:dir { search };
diff --git a/tracking_denials/hal_power_default.te b/tracking_denials/hal_power_default.te
index 731d4ba..a2ce6fd 100644
--- a/tracking_denials/hal_power_default.te
+++ b/tracking_denials/hal_power_default.te
@@ -1,4 +1,3 @@
-# b/208909174
-dontaudit hal_power_default hal_power_default:capability { dac_read_search };
-# b/221384860
+# b/237492146
dontaudit hal_power_default hal_power_default:capability { dac_override };
+dontaudit hal_power_default hal_power_default:capability { dac_read_search };
diff --git a/tracking_denials/hal_sensors_default.te b/tracking_denials/hal_sensors_default.te
deleted file mode 100644
index fb1bb23..0000000
--- a/tracking_denials/hal_sensors_default.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/227695036
-dontaudit hal_sensors_default sensor_reg_data_file:dir { write };
diff --git a/tracking_denials/hal_vibrator_default.te b/tracking_denials/hal_vibrator_default.te
new file mode 100644
index 0000000..390bfa3
--- /dev/null
+++ b/tracking_denials/hal_vibrator_default.te
@@ -0,0 +1,2 @@
+# b/274727778
+dontaudit hal_vibrator_default default_android_service:service_manager { find };
diff --git a/tracking_denials/hardware_info_app.te b/tracking_denials/hardware_info_app.te
deleted file mode 100644
index 2975d24..0000000
--- a/tracking_denials/hardware_info_app.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/208909060
-dontaudit hardware_info_app vendor_maxfg_debugfs:dir search;
diff --git a/tracking_denials/incidentd.te b/tracking_denials/incidentd.te
index 90b1025..e6fce30 100644
--- a/tracking_denials/incidentd.te
+++ b/tracking_denials/incidentd.te
@@ -1,2 +1,2 @@
-# b/226850644
+# b/237492091
dontaudit incidentd debugfs_wakeup_sources:file { read };
diff --git a/tracking_denials/kernel.te b/tracking_denials/kernel.te
index d75b1fb..a2e2163 100644
--- a/tracking_denials/kernel.te
+++ b/tracking_denials/kernel.te
@@ -1,11 +1,2 @@
-# b/213817227
-dontaudit kernel vendor_battery_debugfs:dir { search };
-# b/220801802
-allow kernel same_process_hal_file:file r_file_perms;
# b/227121550
-dontaudit kernel vendor_usb_debugfs:dir { search };
-dontaudit kernel vendor_votable_debugfs:dir { search };
-# b/227286343
-dontaudit kernel vendor_regmap_debugfs:dir { search };
-# b/228181404
-dontaudit kernel vendor_maxfg_debugfs:dir { search };
\ No newline at end of file
+dontaudit kernel vendor_votable_debugfs:dir search;
diff --git a/tracking_denials/priv_app.te b/tracking_denials/priv_app.te
deleted file mode 100644
index 5784c9b..0000000
--- a/tracking_denials/priv_app.te
+++ /dev/null
@@ -1,13 +0,0 @@
-# b/207062833
-dontaudit priv_app vendor_default_prop:file { getattr };
-dontaudit priv_app vendor_default_prop:file { map };
-dontaudit priv_app vendor_default_prop:file { open };
-# b/210363938
-dontaudit priv_app vendor_apex_file:dir { search };
-dontaudit priv_app vendor_apex_file:file { getattr };
-dontaudit priv_app vendor_apex_file:file { open };
-dontaudit priv_app vendor_apex_file:file { read };
-# b/220636850
-dontaudit priv_app default_prop:property_service { set };
-dontaudit priv_app init:unix_stream_socket { connectto };
-dontaudit priv_app property_socket:sock_file { write };
diff --git a/tracking_denials/ssr_detector_app.te b/tracking_denials/ssr_detector_app.te
deleted file mode 100644
index 182b08e..0000000
--- a/tracking_denials/ssr_detector_app.te
+++ /dev/null
@@ -1,12 +0,0 @@
-# b/205202542
-dontaudit ssr_detector_app vendor_persist_sys_default_prop:file { getattr };
-dontaudit ssr_detector_app vendor_persist_sys_default_prop:file { map };
-dontaudit ssr_detector_app vendor_persist_sys_default_prop:file { open };
-dontaudit ssr_detector_app vendor_persist_sys_default_prop:file { read };
-# b/207571417
-dontaudit ssr_detector_app cgroup:file { open };
-dontaudit ssr_detector_app cgroup:file { write };
-dontaudit ssr_detector_app sysfs:file { getattr };
-dontaudit ssr_detector_app sysfs:file { open };
-dontaudit ssr_detector_app sysfs:file { read };
-dontaudit ssr_detector_app sysfs:file { write };
diff --git a/tracking_denials/tee.te b/tracking_denials/tee.te
deleted file mode 100644
index 3a56e03..0000000
--- a/tracking_denials/tee.te
+++ /dev/null
@@ -1,5 +0,0 @@
-# TODO(b/205904330): avoid using setuid, setgid permission
-allow tee tee:capability { setuid setgid };
-# b/215649571
-dontaudit tee gsi_metadata_file:dir { search };
-dontaudit tee metadata_file:dir { search };
diff --git a/tracking_denials/vendor_init.te b/tracking_denials/vendor_init.te
index 05adec7..ea8ff1e 100644
--- a/tracking_denials/vendor_init.te
+++ b/tracking_denials/vendor_init.te
@@ -1,6 +1,2 @@
# b/205656950
dontaudit vendor_init thermal_link_device:file { create };
-# b/226271913
-dontaudit vendor_init vendor_maxfg_debugfs:file setattr;
-# b/221384939
-dontaudit vendor_init vendor_battery_defender_prop:property_service { set } ;
diff --git a/tracking_denials/vndservicemanager.te b/tracking_denials/vndservicemanager.te
new file mode 100644
index 0000000..9931d43
--- /dev/null
+++ b/tracking_denials/vndservicemanager.te
@@ -0,0 +1,4 @@
+# b/278639040
+dontaudit vndservicemanager hal_keymint_citadel:binder { call };
+# b/278639040
+dontaudit vndservicemanager hal_keymint_citadel:binder { call };
diff --git a/whitechapel_pro/certs/camera_eng.x509.pem b/whitechapel_pro/certs/camera_eng.x509.pem
new file mode 100644
index 0000000..011a9ec
--- /dev/null
+++ b/whitechapel_pro/certs/camera_eng.x509.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICpzCCAmWgAwIBAgIEUAV8QjALBgcqhkjOOAQDBQAwNzELMAkGA1UEBhMCVVMx
+EDAOBgNVBAoTB0FuZHJvaWQxFjAUBgNVBAMTDUFuZHJvaWQgRGVidWcwHhcNMTIw
+NzE3MTQ1MjUwWhcNMjIwNzE1MTQ1MjUwWjA3MQswCQYDVQQGEwJVUzEQMA4GA1UE
+ChMHQW5kcm9pZDEWMBQGA1UEAxMNQW5kcm9pZCBEZWJ1ZzCCAbcwggEsBgcqhkjO
+OAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR
++1k9jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb
++DtX58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdg
+UI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlX
+TAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCj
+rh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQB
+TDv+z0kqA4GEAAKBgGrRG9fVZtJ69DnALkForP1FtL6FvJmMe5uOHHdUaT+MDUKK
+pPzhEISBOEJPpozRMFJO7/bxNzhjgi+mNymL/k1GoLhmZe7wQRc5AQNbHIBqoxgY
+DTA6qMyeWSPgam+r+nVoPEU7sgd3fPL958+xmxQwOBSqHfe0PVsiK1cGtIuUMAsG
+ByqGSM44BAMFAAMvADAsAhQJ0tGwRwIptb7SkCZh0RLycMXmHQIUZ1ACBqeAULp4
+rscXTxYEf4Tqovc=
+-----END CERTIFICATE-----
diff --git a/whitechapel_pro/certs/camera_fishfood.x509.pem b/whitechapel_pro/certs/camera_fishfood.x509.pem
new file mode 100644
index 0000000..fb11572
--- /dev/null
+++ b/whitechapel_pro/certs/camera_fishfood.x509.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICUjCCAbsCBEk0mH4wDQYJKoZIhvcNAQEEBQAwcDELMAkGA1UEBhMCVVMxCzAJ
+BgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtHb29n
+bGUsIEluYzEUMBIGA1UECxMLR29vZ2xlLCBJbmMxEDAOBgNVBAMTB1Vua25vd24w
+HhcNMDgxMjAyMDIwNzU4WhcNMzYwNDE5MDIwNzU4WjBwMQswCQYDVQQGEwJVUzEL
+MAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC0dv
+b2dsZSwgSW5jMRQwEgYDVQQLEwtHb29nbGUsIEluYzEQMA4GA1UEAxMHVW5rbm93
+bjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAn0gDGZD5sUcmOE4EU9GPjAu/
+jcd7JQSksSB8TGxEurwArcZhD6a2qy2oDjPy7vFrJqP2uFua+sqQn/u+s/TJT36B
+IqeY4OunXO090in6c2X0FRZBWqnBYX3Vg84Zuuigu9iF/BeptL0mQIBRIarbk3fe
+tAATOBQYiC7FIoL8WA0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQBAhmae1jHaQ4Td
+0GHSJuBzuYzEuZ34teS+njy+l1Aeg98cb6lZwM5gXE/SrG0chM7eIEdsurGb6PIg
+Ov93F61lLY/MiQcI0SFtqERXWSZJ4OnTxLtM9Y2hnbHU/EG8uVhPZOZfQQ0FKf1b
+aIOMFB0Km9HbEZHLKg33kOoMsS2zpA==
+-----END CERTIFICATE-----
diff --git a/whitechapel_pro/chre.te b/whitechapel_pro/chre.te
index 319f17d..2531af8 100644
--- a/whitechapel_pro/chre.te
+++ b/whitechapel_pro/chre.te
@@ -17,4 +17,15 @@
# Allow CHRE to talk to the WiFi HAL
allow chre hal_wifi_ext:binder { call transfer };
-allow chre hal_wifi_ext_hwservice:hwservice_manager find;
\ No newline at end of file
+allow chre hal_wifi_ext_hwservice:hwservice_manager find;
+allow chre hal_wifi_ext_service:service_manager find;
+
+# Allow CHRE host to talk to stats service
+allow chre fwk_stats_service:service_manager find;
+binder_call(chre, stats_service_server)
+
+# Allow CHRE to use WakeLock
+wakelock_use(chre)
+
+# Allow CHRE to block suspend, which is required to use EPOLLWAKEUP.
+allow chre self:global_capability2_class_set block_suspend;
diff --git a/whitechapel_pro/convert-to-ext4-sh.te b/whitechapel_pro/convert-to-ext4-sh.te
new file mode 100644
index 0000000..d64382d
--- /dev/null
+++ b/whitechapel_pro/convert-to-ext4-sh.te
@@ -0,0 +1,34 @@
+type convert-to-ext4-sh, domain, coredomain;
+type convert-to-ext4-sh_exec, system_file_type, exec_type, file_type;
+
+userdebug_or_eng(`
+ permissive convert-to-ext4-sh;
+
+ init_daemon_domain(convert-to-ext4-sh)
+
+ allow convert-to-ext4-sh block_device:dir search;
+ allow convert-to-ext4-sh e2fs_exec:file rx_file_perms;
+ allow convert-to-ext4-sh efs_block_device:blk_file rw_file_perms;
+ allow convert-to-ext4-sh kernel:process setsched;
+ allow convert-to-ext4-sh kmsg_device:chr_file rw_file_perms;
+ allow convert-to-ext4-sh persist_block_device:blk_file { getattr ioctl open read write };
+ allow convert-to-ext4-sh shell_exec:file rx_file_perms;
+ allow convert-to-ext4-sh sysfs_fs_ext4_features:dir { read search };
+ allow convert-to-ext4-sh sysfs_fs_ext4_features:file read;
+ allow convert-to-ext4-sh tmpfs:dir { add_name create mounton open };
+ allow convert-to-ext4-sh tmpfs:dir { remove_name rmdir rw_file_perms setattr };
+ allow convert-to-ext4-sh tmpfs:file { create rw_file_perms unlink };
+ allow convert-to-ext4-sh toolbox_exec:file rx_file_perms;
+ allow convert-to-ext4-sh vendor_persist_type:dir { rw_file_perms search };
+ allow convert-to-ext4-sh vendor_persist_type:file rw_file_perms;
+
+ allowxperm convert-to-ext4-sh { efs_block_device persist_block_device}:blk_file ioctl {
+ BLKDISCARD BLKPBSZGET BLKDISCARDZEROES BLKROGET LOOP_CLR_FD
+ };
+
+ dontaudit convert-to-ext4-sh labeledfs:filesystem { mount unmount };
+ dontaudit convert-to-ext4-sh self:capability { chown fowner fsetid dac_read_search sys_admin sys_rawio };
+ dontaudit convert-to-ext4-sh unlabeled:dir { add_name create mounton open rw_file_perms search setattr };
+ dontaudit convert-to-ext4-sh unlabeled:file { create rw_file_perms setattr };
+ dontaudit convert-to-ext4-sh convert-to-ext4-sh:capability { dac_override };
+')
diff --git a/whitechapel_pro/debug_camera_app.te b/whitechapel_pro/debug_camera_app.te
new file mode 100644
index 0000000..5342fb7
--- /dev/null
+++ b/whitechapel_pro/debug_camera_app.te
@@ -0,0 +1,27 @@
+type debug_camera_app, domain, coredomain;
+
+userdebug_or_eng(`
+ app_domain(debug_camera_app)
+ net_domain(debug_camera_app)
+
+ allow debug_camera_app app_api_service:service_manager find;
+ allow debug_camera_app audioserver_service:service_manager find;
+ allow debug_camera_app cameraserver_service:service_manager find;
+ allow debug_camera_app mediaextractor_service:service_manager find;
+ allow debug_camera_app mediametrics_service:service_manager find;
+ allow debug_camera_app mediaserver_service:service_manager find;
+
+ # Allows camera app to access the GXP device.
+ allow debug_camera_app gxp_device:chr_file rw_file_perms;
+
+ # Allows camera app to search for GXP firmware file.
+ allow debug_camera_app vendor_fw_file:dir search;
+
+ # Allows camera app to access the PowerHAL.
+ hal_client_domain(debug_camera_app, hal_power)
+')
+userdebug_or_eng(`
+ # Allows GCA-Eng to find and access the EdgeTPU.
