Merge "Add navigation_gesture sysprop for fingerprint VHAL" into main am: f337118af3 am: 360421a835
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3441047
Change-Id: Ib976e206222ce65a51c2f27e7a9cebf4c5f665e7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index 7aaab4e..ccd4aa7 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go
@@ -521,7 +521,7 @@
"wifiaware": EXCEPTION_NO_FUZZER,
"wifi_usd": EXCEPTION_NO_FUZZER,
"wifirtt": EXCEPTION_NO_FUZZER,
- "wifi_mainline_supplicant": EXCEPTION_NO_FUZZER, // defined internally
+ "wifi_mainline_supplicant": []string{"mainline_supplicant_service_fuzzer"},
"window": EXCEPTION_NO_FUZZER,
"*": EXCEPTION_NO_FUZZER,
}
diff --git a/microdroid/system/public/te_macros b/microdroid/system/public/te_macros
index b274417..d68c5ed 100644
--- a/microdroid/system/public/te_macros
+++ b/microdroid/system/public/te_macros
@@ -618,16 +618,6 @@
')
###########################################
-# use_drmservice(domain)
-# Ability to use DrmService which requires
-# DrmService to call getpidcon.
-define(`use_drmservice', `
- allow drmserver $1:dir search;
- allow drmserver $1:file { read open };
- allow drmserver $1:process getattr;
-')
-
-###########################################
# add_service(domain, service)
# Ability for domain to add a service to service_manager
# and find it. It also creates a neverallow preventing
diff --git a/private/mediaserver.te b/private/mediaserver.te
index d72caf6..dbba2f1 100644
--- a/private/mediaserver.te
+++ b/private/mediaserver.te
@@ -135,7 +135,6 @@
# /vendor apk access
allow mediaserver vendor_app_file:file { read map getattr };
-use_drmservice(mediaserver)
allow mediaserver drmserver:drmservice {
consumeRights
setPlaybackStatus
diff --git a/public/te_macros b/public/te_macros
index 2ba15b3..bd7da4c 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -420,10 +420,6 @@
allow $1 servicemanager:binder { call transfer };
# Allow servicemanager to send out callbacks
allow servicemanager $1:binder { call transfer };
-# servicemanager performs getpidcon on clients.
-allow servicemanager $1:dir search;
-allow servicemanager $1:file { read open };
-allow servicemanager $1:process getattr;
# rw access to /dev/binder and /dev/ashmem is presently granted to
# all domains in domain.te.
')
@@ -436,10 +432,6 @@
allow $1 hwservicemanager:binder { call transfer };
# Allow hwservicemanager to send out callbacks
allow hwservicemanager $1:binder { call transfer };
-# hwservicemanager performs getpidcon on clients.
-allow hwservicemanager $1:dir search;
-allow hwservicemanager $1:file { read open map };
-allow hwservicemanager $1:process getattr;
# rw access to /dev/hwbinder and /dev/ashmem is presently granted to
# all domains in domain.te.
')
@@ -452,10 +444,6 @@
allow $1 vndbinder_device:chr_file rw_file_perms;
# Call the vndservicemanager and transfer references to it.
allow $1 vndservicemanager:binder { call transfer };
-# vndservicemanager performs getpidcon on clients.
-allow vndservicemanager $1:dir search;
-allow vndservicemanager $1:file { read open map };
-allow vndservicemanager $1:process getattr;
')
#####################################
@@ -693,12 +681,7 @@
#####################################
# use_keystore(domain)
# Ability to use keystore.
-# Keystore is requires the following permissions
-# to call getpidcon.
define(`use_keystore', `
- allow keystore $1:dir search;
- allow keystore $1:file { read open };
- allow keystore $1:process getattr;
allow $1 apc_service:service_manager find;
allow $1 keystore_service:service_manager find;
allow $1 legacykeystore_service:service_manager find;
@@ -710,25 +693,12 @@
# use_credstore(domain)
# Ability to use credstore.
define(`use_credstore', `
- allow credstore $1:dir search;
- allow credstore $1:file { read open };
- allow credstore $1:process getattr;
allow $1 credstore_service:service_manager find;
binder_call($1, credstore)
binder_call(credstore, $1)
')
###########################################
-# use_drmservice(domain)
-# Ability to use DrmService which requires
-# DrmService to call getpidcon.
-define(`use_drmservice', `
- allow drmserver $1:dir search;
- allow drmserver $1:file { read open };
- allow drmserver $1:process getattr;
-')
-
-###########################################
# add_service(domain, service)
# Ability for domain to add a service to service_manager
# and find it. It also creates a neverallow preventing