From 580887949cbfdb3cf332bb320a34909aa49ea553 Mon Sep 17 00:00:00 2001
From: boss <boss@boss-Inspiron-1545.(none)>
Date: Sun, 4 Aug 2013 10:15:41 -0700
Subject: [PATCH 01/13] dlx: audio * remove legacy audio flag no longer needed
 * remove extra qualcomm av features flags already defined in msm8960-common

---
 BoardConfig.mk | 2 --
 1 file changed, 2 deletions(-)

diff --git a/BoardConfig.mk b/BoardConfig.mk
index e766aa9..6eeef1b 100644
--- a/BoardConfig.mk
+++ b/BoardConfig.mk
@@ -58,13 +58,11 @@ TARGET_KERNEL_CONFIG := cyanogenmod_dlx_defconfig
 TARGET_KERNEL_SOURCE := kernel/htc/dlx
 
 # Audio
-BOARD_USES_LEGACY_ALSA_AUDIO := true
 BOARD_USES_FLUENCE_INCALL := true
 BOARD_USES_SEPERATED_AUDIO_INPUT := true
 BOARD_USES_SEPERATED_VOICE_SPEAKER := true
 BOARD_USES_SEPERATED_VOIP := true
 BOARD_HAVE_HTC_CSDCLIENT := true
-TARGET_ENABLE_QC_AV_ENHANCEMENTS := true
 
 # Camera
 USE_CAMERA_STUB := false

From df09aaf86923ae98e8ae26bd281317a1b752557f Mon Sep 17 00:00:00 2001
From: boss <boss@boss-Inspiron-1545.(none)>
Date: Sun, 4 Aug 2013 10:19:22 -0700
Subject: [PATCH 02/13] dlx: remove redundant audio_effect.conf

---
 configs/audio_effects.conf | 142 -------------------------------------
 full_dlx.mk                |   1 -
 2 files changed, 143 deletions(-)
 delete mode 100644 configs/audio_effects.conf

diff --git a/configs/audio_effects.conf b/configs/audio_effects.conf
deleted file mode 100644
index 93f27cb..0000000
--- a/configs/audio_effects.conf
+++ /dev/null
@@ -1,142 +0,0 @@
-# List of effect libraries to load. Each library element must contain a "path" element
-# giving the full path of the library .so file.
-#    libraries {
-#        <lib name> {
-#          path <lib path>
-#        }
-#    }
-libraries {
-  bundle {
-    path /system/lib/soundfx/libbundlewrapper.so
-  }
-  reverb {
-    path /system/lib/soundfx/libreverbwrapper.so
-  }
-  visualizer {
-    path /system/lib/soundfx/libvisualizer.so
-  }
-  downmix {
-    path /system/lib/soundfx/libdownmix.so
-  }
-}
-
-# Default pre-processing library. Add to audio_effect.conf "libraries" section if
-# audio HAL implements support for default software audio pre-processing effects
-#
-#  pre_processing {
-#    path /system/lib/soundfx/libaudiopreprocessing.so
-#  }
-
-# list of effects to load. Each effect element must contain a "library" and a "uuid" element.
-# The value of the "library" element must correspond to the name of one library element in the
-# "libraries" element.
-# The name of the effect element is indicative, only the value of the "uuid" element
-# designates the effect.
-# The uuid is the implementation specific UUID as specified by the effect vendor. This is not the
-# generic effect type UUID.
-#    effects {
-#        <fx name> {
-#            library <lib name>
-#            uuid <effect uuid>
-#        }
-#        ...
-#    }
-
-effects {
-  bassboost {
-    library bundle
-    uuid 8631f300-72e2-11df-b57e-0002a5d5c51b
-  }
-  virtualizer {
-    library bundle
-    uuid 1d4033c0-8557-11df-9f2d-0002a5d5c51b
-  }
-  equalizer {
-    library bundle
-    uuid ce772f20-847d-11df-bb17-0002a5d5c51b
-  }
-  volume {
-    library bundle
-    uuid 119341a0-8469-11df-81f9-0002a5d5c51b
-  }
-  reverb_env_aux {
-    library reverb
-    uuid 4a387fc0-8ab3-11df-8bad-0002a5d5c51b
-  }
-  reverb_env_ins {
-    library reverb
-    uuid c7a511a0-a3bb-11df-860e-0002a5d5c51b
-  }
-  reverb_pre_aux {
-    library reverb
-    uuid f29a1400-a3bb-11df-8ddc-0002a5d5c51b
-  }
-  reverb_pre_ins {
-    library reverb
-    uuid 172cdf00-a3bc-11df-a72f-0002a5d5c51b
-  }
-  visualizer {
-    library visualizer
-    uuid d069d9e0-8329-11df-9168-0002a5d5c51b
-  }
-  downmix {
-    library downmix
-    uuid 93f04452-e4fe-41cc-91f9-e475b6d1d69f
-  }
-}
-
-# Default pre-processing effects. Add to audio_effect.conf "effects" section if
-# audio HAL implements support for them.
-#
-#  agc {
-#    library pre_processing
-#    uuid aa8130e0-66fc-11e0-bad0-0002a5d5c51b
-#  }
-#  aec {
-#    library pre_processing
-#    uuid bb392ec0-8d4d-11e0-a896-0002a5d5c51b
-#  }
-#  ns {
-#    library pre_processing
-#    uuid c06c8400-8e06-11e0-9cb6-0002a5d5c51b
-#  }
-
-# Audio preprocessor configurations.
-# The pre processor configuration consists in a list of elements each describing
-# pre processor settings for a given input source. Valid input source names are:
-# "mic", "camcorder", "voice_recognition", "voice_communication"
-# Each input source element contains a list of effects elements. The name of the effect
-# element must be the name of one of the effects in the "effects" list of the file.
-# Each effect element may optionally contain a list of parameters and their
-# default value to apply when the pre processor effect is created.
-# A parameter is defined by a "param" element and a "value" element. Each of these elements
-# consists in one or more elements specifying a type followed by a value.
-# The types defined are: "int", "short", "float", "bool" and "string"
-# When both "param" and "value" are a single int, a simple form is allowed where just
-# the param and value pair is present in the parameter description
-#    pre_processing {
-#        <input source name> {
-#            <fx name> {
-#                <param 1 name> {
-#                    param {
-#                        int|short|float|bool|string <value>
-#                        [ int|short|float|bool|string <value> ]
-#                        ...
-#                    }
-#                    value {
-#                        int|short|float|bool|string <value>
-#                        [ int|short|float|bool|string <value> ]
-#                        ...
-#                    }
-#                }
-#                <param 2 name > {<param> <value>}
-#                ...
-#            }
-#            ...
-#        }
-#        ...
-#    }
-
-#
-# TODO: add default audio pre processor configurations after debug and tuning phase
-#
diff --git a/full_dlx.mk b/full_dlx.mk
index 6642cd6..9e77e29 100644
--- a/full_dlx.mk
+++ b/full_dlx.mk
@@ -64,7 +64,6 @@ PRODUCT_COPY_FILES += \
 # Media configs
 PRODUCT_COPY_FILES += device/htc/dlx/configs/AudioBTID.csv:system/etc/AudioBTID.csv
 PRODUCT_COPY_FILES += device/htc/dlx/configs/AudioBTIDnew.csv:system/etc/AudioBTIDnew.csv
-PRODUCT_COPY_FILES += device/htc/dlx/configs/audio_effects.conf:system/etc/audio_effects.conf
 
 # wifi config
 PRODUCT_COPY_FILES += \

From 0feb493241c6e2f6d827891ce35e47a9de7889d1 Mon Sep 17 00:00:00 2001
From: boss <boss@boss-Inspiron-1545.(none)>
Date: Sun, 4 Aug 2013 10:21:17 -0700
Subject: [PATCH 03/13] dlx: remove unused entries

---
 rootdir/etc/init.dlx.rc | 29 -----------------------------
 1 file changed, 29 deletions(-)

diff --git a/rootdir/etc/init.dlx.rc b/rootdir/etc/init.dlx.rc
index 8a82840..39de350 100755
--- a/rootdir/etc/init.dlx.rc
+++ b/rootdir/etc/init.dlx.rc
@@ -229,23 +229,6 @@ on boot
     chown radio radio /sys/class/power_supply/battery/network_search
     chown system system /sys/class/power_supply/battery/navigation
 
-# Define TCP buffer sizes for various networks
-    setprop net.tcp.buffersize.default 4096,87380,110208,4096,16384,110208
-    setprop net.tcp.buffersize.wifi    524288,1048576,2097152,262144,524288,1048576
-    setprop net.tcp.buffersize.lte     4094,87380,1220608,4096,16384,1220608
-    setprop net.tcp.buffersize.umts    4094,87380,110208,4096,16384,110208
-    setprop net.tcp.buffersize.hspa    4094,87380,1220608,4096,16384,1220608
-    setprop net.tcp.buffersize.hsupa   4094,87380,1220608,4096,16384,1220608
-    setprop net.tcp.buffersize.hsdpa   4094,87380,1220608,4096,16384,1220608
-    setprop net.tcp.buffersize.edge    4093,26280,35040,4096,16384,35040
-    setprop net.tcp.buffersize.gprs    4092,8760,11680,4096,8760,11680
-    setprop net.tcp.buffersize.evdo_b  4094,87380,262144,4096,16384,262144
-
-# Assign TCP buffer thresholds to be ceiling value of technology maximums
-# Increased technology maximums should be reflected here.
-    write /proc/sys/net/core/rmem_max  1220608
-    write /proc/sys/net/core/wmem_max  1220608
-
 on post-fs-data
     mkdir /data/media 0770 media_rw media_rw
 
