DO NOT MERGE - Merge Android 13
Bug: 242648940
Merged-In: I35cfbf3f9fa031bf1a02febfca57929b8cada460
Change-Id: I7011c6e8aa3d8e207f3b08c72e09c48bc9ae855a
diff --git a/citadel/hal_identity_citadel.te b/citadel/hal_identity_citadel.te
index e29310c..c181e27 100644
--- a/citadel/hal_identity_citadel.te
+++ b/citadel/hal_identity_citadel.te
@@ -4,6 +4,8 @@
vndbinder_use(hal_identity_citadel)
binder_call(hal_identity_citadel, citadeld)
allow hal_identity_citadel citadeld_service:service_manager find;
+allow hal_identity_citadel hal_keymint_citadel:binder call;
hal_server_domain(hal_identity_citadel, hal_identity)
+hal_server_domain(hal_identity_citadel, hal_keymint)
init_daemon_domain(hal_identity_citadel)
diff --git a/citadel/service_contexts b/citadel/service_contexts
index 5639b58..ac6a186 100644
--- a/citadel/service_contexts
+++ b/citadel/service_contexts
@@ -1,2 +1,3 @@
android.hardware.security.keymint.IKeyMintDevice/strongbox u:object_r:hal_keymint_service:s0
android.hardware.security.sharedsecret.ISharedSecret/strongbox u:object_r:hal_sharedsecret_service:s0
+android.hardware.security.keymint.IRemotelyProvisionedComponent/strongbox u:object_r:hal_remotelyprovisionedcomponent_service:s0
diff --git a/common/vendor/bug_map b/common/vendor/bug_map
new file mode 100644
index 0000000..3f3e2e6
--- /dev/null
+++ b/common/vendor/bug_map
@@ -0,0 +1 @@
+dumpstate su process b/220019932
diff --git a/connectivity_thermal_power_manager/connectivity_thermal_power_manager.te b/connectivity_thermal_power_manager/connectivity_thermal_power_manager.te
new file mode 100644
index 0000000..54b2e8c
--- /dev/null
+++ b/connectivity_thermal_power_manager/connectivity_thermal_power_manager.te
@@ -0,0 +1,15 @@
+# platform_apps cannot access PowerHAL, so we need to define our own domain.
+# Since we're defining and moving CTPM to its own domain, we need to assign
+# all of the previous permissions that we had as a platform_app
+
+type connectivity_thermal_power_manager, domain, coredomain, system_suspend_internal_server;
+
+app_domain(connectivity_thermal_power_manager)
+
+# register previous permissions we had as a platform_app
+allow connectivity_thermal_power_manager radio_service:service_manager find;
+allow connectivity_thermal_power_manager app_api_service:service_manager find;
+allow connectivity_thermal_power_manager system_api_service:service_manager find;
+
+# access power stats
+hal_client_domain(connectivity_thermal_power_manager, hal_power_stats);
diff --git a/connectivity_thermal_power_manager/seapp_contexts b/connectivity_thermal_power_manager/seapp_contexts
new file mode 100644
index 0000000..28b2e0c
--- /dev/null
+++ b/connectivity_thermal_power_manager/seapp_contexts
@@ -0,0 +1 @@
+user=_app seinfo=platform name=com.google.android.connectivitythermalpowermanager domain=connectivity_thermal_power_manager type=app_data_file levelFrom=all
diff --git a/debugpolicy/device.te b/debugpolicy/device.te
index 1deb4ab..c774e3b 100644
--- a/debugpolicy/device.te
+++ b/debugpolicy/device.te
@@ -1 +1 @@
-type dpm_block_device, dev_type, bdev_type;