+ allow debug_camera_app edgetpu_app_service:service_manager find;
+ allow debug_camera_app edgetpu_device:chr_file { getattr read write ioctl map };
+')
\ No newline at end of file
diff --git a/whitechapel_pro/device.te b/whitechapel_pro/device.te
index 6b81f2a..b66248a 100644
--- a/whitechapel_pro/device.te
+++ b/whitechapel_pro/device.te
@@ -17,7 +17,9 @@
type faceauth_heap_device, dmabuf_heap_device_type, dev_type;
type vframe_heap_device, dmabuf_heap_device_type, dev_type;
type vscaler_heap_device, dmabuf_heap_device_type, dev_type;
-type battery_history_device, dev_type;
+type radio_test_device, dev_type;
+type vendor_gnss_device, dev_type;
+type fips_block_device, dev_type;
# SecureElement SPI device
type st54spi_device, dev_type;
diff --git a/whitechapel_pro/disable-contaminant-detection-sh.te b/whitechapel_pro/disable-contaminant-detection-sh.te
new file mode 100644
index 0000000..95845a1
--- /dev/null
+++ b/whitechapel_pro/disable-contaminant-detection-sh.te
@@ -0,0 +1,7 @@
+type disable-contaminant-detection-sh, domain;
+type disable-contaminant-detection-sh_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(disable-contaminant-detection-sh)
+
+allow disable-contaminant-detection-sh vendor_toolbox_exec:file execute_no_trans;
+allow disable-contaminant-detection-sh sysfs_batteryinfo:dir r_dir_perms;
+allow disable-contaminant-detection-sh sysfs_batteryinfo:file rw_file_perms;
diff --git a/whitechapel_pro/domain.te b/whitechapel_pro/domain.te
index fd876e0..ad32036 100644
--- a/whitechapel_pro/domain.te
+++ b/whitechapel_pro/domain.te
@@ -1,2 +1,6 @@
allow {domain -appdomain -rs} proc_vendor_sched:dir r_dir_perms;
allow {domain -appdomain -rs} proc_vendor_sched:file w_file_perms;
+
+# Mali
+get_prop(domain, vendor_arm_runtime_option_prop)
+
diff --git a/whitechapel_pro/dump_power_gs201.te b/whitechapel_pro/dump_power_gs201.te
new file mode 100644
index 0000000..b61001c
--- /dev/null
+++ b/whitechapel_pro/dump_power_gs201.te
@@ -0,0 +1,30 @@
+
+pixel_bugreport(dump_power_gs201)
+allow dump_power_gs201 sysfs_acpm_stats:dir r_dir_perms;
+allow dump_power_gs201 sysfs_acpm_stats:file r_file_perms;
+allow dump_power_gs201 sysfs_cpu:file r_file_perms;
+allow dump_power_gs201 vendor_toolbox_exec:file execute_no_trans;
+allow dump_power_gs201 logbuffer_device:chr_file r_file_perms;
+allow dump_power_gs201 mitigation_vendor_data_file:dir r_dir_perms;
+allow dump_power_gs201 sysfs:dir r_dir_perms;
+allow dump_power_gs201 sysfs_batteryinfo:dir r_dir_perms;
+allow dump_power_gs201 sysfs_batteryinfo:file r_file_perms;
+allow dump_power_gs201 sysfs_bcl:dir r_dir_perms;
+allow dump_power_gs201 sysfs_bcl:file r_file_perms;
+allow dump_power_gs201 sysfs_wlc:dir r_dir_perms;
+allow dump_power_gs201 sysfs_wlc:file r_file_perms;
+allow dump_power_gs201 battery_history_device:chr_file r_file_perms;
+allow dump_power_gs201 mitigation_vendor_data_file:file r_file_perms;
+
+userdebug_or_eng(`
+ allow dump_power_gs201 debugfs:dir r_dir_perms;
+ allow dump_power_gs201 vendor_battery_debugfs:dir r_dir_perms;
+ allow dump_power_gs201 vendor_battery_debugfs:file r_file_perms;
+ allow dump_power_gs201 vendor_charger_debugfs:dir r_dir_perms;
+ allow dump_power_gs201 vendor_charger_debugfs:file r_file_perms;
+ allow dump_power_gs201 vendor_pm_genpd_debugfs:file r_file_perms;
+ allow dump_power_gs201 vendor_maxfg_debugfs:dir r_dir_perms;
+ allow dump_power_gs201 vendor_maxfg_debugfs:file r_file_perms;
+ allow dump_power_gs201 vendor_votable_debugfs:dir r_dir_perms;
+ allow dump_power_gs201 vendor_votable_debugfs:file r_file_perms;
+')
diff --git a/whitechapel_pro/dumpstate.te b/whitechapel_pro/dumpstate.te
index 8ff4750..eaab9b2 100644
--- a/whitechapel_pro/dumpstate.te
+++ b/whitechapel_pro/dumpstate.te
@@ -14,4 +14,3 @@
allow dumpstate modem_img_file:dir r_dir_perms;
allow dumpstate fuse:dir search;
-dontaudit dumpstate vendor_dmabuf_debugfs:file r_file_perms;
diff --git a/whitechapel_pro/e2fs.te b/whitechapel_pro/e2fs.te
index a666459..3e72adf 100644
--- a/whitechapel_pro/e2fs.te
+++ b/whitechapel_pro/e2fs.te
@@ -4,3 +4,5 @@
allowxperm e2fs { persist_block_device efs_block_device modem_userdata_block_device }:blk_file ioctl {
BLKSECDISCARD BLKDISCARD BLKPBSZGET BLKDISCARDZEROES BLKROGET
};
+allow e2fs sysfs_scsi_devices_0000:dir r_dir_perms;
+allow e2fs sysfs_scsi_devices_0000:file r_file_perms;
diff --git a/whitechapel_pro/euiccpixel_app.te b/whitechapel_pro/euiccpixel_app.te
index a59581e..303f8f3 100644
--- a/whitechapel_pro/euiccpixel_app.te
+++ b/whitechapel_pro/euiccpixel_app.te
@@ -6,6 +6,8 @@
allow euiccpixel_app app_api_service:service_manager find;
allow euiccpixel_app radio_service:service_manager find;
allow euiccpixel_app nfc_service:service_manager find;
+allow euiccpixel_app sysfs_st33spi:dir search;
+allow euiccpixel_app sysfs_st33spi:file rw_file_perms;
set_prop(euiccpixel_app, vendor_secure_element_prop)
set_prop(euiccpixel_app, vendor_modem_prop)
diff --git a/whitechapel_pro/fastbootd.te b/whitechapel_pro/fastbootd.te
index 0d215a8..e7909d2 100644
--- a/whitechapel_pro/fastbootd.te
+++ b/whitechapel_pro/fastbootd.te
@@ -3,5 +3,5 @@
allow fastbootd devinfo_block_device:blk_file rw_file_perms;
allow fastbootd sda_block_device:blk_file rw_file_perms;
allow fastbootd sysfs_ota:file rw_file_perms;
-allow fastbootd citadel_device:chr_file rw_file_perms;
+allow fastbootd st54spi_device:chr_file rw_file_perms;
')
diff --git a/whitechapel_pro/file.te b/whitechapel_pro/file.te
index d986a56..4a23260 100644
--- a/whitechapel_pro/file.te
+++ b/whitechapel_pro/file.te
@@ -4,52 +4,46 @@
type vendor_rfsd_log_file, file_type, data_file_type;
type modem_stat_data_file, file_type, data_file_type;
type vendor_slog_file, file_type, data_file_type;
-type radio_vendor_data_file, file_type, data_file_type;
type updated_wifi_firmware_data_file, file_type, data_file_type;
-type tcpdump_vendor_data_file, file_type, data_file_type;
-type vendor_camera_data_file, file_type, data_file_type;
type vendor_media_data_file, file_type, data_file_type;
type vendor_misc_data_file, file_type, data_file_type;
+type sensor_debug_data_file, file_type, data_file_type;
type sensor_reg_data_file, file_type, data_file_type;
type per_boot_file, file_type, data_file_type, core_data_file_type;
type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type;
type uwb_data_vendor, file_type, data_file_type;
type powerstats_vendor_data_file, file_type, data_file_type;
+type vendor_gps_file, file_type, data_file_type;
userdebug_or_eng(`
- typeattribute tcpdump_vendor_data_file mlstrustedobject;
+ typeattribute vendor_gps_file mlstrustedobject;
typeattribute vendor_slog_file mlstrustedobject;
- typeattribute radio_vendor_data_file mlstrustedobject;
')
# Exynos Firmware
type vendor_fw_file, vendor_file_type, file_type;
+# Trusty
+type sysfs_trusty, sysfs_type, fs_type;
+
+# EM Profile
+type sysfs_em_profile, sysfs_type, fs_type;
+
# sysfs
type sysfs_chosen, sysfs_type, fs_type;
type sysfs_ota, sysfs_type, fs_type;
type bootdevice_sysdev, dev_type;
-type sysfs_display, sysfs_type, fs_type;
-type sysfs_scsi_devices_0000, sysfs_type, fs_type;
type sysfs_fabric, sysfs_type, fs_type;
type sysfs_acpm_stats, sysfs_type, fs_type;
type sysfs_wifi, sysfs_type, fs_type;
-type sysfs_exynos_bts, sysfs_type, fs_type;
-type sysfs_exynos_bts_stats, sysfs_type, fs_type;
-type sysfs_bcl, sysfs_type, fs_type;
-type sysfs_chip_id, sysfs_type, fs_type;
-type sysfs_touch, sysfs_type, fs_type;
+type sysfs_exynos_pcie_stats, sysfs_type, fs_type;
type sysfs_bcmdhd, sysfs_type, fs_type;
-type sysfs_wlc, sysfs_type, fs_type;
type sysfs_chargelevel, sysfs_type, fs_type;
type sysfs_mfc, sysfs_type, fs_type;
-type sysfs_cpu, sysfs_type, fs_type;
-type sysfs_odpm, sysfs_type, fs_type;
-type sysfs_soc, sysfs_type, fs_type;
type sysfs_camera, sysfs_type, fs_type;
type sysfs_write_leds, sysfs_type, fs_type;
-
+type sysfs_pca, sysfs_type, fs_type;
+type sysfs_ptracker, sysfs_type, fs_type;
# debugfs
-type debugfs_f2fs, debugfs_type, fs_type;
type vendor_maxfg_debugfs, fs_type, debugfs_type;
type vendor_pm_genpd_debugfs, fs_type, debugfs_type;
type vendor_regmap_debugfs, fs_type, debugfs_type;
@@ -57,9 +51,6 @@
type vendor_charger_debugfs, fs_type, debugfs_type;
type vendor_votable_debugfs, fs_type, debugfs_type;
type vendor_battery_debugfs, fs_type, debugfs_type;
-type vendor_dmabuf_debugfs, fs_type, debugfs_type;
-type vendor_dri_debugfs, fs_type, debugfs_type;
-type vendor_page_pinner_debugfs, fs_type, debugfs_type;
# vendor extra images
type modem_img_file, contextmount_type, file_type, vendor_file_type;
@@ -81,22 +72,16 @@
type proc_f2fs, proc_type, fs_type;
# Vendor tools
-type vendor_usf_stats, vendor_file_type, file_type;
-type vendor_usf_reg_edit, vendor_file_type, file_type;
type vendor_dumpsys, vendor_file_type, file_type;
# Modem
type modem_efs_file, file_type;
type modem_userdata_file, file_type;
+type sysfs_modem, sysfs_type, fs_type;
# SecureElement
type sysfs_st33spi, sysfs_type, fs_type;
-
-# USB-C throttling stats
-type sysfs_usbc_throttling_stats, sysfs_type, fs_type;
-
-# Touch
-type proc_touch, proc_type, fs_type;
+typeattribute sysfs_st33spi mlstrustedobject;
# Vendor sched files
userdebug_or_eng(`
@@ -108,3 +93,9 @@
userdebug_or_eng(`
typeattribute sysfs_sjtag mlstrustedobject;
')
+
+# USB-C throttling stats
+type sysfs_usbc_throttling_stats, sysfs_type, fs_type;
+
+# WLC
+type sysfs_wlc, sysfs_type, fs_type;
diff --git a/whitechapel_pro/file_contexts b/whitechapel_pro/file_contexts
index ae1d4f2..c4f5b09 100644
--- a/whitechapel_pro/file_contexts
+++ b/whitechapel_pro/file_contexts
@@ -11,20 +11,19 @@
/vendor/bin/storageproxyd u:object_r:tee_exec:s0
/vendor/bin/init\.radio\.sh u:object_r:init_radio_exec:s0
/vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0
-/vendor/bin/init\.insmod\.sh u:object_r:init-insmod-sh_exec:s0
+/vendor/bin/init\.display\.sh u:object_r:init-display-sh_exec:s0
/vendor/bin/trusty_apploader u:object_r:trusty_apploader_exec:s0
/vendor/bin/trusty_metricsd u:object_r:trusty_metricsd_exec:s0
-/vendor/bin/usf_stats u:object_r:vendor_usf_stats:s0
-/vendor/bin/usf_reg_edit u:object_r:vendor_usf_reg_edit:s0
/vendor/bin/dumpsys u:object_r:vendor_dumpsys:s0
/vendor/bin/init\.uwb\.calib\.sh u:object_r:vendor_uwb_init_exec:s0
/vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service\.trusty u:object_r:hal_gatekeeper_default_exec:s0
+/vendor/bin/hw/android\.hardware\.gatekeeper-service\.trusty u:object_r:hal_gatekeeper_default_exec:s0
/vendor/bin/hw/android\.hardware\.security\.keymint-service\.trusty u:object_r:hal_keymint_default_exec:s0
+/vendor/bin/hw/android\.hardware\.security\.keymint-service\.rust\.trusty u:object_r:hal_keymint_default_exec:s0
/vendor/bin/hw/vendor\.google\.radioext@1\.0-service u:object_r:hal_radioext_default_exec:s0
/vendor/bin/hw/android\.hardware\.contexthub-service\.generic u:object_r:hal_contexthub_default_exec:s0
/vendor/bin/hw/android\.hardware\.boot@1\.2-service-gs201 u:object_r:hal_bootctl_default_exec:s0
/vendor/bin/hw/android\.hardware\.composer\.hwc3-service\.pixel u:object_r:hal_graphics_composer_default_exec:s0
-/vendor/bin/hw/android\.hardware\.dumpstate@1\.1-service\.gs201 u:object_r:hal_dumpstate_default_exec:s0
/vendor/bin/hw/samsung\.hardware\.media\.c2@1\.0-service u:object_r:mediacodec_samsung_exec:s0
/vendor/bin/hw/google\.hardware\.media\.c2@1\.0-service u:object_r:mediacodec_google_exec:s0
/vendor/bin/hw/android\.hardware\.secure_element@1\.2-service-gto u:object_r:hal_secure_element_st54spi_exec:s0
@@ -32,18 +31,23 @@
/vendor/bin/hw/android\.hardware\.secure_element@1\.2-uicc-service u:object_r:hal_secure_element_uicc_exec:s0
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix u:object_r:hal_fingerprint_default_exec:s0
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.goodix u:object_r:hal_fingerprint_default_exec:s0
-/vendor/bin/hw/android\.hardware\.nfc@1\.2-service\.st u:object_r:hal_nfc_default_exec:s0
+/vendor/bin/hw/android\.hardware\.nfc-service\.st u:object_r:hal_nfc_default_exec:s0
/vendor/bin/hw/vendor\.google\.wireless_charger@1\.3-service-vendor u:object_r:hal_wlc_exec:s0
/vendor/bin/hw/android\.hardware\.usb-service u:object_r:hal_usb_impl_exec:s0
/vendor/bin/hw/android\.hardware\.usb\.gadget-service u:object_r:hal_usb_gadget_impl_exec:s0
+/vendor/bin/hw/android\.hardware\.gxp\.logging@service-gxp-logging u:object_r:gxp_logging_exec:s0
/vendor/bin/hw/rild_exynos u:object_r:rild_exec:s0
/vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service u:object_r:hal_uwb_vendor_default_exec:s0
/vendor/bin/rlsservice u:object_r:rlsservice_exec:s0
+/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.fpc u:object_r:fingerprint_factory_service_exec:s0
+/vendor/bin/hw/android\.hardware\.memtrack-service\.pixel u:object_r:hal_memtrack_default_exec:s0
+/system_ext/bin/convert_to_ext4\.sh u:object_r:convert-to-ext4-sh_exec:s0
+/vendor/bin/hw/disable_contaminant_detection\.sh u:object_r:disable-contaminant-detection-sh_exec:s0
+/vendor/bin/dump/dump_power_gs201\.sh u:object_r:dump_power_gs201_exec:s0
+/vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0
# Vendor Firmwares
/vendor/firmware(/.*)? u:object_r:vendor_fw_file:s0
-/vendor/firmware/mali_csffw\.bin u:object_r:same_process_hal_file:s0
-/vendor/firmware/gxp_fw_core[0-3] u:object_r:same_process_hal_file:s0
# Vendor libraries
/vendor/lib(64)?/libdrm\.so u:object_r:same_process_hal_file:s0
@@ -56,19 +60,16 @@
/vendor/lib(64)?/pixel-power-ext-V1-ndk\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/android\.frameworks\.stats-V1-ndk\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/vendor-pixelatoms-cpp\.so u:object_r:same_process_hal_file:s0
-/vendor/lib(64)?/libprotobuf-cpp-lite-3\.9\.1\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libprotobuf-cpp-lite-(\d+\.){2,3}so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libgxp\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/gxp_metrics_logger\.so u:object_r:same_process_hal_file:s0
# Graphics
/vendor/lib(64)?/hw/gralloc\.gs201\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/hw/vulkan\.mali\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libgpudataproducer\.so u:object_r:same_process_hal_file:s0
-# Vendor kernel modules
-/vendor_dlkm/lib/modules/.*\.ko u:object_r:vendor_kernel_modules:s0
-
# Devices
-/dev/trusty-log0 u:object_r:logbuffer_device:s0
