commit ed653c47e67d2fb52a1e0c4c2d6491e8987206d3
author Inseob Kim <inseob@google.com> Thu Aug 10 07:17:17 2023 +0000
committer Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Thu Aug 10 07:17:17 2023 +0000
tree 91dad70e559f209de8270ffcd73414766d4d8251
parent faacbe722aa2f859274dc56be3047ca21202c0cd
parent c1dfa03dbd623133dd23a04c8b6c5bc1b56ba584

[automerger skipped] Move turbo_adapter sepolicy to system_ext am: 1afa122215 am: 8d3fb6f7e0 -s ours am: c1dfa03dbd -s ours

am skip reason: Merged-In Id4c114ec3039dcfe2ceb29930d500a4d8f67778b with SHA-1 9f4865ff57 is already in history

Original change: https://android-review.googlesource.com/c/platform/hardware/google/pixel-sepolicy/+/2702373

Change-Id: I57682012cdc07080506dd2cf0824ec629e403350
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

common/vendor/attributes

diff --git a/common/vendor/attributes b/common/vendor/attributes
new file mode 100644
index 0000000..25b59ac
--- /dev/null
+++ b/common/vendor/attributes
@@ -0,0 +1,2 @@
+attribute pixel_battery_domain;
+attribute pixel_battery_service_type;

debugpolicy/init_dpm.te

diff --git a/debugpolicy/init_dpm.te b/debugpolicy/init_dpm.te
index 3a4f936..8938eef 100644
--- a/debugpolicy/init_dpm.te
+++ b/debugpolicy/init_dpm.te
@@ -8,4 +8,5 @@
 allow init_dpm sysfs_dpm:file r_file_perms;
 allow init_dpm block_device:dir search;
 allow init_dpm dpm_block_device:blk_file rw_file_perms;
+allow init_dpm custom_ab_block_device:blk_file rw_file_perms;
 ')

googlebattery/hal_googlebattery.te

diff --git a/googlebattery/hal_googlebattery.te b/googlebattery/hal_googlebattery.te
index 2cc3a7c..370b8d6 100644
--- a/googlebattery/hal_googlebattery.te
+++ b/googlebattery/hal_googlebattery.te
@@ -1,4 +1,4 @@
-type hal_googlebattery, domain;
+type hal_googlebattery, domain, pixel_battery_domain;
 type hal_googlebattery_exec, exec_type, vendor_file_type, file_type;
 
 init_daemon_domain(hal_googlebattery)

googlebattery/service.te

diff --git a/googlebattery/service.te b/googlebattery/service.te
index e68baa9..440b1ce 100644
--- a/googlebattery/service.te
+++ b/googlebattery/service.te
@@ -1 +1 @@
-type hal_googlebattery_service, hal_service_type, service_manager_type;
+type hal_googlebattery_service, hal_service_type, service_manager_type, pixel_battery_service_type;

input/platform_app.te

diff --git a/input/platform_app.te b/input/platform_app.te
index 2d47236..9b4a7af 100644
--- a/input/platform_app.te
+++ b/input/platform_app.te
@@ -1,3 +1,4 @@
+allow platform_app screen_protector_detector_service:service_manager find;
 allow platform_app touch_context_service:service_manager find;
 allow platform_app gril_antenna_tuning_service:service_manager find;
 binder_call(platform_app, twoshay)

input/service.te

diff --git a/input/service.te b/input/service.te
index d521666..d59328b 100644
--- a/input/service.te
+++ b/input/service.te
@@ -1,2 +1,3 @@
 type gril_antenna_tuning_service, service_manager_type, hal_service_type;
 type touch_context_service, service_manager_type, hal_service_type;
+type screen_protector_detector_service, service_manager_type, hal_service_type;

input/service_contexts

diff --git a/input/service_contexts b/input/service_contexts
index ed69aef..f48eee4 100644
--- a/input/service_contexts
+++ b/input/service_contexts
@@ -1,2 +1,3 @@
 com.google.input.algos.gril.IGrilAntennaTuningService/default              u:object_r:gril_antenna_tuning_service:s0
 com.google.input.ITouchContextService/default              u:object_r:touch_context_service:s0
+com.google.input.algos.spd.IScreenProtectorDetectorService/default u:object_r:screen_protector_detector_service:s0

input/twoshay.te

diff --git a/input/twoshay.te b/input/twoshay.te
index 3d48318..1cbbbc6 100644
--- a/input/twoshay.te
+++ b/input/twoshay.te
@@ -7,6 +7,7 @@
 allow twoshay twoshay:capability sys_nice;
 
