Bulk M7 Changes

BoardConfig.mk

@@ -65,8 +65,6 @@ BOARD_USES_SEPERATED_VOIP := true
 BOARD_HAVE_HTC_CSDCLIENT := true
 
 # Camera
-USE_CAMERA_STUB := false
-TARGET_PROVIDES_CAMERA_HAL := true
 BOARD_NEEDS_MEMORYHEAPPMEM := true
 COMMON_GLOBAL_CFLAGS += -DDISABLE_HW_ID_MATCH_CHECK
 COMMON_GLOBAL_CFLAGS += -DHTC_CAMERA_HARDWARE
@@ -108,6 +106,42 @@ WIFI_DRIVER_FW_PATH_P2P := "/system/etc/firmware/fw_bcm4334_p2p.bin"
 BOARD_VENDOR_QCOM_GPS_LOC_API_HARDWARE := $(TARGET_BOARD_PLATFORM)
 TARGET_NO_RPC := true
 
+# SElinux
+BOARD_SEPOLICY_DIRS := \
+	device/htc/dlx/sepolicy
+
+BOARD_SEPOLICY_UNION := \
+	file_contexts \
+	property_contexts \
+	te_macros \
+	bluetooth_loader.te \
+	bridge.te \
+	camera.te \
+	conn_init.te \
+	device.te \
+	dhcp.te \
+	domain.te \
+	drmserver.te \
+	file.te \
+	kickstart.te \
+	init.te \
+	mediaserver.te \
+	mpdecision.te \
+	netmgrd.te \
+	property.te \
+	qmux.te \
+	restorecon.te \
+	rild.te \
+	rmt.te \
+	sensors.te \
+	surfaceflinger.te \
+	system.te \
+	tee.te \
+	thermald.te \
+	ueventd.te \
+	wpa_supplicant.te \
+	zygote.te
+
 # Filesystem
 TARGET_USERIMAGES_USE_EXT4 := true
 BOARD_BOOTIMAGE_PARTITION_SIZE := 16777216

overlay/packages/apps/Phone/res/values/network_mode.xml

@@ -34,5 +34,5 @@
     </string-array>
 
     <!-- LTE/CDMA network mode to use for toggleLTE(true). -->
-    <integer name="toggleLTE_lte_cdma_nt_mode">10</integer>
+    <integer name="toggleLTE_lte_cdma_nt_mode">8</integer>
 </resources>

rootdir/etc/fstab.dlx

@@ -1,10 +1,15 @@
 # Android fstab file.
-#<src>			<mnt_point>	<type>	<mnt_flags>							<fs_mgr_flags>
+#<src>	<mnt_point>	<type>	<mnt_flags>	<fs_mgr_flags>
+# The filesystem that contains the filesystem checker binary (typically /system) cannot
+# specify MF_CHECK, and must come before any filesystems that do specify MF_CHECK
 
-/dev/block/mmcblk0p32	/system		ext4	ro,barrier=1  							wait
-/dev/block/mmcblk0p34	/data		ext4	noatime,nosuid,nodev,barrier=1,data=ordered,noauto_da_alloc     wait,check,encryptable=/dev/block/mmcblk0p29
-/dev/block/mmcblk0p33	/cache		ext4	noatime,nosuid,nodev,barrier=1,data=ordered	   		wait,check
-#/dev/block/mmcblk0p24  	/devlog		ext4  	noatime,nosuid,nodev,data=ordered,noauto_da_alloc	wait
+/dev/block/mmcblk0p19	/boot		emmc	defaults						defaults
+/dev/block/mmcblk0p20	/recovery	emmc	defaults						defaults
+/dev/block/mmcblk0p32	/system		ext4	rw,noatime,barrier=1					wait
+/dev/block/mmcblk0p33	/cache		ext4	nosuid,nodev,noatime,barrier=1				wait,check
+/dev/block/mmcblk0p34	/data		ext4	noatime,nosuid,nodev,noauto_da_alloc,barrier=1		wait,check,encryptable=footer
+/dev/block/mmcblk0p16	/firmware/mdm	vfat	ro,fmask=0000,dmask=0000,shortname=lower,context=u:object_r:radio_efs_file:s0		wait
+/dev/block/mmcblk0p17	/firmware/q6	vfat	ro,fmask=0000,dmask=0000,shortname=lower,context=u:object_r:radio_efs_file:s0		wait
 