@@ -358,8 +341,6 @@ service iprenew_p2p /system/bin/dhcpcd -n
 
 on property:init.svc.bootanim=stopped
     	start post-boot
-    	# Overwrite ActivityManager's low memory killer settings
-    	write /sys/module/lowmemorykiller/parameters/adj 0,2,4,7,9,12
 
 service post-boot /system/bin/sh /system/etc/init.post_boot.sh
     user root
@@ -379,16 +360,6 @@ service netmgrd /system/bin/netmgrd
 
 #--SSD_RIL
 
-#HDMI
-
-service hdmid /system/bin/hdmid
-    class late_start
-    socket displayd stream 0660 root system graphics
-    disabled
-
-on property:ro.hdmi.enable=true
-    start hdmid
-
 service tpd /sbin/tpd
     class core
     cgroup bg

From 4736c3ff902f6d848c0af11fc5379a88a1fa114d Mon Sep 17 00:00:00 2001
From: boss <boss@boss-Inspiron-1545.(none)>
Date: Sun, 4 Aug 2013 10:22:22 -0700
Subject: [PATCH 04/13] dlx: restart adb on adb root

---
 rootdir/etc/init.dlx.rc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/rootdir/etc/init.dlx.rc b/rootdir/etc/init.dlx.rc
index 39de350..ac37459 100755
--- a/rootdir/etc/init.dlx.rc
+++ b/rootdir/etc/init.dlx.rc
@@ -430,3 +430,7 @@ on property:ro.baseband="msm"
     # Enable BT-DUN only for all msms
     setprop ro.qualcomm.bluetooth.dun true    
 
+on property:service.adb.root=1
+    write /sys/class/android_usb/android0/enable 0
+    restart adbd
+    write /sys/class/android_usb/android0/enable 1

From a3793af8df085aae58798ca263903085cad16e71 Mon Sep 17 00:00:00 2001
From: boss <boss@boss-Inspiron-1545.(none)>
Date: Sun, 4 Aug 2013 11:09:34 -0700
Subject: [PATCH 05/13] dlx: updates from M7 GE 4.3 and Butterfly 4.2.2

---
 configs/AudioBTIDnew.csv    |  4 ++--
 configs/calibration         | 20 +++++++++-----------
 configs/calibration.gpio4   | 16 ++++++++--------
 configs/wpa_supplicant.conf | 17 +++++------------
 4 files changed, 24 insertions(+), 33 deletions(-)

diff --git a/configs/AudioBTIDnew.csv b/configs/AudioBTIDnew.csv
index 4c8ac58..c1cb671 100644
--- a/configs/AudioBTIDnew.csv
+++ b/configs/AudioBTIDnew.csv
@@ -1,4 +1,4 @@
-HEADER,DLX_20130331_v10,Neo
+HEADER,DLX_20130621_v10,Ken
 Default,1001,1101,
 Default Car-kit,1201,1301,
 Default BT_NRECon,1027,1127,
@@ -72,7 +72,7 @@ MFE XI Telecom,1801,1901
 @^[0-9]{8}-CH[1-4]$,1801,1901,Metrico BT MOS
 @^MT8855A [0-9]{4}$,1802,1902,VzW lab
 Sennheiser MM550-X,1027,1127,
-Motorola Elite Flip,1027,11271,
+Motorola Elite Flip,1027,1127,
 Motorola Elite Sliver,1027,1127,
 ------,1408,1508,
 ------,1410,1510,
diff --git a/configs/calibration b/configs/calibration
index 3c7f34c..47e3ba5 100644
--- a/configs/calibration
+++ b/configs/calibration
@@ -14,8 +14,8 @@ ag0=255
 aa2g=1
 ccode=ALL
 pa0itssit=0x20
-pa0b0=0x15E5
-pa0b1=0xFD1E
+pa0b0=0x17E5
+pa0b1=0xFCEB
 pa0b2=0xFF36
 tssifloor2g=37
 extpagain2g=2
@@ -24,20 +24,19 @@ rssismf2g=0xf
 rssismc2g=0x8
 rssisav2g=0x1
 cckPwrOffset=3
-cckdigfilttype=24
 rssismf5g=0xf
 rssismc5g=0x8
 rssisav5g=0x1
-pa1lob0=0x15AE
-pa1lob1=0xFD3A
+pa1lob0=0x182E
+pa1lob1=0xFCF4
 pa1lob2=0xFF21
 tssifloor5gl=21
-pa1b0=0x1401
-pa1b1=0xFD6B
+pa1b0=0x1901
+pa1b1=0xFCE2
 pa1b2=0xFF25
 tssifloor5gm=21
-pa1hib0=0x13A5
-pa1hib1=0xFD70
+pa1hib0=0x1825
+pa1hib1=0xFCF8
 pa1hib2=0xFF2B
 tssifloor5gh=21
 rxpo5g=0
@@ -66,7 +65,6 @@ triso5g=5
 btc_params80=0 
 btc_params6=30 
 btc_params33=3 
-btc_params61=2
-rssi_offset=8
+btc_params61=2 
 txiqlopapu2g=0
 txiqlopapu5g=0
diff --git a/configs/calibration.gpio4 b/configs/calibration.gpio4
index 5f67e1c..14558ae 100644
--- a/configs/calibration.gpio4
+++ b/configs/calibration.gpio4
@@ -14,8 +14,8 @@ ag0=255
 aa2g=1
 ccode=ALL
 pa0itssit=0x20
-pa0b0=0x15E5
-pa0b1=0xFD1E
+pa0b0=0x14E5
+pa0b1=0xFD37
 pa0b2=0xFF36
 tssifloor2g=37
 extpagain2g=2
@@ -28,16 +28,16 @@ cckdigfilttype=24
 rssismf5g=0xf
 rssismc5g=0x8
 rssisav5g=0x1
-pa1lob0=0x15AE
-pa1lob1=0xFD3A
+pa1lob0=0x14AE
+pa1lob1=0xFD55
 pa1lob2=0xFF21
 tssifloor5gl=21
-pa1b0=0x1401
-pa1b1=0xFD6B
+pa1b0=0x1281
+pa1b1=0xFD94
 pa1b2=0xFF25
 tssifloor5gm=21
-pa1hib0=0x13A5
-pa1hib1=0xFD70
+pa1hib0=0x1358
+pa1hib1=0xFD77
 pa1hib2=0xFF2B
 tssifloor5gh=21
 rxpo5g=0
diff --git a/configs/wpa_supplicant.conf b/configs/wpa_supplicant.conf
index 15502b1..9f9e399 100644
--- a/configs/wpa_supplicant.conf
+++ b/configs/wpa_supplicant.conf
@@ -1,12 +1,5 @@
-##### wpa_supplicant configuration file template #####
-ctrl_interface=wlan0
-update_config=1
-device_name=HTC-Dev
-device_type=10-0050F204-4
-manufacturer=HTC-Mfg
-model_name=HTC-Mod
-model_number=HTC-Num
-serial_number=HTC-Ser
-config_methods=virtual_display virtual_push_button keypad
-uuid=12345678-9abc-def0-1234-56789abcdef0
-os_version=01020300
+update_config=1
+ctrl_interface=wlan0
+eapol_version=1
+ap_scan=1
+fast_reauth=1

From 58e1d58dbd9cefb2267c5ff1652c996f678da217 Mon Sep 17 00:00:00 2001
From: boss <boss@boss-Inspiron-1545.(none)>
Date: Sun, 4 Aug 2013 12:09:53 -0700
Subject: [PATCH 06/13] add 5,6,7,8mp resolutions

---
 overlay/packages/apps/Camera/res/values/arrays.xml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/overlay/packages/apps/Camera/res/values/arrays.xml b/overlay/packages/apps/Camera/res/values/arrays.xml
index 7f6003e..9f86543 100644
--- a/overlay/packages/apps/Camera/res/values/arrays.xml
+++ b/overlay/packages/apps/Camera/res/values/arrays.xml
@@ -19,6 +19,11 @@
 