 binder_use(twoshay)
+add_service(twoshay, screen_protector_detector_service)
 add_service(twoshay, touch_context_service)
 add_service(twoshay, gril_antenna_tuning_service)
 binder_call(twoshay, platform_app)

power-libperfmgr/hal_power_default.te

diff --git a/power-libperfmgr/hal_power_default.te b/power-libperfmgr/hal_power_default.te
index b4d4f65..8d6a9fe 100644
--- a/power-libperfmgr/hal_power_default.te
+++ b/power-libperfmgr/hal_power_default.te
@@ -28,11 +28,12 @@
 allow hal_power_default proc_vendor_sched:dir r_dir_perms;
 allow hal_power_default proc_vendor_sched:file r_file_perms;
 
-# Allow read/write thermal sysfs
+# Allow read/write thermal sysfs and property
 allow hal_power_default thermal_link_device:dir r_dir_perms;
 allow hal_power_default sysfs_thermal:dir r_dir_perms;
 allow hal_power_default sysfs_thermal:file rw_file_perms;
 allow hal_power_default sysfs_thermal:lnk_file r_file_perms;
+set_prop(hal_power_default, vendor_thermal_prop)
 
 userdebug_or_eng(`
 # Allow reading /data/vendor/* for debugging

sota_app/system_ext/factory_ota_app.te

diff --git a/sota_app/system_ext/factory_ota_app.te b/sota_app/system_ext/factory_ota_app.te
deleted file mode 100644
index f48adeb..0000000
--- a/sota_app/system_ext/factory_ota_app.te
+++ /dev/null
@@ -1,32 +0,0 @@
-type factory_ota_app, domain, coredomain;
-
-app_domain(factory_ota_app)
-net_domain(factory_ota_app)
-
-# Write to /data/ota_package for OTA packages.
-# Factory OTA client will download OTA image into ota_package folder and unzip it.
-# Than Update engine could use it to execute OTA process.
-# So Factory OTA client need read / write and create file access right for this folder
-allow factory_ota_app ota_package_file:dir rw_dir_perms;
-allow factory_ota_app ota_package_file:file create_file_perms;
-
-# Properties
-# For write system property persist.*
-set_prop(factory_ota_app, sota_prop);
-
-# Services
-# For get access WiFi manager service and activity service
-allow factory_ota_app app_api_service:service_manager find;
-# Allow Factory OTA to call Update Engine
-binder_call(factory_ota_app, update_engine)
-# Allow Update Engine to call the Factory OTA callback
-binder_call(update_engine, factory_ota_app)
-#For access update engine function
-allow factory_ota_app update_engine_service:service_manager find;
-#For disable NFC wake up device feature
-allow factory_ota_app nfc_service:service_manager find;
-#For get device IMEI
-allow factory_ota_app radio_service:service_manager find;
-
-# For suppress more GPU service sepolicy error log.
-dontaudit factory_ota_app gpuservice:binder call;

sota_app/system_ext/property_contexts

diff --git a/sota_app/system_ext/property_contexts b/sota_app/system_ext/property_contexts
deleted file mode 100644
index 444fda2..0000000
--- a/sota_app/system_ext/property_contexts
+++ /dev/null
@@ -1,4 +0,0 @@
-ro.boot.sota                                    u:object_r:sota_prop:s0
-ro.boot.sota.                                   u:object_r:sota_prop:s0
-persist.vendor.factoryota.                      u:object_r:sota_prop:s0
-persist.vendor.radio.bootwithlpm                u:object_r:sota_prop:s0

sota_app/system_ext/seapp_contexts

diff --git a/sota_app/system_ext/seapp_contexts b/sota_app/system_ext/seapp_contexts
deleted file mode 100644
index 673f451..0000000
--- a/sota_app/system_ext/seapp_contexts
+++ /dev/null
@@ -1,2 +0,0 @@
-# Factory OTA
-user=_app seinfo=platform name=com.google.android.factoryota domain=factory_ota_app levelFrom=all

sota_app/system_ext/vendor_init.te

diff --git a/sota_app/system_ext/vendor_init.te b/sota_app/system_ext/vendor_init.te
deleted file mode 100644
index 11191e3..0000000
--- a/sota_app/system_ext/vendor_init.te
+++ /dev/null
@@ -1 +0,0 @@
-set_prop(vendor_init, sota_prop)