Merge 9e1dcf7de58b79a34690b9ece62a8b8f8ef66f92 on remote branch

Change-Id: I2a6ed3fcf04b0014aba6fe4b54dff6372d63c9f2

19 files changed, 237 insertions, 8 deletions

diff --git a/generic/vendor/common/cs_app.te b/generic/vendor/common/cs_app.te
new file mode 100644
index 00000000..52e8a4e4
--- /dev/null
+++ b/generic/vendor/common/cs_app.te
@@ -0,0 +1,60 @@
+# Copyright (c) 2021, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+## vendor_cs_app
+##
+## This file defines the permissions that vendor_cs_apps can carry
+
+type vendor_cs_app, domain;
+
+app_domain(vendor_cs_app)
+net_domain(vendor_cs_app)
+
+hal_client_domain(vendor_cs_app, vendor_qccsyshal);
+
+# Allow access to sockets
+unix_socket_connect(vendor_cs_app, vendor_mlid, vendor_mlid)
+unix_socket_connect(vendor_cs_app, vendor_ssgqmig, vendor_ssgqmigd)
+unix_socket_connect(vendor_cs_app, vendor_ssgtzd, vendor_ssgtzd)
+
+# Allow access to Android APK service IPCs
+allow vendor_cs_app radio_service:service_manager find;
+allow vendor_cs_app surfaceflinger_service:service_manager find;
+allow vendor_cs_app app_api_service:service_manager find;
+
+# access to qipcrtr socket (allow creating needed by qmi_cci_xprt_qrtr_supported)
+allow vendor_cs_app self:qipcrtr_socket create_socket_perms_no_ioctl;
+
+# To get uuid and device info
+allow vendor_cs_app proc_cpuinfo:file r_file_perms;
+allow vendor_cs_app proc_meminfo:file r_file_perms;
+
+#allow vendor_cs_app vendor_hal_perf_hwservice:hwservice_manager find;
+hal_client_domain(vendor_cs_app, vendor_hal_perf)
+
+allow vendor_cs_app vendor_mlid_socket:sock_file write;
+allow vendor_cs_app vendor_ssgtzd_socket:sock_file write;
\ No newline at end of file
diff --git a/generic/vendor/common/file_contexts b/generic/vendor/common/file_contexts
index 9abca294..699f336c 100644
--- a/generic/vendor/common/file_contexts
+++ b/generic/vendor/common/file_contexts
@@ -513,6 +513,7 @@
 /(vendor|system/vendor)/bin/init\.qti\.kernel\.sh       u:object_r:vendor_qti_init_shell_exec:s0
 /(vendor|system/vendor)/bin/init\.kernel\.post_boot\.sh       u:object_r:vendor_qti_init_shell_exec:s0
 /(vendor|system/vendor)/bin/init\.qti\.qcv\.sh          u:object_r:vendor_qti_init_shell_exec:s0
+/(vendor|system/vendor)/bin/init\.qti\.early_init\.sh          u:object_r:vendor_qti_init_shell_exec:s0
 
 #Limits sysfs node
 /sys/module/msm_isense_cdsp/data                        u:object_r:sysfs_thermal:s0
diff --git a/generic/vendor/common/hal_camera.te b/generic/vendor/common/hal_camera.te
index d4a75349..0d2f9949 100644
--- a/generic/vendor/common/hal_camera.te
+++ b/generic/vendor/common/hal_camera.te
@@ -68,3 +68,5 @@ allow hal_camera_default gpu_device:chr_file rw_file_perms;
 
 # Postproc Service
 hal_attribute_hwservice(hal_camera, vendor_hal_camera_postproc_hwservice);
+
+dontaudit hal_camera_default vendor_xdsp_device:chr_file { open read};
diff --git a/generic/vendor/common/hal_imsrtp.te b/generic/vendor/common/hal_imsrtp.te
index d96d4163..89a7d4ab 100644
--- a/generic/vendor/common/hal_imsrtp.te
+++ b/generic/vendor/common/hal_imsrtp.te
@@ -51,5 +51,9 @@ r_dir_file(vendor_hal_imsrtp, vendor_sysfs_diag)
 get_prop(vendor_hal_imsrtp, vendor_ims_prop)
 binder_call(vendor_hal_imsrtp, vendor_qtelephony)
 
