Merge "Remove duplicated LOCAL_REQUIRED_MODULES" am: 1cad25b52f am: cf0e210dd3
am: 80812d1c17
Change-Id: I67107a4025b549fa26d112713c7be4335e351f56
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 16ae1a0..7e14dd4 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -263,6 +263,7 @@
hal_nfc_hwservice
hal_oemlock_hwservice
hal_power_hwservice
+ hal_power_stats_hwservice
hal_secure_element_hwservice
hal_sensors_hwservice
hal_telephony_hwservice
diff --git a/private/compat/26.0/26.0.cil b/private/compat/26.0/26.0.cil
index 187712e..fe0c785 100644
--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@@ -481,6 +481,9 @@
proc_panic
proc_pid_max
proc_pipe_conf
+ proc_pressure_cpu
+ proc_pressure_io
+ proc_pressure_mem
proc_random
proc_sched
proc_slabinfo
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index d3a6982..588c138 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -30,6 +30,7 @@
broadcastradio_service
cgroup_bpf
color_display_service
+ content_capture_service
crossprofileapps_service
ctl_interface_restart_prop
ctl_interface_start_prop
@@ -96,7 +97,6 @@
heapprofd_socket
incident_helper
incident_helper_exec
- intelligence_service
iorapd
iorapd_data_file
iorapd_exec
diff --git a/private/compat/27.0/27.0.cil b/private/compat/27.0/27.0.cil
index 2a4f854..0ec301e 100644
--- a/private/compat/27.0/27.0.cil
+++ b/private/compat/27.0/27.0.cil
@@ -4,10 +4,10 @@
(type mediacodec_exec)
(type qtaguid_proc)
(type reboot_data_file)
-(type vold_socket)
(type rild)
(type untrusted_v2_app)
(type webview_zygote_socket)
+(type vold_socket)
(expandtypeattribute (accessibility_service_27_0) true)
(expandtypeattribute (account_service_27_0) true)
@@ -1196,6 +1196,9 @@
proc_panic
proc_pid_max
proc_pipe_conf
+ proc_pressure_cpu
+ proc_pressure_io
+ proc_pressure_mem
proc_random
proc_sched
proc_slabinfo
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 764a9ea..e63d226 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -28,6 +28,7 @@
bpfloader_exec
cgroup_bpf
color_display_service
+ content_capture_service
crossprofileapps_service
ctl_interface_restart_prop
ctl_interface_start_prop
@@ -87,7 +88,6 @@
heapprofd_socket
incident_helper
incident_helper_exec
- intelligence_service
iorapd
iorapd_data_file
iorapd_exec
diff --git a/private/compat/28.0/28.0.cil b/private/compat/28.0/28.0.cil
index 323fb0a..ad22950 100644
--- a/private/compat/28.0/28.0.cil
+++ b/private/compat/28.0/28.0.cil
@@ -12,6 +12,8 @@
(type mtd_device)
(type qtaguid_proc)
(type thermalcallback_hwservice)
+(type thermalserviced)
+(type thermalserviced_exec)
(type untrusted_v2_app)
(type vcs_device)
@@ -738,8 +740,6 @@
(expandtypeattribute (textservices_service_28_0) true)
(expandtypeattribute (thermalcallback_hwservice_28_0) true)
(expandtypeattribute (thermal_service_28_0) true)
-(expandtypeattribute (thermalserviced_28_0) true)
-(expandtypeattribute (thermalserviced_exec_28_0) true)
(expandtypeattribute (timezone_service_28_0) true)
(expandtypeattribute (tmpfs_28_0) true)
(expandtypeattribute (tombstoned_28_0) true)
@@ -1377,6 +1377,9 @@
(typeattributeset priv_app_28_0 (priv_app))
(typeattributeset proc_28_0
( proc
+ proc_pressure_cpu
+ proc_pressure_io
+ proc_pressure_mem
proc_slabinfo))
(typeattributeset proc_abi_28_0 (proc_abi))
(typeattributeset proc_asound_28_0 (proc_asound))
@@ -1603,8 +1606,6 @@
(typeattributeset textservices_service_28_0 (textservices_service))
(typeattributeset thermalcallback_hwservice_28_0 (thermalcallback_hwservice))
(typeattributeset thermal_service_28_0 (thermal_service))
-(typeattributeset thermalserviced_28_0 (thermalserviced))
-(typeattributeset thermalserviced_exec_28_0 (thermalserviced_exec))
(typeattributeset timezone_service_28_0 (timezone_service))
(typeattributeset tmpfs_28_0 (tmpfs))
(typeattributeset tombstoned_28_0 (tombstoned))
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index f9f4ebf..0d6cb67 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -17,6 +17,7 @@
