Merge 16df2b50ec0546ee03ea00a6d2a4fe68bd9d3597 on remote branch

Change-Id: Iddc83524967f3755645fee686150eed87bbe836b

26 files changed, 284 insertions, 2 deletions

diff --git a/generic/vendor/common/genfs_contexts b/generic/vendor/common/genfs_contexts
index aa97d299..4f199c61 100644
--- a/generic/vendor/common/genfs_contexts
+++ b/generic/vendor/common/genfs_contexts
@@ -193,5 +193,10 @@ genfscon sysfs /module/rmnet_sch/parameters u:object_r:vendor_sysfs_rmnet:s0
 genfscon sysfs /module/rmnet_shs/parameters u:object_r:vendor_sysfs_rmnet:s0
 genfscon sysfs /module/rmnet_wlan/parameters u:object_r:vendor_sysfs_rmnet:s0
 
+genfscon sysfs /kernel/camera/num_ifes u:object_r:vendor_sysfs_camera:s0
+genfscon sysfs /kernel/camera/num_ife_lites u:object_r:vendor_sysfs_camera:s0
+genfscon sysfs /kernel/camera/num_sfes u:object_r:vendor_sysfs_camera:s0
+genfscon sysfs /kernel/camera/num_sbi u:object_r:vendor_sysfs_camera:s0
+
 genfscon sysfs /kernel/qts/primary/trusted_touch_enable u:object_r:vendor_sysfs_trusted_touch_enable:s0
 genfscon sysfs /kernel/qts/secondary/trusted_touch_enable u:object_r:vendor_sysfs_trusted_touch_enable:s0
diff --git a/generic/vendor/common/hal_gnss_qti.te b/generic/vendor/common/hal_gnss_qti.te
index ec56dfbc..7edf8e69 100644
--- a/generic/vendor/common/hal_gnss_qti.te
+++ b/generic/vendor/common/hal_gnss_qti.te
@@ -66,6 +66,9 @@ hal_client_domain(vendor_hal_gnss_qti, hal_health)
 # allows Gnss HAL to access ssgtzd socket
 unix_socket_connect(vendor_hal_gnss_qti, vendor_ssgtzd, vendor_ssgtzd)
 
+# read boot status
+get_prop(vendor_hal_gnss_qti, boot_status_prop)
+
 #Allow Gnss HAL to access ril socket
 allow vendor_hal_gnss_qti vendor_rild_socket:dir search;
 unix_socket_connect(vendor_hal_gnss_qti, vendor_rild, rild)
diff --git a/generic/vendor/kalama/file_contexts b/generic/vendor/kalama/file_contexts
index c2ebfca0..8840f8bd 100644
--- a/generic/vendor/kalama/file_contexts
+++ b/generic/vendor/kalama/file_contexts
@@ -248,7 +248,7 @@
 /sys/devices/platform/soc/780000.qfprom/qfprom0/feat_conf* u:object_r:vendor_sysfs_qfprom:s0
 
 # mmc device type
-/sys/devices/platform/soc/8804000.sdhci/mmc_host/mmc0/mmc0:[a-f0-9]+/type u:object_r:vendor_sysfs_mmc_device_type:s0
+/sys/devices/platform/soc/8804000.sdhci/mmc_host/mmc[0-1]/mmc[0-1]:[a-f0-9]+/type u:object_r:vendor_sysfs_mmc_device_type:s0
 
 /vendor/bin/hw/vendor\.qti\.hardware\.display\.demura@1\.0-service u:object_r:hal_display_demura_default_exec:s0
 
