Merge "Allow hal_dumpstate to collect AoC statistics" into sc-dev
diff --git a/display/gs101/hal_graphics_composer_default.te b/display/gs101/hal_graphics_composer_default.te
index 0b4c26e..aa42927 100644
--- a/display/gs101/hal_graphics_composer_default.te
+++ b/display/gs101/hal_graphics_composer_default.te
@@ -40,3 +40,6 @@
# allow HWC to output to dumpstate via pipe fd
allow hal_graphics_composer_default hal_dumpstate_default:fifo_file { append write };
allow hal_graphics_composer_default hal_dumpstate_default:fd use;
+
+# allow HWC to access LHBM sysfs
+allow hal_graphics_composer_default sysfs_lhbm:file rw_file_perms;
diff --git a/edgetpu/edgetpu_vendor_service.te b/edgetpu/edgetpu_vendor_service.te
index 538c47b..1060510 100644
--- a/edgetpu/edgetpu_vendor_service.te
+++ b/edgetpu/edgetpu_vendor_service.te
@@ -26,3 +26,6 @@
# Allow EdgeTPU vendor service to read the kernel version.
# This is done inside the InitGoogle.
allow edgetpu_vendor_server proc_version:file r_file_perms;
+
+# Allow EdgeTPU vendor service to read the overcommit_memory info.
+allow edgetpu_vendor_server proc_overcommit_memory:file r_file_perms;
diff --git a/edgetpu/hal_neuralnetworks_darwinn.te b/edgetpu/hal_neuralnetworks_darwinn.te
index 88a24db..d143ab1 100644
--- a/edgetpu/hal_neuralnetworks_darwinn.te
+++ b/edgetpu/hal_neuralnetworks_darwinn.te
@@ -33,3 +33,6 @@
# TPU NNAPI to register the service to service_manager.
add_service(hal_neuralnetworks_darwinn, edgetpu_nnapi_service);
+
+# Allow TPU NNAPI HAL to read the overcommit_memory info.
+allow hal_neuralnetworks_darwinn proc_overcommit_memory:file r_file_perms;
diff --git a/modem/userdebug/file_contexts b/modem/userdebug/file_contexts
new file mode 100644
index 0000000..20b74c6
--- /dev/null
+++ b/modem/userdebug/file_contexts
@@ -0,0 +1 @@
+/vendor/bin/vcd u:object_r:vcd_exec:s0
diff --git a/whitechapel/vendor/google/vcd.te b/modem/userdebug/vcd.te
similarity index 100%
rename from whitechapel/vendor/google/vcd.te
rename to modem/userdebug/vcd.te
diff --git a/public/property.te b/public/property.te
new file mode 100644
index 0000000..5f60d63
--- /dev/null
+++ b/public/property.te
@@ -0,0 +1,2 @@
+vendor_internal_prop(vendor_rild_prop)
+vendor_internal_prop(vendor_persist_config_default_prop)
diff --git a/tracking_denials/hal_graphics_composer_default.te b/tracking_denials/hal_graphics_composer_default.te
new file mode 100644
index 0000000..9640b83
--- /dev/null
+++ b/tracking_denials/hal_graphics_composer_default.te
@@ -0,0 +1,2 @@
+# b/191132545
+dontaudit hal_graphics_composer_default sysfs_lhbm:file { read write };
diff --git a/tracking_denials/hal_power_default.te b/tracking_denials/hal_power_default.te
new file mode 100644
index 0000000..bef5f12
--- /dev/null
+++ b/tracking_denials/hal_power_default.te
@@ -0,0 +1,3 @@
+# b/191133059
+dontaudit hal_power_default hal_power_default:capability dac_read_search;
+dontaudit hal_power_default hal_power_default:capability dac_override;
diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te
index 513e673..a7eeea5 100644
--- a/whitechapel/vendor/google/file.te
+++ b/whitechapel/vendor/google/file.te
@@ -13,7 +13,6 @@
type vendor_sced_log_file, file_type, data_file_type;
type vendor_slog_file, file_type, data_file_type, mlstrustedobject;
type vendor_telephony_log_file, file_type, data_file_type;