     <!-- Camera Preferences Picture size dialog box entries -->
     <string-array name="pref_camera_picturesize_entries" translatable="false">
+        <item>@string/pref_camera_picturesize_entry_8mp</item>
+        <item>@string/pref_camera_picturesize_entry_7mp</item>
+        <item>@string/pref_camera_picturesize_entry_6_4mp</item>
+        <item>@string/pref_camera_picturesize_entry_6mp</item>
+        <item>@string/pref_camera_picturesize_entry_5mp</item>
         <item>@string/pref_camera_picturesize_entry_4mp</item>
         <item>@string/pref_camera_picturesize_entry_3mp</item>
         <item>@string/pref_camera_picturesize_entry_2_5mp</item>
@@ -37,6 +42,11 @@
          size to the first one in the list that is also supported by the
          driver -->
     <string-array name="pref_camera_picturesize_entryvalues" translatable="false">
+        <item>3264x2448</item>
+        <item>3264x2176</item>
+        <item>3264x1952</item>
+        <item>3264x1840</item>
+        <item>2592x1456</item>
         <item>2688x1520</item>
         <item>2048x1520</item>
         <item>2048x1216</item>

From 21dd290a781e42cec0097ad9f9a8e08773a4e84c Mon Sep 17 00:00:00 2001
From: boss <boss@boss-Inspiron-1545.(none)>
Date: Sun, 4 Aug 2013 12:32:43 -0700
Subject: [PATCH 07/13] set open gles version to 3.0

---
 full_dlx.mk | 1 +
 1 file changed, 1 insertion(+)

diff --git a/full_dlx.mk b/full_dlx.mk
index 9e77e29..b36365f 100644
--- a/full_dlx.mk
+++ b/full_dlx.mk
@@ -175,6 +175,7 @@ PRODUCT_PROPERTY_OVERRIDES += \
     ro.config.multimode_cdma=1 \
     ro.config.combined_signal=true \
     ro.gsm.data_retry_config=max_retries=infinite,5000,5000,60000,120000,480000,900000 \
+    ro.opengles.version=196608 \
     persist.eons.enabled=false
 
 PRODUCT_DEFAULT_PROPERTY_OVERRIDES += \

From b9251cb976486130596e435dc5d00aa72ab296e4 Mon Sep 17 00:00:00 2001
From: boss <boss@boss-Inspiron-1545.(none)>
Date: Tue, 6 Aug 2013 06:41:36 -0700
Subject: [PATCH 08/13] set to cdma/lte at this moment WCDMA seems to be borked

---
 system.prop | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/system.prop b/system.prop
index b0ae138..d4f0e53 100644
--- a/system.prop
+++ b/system.prop
@@ -22,7 +22,7 @@ ro.vendor.extension_library=/system/lib/libqc-opt.so
 ro.config.svlte1x=true
 ro.ril.transmitpower=true
 ro.baseband.arch = mdm
-ro.telephony.default_network=10
+ro.telephony.default_network=8
 
 # Device needs to get CDMA subscription when RUIM is ready
 ro.cdma.subscribe_on_ruim_ready = true

From 0317ca43b7190126e2000e76a16ee4ffb7085a87 Mon Sep 17 00:00:00 2001
From: boss <boss@boss-Inspiron-1545.(none)>
Date: Tue, 6 Aug 2013 06:43:33 -0700
Subject: [PATCH 09/13] dlx: disable animate screen lights, fixes crt toggle in
 display settings now it actually does something

---
 overlay/frameworks/base/core/res/res/values/config.xml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/overlay/frameworks/base/core/res/res/values/config.xml b/overlay/frameworks/base/core/res/res/values/config.xml
index 347d281..5892bb6 100644
--- a/overlay/frameworks/base/core/res/res/values/config.xml
+++ b/overlay/frameworks/base/core/res/res/values/config.xml
@@ -24,6 +24,9 @@
     <!-- disable menu hard key in non-pattern lockscreen -->
     <bool name="config_disableMenuKeyInLockScreen">true</bool>
 
+    <!-- Set to false to enable CRT-off animation. -->
+    <bool name="config_animateScreenLights">false</bool>
+
     <!-- Flag indicating whether we should enable the automatic brightness in Settings.
          config_hardware_automatic_brightness_available is not set, so we will use software implementation -->
     <bool name="config_automatic_brightness_available">true</bool>

From f76675d33ee546483b70c633c712fd05e8184dfc Mon Sep 17 00:00:00 2001
From: boss <boss@boss-Inspiron-1545.(none)>
Date: Sat, 10 Aug 2013 08:48:12 -0700
Subject: [PATCH 10/13] dlx: remove old camera flags

---
 BoardConfig.mk | 2 --
 1 file changed, 2 deletions(-)

diff --git a/BoardConfig.mk b/BoardConfig.mk
index 68fdd65..163a64c 100644
--- a/BoardConfig.mk
+++ b/BoardConfig.mk
@@ -65,8 +65,6 @@ BOARD_USES_SEPERATED_VOIP := true
 BOARD_HAVE_HTC_CSDCLIENT := true
 
 # Camera
-USE_CAMERA_STUB := false
-TARGET_PROVIDES_CAMERA_HAL := true
 BOARD_NEEDS_MEMORYHEAPPMEM := true
 COMMON_GLOBAL_CFLAGS += -DDISABLE_HW_ID_MATCH_CHECK
 COMMON_GLOBAL_CFLAGS += -DHTC_CAMERA_HARDWARE

From 26f9cf44d7307aae63f806d5c1275cd3cd2915d5 Mon Sep 17 00:00:00 2001
From: boss <boss@boss-Inspiron-1545.(none)>
Date: Sat, 10 Aug 2013 09:53:24 -0700
Subject: [PATCH 11/13] dlx: bulk m7 commits * add selinux support (modified
 for dlx) * revert default menu overflow button

---
 BoardConfig.mk                                |  35 +++++
 .../SettingsProvider/res/values/defaults.xml  |  22 ----
 .../apps/Phone/res/values/network_mode.xml    |   2 +-
 rootdir/etc/fstab.dlx                         |  17 ++-
 rootdir/etc/init.dlx.rc                       |   5 +-
 sepolicy/bluetooth_loader.te                  |  35 +++++
 sepolicy/bridge.te                            |  17 +++
 sepolicy/camera.te                            |  26 ++++
 sepolicy/conn_init.te                         |  15 +++
 sepolicy/device.te                            |   9 ++
 sepolicy/dhcp.te                              |   1 +
 sepolicy/domain.te                            |   3 +
 sepolicy/drmserver.te                         |   2 +
 sepolicy/file.te                              |  18 +++
 sepolicy/file_contexts                        | 123 ++++++++++++++++++
 sepolicy/init.te                              |   3 +
 sepolicy/kickstart.te                         |  51 ++++++++
 sepolicy/mediaserver.te                       |  12 ++
 sepolicy/mpdecision.te                        |  17 +++
 sepolicy/netmgrd.te                           |  28 ++++
 sepolicy/property.te                          |   1 +
 sepolicy/property_contexts                    |   3 +
 sepolicy/qmux.te                              |  19 +++
 sepolicy/restorecon.te                        |   6 +
 sepolicy/rild.te                              |  11 ++
 sepolicy/rmt.te                               |  27 ++++
 sepolicy/sensors.te                           |  33 +++++
 sepolicy/surfaceflinger.te                    |   1 +
 sepolicy/system.te                            |  19 +++
 sepolicy/te_macros                            |  12 ++
 sepolicy/tee.te                               |  12 ++
 sepolicy/thermald.te                          |  22 ++++
 sepolicy/ueventd.te                           |   5 +
 sepolicy/wpa_supplicant.te                    |  12 ++
 34 files changed, 593 insertions(+), 31 deletions(-)
 delete mode 100644 overlay/frameworks/base/packages/SettingsProvider/res/values/defaults.xml
 create mode 100644 sepolicy/bluetooth_loader.te
 create mode 100644 sepolicy/bridge.te
 create mode 100644 sepolicy/camera.te
 create mode 100644 sepolicy/conn_init.te
 create mode 100644 sepolicy/device.te
 create mode 100644 sepolicy/dhcp.te
 create mode 100644 sepolicy/domain.te
 create mode 100644 sepolicy/drmserver.te
 create mode 100644 sepolicy/file.te
 create mode 100644 sepolicy/file_contexts
 create mode 100644 sepolicy/init.te
 create mode 100644 sepolicy/kickstart.te
 create mode 100644 sepolicy/mediaserver.te
 create mode 100644 sepolicy/mpdecision.te
 create mode 100644 sepolicy/netmgrd.te
 create mode 100644 sepolicy/property.te
 create mode 100644 sepolicy/property_contexts
 create mode 100644 sepolicy/qmux.te
 create mode 100644 sepolicy/restorecon.te
 create mode 100644 sepolicy/rild.te
 create mode 100644 sepolicy/rmt.te
 create mode 100644 sepolicy/sensors.te
 create mode 100644 sepolicy/surfaceflinger.te
 create mode 100644 sepolicy/system.te
 create mode 100644 sepolicy/te_macros
 create mode 100644 sepolicy/tee.te
 create mode 100644 sepolicy/thermald.te
 create mode 100644 sepolicy/ueventd.te
 create mode 100644 sepolicy/wpa_supplicant.te

diff --git a/BoardConfig.mk b/BoardConfig.mk
index 163a64c..4923a4c 100644
--- a/BoardConfig.mk
+++ b/BoardConfig.mk
@@ -106,6 +106,41 @@ WIFI_DRIVER_FW_PATH_P2P := "/system/etc/firmware/fw_bcm4334_p2p.bin"
 BOARD_VENDOR_QCOM_GPS_LOC_API_HARDWARE := $(TARGET_BOARD_PLATFORM)
 TARGET_NO_RPC := true
 