@@ -308,3 +308,4 @@
 
 # Microdump collector parameters
 /sys/module/microdump_collector/parameters/.*  u:object_r:vendor_sysfs_microdump:s0
+/vendor/bin/usbudev     u:object_r:vendor_usbudev_qti_exec:s0
diff --git a/generic/vendor/kalama/usbudev.te b/generic/vendor/kalama/usbudev.te
new file mode 100644
index 00000000..ef24bd35
--- /dev/null
+++ b/generic/vendor/kalama/usbudev.te
@@ -0,0 +1,22 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+#============= vendor_usbudev_qti ==============
+
+type vendor_usbudev_qti, domain;
+type vendor_usbudev_qti_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(vendor_usbudev_qti)
+domain_auto_trans(init, vendor_usbudev_qti_exec, vendor_usbudev_qti)
+
+allow vendor_usbudev_qti self:capability net_admin;
+allow vendor_usbudev_qti self:netlink_route_socket { nlmsg_read read };
+allow vendor_usbudev_qti self:udp_socket { create ioctl };
+allow vendor_usbudev_qti self:netlink_kobject_uevent_socket { bind create getopt read setopt };
+allow vendor_usbudev_qti self:netlink_route_socket { create nlmsg_readpriv write };
+allow vendor_usbudev_qti vendor_sysfs_usb_node:dir search;
+allow vendor_usbudev_qti vendor_sysfs_usb_node:file { getattr open read };
+allow vendor_usbudev_qti proc_net:file { getattr open read };
+allow vendor_usbudev_qti vendor_shell_exec:file rx_file_perms;
+allow vendor_usbudev_qti vendor_toolbox_exec:file rx_file_perms;
+allowxperm vendor_usbudev_qti self:udp_socket ioctl { SIOCSIFHWADDR SIOCSIFFLAGS SIOCSIFADDR };
\ No newline at end of file
diff --git a/generic/vendor/test/snapcam.te b/generic/vendor/test/snapcam.te
index 54bd775a..34753561 100644
--- a/generic/vendor/test/snapcam.te
+++ b/generic/vendor/test/snapcam.te
@@ -32,6 +32,7 @@ allow vendor_snapcam_app cameraserver_service:service_manager find;
 get_prop(vendor_snapcam_app, vendor_persist_camera_prop)
 set_prop(vendor_snapcam_app, vendor_camera_prop)
 allow vendor_snapcam_app nfc_service:service_manager find;
+dontaudit vendor_snapcam_app default_prop:file {read};
 binder_call(vendor_snapcam_app, gpuservice)
 
 allow vendor_snapcam_app app_api_service:service_manager find;
diff --git a/qva/vendor/bengal/genfs_contexts b/qva/vendor/bengal/genfs_contexts
index cbfb136d..d195d540 100644
--- a/qva/vendor/bengal/genfs_contexts
+++ b/qva/vendor/bengal/genfs_contexts
@@ -126,7 +126,7 @@ genfscon sysfs /devices/platform/soc/4ac0000.qcom,qupv3_0_geni_se/4a84000.i2c/i2
 genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/0-02/1c40000.qcom,spmi:qcom,pm7250b@2:qcom,qpnp-smb5/power_supply/battery u:object_r:vendor_sysfs_battery_supply:s0
 genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/0-02/1c40000.qcom,spmi:qcom,pm7250b@2:qcom,qpnp-smb5/power_supply/dc u:object_r:vendor_sysfs_battery_supply:s0
 genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/0-02/1c40000.qcom,spmi:qcom,pm7250b@2:qcom,qpnp-smb5/power_supply/main u:object_r:vendor_sysfs_battery_supply:s0
-genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/0-02/1c40000.qcom,spmi:qcom,pm7250b@2:qpnp,qg/power_supply/bms u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/0-02/1c40000.qcom,spmi:qcom,pm7250b@2:qpnp,qg/power_supply/bms u:object_r:sysfs_batteryinfo:s0
 genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/0-02/1c40000.qcom,spmi:qcom,pm7250b@2:qcom,qpnp-smb5/power_supply/pc_port u:object_r:vendor_sysfs_usb_supply:s0
 genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/0-02/1c40000.qcom,spmi:qcom,pm7250b@2:qcom,qpnp-smb5/power_supply/usb u:object_r:vendor_sysfs_usb_supply:s0
 genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/0-02/1c40000.qcom,spmi:qcom,pm7250b@2:qcom,usb-pdphy@1700/usbpd/usbpd0 u:object_r:vendor_sysfs_usbpd_device:s0
diff --git a/qva/vendor/common/file.te b/qva/vendor/common/file.te
index 6f2767dc..3298198d 100644
--- a/qva/vendor/common/file.te
+++ b/qva/vendor/common/file.te
@@ -97,6 +97,7 @@ type vendor_qti_data_file, file_type, data_file_type;
 
 type vendor_persist_secnvm_file, file_type , vendor_persist_type;
 type vendor_persist_iar_db_file, file_type , vendor_persist_type;
+type vendor_persist_spudc_file, file_type , vendor_persist_type;
 
