commit d03036bdef3da4d36edc94e310de87b86b356a9b
author Frank Yu <shengfanyu@google.com> Thu Aug 29 01:52:23 2024 +0000
committer Android (Google) Code Review <android-gerrit@google.com> Thu Aug 29 01:52:23 2024 +0000
tree 17f48ae7acafeb1167ac57993922c99dbd4e5951
parent 714dc8abf840185c9ed6e506f29cee596a001beb
parent e6358c91de46809e50419f7a6fb70c9d0f45554f

Merge "Move hal_radio_ext_service related policy of grilservice_app to gs-common." into main

audio/common.mk

diff --git a/audio/common.mk b/audio/common.mk
index edf7b6a..a691f0a 100644
--- a/audio/common.mk
+++ b/audio/common.mk
@@ -3,8 +3,15 @@
 #Audio Vendor libraries
 PRODUCT_PACKAGES += \
 	libfvsam_prm_parser \
-	libmahalcontroller \
+	libmahalcontroller
+
+ifeq ($(USE_MAM_V4_ABOVE),true)
+PRODUCT_PACKAGES += \
+	libMAM_Google_Pixel_Android
+else
+PRODUCT_PACKAGES += \
 	libAlgFx_HiFi3z
+endif
 
 ifneq ($(USE_AUDIO_HAL_AIDL),true)
 ## AudioHAL Configurations

battery_mitigation/sepolicy/vendor/dumpstate.te

diff --git a/battery_mitigation/sepolicy/vendor/dumpstate.te b/battery_mitigation/sepolicy/vendor/dumpstate.te
index b3bb1d4..8248254 100644
--- a/battery_mitigation/sepolicy/vendor/dumpstate.te
+++ b/battery_mitigation/sepolicy/vendor/dumpstate.te
@@ -1,3 +1,20 @@
 # To call battery_mitigation hal
 allow dumpstate hal_battery_mitigation_service:service_manager find;
 binder_call(dumpstate, battery_mitigation);
+
+allow hal_dumpstate_default sysfs_acpm_stats:dir { read open search };
+allow hal_dumpstate_default sysfs_acpm_stats:file { read open getattr };
+allow hal_dumpstate_default sysfs_cpu:file { read open getattr };
+allow hal_dumpstate_default sysfs_batteryinfo:dir { read open search };
+allow hal_dumpstate_default sysfs_batteryinfo:file { read open getattr };
+allow hal_dumpstate_default logbuffer_device:chr_file { read open getattr };
+allow hal_dumpstate_default mitigation_vendor_data_file:dir { search };
+allow hal_dumpstate_default sysfs_bcl:dir { read open search };
+allow hal_dumpstate_default sysfs_bcl:file { read open getattr };
+allow hal_dumpstate_default vendor_file:file { execute_no_trans };
+allow hal_dumpstate_default battery_history_device:chr_file { read };
+
+
+userdebug_or_eng(`
+  allow hal_dumpstate_default vendor_pm_genpd_debugfs:file { read open getattr };
+')

bootctrl/aidl/BootControl.cpp

diff --git a/bootctrl/aidl/BootControl.cpp b/bootctrl/aidl/BootControl.cpp
index 83deb72..8655929 100644
--- a/bootctrl/aidl/BootControl.cpp
+++ b/bootctrl/aidl/BootControl.cpp
@@ -384,7 +384,7 @@
         *_aidl_return = true;
         return ScopedAStatus::ok();
     }
-    if (in_slot >= slots)
+    if (in_slot < 0 || in_slot >= slots)
         return ScopedAStatus::fromServiceSpecificErrorWithMessage(
                 INVALID_SLOT, (std::string("Invalid slot ") + std::to_string(in_slot)).c_str());
 

mediacodec/vpu/sepolicy/mediacodec_google.te

diff --git a/mediacodec/vpu/sepolicy/mediacodec_google.te b/mediacodec/vpu/sepolicy/mediacodec_google.te
index 2c5d1cb..8022675 100644
--- a/mediacodec/vpu/sepolicy/mediacodec_google.te
+++ b/mediacodec/vpu/sepolicy/mediacodec_google.te
@@ -7,7 +7,10 @@
 
 hal_client_domain(mediacodec_google, hal_graphics_allocator)
 
+add_service(mediacodec_google, eco_service)
+
 allow mediacodec_google dmabuf_system_heap_device:chr_file r_file_perms;
+allow mediacodec_google video_device:chr_file { read write open ioctl map };
 
 # mediacodec_google should never execute any executable without a domain transition
 neverallow mediacodec_google { file_type fs_type }:file execute_no_trans;
@@ -18,3 +21,11 @@
 # https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
 neverallow mediacodec_google domain:{ udp_socket rawip_socket } *;
 neverallow mediacodec_google { domain userdebug_or_eng(`-su') }:tcp_socket *;
+
+# Allow HAL to send trace packets to Perfetto
+userdebug_or_eng(`perfetto_producer(mediacodec_google)')
+
+userdebug_or_eng(`
+ allow mediacodec_google vendor_media_data_file:dir rw_dir_perms;
+ allow mediacodec_google vendor_media_data_file:file create_file_perms;
+')

storage/sepolicy/file_contexts

diff --git a/storage/sepolicy/file_contexts b/storage/sepolicy/file_contexts
index ff863db..30335eb 100644
--- a/storage/sepolicy/file_contexts
+++ b/storage/sepolicy/file_contexts
@@ -1,5 +1,5 @@
 /vendor/bin/dump/dump_storage      u:object_r:dump_storage_exec:s0
-/sys/devices/platform/[0-9]+\.ufs/pixel/enable_pixel_ufs_logging  u:object_r:sysfs_scsi_devices_0000:s0
+/sys/devices/platform/[0-9a-z]+\.ufs/pixel/enable_pixel_ufs_logging  u:object_r:sysfs_scsi_devices_0000:s0
 /dev/sg[0-9]                       u:object_r:sg_device:s0
 /data/vendor/storage(/.*)?         u:object_r:dump_storage_data_file:s0
 /vendor/bin/sg_read_buffer         u:object_r:sg_util_exec:s0

touch/gti/ical/sepolicy/property.te

diff --git a/touch/gti/ical/sepolicy/property.te b/touch/gti/ical/sepolicy/property.te
index 2a71d74..94fa3fc 100644
--- a/touch/gti/ical/sepolicy/property.te
+++ b/touch/gti/ical/sepolicy/property.te
@@ -1 +1,2 @@
 system_public_prop(vendor_gti_prop)
+typeattribute vendor_gti_prop         touch_property_type;