+# SElinux
+BOARD_SEPOLICY_DIRS := \
+	device/htc/dlx/sepolicy
+
+BOARD_SEPOLICY_UNION := \
+	file_contexts \
+	property_contexts \
+	te_macros \
+	bluetooth_loader.te \
+	bridge.te \
+	camera.te \
+	conn_init.te \
+	device.te \
+	dhcp.te \
+	domain.te \
+	drmserver.te \
+	file.te \
+	kickstart.te \
+	init.te \
+	mediaserver.te \
+	mpdecision.te \
+	netmgrd.te \
+	property.te \
+	qmux.te \
+	restorecon.te \
+	rild.te \
+	rmt.te \
+	sensors.te \
+	surfaceflinger.te \
+	system.te \
+	tee.te \
+	thermald.te \
+	ueventd.te \
+	wpa_supplicant.te
+
 # Filesystem
 TARGET_USERIMAGES_USE_EXT4 := true
 BOARD_BOOTIMAGE_PARTITION_SIZE := 16777216
diff --git a/overlay/frameworks/base/packages/SettingsProvider/res/values/defaults.xml b/overlay/frameworks/base/packages/SettingsProvider/res/values/defaults.xml
deleted file mode 100644
index 591aace..0000000
--- a/overlay/frameworks/base/packages/SettingsProvider/res/values/defaults.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
-/**
- * Copyright (c) 2009, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
--->
-<resources>
-    <!-- Default for Settings.System.UI_FORCE_OVERFLOW_BUTTON. -->
-    <integer name="def_force_overflow_button">1</integer>
-</resources>
diff --git a/overlay/packages/apps/Phone/res/values/network_mode.xml b/overlay/packages/apps/Phone/res/values/network_mode.xml
index 3836d11..38989fe 100755
--- a/overlay/packages/apps/Phone/res/values/network_mode.xml
+++ b/overlay/packages/apps/Phone/res/values/network_mode.xml
@@ -34,5 +34,5 @@
     </string-array>
 
     <!-- LTE/CDMA network mode to use for toggleLTE(true). -->
-    <integer name="toggleLTE_lte_cdma_nt_mode">10</integer>
+    <integer name="toggleLTE_lte_cdma_nt_mode">8</integer>
 </resources>
diff --git a/rootdir/etc/fstab.dlx b/rootdir/etc/fstab.dlx
index 65140e9..4fd816e 100644
--- a/rootdir/etc/fstab.dlx
+++ b/rootdir/etc/fstab.dlx
@@ -1,10 +1,15 @@
 # Android fstab file.
-#<src>			<mnt_point>	<type>	<mnt_flags>							<fs_mgr_flags>
+#<src>	<mnt_point>	<type>	<mnt_flags>	<fs_mgr_flags>
+# The filesystem that contains the filesystem checker binary (typically /system) cannot
+# specify MF_CHECK, and must come before any filesystems that do specify MF_CHECK
 
-/dev/block/mmcblk0p32	/system		ext4	ro,barrier=1  							wait
-/dev/block/mmcblk0p34	/data		ext4	noatime,nosuid,nodev,barrier=1,data=ordered,noauto_da_alloc     wait,check,encryptable=/dev/block/mmcblk0p29
-/dev/block/mmcblk0p33	/cache		ext4	noatime,nosuid,nodev,barrier=1,data=ordered	   		wait,check
-#/dev/block/mmcblk0p24  	/devlog		ext4  	noatime,nosuid,nodev,data=ordered,noauto_da_alloc	wait
+/dev/block/mmcblk0p19	/boot		emmc	defaults						defaults
+/dev/block/mmcblk0p20	/recovery	emmc	defaults						defaults
+/dev/block/mmcblk0p32	/system		ext4	rw,noatime,barrier=1					wait
+/dev/block/mmcblk0p33	/cache		ext4	nosuid,nodev,noatime,barrier=1				wait,check
+/dev/block/mmcblk0p34	/data		ext4	noatime,nosuid,nodev,noauto_da_alloc,barrier=1		wait,check,encryptable=footer
+/dev/block/mmcblk0p16	/firmware/mdm	vfat	ro,fmask=0000,dmask=0000,shortname=lower,context=u:object_r:radio_efs_file:s0		wait
+/dev/block/mmcblk0p17	/firmware/q6	vfat	ro,fmask=0000,dmask=0000,shortname=lower,context=u:object_r:radio_efs_file:s0		wait
 
 # USB storage
-/devices/platform/msm_hsusb_host/usb   /storage/usbdisk        auto    defaults        voldmanaged=usbdisk:auto
+/devices/platform/msm_hsusb_host/usb	/storage/usbdisk	auto	defaults			voldmanaged=usbdisk:auto
diff --git a/rootdir/etc/init.dlx.rc b/rootdir/etc/init.dlx.rc
index 6035e28..730a026 100755
--- a/rootdir/etc/init.dlx.rc
+++ b/rootdir/etc/init.dlx.rc
@@ -297,6 +297,7 @@ service mpdecision /system/bin/mpdecision --no_sleep --avg_comp
 service kickstart /system/bin/qcks -1 modem_st1 -2 modem_st2 -3 radio_config -4 cdma_record -i /vendor/firmware/
 	class core
 	user root
+        seclabel u:r:kickstart:s0
 	oneshot
 
 service startup /system/bin/sh /init.qcom.sh
@@ -311,14 +312,14 @@ service sdcard /system/bin/sdcard /data/media /mnt/shell/emulated 1023 1023
 service wpa_supplicant /system/bin/wpa_supplicant -Dnl80211 -iwlan0 -c/data/misc/wifi/wpa_supplicant.conf
     user root
     group wifi inet
-    socket wpa_wlan0 dgram 0660 wifi wifi
+    socket wpa_wlan0 dgram 0660 wifi wifi  u:object_r:wpa_socket:s0
     disabled
     oneshot
 
 service p2p_supplicant /system/bin/wpa_supplicant -Dnl80211 -iwlan0 -c/data/misc/wifi/wpa_supplicant.conf
     user root
     group wifi inet
-    socket wpa_wlan0 dgram 0660 wifi wifi
+    socket wpa_wlan0 dgram 0660 wifi wifi u:object_r:wpa_socket:s0
     disabled
     oneshot
 
