e3q: Fix SPU init

A missing SELinux label was causing the QVC script to not execute and
therefore not seting the ro.boot.product.vendor.sku property which is
needed for sec_nvm to launch

Change-Id: I5f330a427941025518558a5445e13ef80034d470

BoardConfig.mk

@@ -200,6 +200,9 @@ TARGET_RELEASETOOLS_EXTENSIONS := $(DEVICE_PATH)
 # Security patch level
 VENDOR_SECURITY_PATCH := 2024-10-01
 
+# SEPolicy
+include device/qcom/sepolicy_vndr/SEPolicy.mk
+
 # Verified Boot
 BOARD_AVB_ENABLE := true
 BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS += --flags 3

device.mk

@@ -126,6 +126,8 @@ PRODUCT_PACKAGES += \
     init.qcom.sdio.sh \
     init.qcom.sensors.sh \
     init.qcom.sh \
+    init.qti.qcv.rc \
+    init.qti.qcv.sh \
     init.qti.kernel.debug-cliffs.sh \
     init.qti.kernel.debug-pineapple.sh \
     init.qti.kernel.debug.sh \
@@ -133,7 +135,6 @@ PRODUCT_PACKAGES += \
     init.qti.kernel.early_debug.sh \
     init.qti.kernel.sh \
     init.qti.media.sh \
-    init.qti.qcv.sh \
     init.qti.time.daemon.sh \
     init.qti.write.sh \
     init.vendor.sensordebug.sh \

proprietary-files.txt

@@ -82,7 +82,10 @@ vendor/bin/ssgtzd
 vendor/etc/init/qwesd.rc
 vendor/etc/init/ssgtzd.rc
 vendor/etc/seccomp_policy/[email protected]
+vendor/etc/ssg/ta_config.json
 vendor/etc/ssg/tz_whitelist.json
+vendor/etc/ssg/tz_whitelist.json
+vendor/lib64/libtaautoload.so
 
 # CVP
 system_ext/lib64/[email protected]
@@ -488,20 +491,38 @@ vendor/lib64/libqmi_encdec.so
 vendor/lib64/libqmiservices.so
 vendor/lib64/libqrtr.so
 
+# Remoteproc
+vendor/bin/rmt_storage
+vendor/bin/ssr_setup
+vendor/etc/init/vendor.qti.rmt_storage.rc
+
 # RIL
+vendor/bin/irsc_util
+vendor/etc/sec_config_oem
 vendor/lib64/libqdpr.so
-vendor/lib64/libsec_semRil.so
 vendor/lib64/libsecril-client.so;MODULE_SUFFIX=_vendor
 
 # Secure element
 vendor/bin/hw/android.hardware.secure_element-service.nxp
+vendor/bin/hw/[email protected]
+vendor/etc/init/[email protected]
+vendor/etc/vintf/manifest/[email protected]
+vendor/lib64/libsec_esek.so
+vendor/lib64/libsec_semHalTlc.so
+vendor/lib64/libsec_semRil.so
 vendor/lib64/[email protected]
+vendor/lib64/[email protected]
 
 # Security
 vendor/bin/hw/android.hardware.security.keymint-service
 vendor/bin/hw/android.hardware.security.keymint-service-spu-qti
+vendor/bin/hw/[email protected]
+vendor/bin/vendor.samsung.hardware.security.fkeymaster-service
 vendor/etc/init/android.hardware.security.keymint-service-spu-qti.rc
 vendor/etc/init/android.hardware.security.keymint-service.rc
+vendor/etc/init/vendor.samsung.hardware.security.fkeymaster-service.rc
+vendor/etc/init/[email protected]
+vendor/etc/vintf/manifest/[email protected]
 vendor/lib64/android.hardware.keymaster-V4-ndk.so;MODULE_SUFFIX=_vendor
 vendor/lib64/[email protected];MODULE_SUFFIX=_vendor
 vendor/lib64/[email protected];MODULE_SUFFIX=_vendor
@@ -513,8 +534,7 @@ vendor/lib64/libkeymaster4support.so;MODULE_SUFFIX=_vendor
 vendor/lib64/libkeymaster_messages.so;MODULE_SUFFIX=_vendor
 vendor/lib64/libkeymaster_portable.so;MODULE_SUFFIX=_vendor
 vendor/lib64/libpuresoftkeymasterdevice.so;MODULE_SUFFIX=_vendor
-vendor/lib64/libsec_esek.so
-vendor/lib64/libsec_semHalTlc.so
+vendor/lib64/libsec_skpmHalTlc.so
 vendor/lib64/libskeymint10device.so
 vendor/lib64/libskeymint_cli.so
 vendor/lib64/libspictrl.so
@@ -523,6 +543,7 @@ vendor/lib64/libspukeymintdeviceutils.so
 vendor/lib64/libspukeymintutils.so
 vendor/lib64/vendor.samsung.hardware.keymint-V3-ndk.so
 vendor/lib64/vendor.samsung.hardware.security.fkeymaster-V1-ndk.so
+vendor/lib64/[email protected]
 
 # SMC Invoke
 vendor/lib64/libminkdescriptor.so

rootdir/Android.bp

@@ -240,6 +240,13 @@ prebuilt_etc {
     vendor: true,
 }
 
+prebuilt_etc {
+    name: "init.qti.qcv.rc",
+    src: "etc/init.qti.qcv.rc",
+    sub_dir: "init",
+    vendor: true,
+}
+
 prebuilt_etc {
     name: "init.samsung.bsp.rc",
     src: "etc/init.samsung.bsp.rc",

rootdir/etc/init.qti.qcv.rc

@@ -0,0 +1,13 @@
+#! /vendor/etc/init
+#=============================================================================
+# Copyright (c) 2020 Qualcomm Technologies, Inc.
+# All Rights Reserved.
+# Confidential and Proprietary - Qualcomm Technologies, Inc.
+#=============================================================================
+
+on early-init
+    # Set ro.boot.product.vendor.sku to soc_name
+    exec u:r:vendor_qti_init_shell:s0 -- /vendor/bin/init.qti.qcv.sh
+    setprop ro.boot.product.vendor.sku ${ro.vendor.qti.soc_name}
+    setprop ro.soc.model ${ro.vendor.qti.soc_model}
+    setprop ro.odm.build.media_performance_class ${ro.vendor.media_performance_class}

vintf/manifest_pineapple.xml

@@ -289,4 +289,12 @@ SPDX-License-Identifier: BSD-3-Clause-Clear
         <name>android.hardware.security.sharedsecret</name>
         <fqname>ISharedSecret/default</fqname>
     </hal>
+    <hal format="aidl" override="true">
+        <name>android.hardware.weaver</name>
+        <version>2</version>
+        <interface>
+            <name>IWeaver</name>
+            <instance>default</instance>
+        </interface>
+    </hal>
 </manifest>