+userdebug_or_eng(`
+binder_call(vendor_hal_imsrtp, vtloopback_app)
+')
+
 crash_dump_fallback(vendor_hal_imsrtp)
 
diff --git a/generic/vendor/common/hal_neuralnetworks.te b/generic/vendor/common/hal_neuralnetworks.te
index 9c44d83a..aa5bdb81 100644
--- a/generic/vendor/common/hal_neuralnetworks.te
+++ b/generic/vendor/common/hal_neuralnetworks.te
@@ -38,6 +38,9 @@ allow vendor_hal_neuralnetworks_default vendor_qdsp_device:chr_file r_file_perms
 allow vendor_hal_neuralnetworks_default vendor_xdsp_device:chr_file r_file_perms;
 allow vendor_hal_neuralnetworks_default ion_device:chr_file r_file_perms;
 
+#allow to read adsp related properties
+get_prop(vendor_hal_neuralnetworks_default, vendor_adsprpc_prop)
+
 allow vendor_hal_neuralnetworks_default app_data_file:file { read getattr map };
 allow vendor_hal_neuralnetworks_default shell_data_file:file { read getattr map };
 allow vendor_hal_neuralnetworks_default vendor_hal_neuralnetworks_data_file:dir create_dir_perms;
diff --git a/generic/vendor/common/init-qcom-sensors-sh.te b/generic/vendor/common/init-qcom-sensors-sh.te
index 94aee89e..12480aae 100644
--- a/generic/vendor/common/init-qcom-sensors-sh.te
+++ b/generic/vendor/common/init-qcom-sensors-sh.te
@@ -46,3 +46,4 @@ allow vendor_init-qcom-sensors-sh sensors_device:chr_file r_file_perms;
 r_dir_file(vendor_init-qcom-sensors-sh, vendor_sysfs_devicetree_soc)
 
 set_prop(vendor_init-qcom-sensors-sh, vendor_sensors_prop)
+dontaudit vendor_init-qcom-sensors-sh default_prop:file read;
diff --git a/generic/vendor/common/location.te b/generic/vendor/common/location.te
index b2898ed9..4017e8a4 100644
--- a/generic/vendor/common/location.te
+++ b/generic/vendor/common/location.te
@@ -93,6 +93,9 @@ allow vendor_location hal_wifi_supplicant_default:unix_dgram_socket sendto;
 allow vendor_location vendor_wifihal_socket:dir search;
 unix_socket_send(vendor_location, vendor_wifihal,  hal_wifi_default);
 
+# /dev/socket/mlid
+allow vendor_location vendor_mlid:unix_dgram_socket sendto;
+
 ## xtra-daemon
 ##############
 allow vendor_location {vendor_hal_cacert_hwservice vendor_hal_datafactory_hwservice vendor_hal_cne_hwservice}:hwservice_manager find;
diff --git a/generic/vendor/common/seapp_contexts b/generic/vendor/common/seapp_contexts
index 2aba558e..d2baef84 100644
--- a/generic/vendor/common/seapp_contexts
+++ b/generic/vendor/common/seapp_contexts
@@ -44,3 +44,6 @@ user=_app seinfo=platform name=com.qualcomm.qti.qms.service.trustzoneaccess doma
 
 #allow embms msdc app to access embmssl hal
 user=_app seinfo=platform name=com.qti.ltebc domain=vendor_embmssl_app type=app_data_file levelFrom=all
+
+#Add new domain for connection security service app
+user=_app seinfo=platform name=com.qualcomm.qti.qms.service.connectionsecurity domain=vendor_cs_app type=app_data_file levelFrom=all
diff --git a/generic/vendor/msmnile/genfs_contexts b/generic/vendor/msmnile/genfs_contexts
index c3c8f4aa..820fd0d2 100644
--- a/generic/vendor/msmnile/genfs_contexts
+++ b/generic/vendor/msmnile/genfs_contexts
@@ -56,6 +56,22 @@ genfscon sysfs /devices/platform/soc/soc:qcom,cpu4-llcc-ddr-lat/devfreq u:object
 genfscon sysfs /devices/platform/soc/soc:qcom,npu-npu-ddr-bw/devfreq u:object_r:vendor_sysfs_devfreq:s0
 genfscon sysfs /devices/platform/soc/a600000.ssusb/a600000.dwc3/udc/a600000.dwc3 u:object_r:vendor_sysfs_usb_controller:s0
 