diff --git a/sepolicy/bluetooth_loader.te b/sepolicy/bluetooth_loader.te
new file mode 100644
index 0000000..5e8896d
--- /dev/null
+++ b/sepolicy/bluetooth_loader.te
@@ -0,0 +1,35 @@
+# Bluetooth executables and script (bdAddrLoader, init.qcom.bt.sh)
+type bluetooth_loader, domain;
+type bluetooth_loader_exec, exec_type, file_type;
+
+# Start bdAddrLoader from init
+init_daemon_domain(bluetooth_loader)
+
+# Run init.qcom.bt.sh
+allow bluetooth_loader shell_exec:file { entrypoint read };
+allow bluetooth_loader bluetooth_loader_exec:file { getattr open execute_no_trans };
+
+# init.qcom.bt.sh needs /system/bin/log access
+allow bluetooth_loader devpts:chr_file rw_file_perms;
+
+# Run hci_qcomm_init from init.qcom.bt.sh
+domain_auto_trans(bluetooth_loader, hci_attach_exec, hci_attach)
+
+# hci_qcomm_init started with logwrapper
+allow hci_attach devpts:chr_file rw_file_perms;
+allow hci_attach bluetooth_loader:fd use;
+
+# Read mac address from persist partition
+allow bluetooth_loader persist_file:dir search;
+r_dir_file(bluetooth_loader, persist_bluetooth_file)
+
+# Talk to init over the property socket
+unix_socket_connect(bluetooth_loader, property, init)
+# Set persist.service.bdroid.* and bluetooth.* property values
+allow { bluetooth bluetooth_loader } bluetooth_prop:property_service set;
+
+# Shared memory node access
+allow hci_attach bluetooth_device:chr_file rw_file_perms;
+
+# Allow getprop/setprop for init.mako.bt.sh
+allow bluetooth_loader system_file:file execute_no_trans;
diff --git a/sepolicy/bridge.te b/sepolicy/bridge.te
new file mode 100644
index 0000000..381ea16
--- /dev/null
+++ b/sepolicy/bridge.te
@@ -0,0 +1,17 @@
+# Bridge Manager (radio process)
+type bridge, domain;
+type bridge_exec, exec_type, file_type;
+
+# Started by init
+init_daemon_domain(bridge)
+
+allow bridge self:netlink_kobject_uevent_socket { create bind read };
+
+# Allow logging diagnostic items
+allow bridge diagnostic_device:chr_file rw_file_perms;
+
+# Talk to qmuxd
+qmux_socket(bridge)
+
+# XXX Label sysfs files with a specific type?
+allow bridge sysfs:file { open write read getattr };
diff --git a/sepolicy/camera.te b/sepolicy/camera.te
new file mode 100644
index 0000000..fb31e0a
--- /dev/null
+++ b/sepolicy/camera.te
@@ -0,0 +1,26 @@
+# Qualcomm MSM camera
+type camera, domain;
+type camera_exec, exec_type, file_type;
+
+# Started by init
+init_daemon_domain(camera)
+
+allow camera self:process execmem;
+
+allow camera camera_device:dir search;
+allow camera { video_device camera_device }:chr_file rw_file_perms;
+allow camera { surfaceflinger mediaserver }:fd use;
+
+# Create /data/cam_socket0 as camera_socket
+type_transition camera system_data_file:sock_file camera_socket "cam_socket0";
+allow camera camera_socket:sock_file { create unlink };
+dontaudit camera system_data_file:dir remove_name;
+
+# All others under /data get camera_data_file
+file_type_auto_trans(camera, system_data_file, camera_data_file);
+allow camera camera_data_file:dir { write add_name };
+allow camera camera_data_file:file create_file_perms;
+
+# Connect to /data/app/sensor_ctl_socket
+unix_socket_connect(camera, sensors, sensors)
+allow camera sensors_socket:sock_file read;
diff --git a/sepolicy/conn_init.te b/sepolicy/conn_init.te
new file mode 100644
index 0000000..4acd65c
--- /dev/null
+++ b/sepolicy/conn_init.te
@@ -0,0 +1,15 @@
+# wifi connection service
+type conn_init, domain;
+type conn_init_exec, exec_type, file_type;
+
+# Started by logwrapper in init
+domain_auto_trans(init, conn_init_exec, conn_init)
+allow conn_init devpts:chr_file { read write };
+
+# allow /persist/wifi access
+allow conn_init persist_file:dir search;
+r_dir_file(conn_init, persist_wifi_file)
+
+# allow /data/misc/wifi access for firmware files
+allow conn_init wifi_data_file:dir w_dir_perms;
+allow conn_init wifi_data_file:file create_file_perms;
diff --git a/sepolicy/device.te b/sepolicy/device.te
new file mode 100644
index 0000000..e022fb8
--- /dev/null
+++ b/sepolicy/device.te
@@ -0,0 +1,9 @@
+type diagnostic_device, dev_type;
+type kgsl_device, dev_type, mlstrustedobject;
+type mpdecision_device, dev_type;
+type shared_log_device, dev_type;
+type power_control_device, dev_type;
+type efs_block_device, dev_type;
+type bluetooth_device, dev_type;
+type shared_memory_device, dev_type;
+type rfkill_device, dev_type;
diff --git a/sepolicy/dhcp.te b/sepolicy/dhcp.te
new file mode 100644
index 0000000..c403b9b
--- /dev/null
+++ b/sepolicy/dhcp.te
@@ -0,0 +1 @@
+allow dhcp self:rawip_socket { create write setopt };
diff --git a/sepolicy/domain.te b/sepolicy/domain.te
new file mode 100644
index 0000000..8fdcb15
--- /dev/null
+++ b/sepolicy/domain.te
@@ -0,0 +1,3 @@
+allow domain kgsl_device:chr_file rw_file_perms;
+# libgsl is chatty about accessing /data/local/tmp
+dontaudit { surfaceflinger appdomain } shell_data_file:dir search;
diff --git a/sepolicy/drmserver.te b/sepolicy/drmserver.te
new file mode 100644
index 0000000..2c224e1
--- /dev/null
+++ b/sepolicy/drmserver.te
@@ -0,0 +1,2 @@
+# Drm wants to read /firmware/image/tzapps.mdt
+r_dir_file(drmserver, radio_efs_file)
diff --git a/sepolicy/file.te b/sepolicy/file.te
new file mode 100644
index 0000000..5b140b3
--- /dev/null
+++ b/sepolicy/file.te
@@ -0,0 +1,18 @@
+type mpdecision_socket, file_type;
+type qmuxd_socket, file_type;
+type sensors_socket, file_type;
+type camera_socket, file_type;
+
+type kickstart_data_file, file_type, data_file_type;
+type sensors_data_file, file_type, data_file_type;
+type camera_data_file, file_type, data_file_type;
+
+# Default type for anything under /firmware
+type radio_efs_file, fs_type;
+
+# Persist firmware types
+type persist_file, file_type;
+type persist_bluetooth_file, file_type;
+type persist_drm_file, file_type;
+type persist_sensors_file, file_type;
+type persist_wifi_file, file_type;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
new file mode 100644
index 0000000..4b1a089
--- /dev/null
+++ b/sepolicy/file_contexts
@@ -0,0 +1,123 @@
+/dev/msm_acdb                           u:object_r:audio_device:s0
+/dev/msm_mp3                            u:object_r:audio_device:s0
+/dev/msm_rtac                           u:object_r:audio_device:s0
+/dev/msm_vidc.*                         u:object_r:audio_device:s0
+/dev/msm_amrnb.*                        u:object_r:audio_device:s0
+/dev/msm_amrwb.*                        u:object_r:audio_device:s0
+/dev/msm_aac.*                          u:object_r:audio_device:s0
+
+/dev/pn544                              u:object_r:nfc_device:s0
+/dev/qseecom                            u:object_r:tee_device:s0
+
+# Jpeg Engine support
+/dev/gemini.*                           u:object_r:camera_device:s0
+
+# MSM camera related
+/dev/v4l-subdev.*                       u:object_r:camera_device:s0
+/dev/video.*                            u:object_r:camera_device:s0
+/dev/msm_camera.*                       u:object_r:camera_device:s0
+
+# Media interface
+/dev/media.*                            u:object_r:video_device:s0
+
+# Image Rotator Driver
+/dev/msm_rotator                        u:object_r:video_device:s0
+
+# Audio
+/dev/rt5501                             u:object_r:audio_device:s0
+/dev/tfa9887                            u:object_r:audio_device:s0
+/dev/tpa6185                            u:object_r:audio_device:s0
+
+# Sensors
+/dev/msm_dsps                           u:object_r:sensors_device:s0
+/dev/smd_sns_dsps                       u:object_r:sensors_device:s0
+/dev/akm8963_dev                        u:object_r:sensors_device:s0
+/dev/cm3602                             u:object_r:sensors_device:s0
+/dev/lightsensor                        u:object_r:sensors_device:s0
+
+/dev/mdm                                u:object_r:radio_device:s0
+/dev/hsicctl[0-3]                       u:object_r:radio_device:s0
+/dev/rmnet_mux_ctrl                     u:object_r:radio_device:s0
+/dev/qmi[0-2]                           u:object_r:radio_device:s0
+/dev/smd7                               u:object_r:radio_device:s0
+/dev/smdcntl0                           u:object_r:radio_device:s0
+/dev/smdcntl1                           u:object_r:radio_device:s0
+/dev/smdcntl2                           u:object_r:radio_device:s0
+/dev/smdcntl3                           u:object_r:radio_device:s0
+/dev/smdcntl4                           u:object_r:radio_device:s0
+/dev/smdcntl5                           u:object_r:radio_device:s0
+/dev/smdcntl6                           u:object_r:radio_device:s0
+/dev/smdcntl7                           u:object_r:radio_device:s0