/dev/dma_heap/sensor_direct_heap u:object_r:sensor_direct_heap_device:s0
/dev/ttySAC0 u:object_r:tty_device:s0
/dev/dma_heap/faceauth_tpu-secure u:object_r:faceauth_heap_device:s0
@@ -79,12 +80,14 @@
/dev/dma_heap/vframe-secure u:object_r:dmabuf_system_secure_heap_device:s0
/dev/dma_heap/vscaler-secure u:object_r:vscaler_heap_device:s0
/dev/dma_heap/vstream-secure u:object_r:dmabuf_system_secure_heap_device:s0
+/dev/janeiro u:object_r:edgetpu_device:s0
/dev/bigocean u:object_r:video_device:s0
/dev/goodix_fp u:object_r:fingerprint_device:s0
/dev/stmvl53l1_ranging u:object_r:rls_device:s0
/dev/watchdog0 u:object_r:watchdog_device:s0
/dev/mali0 u:object_r:gpu_device:s0
/dev/logbuffer_usbpd u:object_r:logbuffer_device:s0
+/dev/logbuffer_pogo_transport u:object_r:logbuffer_device:s0
/dev/logbuffer_ssoc u:object_r:logbuffer_device:s0
/dev/logbuffer_wireless u:object_r:logbuffer_device:s0
/dev/logbuffer_ttf u:object_r:logbuffer_device:s0
@@ -99,6 +102,9 @@
/dev/logbuffer_maxfg_monitor u:object_r:logbuffer_device:s0
/dev/logbuffer_maxfg_base_monitor u:object_r:logbuffer_device:s0
/dev/logbuffer_maxfg_flip_monitor u:object_r:logbuffer_device:s0
+/dev/logbuffer_bd u:object_r:logbuffer_device:s0
+/dev/logbuffer_pcie0 u:object_r:logbuffer_device:s0
+/dev/logbuffer_pcie1 u:object_r:logbuffer_device:s0
/dev/bbd_pwrstat u:object_r:power_stats_device:s0
/dev/lwis-act-jotnar u:object_r:lwis_device:s0
/dev/lwis-act-slenderman u:object_r:lwis_device:s0
@@ -144,6 +150,7 @@
/dev/st33spi u:object_r:st33spi_device:s0
/dev/ttyGS[0-3] u:object_r:serial_device:s0
/dev/oem_ipc[0-7] u:object_r:radio_device:s0
+/dev/oem_test u:object_r:radio_test_device:s0
/dev/umts_boot0 u:object_r:radio_device:s0
/dev/umts_ipc0 u:object_r:radio_device:s0
/dev/umts_ipc1 u:object_r:radio_device:s0
@@ -161,7 +168,6 @@
/dev/block/platform/14700000\.ufs/by-name/boot_[ab] u:object_r:boot_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/init_boot_[ab] u:object_r:boot_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/devinfo u:object_r:devinfo_block_device:s0
-/dev/block/platform/14700000\.ufs/by-name/dpm_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/dram_train_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/efs u:object_r:efs_block_device:s0
@@ -185,10 +191,10 @@
/dev/block/platform/14700000\.ufs/by-name/vbmeta_vendor_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/vendor_boot_[ab] u:object_r:custom_ab_block_device:s0
/dev/block/platform/14700000\.ufs/by-name/vendor_kernel_boot_[ab] u:object_r:custom_ab_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/fips u:object_r:fips_block_device:s0
# Data
/data/vendor/slog(/.*)? u:object_r:vendor_slog_file:s0
-/data/vendor/radio(/.*)? u:object_r:radio_vendor_data_file:s0
/data/vendor/modem_stat(/.*)? u:object_r:modem_stat_data_file:s0
/data/vendor/log(/.*)? u:object_r:vendor_log_file:s0
/data/vendor/log/rfsd(/.*)? u:object_r:vendor_rfsd_log_file:s0
@@ -196,13 +202,13 @@
/data/vendor/ss(/.*)? u:object_r:tee_data_file:s0
/data/nfc(/.*)? u:object_r:nfc_data_file:s0
/data/vendor/firmware/wifi(/.*)? u:object_r:updated_wifi_firmware_data_file:s0
-/data/vendor/tcpdump_logger(/.*)? u:object_r:tcpdump_vendor_data_file:s0
-/data/vendor/camera(/.*)? u:object_r:vendor_camera_data_file:s0
/data/vendor/media(/.*)? u:object_r:vendor_media_data_file:s0
/data/vendor/misc(/.*)? u:object_r:vendor_misc_data_file:s0
/data/per_boot(/.*)? u:object_r:per_boot_file:s0
+/data/vendor/sensors/debug(/.*)? u:object_r:sensor_debug_data_file:s0
/data/vendor/sensors/registry(/.*)? u:object_r:sensor_reg_data_file:s0
/data/vendor/uwb(/.*)? u:object_r:uwb_data_vendor:s0
+/dev/maxfg_history u:object_r:battery_history_device:s0
/dev/battery_history u:object_r:battery_history_device:s0
/data/vendor/powerstats(/.*)? u:object_r:powerstats_vendor_data_file:s0
diff --git a/whitechapel_pro/fingerprint_factory_service.te b/whitechapel_pro/fingerprint_factory_service.te
new file mode 100644
index 0000000..86ab35c
--- /dev/null
+++ b/whitechapel_pro/fingerprint_factory_service.te
@@ -0,0 +1,3 @@
+type fingerprint_factory_service, service_manager_type;
+type fingerprint_factory_service_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(fingerprint_factory_service)
diff --git a/whitechapel_pro/fsck.te b/whitechapel_pro/fsck.te
index d29555b..cb9470d 100644
--- a/whitechapel_pro/fsck.te
+++ b/whitechapel_pro/fsck.te
@@ -1,3 +1,5 @@
allow fsck persist_block_device:blk_file rw_file_perms;
allow fsck efs_block_device:blk_file rw_file_perms;
allow fsck modem_userdata_block_device:blk_file rw_file_perms;
+allow fsck sysfs_scsi_devices_0000:dir r_dir_perms;
+allow fsck sysfs_scsi_devices_0000:file r_file_perms;
diff --git a/whitechapel_pro/genfs_contexts b/whitechapel_pro/genfs_contexts
index 56cbee6..57f0237 100644
--- a/whitechapel_pro/genfs_contexts
+++ b/whitechapel_pro/genfs_contexts
@@ -1,42 +1,24 @@
-# Exynos
-genfscon sysfs /devices/platform/exynos-bts u:object_r:sysfs_exynos_bts:s0
-genfscon sysfs /devices/platform/exynos-bts/bts_stats u:object_r:sysfs_exynos_bts_stats:s0
-
genfscon sysfs /firmware/devicetree/base/chosen u:object_r:sysfs_chosen:s0
-genfscon sysfs /devices/virtual/pmic/mitigation u:object_r:sysfs_bcl:s0
-genfscon sysfs /devices/system/chip-id/ap_hw_tune_str u:object_r:sysfs_chip_id:s0
-genfscon sysfs /devices/system/chip-id/evt_ver u:object_r:sysfs_chip_id:s0
-genfscon sysfs /devices/system/chip-id/lot_id u:object_r:sysfs_chip_id:s0
-genfscon sysfs /devices/system/chip-id/product_id u:object_r:sysfs_chip_id:s0
-genfscon sysfs /devices/system/chip-id/revision u:object_r:sysfs_chip_id:s0
-genfscon sysfs /devices/system/chip-id/raw_str u:object_r:sysfs_chip_id:s0
+
+# EdgeTPU
+genfscon sysfs /devices/platform/1ce00000.janeiro u:object_r:sysfs_edgetpu:s0
# CPU
-genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/time_in_state u:object_r:sysfs_cpu:s0
-genfscon sysfs /devices/platform/cpupm/cpupm/time_in_state u:object_r:sysfs_cpu:s0
-genfscon sysfs /devices/platform/17000020.devfreq_int/devfreq/17000020.devfreq_int/time_in_state u:object_r:sysfs_cpu:s0
-genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/time_in_state u:object_r:sysfs_cpu:s0
-genfscon sysfs /devices/platform/17000040.devfreq_disp/devfreq/17000040.devfreq_disp/time_in_state u:object_r:sysfs_cpu:s0
-genfscon sysfs /devices/platform/17000050.devfreq_cam/devfreq/17000050.devfreq_cam/time_in_state u:object_r:sysfs_cpu:s0
-genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/time_in_state u:object_r:sysfs_cpu:s0
-genfscon sysfs /devices/platform/17000070.devfreq_mfc/devfreq/17000070.devfreq_mfc/time_in_state u:object_r:sysfs_cpu:s0
-genfscon sysfs /devices/platform/17000080.devfreq_bo/devfreq/17000080.devfreq_bo/time_in_state u:object_r:sysfs_cpu:s0
genfscon sysfs /devices/platform/28000000.mali/time_in_state u:object_r:sysfs_cpu:s0
genfscon sysfs /devices/platform/28000000.mali/uid_time_in_state u:object_r:sysfs_cpu:s0
genfscon sysfs /devices/soc0/machine u:object_r:sysfs_soc:s0
genfscon sysfs /devices/soc0/revision u:object_r:sysfs_soc:s0
-# Touch
-genfscon sysfs /devices/platform/10d10000.spi/spi_master/spi0/spi0.0/synaptics_tcm.0/sysfs u:object_r:sysfs_touch:s0
-genfscon sysfs /devices/virtual/sec/tsp u:object_r:sysfs_touch:s0
-genfscon proc /focaltech_touch u:object_r:proc_touch:s0
-
# tracefs
genfscon tracefs /events/dmabuf_heap/dma_heap_stat u:object_r:debugfs_tracing:s0
+# Networking
+genfscon sysfs /devices/platform/10db0000.spi/spi_master/spi16/spi16.0/ieee802154/phy0/net u:object_r:sysfs_net:s0
+
# WiFi
genfscon sysfs /wifi u:object_r:sysfs_wifi:s0
+genfscon sysfs /wlan_ptracker u:object_r:sysfs_ptracker:s0
# ACPM
genfscon sysfs /devices/platform/acpm_stats u:object_r:sysfs_acpm_stats:s0
@@ -47,6 +29,10 @@
# GPU
genfscon sysfs /devices/platform/28000000.mali/hint_min_freq u:object_r:sysfs_gpu:s0
genfscon sysfs /devices/platform/28000000.mali/power_policy u:object_r:sysfs_gpu:s0
+genfscon sysfs /devices/platform/28000000.mali/dma_buf_gpu_mem u:object_r:sysfs_gpu:s0
+genfscon sysfs /devices/platform/28000000.mali/total_gpu_mem u:object_r:sysfs_gpu:s0
+genfscon sysfs /devices/platform/28000000.mali/kprcs u:object_r:sysfs_gpu:s0
+genfscon sysfs /devices/platform/28000000.mali/dvfs_period u:object_r:sysfs_gpu:s0
# Fabric
genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/min_freq u:object_r:sysfs_fabric:s0
@@ -54,11 +40,12 @@
genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/interactive/target_load u:object_r:sysfs_fabric:s0
# sscoredump (per device)
-genfscon sysfs /devices/platform/aoc/sscoredump/sscd_aoc/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0
-genfscon sysfs /devices/platform/bigocean/sscoredump/sscd_bigocean/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0
-genfscon sysfs /devices/platform/debugcore/sscoredump/sscd_debugcore/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0
-genfscon sysfs /devices/platform/mfc-core/sscoredump/sscd_mfc-core/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0
-genfscon sysfs /devices/platform/wlan/sscoredump/sscd_wlan/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0
+genfscon sysfs /devices/platform/aoc/sscoredump/sscd_aoc/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0
+genfscon sysfs /devices/platform/bigocean/sscoredump/sscd_bigocean/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0
+genfscon sysfs /devices/platform/debugcore/sscoredump/sscd_debugcore/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0
+genfscon sysfs /devices/platform/mfc-core/sscoredump/sscd_mfc-core/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0
+genfscon sysfs /devices/platform/wlan/sscoredump/sscd_wlan/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0
+genfscon sysfs /devices/platform/mali/sscoredump/sscd_mali/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0
# Power Stats
genfscon sysfs /devices/platform/cpif/modem/power_stats u:object_r:sysfs_power_stats:s0
@@ -73,32 +60,49 @@
genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/i2c-st21nfc/power_stats u:object_r:sysfs_power_stats:s0
genfscon sysfs /devices/platform/10db0000.spi/spi_master/spi16/spi16.0/uwb/power_stats u:object_r:sysfs_power_stats:s0
-# Power ODPM
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-0/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device0/name u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-0/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-0/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-0/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-1/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device1/name u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-1/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-1/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-1/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-7/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device0/name u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-7/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-7/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-7/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0
+# Modem
+genfscon sysfs /devices/platform/cp-tm1/cp_temp u:object_r:sysfs_modem:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-0/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device1/name u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-0/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-0/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-0/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-1/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device0/name u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-1/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-1/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-1/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-8/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device1/name u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-8/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-8/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0
-genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-8/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0
+# Power ODPM
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-0/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-1/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-2/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-3/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-4/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-5/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-6/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-7/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-8/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-0/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-1/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-2/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-3/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-4/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-5/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-6/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-7/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-8/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/wakeup u:object_r:sysfs_wakeup:s0
+
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-0/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-1/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-2/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-3/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-4/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-5/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-6/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-7/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-8/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-9/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device u:object_r:sysfs_odpm:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-0/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-1/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-2/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-3/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-4/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-5/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-6/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-7/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-8/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-9/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/wakeup u:object_r:sysfs_wakeup:s0
