Merge "Change rq_affinity of the zoned storage logical unit from one into two" into main
diff --git a/aoc/sepolicy/file_contexts b/aoc/sepolicy/file_contexts
index ed8a6d6..73293f7 100644
--- a/aoc/sepolicy/file_contexts
+++ b/aoc/sepolicy/file_contexts
@@ -31,6 +31,9 @@
/dev/acd-aocx_inject[0-9]* u:object_r:aoc_device:s0
/dev/acd-aocx_tapout[0-9]* u:object_r:aoc_device:s0
/dev/acd-mc_headpos u:object_r:aoc_device:s0
+/dev/acd-chre_bt_offload_ctl u:object_r:aoc_device:s0
+/dev/acd-chre_bt_offload_data_tx u:object_r:aoc_device:s0
+/dev/acd-chre_bt_offload_data_rx u:object_r:aoc_device:s0
# AoC vendor binaries
/vendor/bin/aocd u:object_r:aocd_exec:s0
diff --git a/audio/sepolicy/common/property.te b/audio/sepolicy/common/property.te
index e2ffcd1..2287b84 100644
--- a/audio/sepolicy/common/property.te
+++ b/audio/sepolicy/common/property.te
@@ -1,2 +1,5 @@
# Audio
vendor_internal_prop(vendor_audio_prop)
+
+# The property for Audio App
+vendor_restricted_prop(vendor_audio_prop_restricted)
diff --git a/audio/sepolicy/common/property_contexts b/audio/sepolicy/common/property_contexts
index 1749ac8..96e678c 100644
--- a/audio/sepolicy/common/property_contexts
+++ b/audio/sepolicy/common/property_contexts
@@ -9,3 +9,6 @@
vendor.audiodump.log.cca.updated u:object_r:vendor_audio_prop:s0
vendor.audiodump.cca.config u:object_r:vendor_audio_prop:s0
vendor.audio_hal.aidl.enable u:object_r:vendor_audio_prop:s0
+
+# for audio app
+persist.vendor.app.audio. u:object_r:vendor_audio_prop_restricted:s0
diff --git a/audio/sepolicy/common/vendor_init.te b/audio/sepolicy/common/vendor_init.te
index 26f3fa8..1562d45 100644
--- a/audio/sepolicy/common/vendor_init.te
+++ b/audio/sepolicy/common/vendor_init.te
@@ -1,2 +1,5 @@
# Audio property
set_prop(vendor_init, vendor_audio_prop)
+
+# Audio App property
+set_prop(vendor_init, vendor_audio_prop_restricted)
diff --git a/gyotaku_app/fingerprint/gyotaku_app.te b/gyotaku_app/fingerprint/gyotaku_app.te
new file mode 100644
index 0000000..f6475f5
--- /dev/null
+++ b/gyotaku_app/fingerprint/gyotaku_app.te
@@ -0,0 +1,19 @@
+# Specific build for fingerprint
+type gyotaku_app, domain;
+
+app_domain(gyotaku_app)
+net_domain(gyotaku_app)
+
+# For Gyotaku app common use
+allow gyotaku_app app_api_service:service_manager find;
+allow gyotaku_app privapp_data_file:lnk_file read;
+allow gyotaku_app system_app_data_file:dir create_dir_perms;
+allow gyotaku_app system_app_data_file:file create_file_perms;
+
+# For getproperty isDebuggable use
+get_prop(gyotaku_app, userdebug_or_eng_prop)
+
+# For access /data/vendor/misc fingerprint use.
+allow gyotaku_app vendor_misc_data_file:dir search;
+allow gyotaku_app vendor_fingerprint_data_file:dir r_dir_perms;
+allow gyotaku_app vendor_fingerprint_data_file:file r_file_perms;
diff --git a/gyotaku_app/fingerprint/seapp_contexts b/gyotaku_app/fingerprint/seapp_contexts
new file mode 100644
index 0000000..b1c6248
--- /dev/null
+++ b/gyotaku_app/fingerprint/seapp_contexts
@@ -0,0 +1,2 @@
+# Gyotaku app
+user=system seinfo=platform name=com.google.android.apps.internal.gyotaku domain=gyotaku_app type=system_app_data_file levelFrom=all
diff --git a/gyotaku_app/gyotaku_fingerprint.mk b/gyotaku_app/gyotaku_fingerprint.mk
new file mode 100644
index 0000000..051b88e
--- /dev/null
+++ b/gyotaku_app/gyotaku_fingerprint.mk
@@ -0,0 +1,5 @@
+# Specific build for fingerprint
+PRODUCT_PACKAGES_DEBUG += \
+ Gyotaku
+
+BOARD_SEPOLICY_DIRS += device/google/gs-common/gyotaku_app/fingerprint
diff --git a/storage/sepolicy/device.te b/storage/sepolicy/device.te
new file mode 100644
index 0000000..e0968f9
--- /dev/null
+++ b/storage/sepolicy/device.te
@@ -0,0 +1,2 @@
+# Userdata Exp block device.
+type userdata_exp_block_device, dev_type;
diff --git a/storage/sepolicy/e2fs.te b/storage/sepolicy/e2fs.te
new file mode 100644
index 0000000..c280cb7
--- /dev/null
+++ b/storage/sepolicy/e2fs.te
@@ -0,0 +1 @@
+allow e2fs userdata_exp_block_device:blk_file rw_file_perms;
diff --git a/storage/sepolicy/file_contexts b/storage/sepolicy/file_contexts
index ecca954..ff863db 100644
--- a/storage/sepolicy/file_contexts
+++ b/storage/sepolicy/file_contexts
@@ -3,3 +3,4 @@
/dev/sg[0-9] u:object_r:sg_device:s0
/data/vendor/storage(/.*)? u:object_r:dump_storage_data_file:s0
/vendor/bin/sg_read_buffer u:object_r:sg_util_exec:s0
+/dev/block/by-name/userdata_exp.* u:object_r:userdata_exp_block_device:s0
diff --git a/storage/sepolicy/fsck.te b/storage/sepolicy/fsck.te
new file mode 100644
index 0000000..2043199
--- /dev/null
+++ b/storage/sepolicy/fsck.te
@@ -0,0 +1 @@
+allow fsck userdata_exp_block_device:blk_file rw_file_perms;
diff --git a/storage/sepolicy/vold.te b/storage/sepolicy/vold.te
index 1d743b5..3d35589 100644
--- a/storage/sepolicy/vold.te
+++ b/storage/sepolicy/vold.te
@@ -1,4 +1,8 @@
allow vold sysfs_scsi_devices_0000:file rw_file_perms;
+# Access userdata_exp block device.
+allow vold userdata_exp_block_device:blk_file rw_file_perms;
+allowxperm vold userdata_exp_block_device:blk_file ioctl BLKSECDISCARD;
+
dontaudit vold dumpstate:fifo_file rw_file_perms;
dontaudit vold dumpstate:fd use ;