+/dev/ttyUSB0                            u:object_r:radio_device:s0
+
+/dev/ttyHS0                             u:object_r:hci_attach_dev:s0
+/dev/ttyMSM0                            u:object_r:hci_attach_dev:s0
+/dev/smd2                               u:object_r:hci_attach_dev:s0
+/dev/smd3                               u:object_r:hci_attach_dev:s0
+
+/dev/cpu_dma_latency                    u:object_r:power_control_device:s0
+/dev/diag                               u:object_r:diagnostic_device:s0
+/dev/smd.*                              u:object_r:shared_memory_device:s0
+/dev/smem_log                           u:object_r:shared_log_device:s0
+/dev/kgsl-3d0                           u:object_r:kgsl_device:s0
+/dev/kgsl                               u:object_r:kgsl_device:s0
+
+# Sockets
+/dev/socket/qmux_audio(/.*)?            u:object_r:qmuxd_socket:s0
+/dev/socket/qmux_bluetooth(/.*)?        u:object_r:qmuxd_socket:s0
+/dev/socket/qmux_gps(/.*)?              u:object_r:qmuxd_socket:s0
+/dev/socket/qmux_radio(/.*)?            u:object_r:qmuxd_socket:s0
+/dev/socket/mpdecision(/.*)?            u:object_r:mpdecision_socket:s0
+
+# Block labeling
+/dev/block/mmcblk0p22                   u:object_r:efs_block_device:s0
+/dev/block/mmcblk0p23                   u:object_r:efs_block_device:s0
+
+# Modem firmware loader
+/dev/ks_hsic_bridge                     u:object_r:kickstart_device:s0
+/dev/efs_hsic_bridge                    u:object_r:kickstart_device:s0
+
+# Data labeling
+/data/audio(/.*)?                       u:object_r:audio_data_file:s0
+/data/misc/audio(/.*)?                  u:object_r:audio_data_file:s0
+/data/nfc(/.*)?                         u:object_r:nfc_data_file:s0
+/data/qcks(/.*)?                        u:object_r:kickstart_data_file:s0
+/data/misc/sensors(/.*)?                u:object_r:sensors_data_file:s0
+/data/misc/playready(/.*)?              u:object_r:drm_data_file:s0
+/data/misc/tzapps(/.*)?                 u:object_r:tee_data_file:s0
+/data/system/sensors(/.*)?              u:object_r:sensors_data_file:s0
+
+# System binaries
+/system/bin/rmt_storage                 u:object_r:rmt_exec:s0
+/system/bin/thermald                    u:object_r:thermald_exec:s0
+/system/bin/mpdecision                  u:object_r:mpdecision_exec:s0
+/system/bin/mm-qcamera-daemon           u:object_r:camera_exec:s0
+/system/bin/sensors.qcom                u:object_r:sensors_exec:s0
+/system/bin/qmuxd                       u:object_r:qmux_exec:s0
+/system/bin/bridgemgrd                  u:object_r:bridge_exec:s0
+/system/bin/netmgrd                     u:object_r:netmgrd_exec:s0
+/system/bin/qseecomd                    u:object_r:tee_exec:s0
+/system/bin/conn_init                   u:object_r:conn_init_exec:s0
+/system/bin/efsks                       u:object_r:kickstart_exec:s0
+/system/bin/ks                          u:object_r:kickstart_exec:s0
+/system/bin/qcks                        u:object_r:kickstart_exec:s0
+/system/bin/hci_qcomm_init              u:object_r:hci_attach_exec:s0
+/system/bin/restorecon                  u:object_r:restorecon_exec:s0
+
+# Persist firmware filesystem
+/persist(/.*)?                          u:object_r:persist_file:s0
+/persist/bluetooth(/.*)?                u:object_r:persist_bluetooth_file:s0
+/persist/sensors(/.*)?                  u:object_r:persist_sensors_file:s0
+/persist/playready(/.*)?                u:object_r:persist_drm_file:s0
+/persist/widevine(/.*)?                 u:object_r:persist_drm_file:s0
+/persist/wifi(/.*)?                     u:object_r:persist_wifi_file:s0
+
+# Firmwares
+/firmware/mdm/image(/.*)?               u:object_r:kickstart_data_file:s0
+/firmware/q6(/.*)?                      u:object_r:radio_efs_file:s0
+/system/etc/firmware(/.*)?              u:object_r:radio_efs_file:s0
+
+/system/etc/hldm.bin                    u:object_r:radio_efs_file:s0
+
+# for wpa_supp
+/dev/rfkill                             u:object_r:rfkill_device:s0
diff --git a/sepolicy/init.te b/sepolicy/init.te
new file mode 100644
index 0000000..451546f
--- /dev/null
+++ b/sepolicy/init.te
@@ -0,0 +1,3 @@
+allow init wpa_socket:unix_dgram_socket { bind create };
+
+allow init radio_efs_file:filesystem { associate };
diff --git a/sepolicy/kickstart.te b/sepolicy/kickstart.te
new file mode 100644
index 0000000..15a84c3
--- /dev/null
+++ b/sepolicy/kickstart.te
@@ -0,0 +1,51 @@
+# kickstart processes and scripts
+type kickstart, domain;
+type kickstart_exec, exec_type, file_type;
+type kickstart_device, dev_type;
+
+# kickstart_checker.sh talks to init over the property socket
+unix_socket_connect(kickstart, property, init)
+
+# Start /system/bin/qcks from init
+init_daemon_domain(kickstart)
+
+# Spawn /system/bin/efsks and /system/bin/ks
+allow kickstart kickstart_exec:file { open execute_no_trans getattr };
+
+# Run dd on m9kefs[123] block devices; write to /data/qcks/
+# Run cat on firmware and m9kefs[123] data; write to /data/qcks/
+allow kickstart efs_block_device:blk_file rw_file_perms;
+
+allow kickstart kickstart_data_file:file create_file_perms;
+allow kickstart kickstart_data_file:dir rw_dir_perms;
+
+allow kickstart radio_efs_file:file r_file_perms;
+allow kickstart radio_efs_file:dir search;
+
+# Let efsks access /dev/mdm and /dev/ttyUSB0 nodes 
+allow kickstart radio_device:chr_file { open read write ioctl getattr };
+
+# Allow to run toolbox commands
+allow kickstart shell_exec:file rx_file_perms;
+
+# Toolbox commands for firmware dd
+allow kickstart system_file:file execute_no_trans;
+
+# Access to /dev/block/platform/msm_sdcc.1/by-name/m9kefs2
+allow kickstart block_device:dir { getattr write search };
+
+# Set system property key
+allow kickstart radio_prop:property_service set;
+
+allow kickstart shell_exec:file entrypoint;
+# ls on /data/qcks/
+allow kickstart self:capability dac_override;
+
+allow kickstart kickstart_tmpfs:file { open write create getattr setattr unlink };
+allow kickstart tmpfs:dir { add_name remove_name };
+
+# Access to the modem bridge chardevs
+allow kickstart kickstart_device:chr_file rw_file_perms;
+
+# set wake locks
+allow kickstart sysfs:file { write };
diff --git a/sepolicy/mediaserver.te b/sepolicy/mediaserver.te
new file mode 100644
index 0000000..0dc6af3
--- /dev/null
+++ b/sepolicy/mediaserver.te
@@ -0,0 +1,12 @@
+allow mediaserver audio_data_file:dir w_dir_perms;
+allow mediaserver audio_data_file:file create_file_perms;
+allow mediaserver camera_data_file:sock_file w_file_perms;
+
+qmux_socket(mediaserver)
+
+unix_socket_send(mediaserver, camera, camera)
+
+allow mediaserver self:socket create;
+
+# Allow logging diagnostic items
+allow mediaserver diagnostic_device:chr_file rw_file_perms;
diff --git a/sepolicy/mpdecision.te b/sepolicy/mpdecision.te
new file mode 100644
index 0000000..b10d309
--- /dev/null
+++ b/sepolicy/mpdecision.te
@@ -0,0 +1,17 @@
+# CPU governor (root process)
+type mpdecision, domain;
+type mpdecision_exec, exec_type, file_type;
+
+# Started by init
+init_daemon_domain(mpdecision)
+
+# dac_override to unlink /dev/socket/mpdecision/touchboost
+allow mpdecision self:capability { dac_override fsetid net_admin };
+allow mpdecision self:netlink_kobject_uevent_socket { create read setopt bind read };
+
+# Create under /dev/socket/mpdecision
+allow mpdecision mpdecision_socket:dir w_dir_perms;
+allow mpdecision mpdecision_socket:sock_file { create setattr write };
+
+# XXX Should we label with own type?
+allow mpdecision sysfs:file { read open write getattr };
diff --git a/sepolicy/netmgrd.te b/sepolicy/netmgrd.te
new file mode 100644
index 0000000..eeb5395
--- /dev/null
+++ b/sepolicy/netmgrd.te
@@ -0,0 +1,28 @@
+# Network utilities (radio process)
+type netmgrd, domain;
+type netmgrd_exec, exec_type, file_type;
+
+# Started by init
+init_daemon_domain(netmgrd)
+
+allow netmgrd self:udp_socket { create ioctl };
+# fsetid, dac_override unlink on /dev/socket/qmux_radio/qmux_client_socket
+allow netmgrd self:capability { sys_module fsetid setuid setgid net_admin net_raw dac_override };
+allow netmgrd self:packet_socket { write bind read create };
+allow netmgrd self:netlink_socket { write read create bind setopt };
+allow netmgrd self:netlink_route_socket { create bind read write nlmsg_read nlmsg_write setopt getattr };
+
+# Talk to qmuxd
+qmux_socket(netmgrd)
+
+# Allow logging diagnostic items
+allow netmgrd diagnostic_device:chr_file rw_file_perms;
+
+# /data/data_test/ access with shell
+allow netmgrd shell_exec:file { execute read open execute_no_trans };
+allow netmgrd system_file:file { execute_no_trans };
+