# Devfreq current frequency
genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/cur_freq u:object_r:sysfs_devfreq_cur:s0
@@ -113,6 +117,10 @@
# OTA
genfscon sysfs /devices/platform/14700000.ufs/pixel/boot_lun_enabled u:object_r:sysfs_ota:s0
+# Input
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb2/2-1 u:object_r:sysfs_uhid:s0
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/usb2/2-1 u:object_r:sysfs_uhid:s0
+
# Display
genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/gamma u:object_r:sysfs_display:s0
genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/min_vrefresh u:object_r:sysfs_display:s0
@@ -123,14 +131,21 @@
genfscon sysfs /devices/platform/1c2c0000.drmdsim/hs_clock u:object_r:sysfs_display:s0
genfscon sysfs /devices/platform/1c240000.drmdecon/early_wakeup u:object_r:sysfs_display:s0
genfscon sysfs /devices/platform/1c242000.drmdecon/early_wakeup u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c240000.drmdecon/counters u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c241000.drmdecon/counters u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c242000.drmdecon/counters u:object_r:sysfs_display:s0
genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/backlight u:object_r:sysfs_leds:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_extinfo u:object_r:sysfs_display:s0
genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_name u:object_r:sysfs_display:s0
genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/serial_number u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/refresh_rate u:object_r:sysfs_display:s0
genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/backlight u:object_r:sysfs_leds:s0
+genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/panel_extinfo u:object_r:sysfs_display:s0
genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/panel_name u:object_r:sysfs_display:s0
genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/serial_number u:object_r:sysfs_display:s0
+genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/refresh_rate u:object_r:sysfs_display:s0
genfscon sysfs /devices/platform/1c240000.drmdecon/dqe0/atc u:object_r:sysfs_display:s0
genfscon sysfs /devices/platform/1c241000.drmdecon/dqe1/atc u:object_r:sysfs_display:s0
@@ -162,48 +177,46 @@
genfscon sysfs /devices/platform/14700000.ufs/host0/target0:0:0/0:0:0: u:object_r:sysfs_scsi_devices_0000:s0
genfscon sysfs /devices/platform/14700000.ufs/ufs_stats u:object_r:sysfs_scsi_devices_0000:s0
genfscon sysfs /devices/platform/14700000.ufs/attributes/wb_avail_buf u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/14700000.ufs/vendor u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/14700000.ufs/model u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/14700000.ufs/rev u:object_r:sysfs_scsi_devices_0000:s0
# debugfs
-genfscon debugfs /f2fs u:object_r:debugfs_f2fs:s0
genfscon debugfs /maxfg u:object_r:vendor_maxfg_debugfs:s0
-genfscon debugfs /dma_buf/bufinfo u:object_r:vendor_dmabuf_debugfs:s0
+genfscon debugfs /maxfg_base u:object_r:vendor_maxfg_debugfs:s0
+genfscon debugfs /maxfg_secondary u:object_r:vendor_maxfg_debugfs:s0
genfscon debugfs /pm_genpd/pm_genpd_summary u:object_r:vendor_pm_genpd_debugfs:s0
genfscon debugfs /regmap u:object_r:vendor_regmap_debugfs:s0
genfscon debugfs /usb u:object_r:vendor_usb_debugfs:s0
genfscon debugfs /google_charger u:object_r:vendor_charger_debugfs:s0
+genfscon debugfs /max77759_chg u:object_r:vendor_charger_debugfs:s0
+genfscon debugfs /max77729_pmic u:object_r:vendor_charger_debugfs:s0
genfscon debugfs /gvotables u:object_r:vendor_votable_debugfs:s0
genfscon debugfs /google_battery u:object_r:vendor_battery_debugfs:s0
-genfscon debugfs /dri/0/crtc- u:object_r:vendor_dri_debugfs:s0
-genfscon debugfs /page_pinner u:object_r:vendor_page_pinner_debugfs:s0
# Battery
genfscon sysfs /devices/platform/google,battery/power_supply/battery u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/platform/google,cpm u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/platform/google,charger u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/platform/10d60000.hsi2c u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/pseudo_0/adapter0/host1/target1:0:0/1:0:0:0/block/sde u:object_r:sysfs_devices_block:s0
# P22 battery
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-2/2-0050/eeprom u:object_r:sysfs_batteryinfo:s0
-genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-2/i2c-p9412 u:object_r:sysfs_wlc:s0
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-2/i2c-p9412/power_supply u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-3/3-0050/eeprom u:object_r:sysfs_batteryinfo:s0
-genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-3/i2c-p9412 u:object_r:sysfs_wlc:s0
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-3/i2c-p9412/power_supply u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-4/4-0050/eeprom u:object_r:sysfs_batteryinfo:s0
-genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-4/i2c-p9412 u:object_r:sysfs_wlc:s0
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-4/i2c-p9412/power_supply u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-5/5-0050/eeprom u:object_r:sysfs_batteryinfo:s0
-genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-5/i2c-p9412 u:object_r:sysfs_wlc:s0
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-5/i2c-p9412/power_supply u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-6/6-0050/eeprom u:object_r:sysfs_batteryinfo:s0
-genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-6/i2c-p9412 u:object_r:sysfs_wlc:s0
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-6/i2c-p9412/power_supply u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/7-0050/eeprom u:object_r:sysfs_batteryinfo:s0
-genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9412 u:object_r:sysfs_wlc:s0
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9412/power_supply u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-8/8-0050/eeprom u:object_r:sysfs_batteryinfo:s0
-genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-8/i2c-p9412 u:object_r:sysfs_wlc:s0
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-8/i2c-p9412/power_supply u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-9/9-0050/eeprom u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-2/2-0069/power_supply u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-3/3-0069/power_supply u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-4/4-0069/power_supply u:object_r:sysfs_batteryinfo:s0
@@ -211,6 +224,13 @@
genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-6/6-0069/power_supply u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-7/7-0069/power_supply u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-8/8-0069/power_supply u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-2/2-0057/chg_stats u:object_r:sysfs_pca:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-3/3-0057/chg_stats u:object_r:sysfs_pca:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-4/4-0057/chg_stats u:object_r:sysfs_pca:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-5/5-0057/chg_stats u:object_r:sysfs_pca:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-6/6-0057/chg_stats u:object_r:sysfs_pca:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-7/7-0057/chg_stats u:object_r:sysfs_pca:s0
+genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-8/8-0057/chg_stats u:object_r:sysfs_pca:s0
# Extcon
genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-2/i2c-max77759tcpc/extcon u:object_r:sysfs_extcon:s0
@@ -302,9 +322,22 @@
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-8/i2c-p9412/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-8/i2c-p9412/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb2 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb3 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/usb2 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/usb3 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.6.auto/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.6.auto/usb2 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.6.auto/usb3 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/11210000.usb/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/14520000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/14520000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/19000000.aoc/com.google.usf/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/19000000.aoc/com.google.usf.non_wake_up/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/19000000.aoc/com.google.chre/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/19000000.aoc/com.google.chre.non_wake_up/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/19000000.aoc/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/19000000.aoc/usb_control/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-7/i2c-s2mpg12mfd/s2mpg12-power-keys/wakeup u:object_r:sysfs_wakeup:s0
@@ -338,26 +371,26 @@
genfscon sysfs /devices/platform/100b0000.TPU u:object_r:sysfs_thermal:s0
genfscon sysfs /devices/platform/100b0000.AUR u:object_r:sysfs_thermal:s0
-genfscon sysfs /module/gs_thermal/parameters/tmu_reg_dump_state u:object_r:sysfs_thermal:s0
-genfscon sysfs /module/gs_thermal/parameters/tmu_reg_dump_current_temp u:object_r:sysfs_thermal:s0
-genfscon sysfs /module/gs_thermal/parameters/tmu_top_reg_dump_rise_thres u:object_r:sysfs_thermal:s0
-genfscon sysfs /module/gs_thermal/parameters/tmu_top_reg_dump_fall_thres u:object_r:sysfs_thermal:s0
-genfscon sysfs /module/gs_thermal/parameters/tmu_sub_reg_dump_rise_thres u:object_r:sysfs_thermal:s0
-genfscon sysfs /module/gs_thermal/parameters/tmu_sub_reg_dump_fall_thres u:object_r:sysfs_thermal:s0
+genfscon sysfs /thermal_zone14/mode u:object_r:sysfs_thermal:s0
+
+# PCIe link
+genfscon sysfs /devices/platform/14520000.pcie/link_stats u:object_r:sysfs_exynos_pcie_stats:s0
+genfscon sysfs /devices/platform/11920000.pcie/link_stats u:object_r:sysfs_exynos_pcie_stats:s0
# Camera
genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/min_freq u:object_r:sysfs_camera:s0
+genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/max_freq u:object_r:sysfs_camera:s0
genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/min_freq u:object_r:sysfs_camera:s0
+# SJTAG
+genfscon sysfs /devices/platform/sjtag_ap/interface u:object_r:sysfs_sjtag:s0
+genfscon sysfs /devices/platform/sjtag_gsa/interface u:object_r:sysfs_sjtag:s0
+
# USB-C throttling stats
genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/cleared_time u:object_r:sysfs_usbc_throttling_stats:s0
genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/hysteresis_time u:object_r:sysfs_usbc_throttling_stats:s0
genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/trip_time u:object_r:sysfs_usbc_throttling_stats:s0
-# SJTAG
-genfscon sysfs /devices/platform/sjtag_ap/interface u:object_r:sysfs_sjtag:s0
-genfscon sysfs /devices/platform/sjtag_gsa/interface u:object_r:sysfs_sjtag:s0
-
# Coresight ETM
genfscon sysfs /devices/platform/2b840000.etm u:object_r:sysfs_devices_cs_etm:s0
genfscon sysfs /devices/platform/2b940000.etm u:object_r:sysfs_devices_cs_etm:s0
@@ -367,3 +400,35 @@
genfscon sysfs /devices/platform/2bd40000.etm u:object_r:sysfs_devices_cs_etm:s0
genfscon sysfs /devices/platform/2be40000.etm u:object_r:sysfs_devices_cs_etm:s0
genfscon sysfs /devices/platform/2bf40000.etm u:object_r:sysfs_devices_cs_etm:s0
+
+# Trusty
+genfscon sysfs /module/trusty_virtio/parameters/use_high_wq u:object_r:sysfs_trusty:s0
+genfscon sysfs /module/trusty_core/parameters/use_high_wq u:object_r:sysfs_trusty:s0
+
+# EM Profile
+genfscon sysfs /kernel/pixel_em/active_profile u:object_r:sysfs_em_profile:s0
+
+# Privacy LED
+genfscon sysfs /devices/platform/pwmleds/leds/green/brightness u:object_r:sysfs_leds:s0
+genfscon sysfs /devices/platform/pwmleds/leds/green/max_brightness u:object_r:sysfs_leds:s0
+
+# AOC
+genfscon sysfs /devices/platform/19000000.aoc/aoc_clock_and_kernel_boottime u:object_r:sysfs_aoc_boottime:s0
+genfscon sysfs /devices/platform/19000000.aoc/firmware u:object_r:sysfs_aoc_firmware:s0
+genfscon sysfs /devices/platform/19000000.aoc u:object_r:sysfs_aoc:s0
+genfscon sysfs /devices/platform/19000000.aoc/reset u:object_r:sysfs_aoc_reset:s0
+genfscon sysfs /devices/platform/19000000.aoc/services u:object_r:sysfs_aoc_dumpstate:s0
+genfscon sysfs /devices/platform/19000000.aoc/restart_count u:object_r:sysfs_aoc_dumpstate:s0
+genfscon sysfs /devices/platform/19000000.aoc/coredump_count u:object_r:sysfs_aoc_dumpstate:s0
+genfscon sysfs /devices/platform/19000000.aoc/control/ring_buffer_wakeup u:object_r:sysfs_aoc_dumpstate:s0
+genfscon sysfs /devices/platform/19000000.aoc/control/host_ipc_wakeup u:object_r:sysfs_aoc_dumpstate:s0
+genfscon sysfs /devices/platform/19000000.aoc/control/usf_wakeup u:object_r:sysfs_aoc_dumpstate:s0
+genfscon sysfs /devices/platform/19000000.aoc/control/audio_wakeup u:object_r:sysfs_aoc_dumpstate:s0
+genfscon sysfs /devices/platform/19000000.aoc/control/logging_wakeup u:object_r:sysfs_aoc_dumpstate:s0
+genfscon sysfs /devices/platform/19000000.aoc/control/hotword_wakeup u:object_r:sysfs_aoc_dumpstate:s0
+genfscon sysfs /devices/platform/19000000.aoc/control/memory_exception u:object_r:sysfs_aoc_dumpstate:s0
+genfscon sysfs /devices/platform/19000000.aoc/control/memory_votes_a32 u:object_r:sysfs_aoc_dumpstate:s0
+genfscon sysfs /devices/platform/19000000.aoc/control/memory_votes_ff1 u:object_r:sysfs_aoc_dumpstate:s0
+
+# GPS
+genfscon sysfs /devices/platform/10940000.spi/spi_master/spi5/spi5.0/nstandby u:object_r:sysfs_gps:s0
diff --git a/whitechapel_pro/google_camera_app.te b/whitechapel_pro/google_camera_app.te
index ad09781..d73cd3d 100644
--- a/whitechapel_pro/google_camera_app.te
+++ b/whitechapel_pro/google_camera_app.te
@@ -1,5 +1,6 @@
type google_camera_app, domain, coredomain;
app_domain(google_camera_app)
+net_domain(google_camera_app)
allow google_camera_app app_api_service:service_manager find;
allow google_camera_app audioserver_service:service_manager find;
@@ -13,3 +14,13 @@
# Allows camera app to search for GXP firmware file.
allow google_camera_app vendor_fw_file:dir search;
+
+# Allows camera app to access the PowerHAL.