-type vendor_vcd_log_file, file_type, data_file_type;
# app data files
type vendor_test_data_file, file_type, data_file_type;
diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts
index 1f06bee..bed5486 100644
--- a/whitechapel/vendor/google/file_contexts
+++ b/whitechapel/vendor/google/file_contexts
@@ -136,7 +136,6 @@
/(vendor|system/vendor)/bin/hw/rild_exynos u:object_r:rild_exec:s0
/(vendor|system/vendor)/bin/rfsd u:object_r:rfsd_exec:s0
/(vendor|system/vendor)/bin/sced u:object_r:sced_exec:s0
-/(vendor|system/vendor)/bin/vcd u:object_r:vcd_exec:s0
/(vendor|system/vendor)/bin/bipchmgr u:object_r:bipchmgr_exec:s0
# WFC
@@ -160,7 +159,6 @@
/data/vendor/log/sced(/.*)? u:object_r:vendor_sced_log_file:s0
/data/vendor/log/slog(/.*)? u:object_r:vendor_slog_file:s0
/data/vendor/slog(/.*)? u:object_r:vendor_slog_file:s0
-/data/vendor/log/vcd(/.*)? u:object_r:vendor_vcd_log_file:s0
/persist/sensorcal\.json u:object_r:sensors_cal_file:s0
@@ -335,7 +333,7 @@
/vendor/bin/hw/android\.hardware\.confirmationui@1\.0-service\.trusty\.vendor u:object_r:hal_confirmationui_default_exec:s0
/dev/trusty-ipc-dev0 u:object_r:tee_device:s0
/data/vendor/ss(/.*)? u:object_r:tee_data_file:s0
-/mnt/vendor/persist/ss(/.*)? u:object_r:tee_data_file:s0
+/mnt/vendor/persist/ss(/.*)? u:object_r:persist_ss_file:s0
/dev/sg1 u:object_r:sg_device:s0
/dev/trusty-log0 u:object_r:logbuffer_device:s0
diff --git a/whitechapel/vendor/google/property.te b/whitechapel/vendor/google/property.te
index 9454c2e..bc62032 100644
--- a/whitechapel/vendor/google/property.te
+++ b/whitechapel/vendor/google/property.te
@@ -2,7 +2,6 @@
vendor_internal_prop(vendor_prop)
vendor_internal_prop(vendor_ims_prop)
vendor_internal_prop(vendor_rcs_prop)
-vendor_internal_prop(vendor_rild_prop)
vendor_internal_prop(vendor_slog_prop)
vendor_internal_prop(sensors_prop)
vendor_internal_prop(vendor_ssrdump_prop)
@@ -15,7 +14,6 @@
# vendor defaults
vendor_internal_prop(vendor_config_default_prop)
vendor_internal_prop(vendor_ro_config_default_prop)
-vendor_internal_prop(vendor_persist_config_default_prop)
vendor_internal_prop(vendor_sys_default_prop)
vendor_internal_prop(vendor_ro_sys_default_prop)
vendor_internal_prop(vendor_persist_sys_default_prop)
diff --git a/whitechapel/vendor/google/storageproxyd.te b/whitechapel/vendor/google/storageproxyd.te
index 315300c..d5d4dca 100644
--- a/whitechapel/vendor/google/storageproxyd.te
+++ b/whitechapel/vendor/google/storageproxyd.te
@@ -1,6 +1,7 @@
type sg_device, dev_type;
type persist_ss_file, file_type, vendor_persist_type;
+allow tee persist_ss_file:file rw_file_perms;
allow tee persist_ss_file:dir r_dir_perms;
allow tee persist_file:dir r_dir_perms;
allow tee mnt_vendor_file:dir r_dir_perms;
diff --git a/whitechapel/vendor/google/vendor_telephony_app.te b/whitechapel/vendor/google/vendor_telephony_app.te
index 7d515a8..499764b 100644
--- a/whitechapel/vendor/google/vendor_telephony_app.te
+++ b/whitechapel/vendor/google/vendor_telephony_app.te
@@ -19,4 +19,5 @@
dontaudit vendor_telephony_app system_app_data_file:dir create_dir_perms;
dontaudit vendor_telephony_app system_app_data_file:file create_file_perms;
dontaudit vendor_telephony_app default_prop:file { getattr open read map };
+allow vendor_telephony_app selinuxfs:file { read open };
')