Merge remote-tracking branch 'github/cm-13.0' into replicant-6.0

remove prebuilt terminal (built-in terminal app can be activated in dev settings)

Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>

Conflicts:
	CHANGELOG.mkdn
	CONTRIBUTORS.mkdn
	config/cdma.mk
	config/cm_audio.mk
	config/common.mk
	config/common_full.mk
	config/common_full_phone.mk
	config/gsm.mk
	config/themes_common.mk
	get-prebuilts
	overlay/common/frameworks/base/core/res/res/drawable-nodpi/default_wallpaper.jpg
	overlay/common/frameworks/base/core/res/res/drawable-sw600dp-nodpi/default_wallpaper.jpg
	overlay/common/frameworks/base/core/res/res/drawable-sw720dp-nodpi/default_wallpaper.jpg
	overlay/common/frameworks/base/core/res/res/drawable-xhdpi/default_wallpaper.jpg
	overlay/common/frameworks/base/core/res/res/values/config.xml
	overlay/common/frameworks/base/packages/SettingsProvider/res/values/defaults.xml
	prebuilt/common/bootanimation/1080.zip
	prebuilt/common/bootanimation/1200.zip
	prebuilt/common/bootanimation/240.zip
	prebuilt/common/bootanimation/320.zip
	prebuilt/common/bootanimation/360.zip
	prebuilt/common/bootanimation/480.zip
	prebuilt/common/bootanimation/540.zip
	prebuilt/common/bootanimation/600.zip
	prebuilt/common/bootanimation/720.zip
	prebuilt/common/bootanimation/768.zip
	prebuilt/common/bootanimation/800.zip
	prebuilt/common/etc/apns-conf.xml
	sepolicy/mac_permissions.xml
	sepolicy/sepolicy.mk
	vendorsetup.sh

Change-Id: I4fc2a5b00721cae8b3a36f33c36f006142bad44f

10 files changed, 57 insertions, 0 deletions

diff --git a/sepolicy/qcom/adbd.c b/sepolicy/qcom/adbd.c
new file mode 100644
index 0000000..d610917
--- /dev/null
+++ b/sepolicy/qcom/adbd.c
@@ -0,0 +1,14 @@
+# Allow pulling various binaries without root
+# (cause we're awesome like that)
+
+allow adbd adsprpcd_exec:file r_file_perms;
+allow adbd location_exec:file r_file_perms;
+allow adbd mm-qcamerad_exec:file r_file_perms;
+allow adbd mpdecision_exec:file r_file_perms;
+allow adbd perfd_exec:file r_file_perms;
+allow adbd rfs_access_exec:file r_file_perms;
+allow adbd rmt_storage_exec:file r_file_perms;
+allow adbd sensors_exec:file r_file_perms;
+allow adbd tee_exec:file r_file_perms;
+allow adbd thermal-engine_exec:file r_file_perms;
+allow adbd time_daemon_exec:file r_file_perms;
diff --git a/sepolicy/qcom/bootanim.te b/sepolicy/qcom/bootanim.te
new file mode 100644
index 0000000..4b4ca71
--- /dev/null
+++ b/sepolicy/qcom/bootanim.te
@@ -0,0 +1,8 @@
+allow bootanim mpctl_socket:dir search;
+unix_socket_connect(bootanim, mpctl, perfd)
+unix_socket_send(bootanim, mpctl, perfd)
+
+allow bootanim mpdecision:dir search;
+allow bootanim mpdecision:file r_file_perms;
+unix_socket_connect(bootanim, mpctl, mpdecision)
+unix_socket_send(bootanim, mpctl, mpdecision)
diff --git a/sepolicy/qcom/device.te b/sepolicy/qcom/device.te
new file mode 100644
index 0000000..9e49627
--- /dev/null
+++ b/sepolicy/qcom/device.te
@@ -0,0 +1 @@
+type persist_block_device, dev_type;
diff --git a/sepolicy/qcom/domain.te b/sepolicy/qcom/domain.te
new file mode 100644
index 0000000..5af099f
--- /dev/null
+++ b/sepolicy/qcom/domain.te
@@ -0,0 +1,2 @@
+allow domain persist_file:dir getattr;
+allow domain persist_block_device:blk_file getattr;
diff --git a/sepolicy/qcom/mpdecision.te b/sepolicy/qcom/mpdecision.te
new file mode 100644
index 0000000..9399b32
--- /dev/null
+++ b/sepolicy/qcom/mpdecision.te
@@ -0,0 +1,5 @@
+allow mpdecision sysfs_devices_system_iosched:file rw_file_perms;
+unix_socket_connect(mpdecision, thermal, thermal-engine)
+
+# read /proc/pid files
+r_dir_file(mpdecision, domain)
diff --git a/sepolicy/qcom/perfd.te b/sepolicy/qcom/perfd.te
new file mode 100644
index 0000000..dd11d84
--- /dev/null
+++ b/sepolicy/qcom/perfd.te
@@ -0,0 +1,7 @@
+allow perfd sysfs_devices_system_iosched:file rw_file_perms;
+
+# read mediaserver status
+allow perfd mediaserver:file { read open };
+
+#cm extra opts
+unix_socket_connect(perfd, thermal, thermal-engine)
diff --git a/sepolicy/qcom/sepolicy.mk b/sepolicy/qcom/sepolicy.mk
new file mode 100644
index 0000000..1214054
--- /dev/null
+++ b/sepolicy/qcom/sepolicy.mk
@@ -0,0 +1,2 @@
+BOARD_SEPOLICY_DIRS += \
+    vendor/cm/sepolicy/qcom
diff --git a/sepolicy/qcom/system_server.te b/sepolicy/qcom/system_server.te
new file mode 100644
index 0000000..3239c2d
--- /dev/null
+++ b/sepolicy/qcom/system_server.te
@@ -0,0 +1,10 @@
+# LiveDisplay access to color calibration
+allow system_server pps_socket:sock_file rw_file_perms;
+allow system_server mm-pp-daemon:unix_stream_socket connectto;
+
+# Time services
+allow system_server time_daemon:unix_stream_socket connectto;
+
+#allow reading of usb sysfs to query hvdcp state
+allow system_server sysfs_usb_supply:dir { search };
+allow system_server sysfs_usb_supply:file r_file_perms;
diff --git a/sepolicy/qcom/thermal-engine.te b/sepolicy/qcom/thermal-engine.te
new file mode 100644
index 0000000..8f8967e
--- /dev/null
+++ b/sepolicy/qcom/thermal-engine.te
@@ -0,0 +1,7 @@
+allow thermal-engine self:netlink_kobject_uevent_socket create_socket_perms;
+r_dir_file(thermal-engine, sysfs_rqstats);
+
+allow thermal-engine sysfs_battery_supply:file rw_file_perms;
+allow thermal-engine sysfs_battery_supply:dir r_dir_perms;
+
+allow thermal-engine self:capability { net_admin } ;
diff --git a/sepolicy/qcom/vold.te b/sepolicy/qcom/vold.te
new file mode 100644
index 0000000..9893108
--- /dev/null
+++ b/sepolicy/qcom/vold.te
@@ -0,0 +1 @@
+allow vold persist_file:dir { getattr read open ioctl };