+#PMIC device wakeup nodes
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/battery/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/wakeup/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/main/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/pc_port/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,qpnp-smb5/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8150b@2:qpnp,fg/power_supply/bms/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/890000.i2c/i2c-0/0-0008/890000.i2c:qcom,smb1355@8:qcom,smb1355-charger@1000/power_supply/parallel/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/890000.i2c/i2c-0/0-000c/890000.i2c:qcom,smb1355@c:qcom,smb1355-charger@1000/power_supply/parallel/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/890000.i2c/i2c-0/0-0010/890000.i2c:qcom,smb1390@10:qcom,charge_pump/power_supply/charge_pump/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/890000.i2c/i2c-0/2-0018/890000.i2c:qcom,smb1390_slave@18:qcom,charge_pump_slave/power_supply/cp_slave/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,power-on@800/wakeup/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm8150@0:qcom,power-on@800/wakeup/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-04/c440000.qcom,spmi:qcom,pm8150l@4:qcom,power-on@800/wakeup/wakeup u:object_r:sysfs_wakeup:s0
+
 # USB device wakeup nodes
 genfscon sysfs /devices/platform/soc/a600000.ssusb/wakeup/wakeup u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/soc/a800000.ssusb/wakeup/wakeup u:object_r:sysfs_wakeup:s0
diff --git a/generic/vendor/test/seapp_contexts b/generic/vendor/test/seapp_contexts
index 448b75f0..06c2dc48 100755
--- a/generic/vendor/test/seapp_contexts
+++ b/generic/vendor/test/seapp_contexts
@@ -45,4 +45,7 @@ user=_app seinfo=platform name=com.qualcomm.qti.libsochelpertest domain=vendor_l
 user=system seinfo=platform name=com.qti.diagservices domain=qtidiagservices_app type=system_app_data_file
 
 #Add new domain for snapcam app
-user=_app isPrivApp=true name=org.codeaurora.snapcam domain=vendor_snapcam_app type=app_data_file levelFrom=all
\ No newline at end of file
+user=_app isPrivApp=true name=org.codeaurora.snapcam domain=vendor_snapcam_app type=app_data_file levelFrom=all
+
+#Add new domain for VT loopback app
+user=_app seinfo=platform name=com.qti.vtloopback domain=vtloopback_app type=app_data_file levelfrom=all
diff --git a/generic/vendor/test/vtloopback_app.te b/generic/vendor/test/vtloopback_app.te
new file mode 100644
index 00000000..54740866
--- /dev/null
+++ b/generic/vendor/test/vtloopback_app.te
@@ -0,0 +1,39 @@
+# Copyright (c) 2018, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+userdebug_or_eng(`
+type vtloopback_app, domain;
+app_domain(vtloopback_app)
+net_domain(vtloopback_app)
+diag_use(vtloopback_app)
+binder_call(vtloopback_app, vendor_hal_imsrtp)
+allow vtloopback_app vendor_hal_imsrtp_hwservice:hwservice_manager find;
+allow vtloopback_app cameraserver_service:service_manager find;
+allow vtloopback_app mediaserver_service:service_manager find;
+get_prop(vtloopback_app, vendor_ims_prop)
+allow vtloopback_app { app_api_service activity_service }:service_manager find;
+')
diff --git a/qva/vendor/atoll/genfs_contexts b/qva/vendor/atoll/genfs_contexts
index d9053624..4d065211 100644
--- a/qva/vendor/atoll/genfs_contexts
+++ b/qva/vendor/atoll/genfs_contexts
@@ -54,6 +54,27 @@ genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-05/c440000.q
 genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-05/c440000.qcom,spmi:qcom,pm6150l@5:qcom,wled@d800/leds u:object_r:sysfs_leds:s0
 genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-05/c440000.qcom,spmi:qcom,pm6150l@5:qcom,wled@d800/backlight u:object_r:sysfs_leds:s0
 