+type dpm_block_device, dev_type;
diff --git a/googlebattery/file_contexts b/googlebattery/file_contexts
index 0d3004e..9e247bb 100644
--- a/googlebattery/file_contexts
+++ b/googlebattery/file_contexts
@@ -1 +1 @@
-/vendor/bin/hw/vendor\.google\.google_battery@1\.1-service-vendor u:object_r:hal_googlebattery_exec:s0
+/vendor/bin/hw/vendor\.google\.google_battery@1\.2-service-vendor u:object_r:hal_googlebattery_exec:s0
diff --git a/input/dumpstate.te b/input/dumpstate.te
index b2c0c81..748ff35 100644
--- a/input/dumpstate.te
+++ b/input/dumpstate.te
@@ -1,2 +1,2 @@
-# b/187795940
-dontaudit dumpstate twoshay:binder call;
+binder_call(dumpstate, twoshay)
+
diff --git a/input/touchflow_debug/file_contexts b/input/touchflow_debug/file_contexts
index abde29a..ff6aa22 100644
--- a/input/touchflow_debug/file_contexts
+++ b/input/touchflow_debug/file_contexts
@@ -1,3 +1,3 @@
-/vendor/bin/hw/android\.hardware\.input\.classifier@1\.0-reflector u:object_r:hal_input_classifier_default_exec:s0
+/vendor/bin/hw/android\.hardware\.input\.processor-reflector u:object_r:hal_input_processor_default_exec:s0
/vendor/bin/twoshay_touchflow u:object_r:twoshay_exec:s0
diff --git a/input/twoshay.te b/input/twoshay.te
index eba1cce..71b5771 100644
--- a/input/twoshay.te
+++ b/input/twoshay.te
@@ -12,5 +12,12 @@
allow twoshay fwk_stats_service:service_manager find;
binder_call(twoshay, stats_service_server)
+# Allow dumpsys output in bugreports.
+allow twoshay dumpstate:fd use;
+allow twoshay dumpstate:fifo_file write;
+
# b/198755236
dontaudit twoshay twoshay:capability dac_override;
+
+# b/226830650
+dontaudit twoshay boot_status_prop:file read;
\ No newline at end of file
diff --git a/logger_app/logger_app.te b/logger_app/logger_app.te
index 942daba..1ab7e68 100644
--- a/logger_app/logger_app.te
+++ b/logger_app/logger_app.te
@@ -11,4 +11,5 @@
allow logger_app wifi_logging_data_file:dir create_dir_perms;
allow logger_app wifi_logging_data_file:file create_file_perms;
set_prop(logger_app, vendor_wlan_logging_prop)
+ set_prop(logger_app, vendor_wifi_perf_diag_prop)
')
diff --git a/pixelstats/file_contexts b/pixelstats/file_contexts
new file mode 100644
index 0000000..a899889
--- /dev/null
+++ b/pixelstats/file_contexts
@@ -0,0 +1,3 @@
+# pixelstats binary
+/vendor/bin/pixelstats-vendor u:object_r:pixelstats_vendor_exec:s0
+
diff --git a/pixelstats/pixelstats_vendor.te b/pixelstats/pixelstats_vendor.te
index c3d3377..7f34d10 100644
--- a/pixelstats/pixelstats_vendor.te
+++ b/pixelstats/pixelstats_vendor.te
@@ -1,3 +1,8 @@
+type pixelstats_vendor, domain;
+
+type pixelstats_vendor_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(pixelstats_vendor)
+
# UeventListener
r_dir_file(pixelstats_vendor, sysfs_batteryinfo)
allow pixelstats_vendor sysfs_batteryinfo:file w_file_perms;
diff --git a/ramdump/common/file.te b/ramdump/common/file.te
index 78ad1db..93b947f 100644
--- a/ramdump/common/file.te
+++ b/ramdump/common/file.te
@@ -1,3 +1,3 @@
type ramdump_vendor_data_file, file_type, data_file_type, mlstrustedobject;
type ramdump_vendor_mnt_file, file_type, data_file_type, mlstrustedobject;