+hal_client_domain(google_camera_app, hal_power)
+
+# Allows GCA to find and access the EdgeTPU.
+allow google_camera_app edgetpu_app_service:service_manager find;
+allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map };
+
+# Library code may try to access vendor properties, but should be denied
+dontaudit google_camera_app vendor_default_prop:file { getattr map open };
diff --git a/whitechapel_pro/gpsd.te b/whitechapel_pro/gpsd.te
new file mode 100644
index 0000000..79055ec
--- /dev/null
+++ b/whitechapel_pro/gpsd.te
@@ -0,0 +1,9 @@
+type gpsd, domain;
+type gpsd_exec, vendor_file_type, exec_type, file_type;
+# Allow gpsd access PixelLogger unix socket in debug build only
+userdebug_or_eng(`
+ typeattribute gpsd mlstrustedsubject;
+ allow gpsd logger_app:unix_stream_socket connectto;
+')
+
+
diff --git a/whitechapel_pro/grilservice_app.te b/whitechapel_pro/grilservice_app.te
index 6e0dd66..2525bab 100644
--- a/whitechapel_pro/grilservice_app.te
+++ b/whitechapel_pro/grilservice_app.te
@@ -5,8 +5,11 @@
allow grilservice_app hal_bluetooth_coexistence_hwservice:hwservice_manager find;
allow grilservice_app hal_radioext_hwservice:hwservice_manager find;
allow grilservice_app hal_wifi_ext_hwservice:hwservice_manager find;
+allow grilservice_app hal_wifi_ext_service:service_manager find;
allow grilservice_app hal_audiometricext_hwservice:hwservice_manager find;
allow grilservice_app hal_exynos_rild_hwservice:hwservice_manager find;
+allow grilservice_app radio_vendor_data_file:dir create_dir_perms;
+allow grilservice_app radio_vendor_data_file:file create_file_perms;
binder_call(grilservice_app, hal_bluetooth_btlinux)
binder_call(grilservice_app, hal_radioext_default)
binder_call(grilservice_app, hal_wifi_ext)
diff --git a/whitechapel_pro/gxp_logging.te b/whitechapel_pro/gxp_logging.te
new file mode 100644
index 0000000..107942d
--- /dev/null
+++ b/whitechapel_pro/gxp_logging.te
@@ -0,0 +1,9 @@
+type gxp_logging, domain;
+type gxp_logging_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(gxp_logging)
+
+# The logging service accesses /dev/gxp
+allow gxp_logging gxp_device:chr_file rw_file_perms;
+
+# Allow gxp tracing service to send packets to Perfetto
+userdebug_or_eng(`perfetto_producer(gxp_logging)')
diff --git a/whitechapel_pro/hal_camera_default.te b/whitechapel_pro/hal_camera_default.te
index 92c629e..0590998 100644
--- a/whitechapel_pro/hal_camera_default.te
+++ b/whitechapel_pro/hal_camera_default.te
@@ -23,6 +23,10 @@
allow hal_camera_default sysfs_edgetpu:file r_file_perms;
allow hal_camera_default edgetpu_vendor_service:service_manager find;
binder_call(hal_camera_default, edgetpu_vendor_server)
+# Allow edgetpu_app_service as well, due to the EdgeTpu metrics logging
+# library has a dependency on edgetpu_app_service, see b/275016466.
+allow hal_camera_default edgetpu_app_service:service_manager find;
+binder_call(hal_camera_default, edgetpu_app_server)
# Allow the camera hal to access the GXP device.
allow hal_camera_default gxp_device:chr_file rw_file_perms;
@@ -91,3 +95,17 @@
# Allow camera HAL to send trace packets to Perfetto
userdebug_or_eng(`perfetto_producer(hal_camera_default)')
+
+# Some file searches attempt to access system data and are denied.
+# This is benign and can be ignored.
+dontaudit hal_camera_default system_data_file:dir { search };
+
+# google3 prebuilts attempt to connect to the wrong trace socket, ignore them.
+dontaudit hal_camera_default traced:unix_stream_socket { connectto };
+dontaudit hal_camera_default traced_producer_socket:sock_file { write };
+
+# Allow access to always-on compute device node
+allow hal_camera_default aoc_device:chr_file rw_file_perms;
+
+# Allow the Camera HAL to acquire wakelocks
+wakelock_use(hal_camera_default)
diff --git a/whitechapel_pro/hal_dumpstate_default.te b/whitechapel_pro/hal_dumpstate_default.te
deleted file mode 100644
index f5ebec1..0000000
--- a/whitechapel_pro/hal_dumpstate_default.te
+++ /dev/null
@@ -1,139 +0,0 @@
-allow hal_dumpstate_default vendor_camera_data_file:dir r_dir_perms;
-allow hal_dumpstate_default vendor_camera_data_file:file r_file_perms;
-
-allow hal_dumpstate_default sysfs_cpu:file r_file_perms;
-
-allow hal_dumpstate_default vendor_usf_reg_edit:file execute_no_trans;
-allow hal_dumpstate_default vendor_usf_stats:file execute_no_trans;
-
-allow hal_dumpstate_default vendor_rfsd_log_file:dir r_dir_perms;
-allow hal_dumpstate_default vendor_rfsd_log_file:file r_file_perms;
-
-allow hal_dumpstate_default vendor_gps_file:dir r_dir_perms;
-allow hal_dumpstate_default vendor_gps_file:file r_file_perms;
-
-allow hal_dumpstate_default sysfs_chip_id:file r_file_perms;
-
-allow hal_dumpstate_default sysfs_wlc:dir r_dir_perms;
-allow hal_dumpstate_default sysfs_wlc:file r_file_perms;
-
-allow hal_dumpstate_default sysfs_exynos_bts:dir r_dir_perms;
-allow hal_dumpstate_default sysfs_exynos_bts_stats:file r_file_perms;
-
-allow hal_dumpstate_default sysfs_aoc:dir r_dir_perms;
-allow hal_dumpstate_default sysfs_aoc_dumpstate:file r_file_perms;
-
-allow hal_dumpstate_default sscoredump_vendor_data_crashinfo_file:dir r_dir_perms;
-allow hal_dumpstate_default sscoredump_vendor_data_crashinfo_file:file r_file_perms;
-
-allow hal_dumpstate_default sysfs_thermal:dir r_dir_perms;
-allow hal_dumpstate_default sysfs_thermal:file r_file_perms;
-
-allow hal_dumpstate_default sysfs_wifi:dir r_dir_perms;
-allow hal_dumpstate_default sysfs_wifi:file r_file_perms;
-
-allow hal_dumpstate_default sysfs_batteryinfo:dir r_dir_perms;
-allow hal_dumpstate_default sysfs_batteryinfo:file r_file_perms;
-
-allow hal_dumpstate_default sysfs_acpm_stats:dir r_dir_perms;
-allow hal_dumpstate_default sysfs_acpm_stats:file r_file_perms;
-
-allow hal_dumpstate_default radio_vendor_data_file:dir create_dir_perms;
-allow hal_dumpstate_default radio_vendor_data_file:file create_file_perms;
-
-allow hal_dumpstate_default modem_efs_file:dir search;
-allow hal_dumpstate_default modem_efs_file:file r_file_perms;
-allow hal_dumpstate_default modem_stat_data_file:dir r_dir_perms;
-allow hal_dumpstate_default modem_stat_data_file:file r_file_perms;
-allow hal_dumpstate_default vendor_slog_file:file r_file_perms;
-
-allow hal_dumpstate_default logbuffer_device:chr_file r_file_perms;
-
-allow hal_dumpstate_default citadeld_service:service_manager find;
-allow hal_dumpstate_default citadel_updater:file execute_no_trans;
-binder_call(hal_dumpstate_default, citadeld);
-
-allow hal_dumpstate_default device:dir r_dir_perms;
-allow hal_dumpstate_default aoc_device:chr_file rw_file_perms;
-
-allow hal_dumpstate_default proc_f2fs:dir r_dir_perms;
-allow hal_dumpstate_default proc_f2fs:file r_file_perms;
-
-allow hal_dumpstate_default sysfs_scsi_devices_0000:dir r_dir_perms;
-allow hal_dumpstate_default sysfs_scsi_devices_0000:file r_file_perms;
-
-allow hal_dumpstate_default sysfs_touch:dir r_dir_perms;
-allow hal_dumpstate_default sysfs_touch:file rw_file_perms;
-
-allow hal_dumpstate_default proc_touch:dir r_dir_perms;
-allow hal_dumpstate_default proc_touch:file rw_file_perms;
-
-allow hal_dumpstate_default vendor_displaycolor_service:service_manager find;
-binder_call(hal_dumpstate_default, hal_graphics_composer_default);
-vndbinder_use(hal_dumpstate_default)
-
-allow hal_dumpstate_default shell_data_file:file getattr;
-
-allow hal_dumpstate_default vendor_log_file:dir search;
-allow hal_dumpstate_default vendor_dumpsys:file execute_no_trans;
-
-allow hal_dumpstate_default vendor_toolbox_exec:file execute_no_trans;
-allow hal_dumpstate_default vendor_shell_exec:file execute_no_trans;
-
-allow hal_dumpstate_default proc_vendor_sched:dir r_dir_perms;
-allow hal_dumpstate_default proc_vendor_sched:file r_file_perms;
-
-get_prop(hal_dumpstate_default, vendor_camera_debug_prop);
-get_prop(hal_dumpstate_default, boottime_public_prop)
-get_prop(hal_dumpstate_default, vendor_camera_prop)
-get_prop(hal_dumpstate_default, vendor_gps_prop)
-set_prop(hal_dumpstate_default, vendor_modem_prop)
-get_prop(hal_dumpstate_default, vendor_rild_prop)
-get_prop(hal_dumpstate_default, vendor_tcpdump_log_prop)
-set_prop(hal_dumpstate_default, vendor_logger_prop)
-
-userdebug_or_eng(`
- allow hal_dumpstate_default mnt_vendor_file:dir search;
- allow hal_dumpstate_default ramdump_vendor_mnt_file:dir search;
- allow hal_dumpstate_default ramdump_vendor_mnt_file:file r_file_perms;
- allow hal_dumpstate_default sysfs_bcl:dir r_dir_perms;
- allow hal_dumpstate_default sysfs_bcl:file r_file_perms;
- allow hal_dumpstate_default debugfs:dir r_dir_perms;
- allow hal_dumpstate_default vendor_votable_debugfs:dir r_dir_perms;
- allow hal_dumpstate_default vendor_votable_debugfs:file r_file_perms;
- allow hal_dumpstate_default debugfs_f2fs:dir r_dir_perms;
- allow hal_dumpstate_default debugfs_f2fs:file r_file_perms;
- allow hal_dumpstate_default vendor_battery_debugfs:dir r_dir_perms;
- allow hal_dumpstate_default vendor_battery_debugfs:file r_file_perms;
- allow hal_dumpstate_default vendor_charger_debugfs:dir r_dir_perms;
- allow hal_dumpstate_default vendor_charger_debugfs:file r_file_perms;
- allow hal_dumpstate_default vendor_dmabuf_debugfs:file r_file_perms;
- allow hal_dumpstate_default vendor_maxfg_debugfs:dir r_dir_perms;
- allow hal_dumpstate_default vendor_maxfg_debugfs:file r_file_perms;
- allow hal_dumpstate_default vendor_pm_genpd_debugfs:file r_file_perms;
- allow hal_dumpstate_default vendor_dri_debugfs:dir r_dir_perms;
- allow hal_dumpstate_default vendor_dri_debugfs:file r_file_perms;
- allow hal_dumpstate_default vendor_page_pinner_debugfs:dir search;
- allow hal_dumpstate_default vendor_page_pinner_debugfs:file r_file_perms;
-')
-
-dontaudit hal_dumpstate_default mnt_vendor_file:dir search;
-dontaudit hal_dumpstate_default vendor_dri_debugfs:dir r_dir_perms;
-dontaudit hal_dumpstate_default vendor_dri_debugfs:file r_file_perms;
-dontaudit hal_dumpstate_default debugfs:dir r_dir_perms;
-dontaudit hal_dumpstate_default vendor_votable_debugfs:dir r_dir_perms;
-dontaudit hal_dumpstate_default vendor_votable_debugfs:file r_file_perms;
-dontaudit hal_dumpstate_default debugfs_f2fs:dir r_dir_perms;
-dontaudit hal_dumpstate_default debugfs_f2fs:file r_file_perms;
-dontaudit hal_dumpstate_default vendor_battery_debugfs:dir r_dir_perms;
-dontaudit hal_dumpstate_default vendor_battery_debugfs:file r_file_perms;
-dontaudit hal_dumpstate_default vendor_charger_debugfs:dir r_dir_perms;
-dontaudit hal_dumpstate_default vendor_charger_debugfs:file r_file_perms;
-dontaudit hal_dumpstate_default vendor_dmabuf_debugfs:file r_file_perms;
-dontaudit hal_dumpstate_default vendor_maxfg_debugfs:dir r_dir_perms;
-dontaudit hal_dumpstate_default vendor_maxfg_debugfs:file r_file_perms;
-dontaudit hal_dumpstate_default vendor_pm_genpd_debugfs:file r_file_perms;
-dontaudit hal_dumpstate_default sysfs_bcl:dir r_dir_perms;
-dontaudit hal_dumpstate_default sysfs_bcl:file r_file_perms;
-dontaudit hal_dumpstate_default vendor_page_pinner_debugfs:dir search;
-dontaudit hal_dumpstate_default vendor_page_pinner_debugfs:file r_file_perms;
diff --git a/whitechapel_pro/hal_fastboot_default.te b/whitechapel_pro/hal_fastboot_default.te
new file mode 100644
index 0000000..396120e
--- /dev/null
+++ b/whitechapel_pro/hal_fastboot_default.te
@@ -0,0 +1,24 @@
+binder_use(hal_fastboot_default)
+
+# For get-off-mode charge state
+allow hal_fastboot_default devinfo_block_device:blk_file { open read };
+allow hal_fastboot_default kmsg_device:chr_file { open write };
+
+# For dev/block/by-name dir
+allow hal_fastboot_default block_device:dir r_dir_perms;
+
+allow hal_fastboot_default tmpfs:dir rw_dir_perms;