 #mink-lowi-interface-daemon (mlid) socket
 type vendor_mlid_socket, file_type, mlstrustedobject;
diff --git a/qva/vendor/common/file_contexts b/qva/vendor/common/file_contexts
index 4e4402fb..69fddb14 100644
--- a/qva/vendor/common/file_contexts
+++ b/qva/vendor/common/file_contexts
@@ -90,6 +90,7 @@
 /vendor/bin/hw/android\.hardware\.keymaster@4\.1-strongbox-service-qti             u:object_r:vendor_hal_keymaster_qti_exec:s0
 /vendor/bin/hw/android\.hardware\.keymaster@4\.1-javacard.service                  u:object_r:hal_keymaster_default_exec:s0
 /vendor/bin/init\.qti\.ese\.strongbox\.sh                                          u:object_r:vendor_init-qti-ese-strongbox-sh_exec:s0
+/vendor/bin/hw/android\.hardware\.security\.keymint-service-spu-qti                u:object_r:vendor_hal_keymint_spu_qti_exec:s0
 /vendor/bin/hw/android\.hardware\.security\.keymint-service\.strongbox             u:object_r:vendor_hal_keymint_strongbox_exec:s0
 /vendor/bin/hw/android\.hardware\.security\.keymint-service\.strongbox-thales      u:object_r:vendor_hal_keymint_strongbox_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.weaver@1\.0-service              u:object_r:vendor_hal_weaver_default_exec:s0
@@ -239,6 +240,7 @@
 /mnt/vendor/persist/FTM_AP(/.*)?      u:object_r:vendor_persist_mmi_file:s0
 /mnt/vendor/persist/vpp(/.*)?         u:object_r:vendor_persist_vpp_file:s0
 /mnt/vendor/persist/hvdcp_opti(/.*)?  u:object_r:vendor_persist_hvdcp_file:s0
+/mnt/vendor/persist/spudc(/.*)?       u:object_r:vendor_persist_spudc_file:s0
 
 # spunvm partition
 /mnt/vendor/spunvm(/.*)?              u:object_r:vendor_spunvm_file:s0
diff --git a/qva/vendor/common/hal_keymint_spu_qti.te b/qva/vendor/common/hal_keymint_spu_qti.te
new file mode 100644
index 00000000..d2ef4837
--- /dev/null
+++ b/qva/vendor/common/hal_keymint_spu_qti.te
@@ -0,0 +1,72 @@
+# Copyright (c) 2023, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED"AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+type vendor_hal_keymint_spu_qti, domain;
+hal_server_domain(vendor_hal_keymint_spu_qti, hal_keymint)
+type vendor_hal_keymint_spu_qti_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(vendor_hal_keymint_spu_qti)
+
+# Read security level android property
+get_prop(vendor_hal_keymint_strongbox, vendor_security_patch_level_prop);
+
+# Allow access to spss_utils device
+allow vendor_hal_keymint_spu_qti vendor_spss_utils_device:chr_file rw_file_perms;
+
+# Allow access to spcom devices
+allow vendor_hal_keymint_spu_qti vendor_spcom_device:chr_file rw_file_perms;
+allow vendor_hal_keymint_spu_qti vendor_skp_device:chr_file rw_file_perms;
+
+# Allow read sysfs
+allow vendor_hal_keymint_spu_qti vendor_sysfs_data:file r_file_perms;
+allow vendor_hal_keymint_spu_qti vendor_sysfs_spdaemon:file r_file_perms;
+r_dir_file(vendor_hal_keymint_spu_qti, vendor_sysfs_spss);
+
+# Allow set / get spcomlib prop
+set_prop(vendor_hal_keymint_spu_qti, vendor_spcomlib_prop)
+
+# Allow access to HLOS<=>SPU share buffers
+allow vendor_hal_keymint_spu_qti vendor_dmabuf_sp_hlos_heap_device:chr_file r_file_perms;
+allow vendor_hal_keymint_spu_qti vendor_dmabuf_system_heap_device:chr_file r_file_perms;
+
+# Allow access to QSEE<=>SPU share buffers
+allow vendor_hal_keymint_spu_qti vendor_dmabuf_secure_sp_tz_heap_device:chr_file r_file_perms;
+allow vendor_hal_keymint_spu_qti vendor_dmabuf_qseecom_heap_device:chr_file r_file_perms;
+allow vendor_hal_keymint_spu_qti vendor_dmabuf_qseecom_ta_heap_device:chr_file r_file_perms;
+
+# Allow to access IAR-DB at /mnt/vendor/persist/iar_db
+allow vendor_hal_keymint_spu_qti vendor_persist_iar_db_file:dir rw_dir_perms;
+allow vendor_hal_keymint_spu_qti vendor_persist_iar_db_file:file create_file_perms;
+
+# Allow hyp_assign() for HLOS-SP share buffers (r_file_perms includes ioctl)
+allow vendor_hal_keymint_spu_qti vendor_vm_hlos_device:chr_file r_file_perms;
+allow vendor_hal_keymint_spu_qti vendor_vm_cp_spss_sp_device:chr_file r_file_perms;
+allow vendor_hal_keymint_spu_qti vendor_vm_cp_spss_sp_shared_device:chr_file r_file_perms;
+allow vendor_hal_keymint_spu_qti vendor_vm_cp_spss_hlos_shared_device:chr_file r_file_perms;
+allow vendor_hal_keymint_spu_qti vendor_membuf_dev:chr_file r_file_perms;
diff --git a/qva/vendor/common/spdaemon.te b/qva/vendor/common/spdaemon.te
index 3568031c..55541de5 100644
--- a/qva/vendor/common/spdaemon.te
+++ b/qva/vendor/common/spdaemon.te
@@ -31,6 +31,8 @@ type vendor_spdaemon, domain;
 type vendor_spdaemon_exec, exec_type, vendor_file_type, file_type;
 