+# PMIC wakeup node:
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qcom,qpnp-smb5/power_supply/battery/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qcom,qpnp-smb5/wakeup/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qcom,qpnp-smb5/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qcom,qpnp-smb5/power_supply/main/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qcom,qpnp-smb5/power_supply/pc_port/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qcom,qpnp-smb5/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qpnp,qg/power_supply/bms/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qcom,pm6150_rtc/rtc0/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/88c000.i2c/i2c-2/2-0008/88c000.i2c:qcom,smb1355@8:qcom,smb1355-charger@1000/power_supply/parallel/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/88c000.i2c/i2c-2/2-000c/88c000.i2c:qcom,smb1355@c:qcom,smb1355-charger@1000/power_supply/parallel/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/88c000.i2c/i2c-2/2-0010/88c000.i2c:qcom,smb1390@10:qcom,charge_pump/power_supply/charge_pump/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/a8c000.i2c/i2c-2/2-0034/a8c000.i2c:qcom,smb1396@34:qcom,div2_cp/power_supply/charge_pump_master/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/a8c000.i2c/i2c-2/2-0035/a8c000.i2c:qcom,smb1396@35:qcom,div2_cp_slave/power_supply/cp_slave/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/a8c000.i2c/i2c-2/2-000c/a8c000.i2c:qcom,smb1355@c:qcom,smb1355-charger@1000/power_supply/parallel/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/a8c000.i2c/i2c-2/2-0008/a8c000.i2c:qcom,smb1355@8:qcom,smb1355-charger@1000/power_supply/parallel/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/a8c000.i2c/i2c-2/2-0010/a8c000.i2c:qcom,smb1390@10:qcom,charge_pump/power_supply/charge_pump_master/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/88c000.i2c/i2c-2/2-0010/88c000.i2c:qcom,smb1390@10:qcom,charge_pump/power_supply/charge_pump_master/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-04/c440000.qcom,spmi:qcom,pm6150l@4:qcom,power-on@800/wakeup/wakeup u:object_r:sysfs_wakeup::s0
+genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm6150@0:qcom,power-on@800/wakeup/wakeup u:object_r:sysfs_wakeup::s0
+
 # subsys  SSR entries
 genfscon sysfs /devices/platform/soc/62400000.qcom,lpass/subsys0/name         u:object_r:vendor_sysfs_ssr:s0
 genfscon sysfs /devices/platform/soc/4080000.qcom,mss/subsys1/name            u:object_r:vendor_sysfs_ssr:s0
diff --git a/qva/vendor/atoll/mediatranscoding.te b/qva/vendor/atoll/mediatranscoding.te
new file mode 100644
index 00000000..3a720b72
--- /dev/null
+++ b/qva/vendor/atoll/mediatranscoding.te
@@ -0,0 +1,30 @@
+# Copyright (c) 2021, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED"AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#Allow mediatranscoder to access hal_allocator
+hal_client_domain(mediatranscoding, hal_allocator)
+
diff --git a/qva/vendor/bengal/genfs_contexts b/qva/vendor/bengal/genfs_contexts
index 42ae7f16..34ca3f04 100644
--- a/qva/vendor/bengal/genfs_contexts
+++ b/qva/vendor/bengal/genfs_contexts
@@ -127,12 +127,12 @@ genfscon sysfs /devices/platform/soc/soc:qcom,cpu-cpu-ddr-bw/devfreq u:object_r:
 genfscon sysfs /devices/platform/soc/c800000.qcom,icnss u:object_r:sysfs_net:s0
 
 #fps sysfs-node
-genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/sde-crtc-0/measured_fps u:object_r:vendor_sysfs_graphics:s0
-genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/sde-crtc-1/measured_fps u:object_r:vendor_sysfs_graphics:s0
-genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/sde-crtc-2/measured_fps u:object_r:vendor_sysfs_graphics:s0
-genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/sde-crtc-0/fps_periodicity_ms u:object_r:vendor_sysfs_graphics:s0
-genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/sde-crtc-1/fps_periodicity_ms u:object_r:vendor_sysfs_graphics:s0
-genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/sde-crtc-2/fps_periodicity_ms u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/5e00000.qcom,mdss_mdp/drm/card0/sde-crtc-0/measured_fps u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/5e00000.qcom,mdss_mdp/drm/card0/sde-crtc-1/measured_fps u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/5e00000.qcom,mdss_mdp/drm/card0/sde-crtc-2/measured_fps u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/5e00000.qcom,mdss_mdp/drm/card0/sde-crtc-0/fps_periodicity_ms u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/5e00000.qcom,mdss_mdp/drm/card0/sde-crtc-1/fps_periodicity_ms u:object_r:vendor_sysfs_graphics:s0
+genfscon sysfs /devices/platform/soc/5e00000.qcom,mdss_mdp/drm/card0/sde-crtc-2/fps_periodicity_ms u:object_r:vendor_sysfs_graphics:s0
 