+allow hal_fastboot_default rootfs:dir r_dir_perms;
+
+# For set-brightness
+allow hal_fastboot_default sysfs_leds:dir search;
+allow hal_fastboot_default sysfs_leds:file rw_file_perms;
+allow hal_fastboot_default sysfs_leds:lnk_file read;
+
+#for fastboot -w (wiping device)
+allow hal_fastboot_default citadel_device:chr_file { rw_file_perms };
+allow hal_fastboot_default proc_bootconfig:file { rw_file_perms };
+allow hal_fastboot_default proc_cmdline:file { rw_file_perms };
+allow hal_fastboot_default st54spi_device:chr_file { rw_file_perms };
+allow hal_fastboot_default metadata_block_device:blk_file { rw_file_perms };
+allowxperm hal_fastboot_default metadata_block_device:blk_file ioctl { BLKSECDISCARD BLKDISCARD };
diff --git a/whitechapel_pro/hal_fingerprint_default.te b/whitechapel_pro/hal_fingerprint_default.te
index fa03d98..8ec45a9 100644
--- a/whitechapel_pro/hal_fingerprint_default.te
+++ b/whitechapel_pro/hal_fingerprint_default.te
@@ -23,3 +23,17 @@
# Allow fingerprint to read sysfs_display
allow hal_fingerprint_default sysfs_display:file r_file_perms;
+
+# Allow fingerprint to access trusty sysfs
+allow hal_fingerprint_default sysfs_trusty:file rw_file_perms;
+
+# Allow fingerprint to access display hal
+allow hal_fingerprint_default hal_pixel_display_service:service_manager find;
+binder_call(hal_fingerprint_default, hal_graphics_composer_default)
+
+# allow fingerprint to access thermal hal
+hal_client_domain(hal_fingerprint_default, hal_thermal);
+
+# allow fingerprint to read sysfs_leds
+allow hal_fingerprint_default sysfs_leds:file r_file_perms;
+allow hal_fingerprint_default sysfs_leds:dir r_dir_perms;
diff --git a/whitechapel_pro/hal_graphics_composer_default.te b/whitechapel_pro/hal_graphics_composer_default.te
index 61972c7..2496674 100644
--- a/whitechapel_pro/hal_graphics_composer_default.te
+++ b/whitechapel_pro/hal_graphics_composer_default.te
@@ -52,3 +52,7 @@
# allow HWC to get device_config_surface_flinger_native_boot_prop for adpf flags
get_prop(hal_graphics_composer_default, device_config_surface_flinger_native_boot_prop)
+
+# allow HWC to write log file
+allow hal_graphics_composer_default vendor_hwc_log_file:dir rw_dir_perms;
+allow hal_graphics_composer_default vendor_hwc_log_file:file create_file_perms;
diff --git a/whitechapel_pro/hal_health_default.te b/whitechapel_pro/hal_health_default.te
index cfe602d..fbbad6b 100644
--- a/whitechapel_pro/hal_health_default.te
+++ b/whitechapel_pro/hal_health_default.te
@@ -4,14 +4,17 @@
allow hal_health_default persist_battery_file:dir rw_dir_perms;
set_prop(hal_health_default, vendor_battery_defender_prop)
+set_prop(hal_health_default, vendor_shutdown_prop)
# Access to /sys/devices/platform/14700000.ufs/*
allow hal_health_default sysfs_scsi_devices_0000:dir r_dir_perms;
allow hal_health_default sysfs_scsi_devices_0000:file rw_file_perms;
+allow hal_health_default fwk_stats_service:service_manager find;
+binder_use(hal_health_default)
+
allow hal_health_default sysfs_wlc:dir search;
allow hal_health_default sysfs_batteryinfo:file w_file_perms;
allow hal_health_default sysfs_thermal:dir search;
allow hal_health_default sysfs_thermal:file w_file_perms;
-allow hal_health_default sysfs_thermal:lnk_file read;
allow hal_health_default thermal_link_device:dir search;
diff --git a/whitechapel_pro/hal_input_processor_default.te b/whitechapel_pro/hal_input_processor_default.te
new file mode 100644
index 0000000..00d4c69
--- /dev/null
+++ b/whitechapel_pro/hal_input_processor_default.te
@@ -0,0 +1,2 @@
+# allow InputProcessor HAL to read the display resolution system property
+get_prop(hal_input_processor_default, vendor_display_prop)
diff --git a/whitechapel_pro/hal_memtrack_default.te b/whitechapel_pro/hal_memtrack_default.te
new file mode 100644
index 0000000..7554c6f
--- /dev/null
+++ b/whitechapel_pro/hal_memtrack_default.te
@@ -0,0 +1 @@
+r_dir_file(hal_memtrack_default, sysfs_gpu)
diff --git a/whitechapel_pro/hal_nfc_default.te b/whitechapel_pro/hal_nfc_default.te
index 247ca3d..11e0617 100644
--- a/whitechapel_pro/hal_nfc_default.te
+++ b/whitechapel_pro/hal_nfc_default.te
@@ -13,3 +13,5 @@
# allow nfc to read uwb calibration file
get_prop(hal_nfc_default, vendor_uwb_calibration_prop)
+get_prop(hal_nfc_default, vendor_uwb_calibration_country_code)
+
diff --git a/whitechapel_pro/hal_power_default.te b/whitechapel_pro/hal_power_default.te
index 076de46..4d6d0e0 100644
--- a/whitechapel_pro/hal_power_default.te
+++ b/whitechapel_pro/hal_power_default.te
@@ -6,4 +6,6 @@
allow hal_power_default sysfs_gpu:file rw_file_perms;
allow hal_power_default sysfs_fabric:file rw_file_perms;
allow hal_power_default sysfs_camera:file rw_file_perms;
+allow hal_power_default sysfs_trusty:file rw_file_perms;
+allow hal_power_default sysfs_em_profile:file rw_file_perms;
set_prop(hal_power_default, vendor_camera_prop)
diff --git a/whitechapel_pro/hal_sensors_default.te b/whitechapel_pro/hal_sensors_default.te
index b33741e..076ceaf 100644
--- a/whitechapel_pro/hal_sensors_default.te
+++ b/whitechapel_pro/hal_sensors_default.te
@@ -30,15 +30,30 @@
r_dir_file(hal_sensors_default, persist_camera_file)
# Allow creation and writing of sensor registry data files.
-allow hal_sensors_default sensor_reg_data_file:dir r_dir_perms;
-allow hal_sensors_default sensor_reg_data_file:file r_file_perms;
+allow hal_sensors_default sensor_reg_data_file:dir rw_dir_perms;
+allow hal_sensors_default sensor_reg_data_file:file create_file_perms;
+
+userdebug_or_eng(`
+ # Allow creation and writing of sensor debug data files.
+ allow hal_sensors_default sensor_debug_data_file:dir rw_dir_perms;
+ allow hal_sensors_default sensor_debug_data_file:file create_file_perms;
+')
# Allow access to the display info for ALS.
allow hal_sensors_default sysfs_display:file rw_file_perms;
+# Allow access to the sysfs_aoc.
+allow hal_sensors_default sysfs_aoc:dir search;
+allow hal_sensors_default sysfs_aoc:file r_file_perms;
+
+# Allow access for AoC properties.
+get_prop(hal_sensors_default, vendor_aoc_prop)
+
+# Allow sensor HAL to read AoC dumpstate.
+allow hal_sensors_default sysfs_aoc_dumpstate:file r_file_perms;
+
# Allow access to the AoC clock and kernel boot time sys FS node. This is needed
# to synchronize the AP and AoC clock timestamps.
-allow hal_sensors_default sysfs_aoc:dir search;
allow hal_sensors_default sysfs_aoc_boottime:file r_file_perms;
# Allow access to the files of CDT information.
@@ -66,3 +81,7 @@
# Allow display_info_service access to the backlight driver.
allow hal_sensors_default sysfs_write_leds:file rw_file_perms;
+
+# Allow access to the power supply files for MagCC.
+r_dir_file(hal_sensors_default, sysfs_batteryinfo)
+allow hal_sensors_default sysfs_wlc:dir r_dir_perms;
diff --git a/whitechapel_pro/hal_thermal_default.te b/whitechapel_pro/hal_thermal_default.te
index 9852a76..a573a2a 100644
--- a/whitechapel_pro/hal_thermal_default.te
+++ b/whitechapel_pro/hal_thermal_default.te
@@ -1,2 +1,2 @@
-allow hal_thermal_default sysfs_iio_devices:dir r_dir_perms;
-allow hal_thermal_default sysfs_odpm:file r_file_perms;
+r_dir_file(hal_thermal_default, sysfs_iio_devices)
+r_dir_file(hal_thermal_default, sysfs_odpm)
diff --git a/whitechapel_pro/hal_usb_impl.te b/whitechapel_pro/hal_usb_impl.te
index a5da3ce..5d2a65e 100644
--- a/whitechapel_pro/hal_usb_impl.te
+++ b/whitechapel_pro/hal_usb_impl.te
@@ -24,3 +24,8 @@
# For reading the usb-c throttling stats
allow hal_usb_impl sysfs_usbc_throttling_stats:file r_file_perms;
+
+# For issuing vendor commands to USB hub via libusbhost
+allow hal_usb_impl device:dir r_dir_perms;
+allow hal_usb_impl usb_device:chr_file rw_file_perms;
+allow hal_usb_impl usb_device:dir r_dir_perms;
diff --git a/whitechapel_pro/hal_wireless_charger.te b/whitechapel_pro/hal_wireless_charger.te
new file mode 100644
index 0000000..04b3e5e
--- /dev/null
+++ b/whitechapel_pro/hal_wireless_charger.te
@@ -0,0 +1,2 @@
+type hal_wireless_charger, domain;
+type hal_wireless_charger_exec, exec_type, vendor_file_type, file_type;
diff --git a/whitechapel_pro/hal_wlc.te b/whitechapel_pro/hal_wlc.te
index 80eb167..1cf9d03 100644
--- a/whitechapel_pro/hal_wlc.te
+++ b/whitechapel_pro/hal_wlc.te
@@ -7,8 +7,6 @@
get_prop(hal_wlc, hwservicemanager_prop)
r_dir_file(hal_wlc, sysfs_batteryinfo)
-allow hal_wlc sysfs_wlc:dir r_dir_perms;
-allow hal_wlc sysfs_wlc:file rw_file_perms;
allow hal_wlc self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
diff --git a/whitechapel_pro/hardware_info_app.te b/whitechapel_pro/hardware_info_app.te
deleted file mode 100644
index 751bb88..0000000
--- a/whitechapel_pro/hardware_info_app.te
+++ /dev/null
@@ -1,26 +0,0 @@
-type hardware_info_app, domain;
-app_domain(hardware_info_app)
-
-allow hardware_info_app app_api_service:service_manager find;
-
-# Storage
-allow hardware_info_app sysfs_scsi_devices_0000:dir search;
-allow hardware_info_app sysfs_scsi_devices_0000:file r_file_perms;
-
-# Audio
-allow hardware_info_app sysfs_pixelstats:file r_file_perms;
-
-# Batteryinfo
-allow hardware_info_app sysfs_batteryinfo:dir search;
-allow hardware_info_app sysfs_batteryinfo:file r_file_perms;
-
-# Display
-allow hardware_info_app sysfs_display:dir search;
-allow hardware_info_app sysfs_display:file r_file_perms;
-
-# SoC
-allow hardware_info_app sysfs_soc:file r_file_perms;
-allow hardware_info_app sysfs_chip_id:file r_file_perms;
-
-# Batery history
-allow hardware_info_app battery_history_device:chr_file r_file_perms;
diff --git a/whitechapel_pro/hbmsvmanager_app.te b/whitechapel_pro/hbmsvmanager_app.te
index 3ed4f82..b705809 100644
--- a/whitechapel_pro/hbmsvmanager_app.te
+++ b/whitechapel_pro/hbmsvmanager_app.te
@@ -1,4 +1,4 @@
-type hbmsvmanager_app, domain;
+type hbmsvmanager_app, domain, coredomain;
app_domain(hbmsvmanager_app);
diff --git a/whitechapel_pro/init-display-sh.te b/whitechapel_pro/init-display-sh.te
new file mode 100644
index 0000000..54ff7d6
--- /dev/null
+++ b/whitechapel_pro/init-display-sh.te
@@ -0,0 +1,10 @@
+type init-display-sh, domain;
+type init-display-sh_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(init-display-sh)
+
+allow init-display-sh self:capability sys_module;
+allow init-display-sh vendor_kernel_modules:system module_load;
+allow init-display-sh vendor_toolbox_exec:file execute_no_trans;
+
+dontaudit init-display-sh proc_cmdline:file r_file_perms;
+
diff --git a/whitechapel_pro/init-insmod-sh.te b/whitechapel_pro/init-insmod-sh.te
deleted file mode 100644
index ca98618..0000000
--- a/whitechapel_pro/init-insmod-sh.te
+++ /dev/null
@@ -1,17 +0,0 @@
-type init-insmod-sh, domain;
-type init-insmod-sh_exec, vendor_file_type, exec_type, file_type;
-init_daemon_domain(init-insmod-sh)
-
-allow init-insmod-sh self:capability sys_module;
-allow init-insmod-sh vendor_kernel_modules:system module_load;
-allow init-insmod-sh vendor_toolbox_exec:file execute_no_trans;
-
-allow init-insmod-sh self:capability sys_nice;
-allow init-insmod-sh kernel:process setsched;
-
-set_prop(init-insmod-sh, vendor_device_prop)
-
-dontaudit init-insmod-sh proc_cmdline:file r_file_perms;
-
-allow init-insmod-sh debugfs_mgm:dir search;
-allow init-insmod-sh vendor_regmap_debugfs:dir search;
diff --git a/whitechapel_pro/insmod-sh.te b/whitechapel_pro/insmod-sh.te
new file mode 100644
index 0000000..c7bbdc6
--- /dev/null
+++ b/whitechapel_pro/insmod-sh.te
@@ -0,0 +1,7 @@
+allow insmod-sh self:capability sys_nice;
+allow insmod-sh kernel:process setsched;
+
+dontaudit insmod-sh proc_cmdline:file r_file_perms;
+
+allow insmod-sh debugfs_mgm:dir search;