 init_daemon_domain(vendor_spdaemon)
+binder_call(vendor_spdaemon, servicemanager)
+hal_client_domain(vendor_spdaemon, vendor_hal_qms_qti)
 
 # Allow access to spss_utils device
 allow vendor_spdaemon vendor_spss_utils_device:chr_file rw_file_perms;
@@ -55,6 +57,9 @@ r_dir_file(vendor_spdaemon, firmware_file);
 use_vendor_per_mgr(vendor_spdaemon)
 hal_client_domain(vendor_spdaemon, hal_telephony)
 
+#Allow to access SPU-DC at /mnt/vendor/persist/spudc
+allow vendor_spdaemon vendor_persist_spudc_file:dir rw_dir_perms;
+allow vendor_spdaemon vendor_persist_spudc_file:file create_file_perms;
 # Allow to access IAR-DB at /mnt/vendor/persist/iar_db
 allow vendor_spdaemon vendor_persist_iar_db_file:dir rw_dir_perms;
 allow vendor_spdaemon vendor_persist_iar_db_file:file create_file_perms;
diff --git a/qva/vendor/kona/device.te b/qva/vendor/kona/device.te
index e2cca8ac..09722371 100644
--- a/qva/vendor/kona/device.te
+++ b/qva/vendor/kona/device.te
@@ -3,3 +3,6 @@
 
 #define cec device
 type vendor_cec_device, dev_type;
+
+#define HDMI-IN device
+type vendor_hdmi_bdg_irq_device, dev_type;
diff --git a/qva/vendor/kona/file.te b/qva/vendor/kona/file.te
new file mode 100644
index 00000000..814548f5
--- /dev/null
+++ b/qva/vendor/kona/file.te
@@ -0,0 +1,5 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+#hdmi
+type vendor_sysfs_hdmi, fs_type, sysfs_type, mlstrustedobject;
diff --git a/qva/vendor/kona/file_contexts b/qva/vendor/kona/file_contexts
index f65da4f6..615c19f1 100644
--- a/qva/vendor/kona/file_contexts
+++ b/qva/vendor/kona/file_contexts
@@ -92,6 +92,9 @@
 /dev/block/platform/soc/1d84000.ufshc/by-name/limits                u:object_r:vendor_limits_block_device:s0
 /dev/block/platform/soc/1d84000.ufshc/by-name/limits-cdsp           u:object_r:vendor_limits_block_device:s0
 