 # USB storage
-/devices/platform/msm_hsusb_host/usb   /storage/usbdisk        auto    defaults        voldmanaged=usbdisk:auto
+/devices/platform/msm_hsusb_host/usb	/storage/usbdisk	auto	defaults			voldmanaged=usbdisk:auto

rootdir/etc/init.dlx.rc

@@ -70,6 +70,16 @@ on fs
    symlink /system/vendor/pittpatt /vendor/pittpatt
    symlink /system/vendor/firmware/libpn544_fw.so /vendor/firmware/libpn544_fw.so
 
+    # Restorecon
+    restorecon /system/bin/efsks
+    restorecon /system/bin/ks
+    restorecon /system/bin/qcks
+    restorecon /system/etc/hldm.bin
+    restorecon /system/etc/hltof.bin
+    restorecon /system/etc/hltrd.bin
+    restorecon /system/etc/firmware/a300_pfp.fw
+    restorecon /system/etc/firmware/a300_pm4.fw
+
 on early-boot
     # set RLIMIT_MEMLOCK to 64MB
     setrlimit 8 67108864 67108864
@@ -297,6 +307,7 @@ service mpdecision /system/bin/mpdecision --no_sleep --avg_comp
 service kickstart /system/bin/qcks -1 modem_st1 -2 modem_st2 -3 radio_config -4 cdma_record -i /vendor/firmware/
 	class core
 	user root
+        seclabel u:r:kickstart:s0
 	oneshot
 
 service startup /system/bin/sh /init.qcom.sh
@@ -311,14 +322,14 @@ service sdcard /system/bin/sdcard /data/media /mnt/shell/emulated 1023 1023
 service wpa_supplicant /system/bin/wpa_supplicant -Dnl80211 -iwlan0 -c/data/misc/wifi/wpa_supplicant.conf
     user root
     group wifi inet
-    socket wpa_wlan0 dgram 0660 wifi wifi
+    socket wpa_wlan0 dgram 0660 wifi wifi  u:object_r:wpa_socket:s0
     disabled
     oneshot
 
 service p2p_supplicant /system/bin/wpa_supplicant -Dnl80211 -iwlan0 -c/data/misc/wifi/wpa_supplicant.conf
     user root
     group wifi inet
-    socket wpa_wlan0 dgram 0660 wifi wifi
+    socket wpa_wlan0 dgram 0660 wifi wifi u:object_r:wpa_socket:s0
     disabled
     oneshot
 

sepolicy/bluetooth_loader.te

@@ -0,0 +1,39 @@
+# Bluetooth executables and script (bdAddrLoader, init.qcom.bt.sh)
+type bluetooth_loader, domain;
+type bluetooth_loader_exec, exec_type, file_type;
+
+# Start bdAddrLoader from init
+init_daemon_domain(bluetooth_loader)
+
+# Run init.qcom.bt.sh
+allow bluetooth_loader shell_exec:file { entrypoint read };
+allow bluetooth_loader bluetooth_loader_exec:file { getattr open execute_no_trans };
+
+# init.qcom.bt.sh needs /system/bin/log access
+allow bluetooth_loader devpts:chr_file rw_file_perms;
+
+# Run hci_qcomm_init from init.qcom.bt.sh
+domain_auto_trans(bluetooth_loader, hci_attach_exec, hci_attach)
+
+# hci_qcomm_init started with logwrapper
+allow hci_attach devpts:chr_file rw_file_perms;
+allow hci_attach bluetooth_loader:fd use;
+
+# Read mac address from persist partition
+allow bluetooth_loader persist_file:dir search;
+r_dir_file(bluetooth_loader, persist_bluetooth_file)
+
+# Talk to init over the property socket
+unix_socket_connect(bluetooth_loader, property, init)
+# Set persist.service.bdroid.* and bluetooth.* property values
+allow { bluetooth bluetooth_loader } bluetooth_prop:property_service set;
+
+# Shared memory node access
+allow hci_attach bluetooth_device:chr_file rw_file_perms;
+
+# Allow getprop/setprop for init.mako.bt.sh
+allow bluetooth_loader system_file:file execute_no_trans;
+
+# Bluetooth
+allow bluetooth radio_efs_file:file r_file_perms;
+allow bluetooth radio_efs_file:dir { open read search };