+allow insmod-sh vendor_regmap_debugfs:dir search;
diff --git a/whitechapel_pro/kernel.te b/whitechapel_pro/kernel.te
index c34e7f7..2cddb45 100644
--- a/whitechapel_pro/kernel.te
+++ b/whitechapel_pro/kernel.te
@@ -9,3 +9,5 @@
allow kernel self:perf_event cpu;
dontaudit kernel vendor_battery_debugfs:dir search;
+dontaudit kernel vendor_maxfg_debugfs:dir { search };
+dontaudit kernel vendor_regmap_debugfs:dir search;
diff --git a/whitechapel_pro/keys.conf b/whitechapel_pro/keys.conf
index 80522c4..54130ea 100644
--- a/whitechapel_pro/keys.conf
+++ b/whitechapel_pro/keys.conf
@@ -9,3 +9,9 @@
[@EUICCSUPPORTPIXEL]
ALL : device/google/gs201-sepolicy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem
+
+[@CAMERAENG]
+ALL : device/google/gs201-sepolicy/whitechapel_pro/certs/camera_eng.x509.pem
+
+[@CAMERAFISHFOOD]
+ALL : device/google/gs201-sepolicy/whitechapel_pro/certs/camera_fishfood.x509.pem
diff --git a/whitechapel_pro/logd.te b/whitechapel_pro/logd.te
index cc55e20..ca969d8 100644
--- a/whitechapel_pro/logd.te
+++ b/whitechapel_pro/logd.te
@@ -1,2 +1,4 @@
r_dir_file(logd, logbuffer_device)
allow logd logbuffer_device:chr_file r_file_perms;
+allow logd trusty_log_device:chr_file r_file_perms;
+
diff --git a/whitechapel_pro/logger_app.te b/whitechapel_pro/logger_app.te
index 9809f30..684e94a 100644
--- a/whitechapel_pro/logger_app.te
+++ b/whitechapel_pro/logger_app.te
@@ -5,6 +5,10 @@
allow logger_app vendor_gps_file:file create_file_perms;
allow logger_app vendor_gps_file:dir create_dir_perms;
allow logger_app sysfs_sscoredump_level:file r_file_perms;
+ allow logger_app hal_exynos_rild_hwservice:hwservice_manager find;
+
+ binder_call(logger_app, rild)
+
r_dir_file(logger_app, ramdump_vendor_data_file)
r_dir_file(logger_app, sscoredump_vendor_data_coredump_file)
r_dir_file(logger_app, sscoredump_vendor_data_crashinfo_file)
diff --git a/whitechapel_pro/mac_permissions.xml b/whitechapel_pro/mac_permissions.xml
index 821f660..b57e61c 100644
--- a/whitechapel_pro/mac_permissions.xml
+++ b/whitechapel_pro/mac_permissions.xml
@@ -33,4 +33,10 @@
<signer signature="@EUICCSUPPORTPIXEL" >
<seinfo value="EuiccSupportPixel" />
</signer>
+ <signer signature="@CAMERAENG" >
+ <seinfo value="CameraEng" />
+ </signer>
+ <signer signature="@CAMERAFISHFOOD" >
+ <seinfo value="CameraFishfood" />
+ </signer>
</policy>
diff --git a/whitechapel_pro/modem_svc_sit.te b/whitechapel_pro/modem_svc_sit.te
index d3e79c9..040082e 100644
--- a/whitechapel_pro/modem_svc_sit.te
+++ b/whitechapel_pro/modem_svc_sit.te
@@ -5,6 +5,9 @@
hwbinder_use(modem_svc_sit)
binder_call(modem_svc_sit, rild)
+# Grant sysfs modem access
+allow modem_svc_sit sysfs_modem:file rw_file_perms;
+
# Grant radio device access
allow modem_svc_sit radio_device:chr_file rw_file_perms;
@@ -14,6 +17,9 @@
allow modem_svc_sit modem_stat_data_file:dir create_dir_perms;
allow modem_svc_sit modem_stat_data_file:file create_file_perms;
+allow modem_svc_sit vendor_fw_file:dir search;
+allow modem_svc_sit vendor_fw_file:file r_file_perms;
+
allow modem_svc_sit mnt_vendor_file:dir search;
allow modem_svc_sit modem_userdata_file:dir create_dir_perms;
allow modem_svc_sit modem_userdata_file:file create_file_perms;
@@ -21,6 +27,16 @@
# RIL property
get_prop(modem_svc_sit, vendor_rild_prop)
+# Modem property
+set_prop(modem_svc_sit, vendor_modem_prop)
+
# hwservice permission
allow modem_svc_sit hal_exynos_rild_hwservice:hwservice_manager find;
get_prop(modem_svc_sit, hwservicemanager_prop)
+
+# logging property
+get_prop(modem_svc_sit, vendor_logger_prop)
+
+userdebug_or_eng(`
+ allow modem_svc_sit radio_test_device:chr_file rw_file_perms;
+')
diff --git a/whitechapel_pro/pixelstats_vendor.te b/whitechapel_pro/pixelstats_vendor.te
index d16acc0..6aba16a 100644
--- a/whitechapel_pro/pixelstats_vendor.te
+++ b/whitechapel_pro/pixelstats_vendor.te
@@ -13,9 +13,39 @@
get_prop(pixelstats_vendor, hwservicemanager_prop);
hwbinder_use(pixelstats_vendor);
allow pixelstats_vendor fwk_sensor_hwservice:hwservice_manager find;
+# android.frameworks.sensorservice through libsensorndkbridge
+allow pixelstats_vendor fwk_sensor_service:service_manager find;
+
# Batery history
allow pixelstats_vendor battery_history_device:chr_file r_file_perms;
# storage smart idle maintenance
get_prop(pixelstats_vendor, smart_idle_maint_enabled_prop);
+
+# Pca charge
+allow pixelstats_vendor sysfs_pca:file rw_file_perms;
+
+#Thermal
+r_dir_file(pixelstats_vendor, sysfs_thermal)
+allow pixelstats_vendor sysfs_thermal:lnk_file r_file_perms;
+
+# BCL
+allow pixelstats_vendor sysfs_bcl:dir search;
+allow pixelstats_vendor sysfs_bcl:file r_file_perms;
+
+# PCIe statistics
+allow pixelstats_vendor sysfs_exynos_pcie_stats:dir search;
+allow pixelstats_vendor sysfs_exynos_pcie_stats:file rw_file_perms;
+
+#perf-metrics
+r_dir_file(pixelstats_vendor, sysfs_vendor_metrics)
+allow pixelstats_vendor sysfs_vendor_metrics:lnk_file r_file_perms;
+allow pixelstats_vendor sysfs_vendor_metrics:file w_file_perms;
+
+# BCL
+allow pixelstats_vendor sysfs_bcl:dir search;
+allow pixelstats_vendor sysfs_bcl:file r_file_perms;
+allow pixelstats_vendor mitigation_vendor_data_file:dir search;
+allow pixelstats_vendor mitigation_vendor_data_file:file { read write };
+get_prop(pixelstats_vendor, vendor_brownout_reason_prop);
diff --git a/whitechapel_pro/platform_app.te b/whitechapel_pro/platform_app.te
index 356167a..1891cae 100644
--- a/whitechapel_pro/platform_app.te
+++ b/whitechapel_pro/platform_app.te
@@ -1,3 +1,6 @@
+binder_call(platform_app, rild)
+allow platform_app hal_exynos_rild_hwservice:hwservice_manager find;
+
allow platform_app hal_pixel_display_service:service_manager find;
allow platform_app hal_wlc_hwservice:hwservice_manager find;
allow platform_app nfc_service:service_manager find;
@@ -14,3 +17,7 @@
# allow udfps of systemui access lhbm
binder_call(platform_app, hal_graphics_composer_default)
+
+# WLC
+allow platform_app hal_wireless_charger_service:service_manager find;
+binder_call(platform_app, hal_wireless_charger)
diff --git a/whitechapel_pro/property.te b/whitechapel_pro/property.te
index bc898f4..d297abe 100644
--- a/whitechapel_pro/property.te
+++ b/whitechapel_pro/property.te
@@ -11,18 +11,15 @@
vendor_internal_prop(vendor_secure_element_prop)
vendor_internal_prop(vendor_battery_profile_prop)
vendor_internal_prop(vendor_battery_defender_prop)
+vendor_internal_prop(vendor_shutdown_prop)
vendor_internal_prop(vendor_imssvc_prop)
vendor_internal_prop(vendor_camera_prop)
-vendor_internal_prop(vendor_camera_debug_prop)
vendor_internal_prop(vendor_camera_fatp_prop)
vendor_internal_prop(vendor_usb_config_prop)
vendor_internal_prop(vendor_tcpdump_log_prop)
-vendor_internal_prop(vendor_device_prop)
-vendor_internal_prop(vendor_ready_prop)
vendor_internal_prop(vendor_gps_prop)
vendor_internal_prop(vendor_ro_sys_default_prop)
vendor_internal_prop(vendor_persist_sys_default_prop)
-vendor_internal_prop(vendor_logger_prop)
vendor_internal_prop(vendor_display_prop)
# Fingerprint
@@ -30,7 +27,20 @@
# UWB calibration
system_vendor_config_prop(vendor_uwb_calibration_prop)
+# Country code must be vendor_public to be written by UwbVendorService and read by NFC HAL
+vendor_internal_prop(vendor_uwb_calibration_country_code)
# Dynamic sensor
vendor_internal_prop(vendor_dynamic_sensor_prop)
+# Telephony debug app
+vendor_internal_prop(vendor_telephony_app_prop)
+
+# Trusty storage FS ready
+vendor_internal_prop(vendor_trusty_storage_prop)
+
+# Mali Integration
+vendor_restricted_prop(vendor_arm_runtime_option_prop)
+
+# ArmNN
+vendor_internal_prop(vendor_armnn_config_prop)
diff --git a/whitechapel_pro/property_contexts b/whitechapel_pro/property_contexts
index ce73700..947adf2 100644
--- a/whitechapel_pro/property_contexts
+++ b/whitechapel_pro/property_contexts
@@ -4,14 +4,6 @@
vendor.sys.dmd. u:object_r:vendor_diag_prop:s0
vendor.sys.diag. u:object_r:vendor_diag_prop:s0
-# Kernel modules related
-vendor.common.modules.ready u:object_r:vendor_device_prop:s0
-vendor.device.modules.ready u:object_r:vendor_device_prop:s0
-
-# Indicating signal that all modules and devices are ready
-vendor.all.modules.ready u:object_r:vendor_ready_prop:s0
-vendor.all.devices.ready u:object_r:vendor_ready_prop:s0
-
# Tcpdump_logger
persist.vendor.tcpdump.log.alwayson u:object_r:vendor_tcpdump_log_prop:s0
vendor.tcpdump. u:object_r:vendor_tcpdump_log_prop:s0
@@ -57,6 +49,7 @@
# Battery
vendor.battery.defender. u:object_r:vendor_battery_defender_prop:s0
+persist.vendor.shutdown. u:object_r:vendor_shutdown_prop:s0
# NFC
persist.vendor.nfc. u:object_r:vendor_nfc_prop:s0
@@ -75,13 +68,11 @@
# Camera
persist.vendor.camera. u:object_r:vendor_camera_prop:s0
vendor.camera. u:object_r:vendor_camera_prop:s0
-vendor.camera.debug. u:object_r:vendor_camera_debug_prop:s0
vendor.camera.fatp. u:object_r:vendor_camera_fatp_prop:s0
# for logger app
vendor.pixellogger. u:object_r:vendor_logger_prop:s0
persist.vendor.pixellogger. u:object_r:vendor_logger_prop:s0
-persist.vendor.verbose_logging_enabled u:object_r:vendor_logger_prop:s0
# vendor default
ro.vendor.sys. u:object_r:vendor_ro_sys_default_prop:s0
@@ -92,14 +83,29 @@
persist.vendor.gps. u:object_r:vendor_gps_prop:s0
# Fingerprint
+persist.vendor.fingerprint. u:object_r:vendor_fingerprint_prop:s0
vendor.fingerprint. u:object_r:vendor_fingerprint_prop:s0
vendor.gf. u:object_r:vendor_fingerprint_prop:s0
#uwb
ro.vendor.uwb.calibration. u:object_r:vendor_uwb_calibration_prop:s0 exact string
+vendor.uwb.calibration.country_code u:object_r:vendor_uwb_calibration_country_code:s0 exact string
+
# Dynamic sensor
vendor.dynamic_sensor. u:object_r:vendor_dynamic_sensor_prop:s0
# for ims service
persist.vendor.ims. u:object_r:vendor_imssvc_prop:s0
+
+# for vendor telephony debug app
+vendor.config.debug. u:object_r:vendor_telephony_app_prop:s0
+
+# Trusty
+ro.vendor.trusty.storage.fs_ready u:object_r:vendor_trusty_storage_prop:s0
+
+# Mali GPU driver configuration and debug options
+vendor.mali. u:object_r:vendor_arm_runtime_option_prop:s0 prefix
+
+# ArmNN configuration
+ro.vendor.armnn. u:object_r:vendor_armnn_config_prop:s0 prefix
diff --git a/whitechapel_pro/radio.te b/whitechapel_pro/radio.te
index 8cb144d..4727846 100644
--- a/whitechapel_pro/radio.te
+++ b/whitechapel_pro/radio.te
@@ -1,2 +1,5 @@
allow radio proc_vendor_sched:dir r_dir_perms;
-allow radio proc_vendor_sched:file w_file_perms;
\ No newline at end of file
+allow radio proc_vendor_sched:file w_file_perms;
+
+allow radio radio_vendor_data_file:dir rw_dir_perms;
+allow radio radio_vendor_data_file:file create_file_perms;
diff --git a/whitechapel_pro/recovery.te b/whitechapel_pro/recovery.te
index bfa3c7d..1974ebb 100644
--- a/whitechapel_pro/recovery.te
+++ b/whitechapel_pro/recovery.te
@@ -1,4 +1,4 @@
recovery_only(`
allow recovery sysfs_ota:file rw_file_perms;
- allow recovery citadel_device:chr_file rw_file_perms;
+ allow recovery st54spi_device:chr_file rw_file_perms;
')
diff --git a/whitechapel_pro/rild.te b/whitechapel_pro/rild.te
index d8c8c29..484dda0 100644
--- a/whitechapel_pro/rild.te
+++ b/whitechapel_pro/rild.te
@@ -16,6 +16,7 @@
r_dir_file(rild, modem_img_file)
+binder_call(rild, platform_app)
binder_call(rild, bipchmgr)
binder_call(rild, gpsd)
binder_call(rild, hal_audio_default)
@@ -26,12 +27,18 @@
binder_call(rild, hal_secure_element_uicc)
binder_call(rild, grilservice_app)
binder_call(rild, vendor_engineermode_app)
+binder_call(rild, vendor_telephony_debug_app)
+binder_call(rild, logger_app)
# for hal service
add_hwservice(rild, hal_exynos_rild_hwservice)
-allow rild hal_audio_ext_hwservice:hwservice_manager find;