+# dev nodes
+/dev/hdmi_bdg_irq_handler                                           u:object_r:vendor_hdmi_bdg_irq_device:s0
+
 #Display nodes
 /sys/devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DP-1/enabled u:object_r:vendor_sysfs_graphics:s0
 /sys/devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-2/enabled u:object_r:vendor_sysfs_graphics:s0
diff --git a/qva/vendor/kona/genfs_contexts b/qva/vendor/kona/genfs_contexts
new file mode 100644
index 00000000..37ce51bc
--- /dev/null
+++ b/qva/vendor/kona/genfs_contexts
@@ -0,0 +1,93 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+# vendor_sysfs_battery_supply nodes
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/battery/capacity  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/dc/type  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/battery/type  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/pc_port/type  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/usb/type  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/dc/online  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/battery/status  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/battery/present  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/battery/health  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/battery/voltage_now  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/battery/charge_full  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/battery/current_now  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/battery/cycle_count  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/battery/time_to_full_now  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/battery/charge_full_design  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/battery/charge_counter  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/battery/temp  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/battery/technology  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/pc_port/online  u:object_r:vendor_sysfs_battery_supply:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/usb/online  u:object_r:vendor_sysfs_battery_supply:s0
+
+# vendor_sysfs_sd nodes
+genfscon sysfs /devices/platform/soc/1d84000.ufshc/host0/target0:0:0/0:0:0:0/block/sda/queue/read_ahead_kb u:object_r:vendor_sysfs_sd:s0
+genfscon sysfs /devices/platform/soc/1d84000.ufshc/host0/target0:0:0/0:0:0:1/block/sdb/queue/read_ahead_kb u:object_r:vendor_sysfs_sd:s0
+genfscon sysfs /devices/platform/soc/1d84000.ufshc/host0/target0:0:0/0:0:0:2/block/sdc/queue/read_ahead_kb u:object_r:vendor_sysfs_sd:s0
+genfscon sysfs /devices/platform/soc/1d84000.ufshc/host0/target0:0:0/0:0:0:3/block/sdd/queue/read_ahead_kb u:object_r:vendor_sysfs_sd:s0
+genfscon sysfs /devices/platform/soc/1d84000.ufshc/host0/target0:0:0/0:0:0:4/block/sde/queue/read_ahead_kb u:object_r:vendor_sysfs_sd:s0
+genfscon sysfs /devices/platform/soc/1d84000.ufshc/host0/target0:0:0/0:0:0:5/block/sdf/queue/read_ahead_kb u:object_r:vendor_sysfs_sd:s0
+
+# vendor_sysfs_graphics nodes
+genfscon sysfs /devices/platform/soc/88e0000.qcom,msm-eud/extcon/extcon0/cable.2/name  u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/88e0000.qcom,msm-eud/extcon/extcon0/cable.0/name  u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/extcon/extcon1/cable.1/name  u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/extcon/extcon1/cable.0/name  u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/88e0000.qcom,msm-eud/extcon/extcon0/cable.1/name u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:pm8150b@2:qcom,usb-pdphy@1700/extcon/extcon2/cable.1/name  u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:pm8150b@2:qcom,usb-pdphy@1700/extcon/extcon2/cable.0/name  u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:pm8150b@2:qcom,usb-pdphy@1700/extcon/extcon2/cable.2/name  u:object_r:vendor_sysfs_graphics:s0
+
+# sysfs_wakeup nodes