sepolicy/bridge.te

@@ -0,0 +1,17 @@
+# Bridge Manager (radio process)
+type bridge, domain;
+type bridge_exec, exec_type, file_type;
+
+# Started by init
+init_daemon_domain(bridge)
+
+allow bridge self:netlink_kobject_uevent_socket { create bind read };
+
+# Allow logging diagnostic items
+allow bridge diagnostic_device:chr_file rw_file_perms;
+
+# Talk to qmuxd
+qmux_socket(bridge)
+
+# XXX Label sysfs files with a specific type?
+allow bridge sysfs:file { open write read getattr };

sepolicy/camera.te

@@ -0,0 +1,26 @@
+# Qualcomm MSM camera
+type camera, domain;
+type camera_exec, exec_type, file_type;
+
+# Started by init
+init_daemon_domain(camera)
+
+allow camera self:process execmem;
+
+allow camera camera_device:dir search;
+allow camera { video_device camera_device }:chr_file rw_file_perms;
+allow camera { surfaceflinger mediaserver }:fd use;
+
+# Create /data/cam_socket0 as camera_socket
+type_transition camera system_data_file:sock_file camera_socket "cam_socket0";
+allow camera camera_socket:sock_file { create unlink };
+dontaudit camera system_data_file:dir remove_name;
+
+# All others under /data get camera_data_file
+file_type_auto_trans(camera, system_data_file, camera_data_file);
+allow camera camera_data_file:dir { write add_name };
+allow camera camera_data_file:file create_file_perms;
+
+# Connect to /data/app/sensor_ctl_socket
+unix_socket_connect(camera, sensors, sensors)
+allow camera sensors_socket:sock_file read;

sepolicy/conn_init.te

@@ -0,0 +1,15 @@
+# wifi connection service
+type conn_init, domain;
+type conn_init_exec, exec_type, file_type;
+
+# Started by logwrapper in init
+domain_auto_trans(init, conn_init_exec, conn_init)
+allow conn_init devpts:chr_file { read write };
+
+# allow /persist/wifi access
+allow conn_init persist_file:dir search;
+r_dir_file(conn_init, persist_wifi_file)
+
+# allow /data/misc/wifi access for firmware files
+allow conn_init wifi_data_file:dir w_dir_perms;
+allow conn_init wifi_data_file:file create_file_perms;

sepolicy/device.te

@@ -0,0 +1,9 @@
+type diagnostic_device, dev_type;
+type kgsl_device, dev_type, mlstrustedobject;
+type mpdecision_device, dev_type;
+type shared_log_device, dev_type;
+type power_control_device, dev_type;
+type efs_block_device, dev_type;
+type bluetooth_device, dev_type;
+type shared_memory_device, dev_type;
+type rfkill_device, dev_type;

sepolicy/dhcp.te

@@ -0,0 +1 @@
+allow dhcp self:rawip_socket { create write setopt };

sepolicy/domain.te

@@ -0,0 +1,3 @@
+allow domain kgsl_device:chr_file rw_file_perms;
+# libgsl is chatty about accessing /data/local/tmp
+dontaudit { surfaceflinger appdomain } shell_data_file:dir search;

sepolicy/drmserver.te

@@ -0,0 +1,2 @@
+# Drm wants to read /firmware/image/tzapps.mdt
+r_dir_file(drmserver, radio_efs_file)

sepolicy/file.te

@@ -0,0 +1,22 @@
+type mpdecision_socket, file_type;
+type qmuxd_socket, file_type;
+type sensors_socket, file_type;
+type camera_socket, file_type;
+
+type kickstart_data_file, file_type, data_file_type;
+type sensors_data_file, file_type, data_file_type;
+type camera_data_file, file_type, data_file_type;
+
+# Default type for anything under /firmware
+type radio_efs_file, fs_type;
+allow fs_type radio_efs_file:filesystem associate;
+
+allow radio_efs_file labeledfs:filesystem associate;
+allow radio_efs_file rootfs:filesystem associate;
+
+# Persist firmware types
+type persist_file, file_type;
+type persist_bluetooth_file, file_type;
+type persist_drm_file, file_type;
+type persist_sensors_file, file_type;
+type persist_wifi_file, file_type;