-type ramdump_vendor_fs, file_type, data_file_type, mlstrustedobject;
+type ramdump_vendor_fs, fusefs_type, data_file_type, mlstrustedobject;
diff --git a/wifi_perf_diag/property_contexts b/wifi_perf_diag/property_contexts
index dea1250..a737dba 100644
--- a/wifi_perf_diag/property_contexts
+++ b/wifi_perf_diag/property_contexts
@@ -1,3 +1,6 @@
persist.vendor.wifi.perf_diag.period u:object_r:vendor_wifi_perf_diag_prop:s0
persist.vendor.wifi.perf_diag.file u:object_r:vendor_wifi_perf_diag_prop:s0
+persist.vendor.wifi.perf_diag.netperf u:object_r:vendor_wifi_perf_diag_prop:s0
+persist.vendor.wifi.perf_diag.pid u:object_r:vendor_wifi_perf_diag_prop:s0
+persist.vendor.wifi.perf_diag.mode u:object_r:vendor_wifi_perf_diag_prop:s0
vendor.wifi.perf_diag.start u:object_r:vendor_wifi_perf_diag_prop:s0
diff --git a/wifi_perf_diag/wifi_perf_diag.te b/wifi_perf_diag/wifi_perf_diag.te
index 32254cd..b1f1e68 100644
--- a/wifi_perf_diag/wifi_perf_diag.te
+++ b/wifi_perf_diag/wifi_perf_diag.te
@@ -7,23 +7,34 @@
net_domain(wifi_perf_diag)
#vendor
-allow wifi_perf_diag properties_device:dir r_dir_perms;
-allow wifi_perf_diag device:dir write;
-allow wifi_perf_diag vendor_file:file execute_no_trans;
-allow wifi_perf_diag vendor_toolbox_exec:file execute_no_trans;
+allow wifi_perf_diag wifi_logging_data_file:dir create_dir_perms;
+allow wifi_perf_diag wifi_logging_data_file:file create_file_perms;
allow wifi_perf_diag vendor_shell_exec:file execute_no_trans;
-#system proc
-allow wifi_perf_diag proc_net:file r_file_perms;
-allow wifi_perf_diag proc_stat:file r_file_perms;
-allow wifi_perf_diag proc_interrupts:file r_file_perms;
-allow wifi_perf_diag proc_timer:file r_file_perms;
+allow wifi_perf_diag wifi_perf_diag_exec:file execute_no_trans;
+allow wifi_perf_diag self:capability net_admin;
allow wifi_perf_diag self:udp_socket ioctl;
-allow wifi_perf_diag self:capability { net_admin net_raw };
+allowxperm wifi_perf_diag self:udp_socket ioctl { SIOCETHTOOL SIOCDEVPRIVATE };
+
+#factors
+allow wifi_perf_diag device:dir rw_dir_perms;
allow wifi_perf_diag device:file rw_file_perms;
allow wifi_perf_diag init:dir search;
allow wifi_perf_diag init:file r_file_perms;
+allow wifi_perf_diag kernel:dir search;
allow wifi_perf_diag kernel:file r_file_perms;
-#perfetto
-allow wifi_perf_diag traced_consumer_socket:sock_file write;
+allow wifi_perf_diag logd:dir search;
+allow wifi_perf_diag logd:file r_file_perms;
+allow wifi_perf_diag netd:dir search;
+allow wifi_perf_diag netd:file r_file_perms;
+allow wifi_perf_diag proc_interrupts:file r_file_perms;
+allow wifi_perf_diag proc_net:file r_file_perms;
+allow wifi_perf_diag proc_stat:file r_file_perms;
+allow wifi_perf_diag proc_timer:file r_file_perms;
+allow wifi_perf_diag properties_device:dir r_file_perms;
+allow wifi_perf_diag vendor_file:file execute_no_trans;
+allow wifi_perf_diag vendor_file:dir r_dir_perms;
+allow wifi_perf_diag vendor_toolbox_exec:file execute_no_trans;
+#property
get_prop(wifi_perf_diag, vendor_wifi_perf_diag_prop)
+set_prop(wifi_perf_diag, vendor_wifi_perf_diag_prop)
')