# Allow rild to access files on modem img.
allow rild modem_img_file:dir r_dir_perms;
allow rild modem_img_file:file r_file_perms;
allow rild modem_img_file:lnk_file r_file_perms;
+
+# Allow rild to ptrace for memory leak detection
+userdebug_or_eng(`
+allow rild self:process ptrace;
+')
diff --git a/whitechapel_pro/seapp_contexts b/whitechapel_pro/seapp_contexts
index f2fd47f..149e228 100644
--- a/whitechapel_pro/seapp_contexts
+++ b/whitechapel_pro/seapp_contexts
@@ -1,4 +1,5 @@
# Samsung S.LSI IMS
+user=_app isPrivApp=true name=.ShannonImsService domain=vendor_ims_app levelFrom=all
user=_app isPrivApp=true name=com.shannon.imsservice domain=vendor_ims_app levelFrom=all
user=_app isPrivApp=true name=com.shannon.imsservice:remote domain=vendor_ims_remote_app levelFrom=all
user=_app isPrivApp=true name=com.shannon.qualifiednetworksservice domain=vendor_qualifiednetworks_app levelFrom=all
@@ -17,9 +18,6 @@
# Samsung S.LSI engineer mode
user=_app seinfo=platform name=com.samsung.slsi.engineermode domain=vendor_engineermode_app levelFrom=all
-# Hardware Info Collection
-user=_app isPrivApp=true name=com.google.android.hardwareinfo domain=hardware_info_app type=app_data_file levelFrom=user
-
# coredump/ramdump
user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_data_file levelFrom=all
@@ -57,6 +55,15 @@
# Google Camera
user=_app isPrivApp=true seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=all
+# Google Camera Eng
+user=_app seinfo=CameraEng name=com.google.android.GoogleCameraEng domain=debug_camera_app type=app_data_file levelFrom=all
+
+# Also allow GoogleCameraNext, the fishfood version, the same access as GoogleCamera
+user=_app seinfo=CameraFishfood name=com.google.android.apps.googlecamera.fishfood domain=google_camera_app type=app_data_file levelFrom=all
+
+# Also label GoogleCameraNext, built with debug keys as debug_camera_app.
+user=_app seinfo=CameraEng name=com.google.android.apps.googlecamera.fishfood domain=debug_camera_app type=app_data_file levelFrom=all
+
# Domain for CatEngineService
user=system seinfo=platform name=com.google.android.CatEngine domain=cat_engine_service_app type=system_app_data_file levelFrom=all
diff --git a/whitechapel_pro/service.te b/whitechapel_pro/service.te
index 8d5dc1e..1c49d4f 100644
--- a/whitechapel_pro/service.te
+++ b/whitechapel_pro/service.te
@@ -1,2 +1,5 @@
-type hal_pixel_display_service, service_manager_type, vendor_service;
-type hal_uwb_vendor_service, service_manager_type, vendor_service;
+type hal_pixel_display_service, service_manager_type, hal_service_type;
+type hal_uwb_vendor_service, service_manager_type, hal_service_type;
+
+# WLC
+type hal_wireless_charger_service, hal_service_type, protected_service, service_manager_type;
diff --git a/whitechapel_pro/service_contexts b/whitechapel_pro/service_contexts
index 5df3441..a3849bb 100644
--- a/whitechapel_pro/service_contexts
+++ b/whitechapel_pro/service_contexts
@@ -1,2 +1,4 @@
com.google.hardware.pixel.display.IDisplay/default u:object_r:hal_pixel_display_service:s0
hardware.qorvo.uwb.IUwbVendor/default u:object_r:hal_uwb_vendor_service:s0
+
+vendor.google.wireless_charger.IWirelessCharger/default u:object_r:hal_wireless_charger_service:s0
diff --git a/whitechapel_pro/ssr_detector.te b/whitechapel_pro/ssr_detector.te
index 60ec1bb..2caf6d7 100644
--- a/whitechapel_pro/ssr_detector.te
+++ b/whitechapel_pro/ssr_detector.te
@@ -4,7 +4,8 @@
allow ssr_detector_app app_api_service:service_manager find;
allow ssr_detector_app radio_service:service_manager find;
-allow ssr_detector_app system_app_data_file:dir r_dir_perms;
+allow ssr_detector_app system_app_data_file:dir create_dir_perms;
+allow ssr_detector_app system_app_data_file:file create_file_perms;
allow ssr_detector_app sscoredump_vendor_data_crashinfo_file:dir r_dir_perms;
allow ssr_detector_app sscoredump_vendor_data_crashinfo_file:file r_file_perms;
diff --git a/whitechapel_pro/system_app.te b/whitechapel_pro/system_app.te
index c1560e6..4677e98 100644
--- a/whitechapel_pro/system_app.te
+++ b/whitechapel_pro/system_app.te
@@ -1,2 +1,3 @@
-allow system_app hal_wlc_hwservice:hwservice_manager find;
-binder_call(system_app, hal_wlc)
+# WLC
+allow system_app hal_wireless_charger_service:service_manager find;
+binder_call(system_app, hal_wireless_charger)
diff --git a/whitechapel_pro/tee.te b/whitechapel_pro/tee.te
index 58228b5..256fb38 100644
--- a/whitechapel_pro/tee.te
+++ b/whitechapel_pro/tee.te
@@ -12,6 +12,4 @@
# Allow storageproxyd access to gsi_public_metadata_file
read_fstab(tee)
-# storageproxyd starts before /data is mounted. It handles /data not being there
-# gracefully. However, attempts to access /data trigger a denial.
-dontaudit tee unlabeled:dir { search };
+set_prop(tee, vendor_trusty_storage_prop)
diff --git a/whitechapel_pro/ufs_firmware_update.te b/whitechapel_pro/ufs_firmware_update.te
new file mode 100644
index 0000000..53ceba5
--- /dev/null
+++ b/whitechapel_pro/ufs_firmware_update.te
@@ -0,0 +1,10 @@
+type ufs_firmware_update, domain;
+type ufs_firmware_update_exec, vendor_file_type, exec_type, file_type;
+
+init_daemon_domain(ufs_firmware_update)
+
+allow ufs_firmware_update vendor_toolbox_exec:file execute_no_trans;
+allow ufs_firmware_update block_device:dir r_dir_perms;
+allow ufs_firmware_update fips_block_device:blk_file rw_file_perms;
+allow ufs_firmware_update sysfs:dir r_dir_perms;
+allow ufs_firmware_update sysfs_scsi_devices_0000:file r_file_perms;
diff --git a/whitechapel_pro/uwb_vendor_app.te b/whitechapel_pro/uwb_vendor_app.te
index 364bee3..aa4564e 100644
--- a/whitechapel_pro/uwb_vendor_app.te
+++ b/whitechapel_pro/uwb_vendor_app.te
@@ -16,6 +16,10 @@
allow hal_uwb_vendor_default self:global_capability_class_set sys_nice;
allow hal_uwb_vendor_default kernel:process setsched;
+# UwbVendorService must be able to read USRA version from vendor_secure_element_prop
get_prop(uwb_vendor_app, vendor_secure_element_prop)
+# UwbVendorService must be able to write country code prop
+set_prop(uwb_vendor_app, vendor_uwb_calibration_country_code)
+
binder_call(uwb_vendor_app, hal_uwb_vendor_default)
')
diff --git a/whitechapel_pro/vendor_ims_app.te b/whitechapel_pro/vendor_ims_app.te
index 38e6364..ed65eae 100644
--- a/whitechapel_pro/vendor_ims_app.te
+++ b/whitechapel_pro/vendor_ims_app.te
@@ -1,5 +1,6 @@
type vendor_ims_app, domain;
app_domain(vendor_ims_app)
+net_domain(vendor_ims_app)
allow vendor_ims_app app_api_service:service_manager find;
allow vendor_ims_app audioserver_service:service_manager find;
@@ -11,6 +12,8 @@
allow vendor_ims_app cameraserver_service:service_manager find;
allow vendor_ims_app mediametrics_service:service_manager find;
+allow vendor_ims_app self:udp_socket { create_socket_perms_no_ioctl };
+
binder_call(vendor_ims_app, rild)
set_prop(vendor_ims_app, vendor_rild_prop)
set_prop(vendor_ims_app, radio_prop)
diff --git a/whitechapel_pro/vendor_init.te b/whitechapel_pro/vendor_init.te
index a8626fc..415d7c8 100644
--- a/whitechapel_pro/vendor_init.te
+++ b/whitechapel_pro/vendor_init.te
@@ -3,8 +3,8 @@
set_prop(vendor_init, vendor_ssrdump_prop)
set_prop(vendor_init, vendor_carrier_prop)
set_prop(vendor_init, vendor_cbd_prop)
-set_prop(vendor_init, vendor_ready_prop)
get_prop(vendor_init, vendor_battery_profile_prop)
+set_prop(vendor_init, vendor_camera_prop)
set_prop(vendor_init, vendor_device_prop)
set_prop(vendor_init, vendor_modem_prop)
set_prop(vendor_init, vendor_usb_config_prop)
@@ -24,7 +24,23 @@
# Fingerprint property
set_prop(vendor_init, vendor_fingerprint_prop)
-# Touch
-allow vendor_init proc_touch:file w_file_perms;
-
allow vendor_init modem_img_file:filesystem { getattr };
+
+# Battery
+set_prop(vendor_init, vendor_battery_defender_prop)
+
+# Display
+set_prop(vendor_init, vendor_display_prop)
+
+# MM
+allow vendor_init proc_watermark_scale_factor:file w_file_perms;
+
+# Trusty storage FS ready
+get_prop(vendor_init, vendor_trusty_storage_prop)
+allow vendor_init tee_data_file:lnk_file read;
+
+# Mali
+set_prop(vendor_init, vendor_arm_runtime_option_prop)
+
+# ArmNN
+set_prop(vendor_init, vendor_armnn_config_prop)
diff --git a/whitechapel_pro/vendor_telephony_debug_app.te b/whitechapel_pro/vendor_telephony_debug_app.te
index 946460c..539fffc 100644
--- a/whitechapel_pro/vendor_telephony_debug_app.te
+++ b/whitechapel_pro/vendor_telephony_debug_app.te
@@ -2,3 +2,19 @@
app_domain(vendor_telephony_debug_app)
allow vendor_telephony_debug_app app_api_service:service_manager find;
+allow vendor_telephony_debug_app hal_exynos_rild_hwservice:hwservice_manager find;
+
+binder_call(vendor_telephony_debug_app, rild)
+
+# RIL property
+set_prop(vendor_telephony_debug_app, vendor_rild_prop)
+
+# Debug property
+set_prop(vendor_telephony_debug_app, vendor_telephony_app_prop)
+
+userdebug_or_eng(`
+# System Debug Mode
+dontaudit vendor_telephony_debug_app system_app_data_file:dir create_dir_perms;
+dontaudit vendor_telephony_debug_app system_app_data_file:file create_file_perms;
+dontaudit vendor_telephony_debug_app default_prop:file r_file_perms;
+')
diff --git a/whitechapel_pro/vndservice.te b/whitechapel_pro/vndservice.te
index d148360..bd59e83 100644
--- a/whitechapel_pro/vndservice.te
+++ b/whitechapel_pro/vndservice.te
@@ -1,5 +1,3 @@
-type hal_power_stats_vendor_service, vndservice_manager_type;
type rls_service, vndservice_manager_type;
-type vendor_displaycolor_service, vndservice_manager_type;
type vendor_surfaceflinger_vndservice, vndservice_manager_type;
type eco_service, vndservice_manager_type;
diff --git a/whitechapel_pro/vndservice_contexts b/whitechapel_pro/vndservice_contexts
index e7fb433..16ae43a 100644
--- a/whitechapel_pro/vndservice_contexts
+++ b/whitechapel_pro/vndservice_contexts
@@ -1,4 +1,3 @@
rlsservice u:object_r:rls_service:s0
-displaycolor u:object_r:vendor_displaycolor_service:s0
Exynos.HWCService u:object_r:vendor_surfaceflinger_vndservice:s0
media.ecoservice u:object_r:eco_service:s0
diff --git a/whitechapel_pro/wifi_sniffer.te b/whitechapel_pro/wifi_sniffer.te
new file mode 100644
index 0000000..1faffce
--- /dev/null
+++ b/whitechapel_pro/wifi_sniffer.te
@@ -0,0 +1,4 @@
+userdebug_or_eng(`
+allow wifi_sniffer sysfs_wifi:dir search;
+allow wifi_sniffer sysfs_wifi:file rw_file_perms;
+')
diff --git a/widevine/file_contexts b/widevine/file_contexts
index e152941..92aed3c 100644
--- a/widevine/file_contexts
+++ b/widevine/file_contexts
@@ -1,5 +1,5 @@
-/vendor/bin/hw/android\.hardware\.drm@1\.4-service\.widevine u:object_r:hal_drm_widevine_exec:s0
-/vendor/bin/hw/android\.hardware\.drm@[0-9]+\.[0-9]+-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0
+/vendor/bin/hw/android\.hardware\.drm-service\.widevine u:object_r:hal_drm_widevine_exec:s0
+/vendor/bin/hw/android\.hardware\.drm-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0
# Data
-/data/vendor/mediadrm(/.*)? u:object_r:mediadrm_vendor_data_file:s0
+/data/vendor/mediadrm(/.*)? u:object_r:mediadrm_vendor_data_file:s0
diff --git a/widevine/service_contexts b/widevine/service_contexts
new file mode 100644
index 0000000..6989dde
--- /dev/null
+++ b/widevine/service_contexts
@@ -0,0 +1 @@
+android.hardware.drm.IDrmFactory/widevine u:object_r:hal_drm_service:s0