+genfscon sysfs /devives/virtual/fastrpc/adsprpc-smd/wakeup4 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_g711mlaw/wakeup28 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/a600000.ssusb/wakeup/wakeup18 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/88e0000.qcom,msm-eud/wakeup/wakeup2 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_evrc/wakeup26 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_amrwb/wakeup16  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-00/c440000.qcom,spmi:qcom,pm8150_rtc/wakeup/wakeup0  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_qcelp/wakeup24  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/1c10000.qcom,pcie/wakeup/wakeup9 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_amrwb/wakeup14 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,qpnp-smb5/power_supply/battery/wakeup32  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_mp3/wakeup33  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/fastrpc/adsprpc-smd/wakeup7  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/a800000.ssusb/wakeup/wakeup12  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/usb/wakeup30  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm-g711alaw/wakeup20  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/1c08000.qcom,pice/wakeup/wakeup5  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/dc/wakeup29  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_evrc/wakeup19  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,smp2p_sleepstate/wakeup/wakeup3  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_amrwbplus/wakeup17  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-00/c440000.qcom,spmi:qcom,pm8150@0:qcom,pm8150_rtc/rtc/rtc0/alarmtimer.0.auto/wakeup/wakeup1  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_wma/wakeup25  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_amrnb/wakeup15  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_multi_aac/wakeup23  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/fastrpc/adsprcp-smd-secure/wakeup8  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_aac/wakeup13  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/pc_port/wakeup31  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/virtual/misc/msm_g711mlaw/wakeup21  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/soc:qcom,spcom/wakeup/wakeup6  u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/a600000.ssusb/wakeup/wakeup11  u:object_r:sysfs_wakeup:s0
+
+#vendor_sysfs_graphics nodes
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-05/c440000.qcom,spmi:qcom,pm8150l@5:qcom,leds@d000/leds/blue/brightness  u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-05/c440000.qcom,spmi:qcom,pm8150l@5:qcom,leds@d000/leds/green/brightness  u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-05/c440000.qcom,spmi:qcom,pm8150l@5:qcom,leds@d000/leds/red/trigger  u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-05/c440000.qcom,spmi:qcom,pm8150l@5:qcom,leds@d000/leds/blue/trigger  u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/0-05/c440000.qcom,spmi:qcom,pm8150l@5:qcom,leds@d000/leds/green/trigger  u:object_r:vendor_sysfs_graphics:s0
+
+#vendor_sysfs_scsi_target nodes
+genfscon sysfs /devices/platform/soc/1d84000.ufshc/host0/target0:0:0/0:0:0:1/scsi_generic  u:object_r:vendor_sysfs_scsi_target:s0
+genfscon sysfs /devices/platform/soc/1d84000.ufshc/host0/target0:0:0/0:0:0:2/scsi_generic  u:object_r:vendor_sysfs_scsi_target:s0
+
+#vendor_sysfs_ssr nodes
+genfscon sysfs /devices/platform/soc/17300000.remoteproc-adsp/remoteproc/remoteproc0/name  u:object_r:vendor_sysfs_ssr:s0
+genfscon sysfs /devices/platform/soc/8300000.remoteproc-cdsp/remoteproc/remoteproc1/name  u:object_r:vendor_sysfs_ssr:s0
+
+#hdmi
+genfscon sysfs /devices/platform/soc/984000.i2c/i2c-0/0-002b/get_hpd_stat u:object_r:vendor_sysfs_hdmi:s0
diff --git a/qva/vendor/kona/hal_bootctl_default.te b/qva/vendor/kona/hal_bootctl_default.te
new file mode 100644
index 00000000..cab5878d
--- /dev/null
+++ b/qva/vendor/kona/hal_bootctl_default.te
@@ -0,0 +1,5 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+#for hal_boot_default
+allow hal_bootctl_default vendor_sysfs_scsi_target:dir { read open };
diff --git a/qva/vendor/kona/hal_camera.te b/qva/vendor/kona/hal_camera.te
new file mode 100644
index 00000000..1c9ab9ce
--- /dev/null
+++ b/qva/vendor/kona/hal_camera.te