+# Talk to init over the property socket
+unix_socket_connect(netmgrd, property, init)
+# Set net.rmnet_usb0. values
+allow netmgrd radio_prop:property_service set;
diff --git a/sepolicy/property.te b/sepolicy/property.te
new file mode 100644
index 0000000..74e15e1
--- /dev/null
+++ b/sepolicy/property.te
@@ -0,0 +1 @@
+type bluetooth_prop, property_type;
diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts
new file mode 100644
index 0000000..d47798d
--- /dev/null
+++ b/sepolicy/property_contexts
@@ -0,0 +1,3 @@
+persist.service.bdroid.         u:object_r:bluetooth_prop:s0
+bluetooth.                      u:object_r:bluetooth_prop:s0
+net.rmnet_usb0.                 u:object_r:radio_prop:s0
diff --git a/sepolicy/qmux.te b/sepolicy/qmux.te
new file mode 100644
index 0000000..2815adb
--- /dev/null
+++ b/sepolicy/qmux.te
@@ -0,0 +1,19 @@
+# Qualcomm Management Interface Multiplexer
+type qmux, domain;
+type qmux_exec, exec_type, file_type;
+
+# Started by init
+init_daemon_domain(qmux)
+
+# Create local qmux_connect_socket
+allow qmux qmuxd_socket:dir w_dir_perms;
+allow qmux qmuxd_socket:sock_file { create setattr getattr unlink };
+
+# /dev/hsicctl* node access
+allow qmux radio_device:chr_file rw_file_perms;
+
+# Allow logging diagnostic items
+allow qmux diagnostic_device:chr_file rw_file_perms;
+
+# XXX Should we label with own type
+allow qmux sysfs:file { open write append read getattr };
diff --git a/sepolicy/restorecon.te b/sepolicy/restorecon.te
new file mode 100644
index 0000000..4410ece
--- /dev/null
+++ b/sepolicy/restorecon.te
@@ -0,0 +1,6 @@
+# restorecon processes and scripts
+type restorecon, domain;
+type restorecon_exec, exec_type, file_type;
+
+allow restorecon radio_efs_file:file { getattr };
+allow restorecon radio_efs_file:filesystem { associate };
diff --git a/sepolicy/rild.te b/sepolicy/rild.te
new file mode 100644
index 0000000..39b3afb
--- /dev/null
+++ b/sepolicy/rild.te
@@ -0,0 +1,11 @@
+allow rild self:netlink_socket { create bind read write };
+allow rild self:netlink_route_socket { write };
+
+# Talk to qmuxd
+qmux_socket(rild)
+
+# Allow logging diagnostic items
+allow rild diagnostic_device:chr_file rw_file_perms;
+
+# XXX label with own type?
+allow rild sysfs:file { read open write getattr };
diff --git a/sepolicy/rmt.te b/sepolicy/rmt.te
new file mode 100644
index 0000000..b0b5289
--- /dev/null
+++ b/sepolicy/rmt.te
@@ -0,0 +1,27 @@
+# remote storage process
+type rmt, domain;
+type rmt_exec, exec_type, file_type;
+
+# Started by init
+init_daemon_domain(rmt)
+
+# opens and reads the primary block device
+allow rmt block_device:blk_file { open read };
+allow rmt block_device:dir search;
+
+# XXX should we allow sys_rawio on /dev/mem?
+allow rmt self:capability { sys_rawio };
+# dac_override on open /sys/power/wake_lock
+allow rmt self:capability { setuid setgid dac_override };
+allow rmt self:socket { create ioctl bind setopt read };
+
+allow rmt cgroup:dir { create add_name };
+# XXX do we need write access?
+allow rmt kmem_device:chr_file rw_file_perms;
+
+# Allow shared memory logging access
+allow rmt shared_log_device:chr_file rw_file_perms;
+
+# XXX Should we label with own type?
+allow rmt sysfs:file { open append read getattr write };
+allow rmt sysfs:dir rw_dir_perms;
diff --git a/sepolicy/sensors.te b/sepolicy/sensors.te
new file mode 100644
index 0000000..430fad4
--- /dev/null
+++ b/sepolicy/sensors.te
@@ -0,0 +1,33 @@
+# Integrated qualcomm sensor process
+type sensors, domain;
+type sensors_exec, exec_type, file_type;
+
+# Started by init
+init_daemon_domain(sensors)
+
+# dac_override open /dev/msm_dsps
+allow sensors self:capability { setuid setgid chown dac_override };
+
+# Allow logging diagnostic items
+allow sensors diagnostic_device:chr_file rw_file_perms;
+
+# Create /data/app/sensor_ctl_socket
+file_type_auto_trans(sensors, apk_data_file, sensors_socket);
+
+allow sensors sensors_data_file:dir create_dir_perms;
+allow sensors sensors_data_file:file create_file_perms;
+dontaudit sensors apk_data_file:dir remove_name;
+
+# Access to sensor nodes
+allow sensors sensors_device:chr_file rw_file_perms;
+
+# XXX should power_control_device be labeled differently?
+allow sensors power_control_device:chr_file { write open append };
+
+# Access to /persist/sensors
+allow sensors persist_file:dir { search getattr };
+allow sensors persist_sensors_file:dir r_dir_perms;
+allow sensors persist_sensors_file:file rw_file_perms;
+
+# XXX label with own type?
+allow sensors sysfs:file { open append read write getattr };
diff --git a/sepolicy/surfaceflinger.te b/sepolicy/surfaceflinger.te
new file mode 100644
index 0000000..aca5928
--- /dev/null
+++ b/sepolicy/surfaceflinger.te
@@ -0,0 +1 @@
+allow surfaceflinger sysfs:file rw_file_perms;
diff --git a/sepolicy/system.te b/sepolicy/system.te
new file mode 100644
index 0000000..505da1e
--- /dev/null
+++ b/sepolicy/system.te
@@ -0,0 +1,19 @@
+allow system diagnostic_device:chr_file rw_file_perms;
+
+allow system init:unix_dgram_socket sendto;
+allow system wpa_socket:unix_dgram_socket sendto;
+
+qmux_socket(system)
+
+# PowerManagerService
+unix_socket_connect(system, sensors, sensors)
+allow system sensors_socket:sock_file read;
+allow system sensors:unix_stream_socket sendto;
+
+# mpdecision access
+unix_socket_connect(system, mpdecision, mpdecision)
+unix_socket_send(system, mpdecision, mpdecision)
+allow system mpdecision:unix_stream_socket sendto;
+allow system mpdecision_socket:dir search;
+
+allow system sysfs:file { read open write };
\ No newline at end of file
diff --git a/sepolicy/te_macros b/sepolicy/te_macros
new file mode 100644
index 0000000..274fd55
--- /dev/null
+++ b/sepolicy/te_macros
@@ -0,0 +1,12 @@
+#####################################
+# qmux_socket(clientdomain)
+# Allow client to send via a local
+# socket to the qmux domain.
+define(`qmux_socket', `
+type $1_qmuxd_socket, file_type;
+file_type_auto_trans($1, qmuxd_socket, $1_qmuxd_socket)
+unix_socket_connect($1, qmuxd, qmux)
+allow qmux $1_qmuxd_socket:sock_file { getattr unlink };
+')
+
+
diff --git a/sepolicy/tee.te b/sepolicy/tee.te
new file mode 100644
index 0000000..745de3c
--- /dev/null
+++ b/sepolicy/tee.te
@@ -0,0 +1,12 @@
+# Qualcomm Secure Execution Environment Communicator policy
+allow tee self:process execmem;
+
+# Access /data/misc/playready
+allow tee system_data_file:dir { open read };
+allow tee drm_data_file:dir rw_dir_perms;
+allow tee drm_data_file:file rw_file_perms;
+
+# Access /persist/{widevine,playready}
+allow tee persist_file:dir search;
+allow tee persist_drm_file:dir r_dir_perms;
+allow tee persist_drm_file:file r_file_perms;
diff --git a/sepolicy/thermald.te b/sepolicy/thermald.te
new file mode 100644
index 0000000..a0e30db
--- /dev/null
+++ b/sepolicy/thermald.te
@@ -0,0 +1,22 @@
+# Temperature sensor daemon (root process)
+type thermald, domain;
+type thermald_exec, exec_type, file_type;
+
+# Started by init
+init_daemon_domain(thermald)
+
+# XXX should we allow kexec_load with /dev/socket/qmux_radio/qmux_client_socket
+# dac_override open, unlink with /dev/socket/qmux_radio/qmux_client_socket
+allow thermald self:capability { net_admin fsetid dac_override };
+
+allow thermald self:socket { ioctl create write read };
+allow thermald self:netlink_kobject_uevent_socket { read create setopt bind };
+
+# Talk to qmuxd
+qmux_socket(thermald)
+
+# Access to shared memory logger and logging diagnostic items
+allow thermald { shared_log_device diagnostic_device }:chr_file rw_file_perms;
+
+# XXX Should we label with own type?
+allow thermald sysfs:file { open read write getattr };
diff --git a/sepolicy/ueventd.te b/sepolicy/ueventd.te
new file mode 100644
index 0000000..6594147
--- /dev/null
+++ b/sepolicy/ueventd.te
@@ -0,0 +1,5 @@
+# Drivers read firmware files (/firmware/image, /system/etc/firmware)
+allow ueventd { radio_device radio_efs_file wifi_data_file }:file r_file_perms;
+allow ueventd { radio_efs_file wifi_data_file }:dir search;
+
+allow ueventd radio_efs_file:file { read open getattr };
diff --git a/sepolicy/wpa_supplicant.te b/sepolicy/wpa_supplicant.te
new file mode 100644
index 0000000..9bd4da6
--- /dev/null
+++ b/sepolicy/wpa_supplicant.te
@@ -0,0 +1,12 @@
+allow wpa init:unix_dgram_socket { read write };
+
+# logwrapper used with wpa_supplicant
+allow wpa devpts:chr_file { read write };
+
+allow wpa wpa_socket:unix_dgram_socket { read write };
+allow wpa_socket system:unix_dgram_socket sendto;
+
+allow wpa radio_efs_file:file r_file_perms;
+
+## /dev/rfkill for wpa_supp
+allow wpa rfkill_device:chr_file rw_file_perms;