 #ssr nodes
 genfscon sysfs /devices/platform/soc/5ab0000.qcom,venus/subsys1/name u:object_r:vendor_sysfs_ssr:s0
diff --git a/qva/vendor/common/hal_perf_default.te b/qva/vendor/common/hal_perf_default.te
index 7e64de95..f82176a8 100644
--- a/qva/vendor/common/hal_perf_default.te
+++ b/qva/vendor/common/hal_perf_default.te
@@ -137,4 +137,6 @@ allow vendor_hal_perf_default self:capability { sys_nice setuid };
 allow vendor_hal_perf vendor_qdisplay_service:service_manager find;
 vndbinder_use(vendor_hal_perf);
 
-hal_client_domain(vendor_hal_perf_default, hal_thermal);
\ No newline at end of file
+hal_client_domain(vendor_hal_perf_default, hal_thermal);
+
+dontaudit vendor_hal_perf_default self:capability dac_override;
diff --git a/qva/vendor/common/mlid.te b/qva/vendor/common/mlid.te
index 17817b59..781f209d 100644
--- a/qva/vendor/common/mlid.te
+++ b/qva/vendor/common/mlid.te
@@ -24,6 +24,7 @@
 # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
 
 # vendor_mlid - Mink-Lowi Interface daemon
 type vendor_mlid, domain, mlstrustedsubject;
@@ -34,3 +35,9 @@ init_daemon_domain(vendor_mlid)
 # Allow access to location socket
 allow vendor_mlid self:netlink_generic_socket create_socket_perms_no_ioctl;
 unix_socket_connect(vendor_mlid, vendor_location, vendor_location)
+
+allow vendor_mlid vendor_hal_gnss_qti:unix_dgram_socket sendto;
+allow vendor_mlid vendor_location:unix_dgram_socket sendto;
+allow vendor_mlid vendor_location_socket:dir rw_dir_perms;
+allow vendor_mlid vendor_location_socket:lnk_file read;
+allow vendor_mlid vendor_location_socket:sock_file create_file_perms;
\ No newline at end of file
diff --git a/qva/vendor/common/qti-media.te b/qva/vendor/common/qti-media.te
index 4557f29d..c516a430 100644
--- a/qva/vendor/common/qti-media.te
+++ b/qva/vendor/common/qti-media.te
@@ -35,3 +35,6 @@ allow vendor_qti_media vendor_toolbox_exec:file rx_file_perms;
 get_prop(vendor_qti_media, vendor_video_prop)
 set_prop(vendor_qti_media, vendor_video_prop)
 allow vendor_qti_media vendor_sysfs_sku:file { open read };
+
+#dontaudit default_prop
+dontaudit vendor_qti_media default_prop:file read;
diff --git a/qva/vendor/common/ssgtzd.te b/qva/vendor/common/ssgtzd.te
index 6fabf156..2689f7a9 100644
--- a/qva/vendor/common/ssgtzd.te
+++ b/qva/vendor/common/ssgtzd.te
@@ -33,6 +33,7 @@ init_daemon_domain(vendor_ssgtzd)
 
 #Allow access to smcinvoke device
 allow vendor_ssgtzd tee_device:chr_file rw_file_perms;
+allow vendor_ssgtzd vendor_cs_app:unix_stream_socket connectto;
 
 allow vendor_ssgtzd vendor_ssg_app:unix_stream_socket connectto;
 #Allow access to firmware/image
diff --git a/qva/vendor/msmsteppe/mediatranscoding.te b/qva/vendor/msmsteppe/mediatranscoding.te
new file mode 100644
index 00000000..3a720b72
--- /dev/null
+++ b/qva/vendor/msmsteppe/mediatranscoding.te
@@ -0,0 +1,30 @@
+# Copyright (c) 2021, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED"AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#Allow mediatranscoder to access hal_allocator
+hal_client_domain(mediatranscoding, hal_allocator)
+