msm8916/common: Fix various issues
- Label the FRP and cache partitions
- Let keystore load firmware
- facedetection still uses a file at /data :(
- The tether service was broken under the new domain
Change-Id: Ifa500ca57dc71831074a39fb5b05246c12cd0d4c
diff --git a/common/file_contexts b/common/file_contexts
index 0910189..1aacf05 100644
--- a/common/file_contexts
+++ b/common/file_contexts
@@ -274,6 +274,7 @@
/data/rfs.* u:object_r:rfs_file:s0
/data/hlos_rfs(/.*)? u:object_r:rfs_shared_hlos_file:s0
/data/camera(/.*)? u:object_r:camera_socket:s0
+/data/fdAlbum u:object_r:camera_data_file:s0
/data/misc/stargate(/.*)? u:object_r:qfp-daemon_data_file:s0
/data/system/sensors(/.*)? u:object_r:sensors_data_file:s0
/data/time(/.*)? u:object_r:time_data_file:s0
diff --git a/common/keystore.te b/common/keystore.te
index 524fc3f..0a825c1 100644
--- a/common/keystore.te
+++ b/common/keystore.te
@@ -1,2 +1,5 @@
# Allow keystore to operate using qseecom_device
allow keystore tee_device:chr_file rw_file_perms;
+
+# Allow keystore to search and get keymaste.mdt
+r_dir_file(keystore, firmware_file)
diff --git a/common/mediaserver.te b/common/mediaserver.te
index 4f37c7c..ab6aabc 100644
--- a/common/mediaserver.te
+++ b/common/mediaserver.te
@@ -71,3 +71,7 @@
#Allow mediaserver to access service manager STAProxyService
#Allow mediaserver to access service manager wfdservice
allow mediaserver { STAProxyService wfdservice_service }:service_manager find;
+
+# Allow mediaserver to search and get the widevine, playready firmwares
+allow mediaserver firmware_file:dir search;
+allow mediaserver firmware_file:file { read getattr open };
diff --git a/common/mm-qcamerad.te b/common/mm-qcamerad.te
index ea3bc2e..3b92df3 100644
--- a/common/mm-qcamerad.te
+++ b/common/mm-qcamerad.te
@@ -49,3 +49,6 @@
r_dir_file(mm-qcamerad, firmware_file)
allow mm-qcamerad graphics_device:dir r_file_perms;
+
+# /data/fdAlbum
+allow mm-qcamerad camera_data_file:file create_file_perms;
diff --git a/common/qtitetherservice_app.te b/common/qtitetherservice_app.te
index 24f35e8..2549dd2 100644
--- a/common/qtitetherservice_app.te
+++ b/common/qtitetherservice_app.te
@@ -43,3 +43,8 @@
allow qtitetherservice_app qtitetherservice_app_data_file:{ file lnk_file } create_file_perms;
allow qtitetherservice_app wcnss_service_exec:file rx_file_perms;
+
+# TEMPORARY: Type transitioning via seapp_contexts from system_app isn't working
+#
+allow system_app qtitetherservice_app_data_file:dir create_dir_perms;
+allow system_app qtitetherservice_app_data_file:{ file lnk_file } create_file_perms;
diff --git a/msm8916/file_contexts b/msm8916/file_contexts
index 54b6ca7..c9bb250 100644
--- a/msm8916/file_contexts
+++ b/msm8916/file_contexts
@@ -37,3 +37,6 @@
/dev/block/platform/soc.0/7824900.sdhci/by-name/userdata u:object_r:userdata_block_device:s0
/dev/block/mmcblk0 u:object_r:root_block_device:s0
/dev/block/mmcblk0rpmb u:object_r:rpmb_device:s0
+
+/dev/block/platform/soc.0/7824900.sdhci/by-name/frp u:object_r:frp_block_device:s0
+/dev/block/platform/soc.0/7824900.sdhci/by-name/cache u:object_r:cache_block_device:s0
diff --git a/msm8916/mm-qcamerad.te b/msm8916/mm-qcamerad.te
new file mode 100644
index 0000000..98f2ca9
--- /dev/null
+++ b/msm8916/mm-qcamerad.te
@@ -0,0 +1,2 @@
+# The current BSP's faceproc library still needs this
+allow mm-qcamerad system_file:file execmod;