From 9155a45df8ff331730677ce1fb0cd48fc0365586 Mon Sep 17 00:00:00 2001
From: boss <boss@boss-Inspiron-1545.(none)>
Date: Sun, 11 Aug 2013 12:56:41 -0700
Subject: [PATCH 12/13] dlx: bulk selinux changes from M7 by codeworkx

---
 BoardConfig.mk               |  3 ++-
 rootdir/etc/init.dlx.rc      | 10 ++++++++++
 sepolicy/bluetooth_loader.te |  4 ++++
 sepolicy/file.te             |  4 ++++
 sepolicy/file_contexts       |  4 ++++
 sepolicy/init.te             |  3 ++-
 sepolicy/mpdecision.te       |  5 ++++-
 sepolicy/rild.te             |  1 +
 sepolicy/system.te           |  5 ++++-
 sepolicy/zygote.te           |  1 +
 10 files changed, 36 insertions(+), 4 deletions(-)
 create mode 100644 sepolicy/zygote.te

diff --git a/BoardConfig.mk b/BoardConfig.mk
index 4923a4c..f129a1c 100644
--- a/BoardConfig.mk
+++ b/BoardConfig.mk
@@ -139,7 +139,8 @@ BOARD_SEPOLICY_UNION := \
 	tee.te \
 	thermald.te \
 	ueventd.te \
-	wpa_supplicant.te
+	wpa_supplicant.te \
+	zygote.te
 
 # Filesystem
 TARGET_USERIMAGES_USE_EXT4 := true
diff --git a/rootdir/etc/init.dlx.rc b/rootdir/etc/init.dlx.rc
index 730a026..e140190 100755
--- a/rootdir/etc/init.dlx.rc
+++ b/rootdir/etc/init.dlx.rc
@@ -229,6 +229,16 @@ on boot
     chown radio radio /sys/class/power_supply/battery/network_search
     chown system system /sys/class/power_supply/battery/navigation
 
+    # Restorecon
+    restorecon /system/bin/efsks
+    restorecon /system/bin/ks
+    restorecon /system/bin/qcks
+    restorecon /system/etc/hldm.bin
+    restorecon /system/etc/hltof.bin
+    restorecon /system/etc/hltrd.bin
+    restorecon /system/etc/firmware/a300_pfp.fw
+    restorecon /system/etc/firmware/a300_pm4.fw
+
 on post-fs-data
     mkdir /data/media 0770 media_rw media_rw
 
diff --git a/sepolicy/bluetooth_loader.te b/sepolicy/bluetooth_loader.te
index 5e8896d..d68ef0c 100644
--- a/sepolicy/bluetooth_loader.te
+++ b/sepolicy/bluetooth_loader.te
@@ -33,3 +33,7 @@ allow hci_attach bluetooth_device:chr_file rw_file_perms;
 
 # Allow getprop/setprop for init.mako.bt.sh
 allow bluetooth_loader system_file:file execute_no_trans;
+
+# Bluetooth
+allow bluetooth radio_efs_file:file r_file_perms;
+allow bluetooth radio_efs_file:dir { open read search };
diff --git a/sepolicy/file.te b/sepolicy/file.te
index 5b140b3..2e634e6 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -9,6 +9,10 @@ type camera_data_file, file_type, data_file_type;
 
 # Default type for anything under /firmware
 type radio_efs_file, fs_type;
+allow fs_type radio_efs_file:filesystem associate;
+
+allow radio_efs_file labeledfs:filesystem associate;
+allow radio_efs_file rootfs:filesystem associate;
 
 # Persist firmware types
 type persist_file, file_type;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 4b1a089..800d72a 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -72,6 +72,8 @@
 # Block labeling
 /dev/block/mmcblk0p22                   u:object_r:efs_block_device:s0
 /dev/block/mmcblk0p23                   u:object_r:efs_block_device:s0
+/dev/block/mmcblk0p30                   u:object_r:efs_block_device:s0
+/dev/block/mmcblk0p18                   u:object_r:efs_block_device:s0
 
 # Modem firmware loader
 /dev/ks_hsic_bridge                     u:object_r:kickstart_device:s0
@@ -118,6 +120,8 @@
 /system/etc/firmware(/.*)?              u:object_r:radio_efs_file:s0
 
 /system/etc/hldm.bin                    u:object_r:radio_efs_file:s0
+/system/etc/hltof.bin                   u:object_r:radio_efs_file:s0
+/system/etc/hltrd.bin                   u:object_r:radio_efs_file:s0
 
 # for wpa_supp
 /dev/rfkill                             u:object_r:rfkill_device:s0
diff --git a/sepolicy/init.te b/sepolicy/init.te
index 451546f..63b8233 100644
--- a/sepolicy/init.te
+++ b/sepolicy/init.te
@@ -1,3 +1,4 @@
 allow init wpa_socket:unix_dgram_socket { bind create };
 
-allow init radio_efs_file:filesystem { associate };
+allow init labeledfs:filesystem { associate };
+allow init rootfs:filesystem { associate };
diff --git a/sepolicy/mpdecision.te b/sepolicy/mpdecision.te
index b10d309..349d440 100644
--- a/sepolicy/mpdecision.te
+++ b/sepolicy/mpdecision.te
@@ -13,5 +13,8 @@ allow mpdecision self:netlink_kobject_uevent_socket { create read setopt bind re
 allow mpdecision mpdecision_socket:dir w_dir_perms;
 allow mpdecision mpdecision_socket:sock_file { create setattr write };
 
+allow mpdecision socket_device:dir { write add_name };
+allow mpdecision socket_device:sock_file { create setattr write };
+
 # XXX Should we label with own type?
-allow mpdecision sysfs:file { read open write getattr };
+allow mpdecision sysfs:file { read open write setattr };
diff --git a/sepolicy/rild.te b/sepolicy/rild.te
index 39b3afb..4f675d1 100644
--- a/sepolicy/rild.te
+++ b/sepolicy/rild.te
@@ -1,5 +1,6 @@
 allow rild self:netlink_socket { create bind read write };
 allow rild self:netlink_route_socket { write };
+allow rild self:netlink_kobject_uevent_socket { create setopt bind };
 
 # Talk to qmuxd
 qmux_socket(rild)
diff --git a/sepolicy/system.te b/sepolicy/system.te
index 505da1e..cbec79b 100644
--- a/sepolicy/system.te
+++ b/sepolicy/system.te
@@ -16,4 +16,7 @@ unix_socket_send(system, mpdecision, mpdecision)
 allow system mpdecision:unix_stream_socket sendto;
 allow system mpdecision_socket:dir search;
 
-allow system sysfs:file { read open write };
\ No newline at end of file
+allow system sysfs:file { read open write };
+
+# WifiStateMachine
+allow system self:capability { sys_module };
diff --git a/sepolicy/zygote.te b/sepolicy/zygote.te
new file mode 100644
index 0000000..a0828fd
--- /dev/null
+++ b/sepolicy/zygote.te
@@ -0,0 +1 @@
+allow zygote init:unix_stream_socket { read write accept getopt setopt getattr setattr listen };

From 1a40cc85c5aa0ddeb878eda6bc546defc643cc21 Mon Sep 17 00:00:00 2001
From: boss <boss@boss-Inspiron-1545.(none)>
Date: Sun, 11 Aug 2013 13:01:16 -0700
Subject: [PATCH 13/13] move around restorecon in init.dlx.rc

---
 rootdir/etc/init.dlx.rc | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/rootdir/etc/init.dlx.rc b/rootdir/etc/init.dlx.rc
index e140190..f4c2726 100755
--- a/rootdir/etc/init.dlx.rc
+++ b/rootdir/etc/init.dlx.rc
@@ -70,6 +70,16 @@ on fs
    symlink /system/vendor/pittpatt /vendor/pittpatt
    symlink /system/vendor/firmware/libpn544_fw.so /vendor/firmware/libpn544_fw.so
 
+    # Restorecon
+    restorecon /system/bin/efsks
+    restorecon /system/bin/ks
+    restorecon /system/bin/qcks
+    restorecon /system/etc/hldm.bin
+    restorecon /system/etc/hltof.bin
+    restorecon /system/etc/hltrd.bin
+    restorecon /system/etc/firmware/a300_pfp.fw
+    restorecon /system/etc/firmware/a300_pm4.fw
+
 on early-boot
     # set RLIMIT_MEMLOCK to 64MB
     setrlimit 8 67108864 67108864
@@ -229,16 +239,6 @@ on boot
     chown radio radio /sys/class/power_supply/battery/network_search
     chown system system /sys/class/power_supply/battery/navigation
 
-    # Restorecon
-    restorecon /system/bin/efsks
-    restorecon /system/bin/ks
-    restorecon /system/bin/qcks
-    restorecon /system/etc/hldm.bin
-    restorecon /system/etc/hltof.bin
-    restorecon /system/etc/hltrd.bin
-    restorecon /system/etc/firmware/a300_pfp.fw
-    restorecon /system/etc/firmware/a300_pm4.fw
-
 on post-fs-data
     mkdir /data/media 0770 media_rw media_rw