@@ -0,0 +1,5 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+#Allow camera to access hdmi bridge device
+allow hal_camera_default vendor_hdmi_bdg_irq_device:chr_file rw_file_perms;
diff --git a/qva/vendor/kona/hal_cec.te b/qva/vendor/kona/hal_cec.te
index 700bb720..bea05cf1 100644
--- a/qva/vendor/kona/hal_cec.te
+++ b/qva/vendor/kona/hal_cec.te
@@ -7,3 +7,5 @@ allow hal_tv_cec_default vendor_qdisplay_service:service_manager find;
 get_prop(hal_tv_cec_default,boot_status_prop);
 binder_use(hal_tv_cec_default);
 vndbinder_use(hal_tv_cec_default);
+allow hal_tv_cec_default vendor_sysfs_hdmi:file rw_file_perms;
+allow hal_tv_cec_default self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
diff --git a/qva/vendor/kona/hal_health_default.te b/qva/vendor/kona/hal_health_default.te
new file mode 100644
index 00000000..2a1085ad
--- /dev/null
+++ b/qva/vendor/kona/hal_health_default.te
@@ -0,0 +1,4 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+allow hal_health_default vendor_sysfs_battery_supply:file r_file_perms;
diff --git a/qva/vendor/kona/hal_light_default.te b/qva/vendor/kona/hal_light_default.te
new file mode 100644
index 00000000..c2714855
--- /dev/null
+++ b/qva/vendor/kona/hal_light_default.te
@@ -0,0 +1,5 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+# for hal_light_default permission
+allow hal_light_default vendor_sysfs_graphics:file { write r_file_perms };
diff --git a/qva/vendor/kona/init_shell.te b/qva/vendor/kona/init_shell.te
index 67bf3fc4..23130caa 100644
--- a/qva/vendor/kona/init_shell.te
+++ b/qva/vendor/kona/init_shell.te
@@ -33,3 +33,14 @@
 allow vendor_qti_init_shell configfs:dir { create w_dir_perms };
 allow vendor_qti_init_shell configfs:file { create };
 allow vendor_qti_init_shell configfs:lnk_file { create };
+
+#for vendor_qti_init_shell to vendor_sysfs_sd permission
+allow vendor_qti_init_shell vendor_sysfs_sd:file { write };
+
+#for vendor_qti_init userdebug
+userdebug_or_eng(`
+    allow vendor_qti_init_shell vendor_qti_init_shell:lockdown { integrity };
+')
+
+#for vendor_qti_init to ctl_stop_prop permission
+set_prop(vendor_qti_init_shell,ctl_stop_prop);
diff --git a/qva/vendor/kona/kernel.te b/qva/vendor/kona/kernel.te
new file mode 100644
index 00000000..c9a3150c
--- /dev/null
+++ b/qva/vendor/kona/kernel.te
@@ -0,0 +1,7 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+# for kernel userdebug
+userdebug_or_eng(`
+  allow kernel self:capability { sys_admin };
+')
diff --git a/qva/vendor/kona/sysfs.te b/qva/vendor/kona/sysfs.te
new file mode 100644
index 00000000..70edc880
--- /dev/null
+++ b/qva/vendor/kona/sysfs.te
@@ -0,0 +1,7 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+#for debugfs_tracing_debug
+userdebug_or_eng(`
+    allow init debugfs_tracing_debug:dir { mounton };
+')
diff --git a/qva/vendor/kona/vendor_init.te b/qva/vendor/kona/vendor_init.te
new file mode 100644
index 00000000..853b32b7
--- /dev/null
+++ b/qva/vendor/kona/vendor_init.te
@@ -0,0 +1,6 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+#for init
+allow init vendor_sysfs_graphics:file { setattr w_file_perms };
+allow init vendor_spunvm_file:filesystem { unmount };
diff --git a/qva/vendor/kona/vendor_per_mgr.te b/qva/vendor/kona/vendor_per_mgr.te
new file mode 100644
index 00000000..89fcaa7b
--- /dev/null
+++ b/qva/vendor/kona/vendor_per_mgr.te
@@ -0,0 +1,5 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+# for vendor_per_mgr permission
+allow vendor_per_mgr vendor_sysfs_ssr:file r_file_perms;
diff --git a/qva/vendor/kona/vendor_per_proxy.te b/qva/vendor/kona/vendor_per_proxy.te
new file mode 100644
index 00000000..220addf3
--- /dev/null
+++ b/qva/vendor/kona/vendor_per_proxy.te
@@ -0,0 +1,5 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+# for vendor_per_proxy permission
+allow vendor_per_proxy vendor_sysfs_ssr:file r_file_perms;
diff --git a/qva/vendor/kona/vendor_rmt_storage.te b/qva/vendor/kona/vendor_rmt_storage.te
new file mode 100644
index 00000000..b70dbad5
--- /dev/null
+++ b/qva/vendor/kona/vendor_rmt_storage.te
@@ -0,0 +1,4 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+allow vendor_rmt_storage vendor_sysfs_ssr:file r_file_perms;