apexd_prop
apexd_tmpfs
biometric_service
+ content_capture_service
cpu_variant_prop
dev_cpu_variant
device_config_boot_count_prop
@@ -28,10 +29,12 @@
flags_health_check
flags_health_check_exec
fwk_bufferhub_hwservice
+ fwk_camera_hwservice
fwk_stats_hwservice
color_display_service
hal_atrace_hwservice
hal_health_storage_hwservice
+ hal_power_stats_hwservice
hal_system_suspend_default
hal_system_suspend_default_exec
hal_system_suspend_default_tmpfs
@@ -40,7 +43,6 @@
heapprofd_prop
heapprofd_socket
idmap_service
- intelligence_service
iris_service
iris_vendor_data_file
llkd
diff --git a/private/file_contexts b/private/file_contexts
index abef72b..3ba8fcf 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -276,7 +276,6 @@
/system/bin/update_engine u:object_r:update_engine_exec:s0
/system/bin/bspatch u:object_r:update_engine_exec:s0
/system/bin/storaged u:object_r:storaged_exec:s0
-/system/bin/thermalserviced u:object_r:thermalserviced_exec:s0
/system/bin/wpantund u:object_r:wpantund_exec:s0
/system/bin/virtual_touchpad u:object_r:virtual_touchpad_exec:s0
/system/bin/hw/android\.frameworks\.bufferhub@1\.0-service u:object_r:fwk_bufferhub_exec:s0
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 5f7a042..a56bdc3 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -23,6 +23,9 @@
genfscon proc /net/xt_qtaguid/ u:object_r:proc_qtaguid_stat:s0
genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
genfscon proc /pagetypeinfo u:object_r:proc_pagetypeinfo:s0
+genfscon proc /pressure/cpu u:object_r:proc_pressure_cpu:s0
+genfscon proc /pressure/io u:object_r:proc_pressure_io:s0
+genfscon proc /pressure/memory u:object_r:proc_pressure_mem:s0
genfscon proc /slabinfo u:object_r:proc_slabinfo:s0
genfscon proc /softirqs u:object_r:proc_timer:s0
genfscon proc /stat u:object_r:proc_stat:s0
diff --git a/private/hwservice_contexts b/private/hwservice_contexts
index 9733994..1ac0967 100644
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts
@@ -1,4 +1,5 @@
android.frameworks.bufferhub::IBufferHub u:object_r:fwk_bufferhub_hwservice:s0
+android.frameworks.cameraservice.service::ICameraService u:object_r:fwk_camera_hwservice:s0
android.frameworks.displayservice::IDisplayService u:object_r:fwk_display_hwservice:s0
android.frameworks.schedulerservice::ISchedulingPolicyService u:object_r:fwk_scheduler_hwservice:s0
android.frameworks.sensorservice::ISensorManager u:object_r:fwk_sensor_hwservice:s0
@@ -43,6 +44,7 @@
android.hardware.nfc::INfc u:object_r:hal_nfc_hwservice:s0
android.hardware.oemlock::IOemLock u:object_r:hal_oemlock_hwservice:s0
android.hardware.power::IPower u:object_r:hal_power_hwservice:s0
+android.hardware.power.stats::IPowerStats u:object_r:hal_power_stats_hwservice:s0
android.hardware.radio.config::IRadioConfig u:object_r:hal_telephony_hwservice:s0
android.hardware.radio.deprecated::IOemHook u:object_r:hal_telephony_hwservice:s0
android.hardware.radio::IRadio u:object_r:hal_telephony_hwservice:s0
diff --git a/private/service_contexts b/private/service_contexts
index 7f1b38f..323f84a 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -32,6 +32,7 @@
connmetrics u:object_r:connmetrics_service:s0
consumer_ir u:object_r:consumer_ir_service:s0
content u:object_r:content_service:s0
+content_capture u:object_r:content_capture_service:s0
contexthub u:object_r:contexthub_service:s0
country_detector u:object_r:country_detector_service:s0
coverage u:object_r:coverage_service:s0
@@ -79,7 +80,6 @@
iphonesubinfo u:object_r:radio_service:s0
ims u:object_r:radio_service:s0
imms u:object_r:imms_service:s0
-intelligence u:object_r:intelligence_service:s0
ipsec u:object_r:ipsec_service:s0
iris u:object_r:iris_service:s0
isms_msim u:object_r:radio_service:s0
diff --git a/private/system_server.te b/private/system_server.te
index 3806d23..33f4f0a 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -143,10 +143,6 @@
# Read /sys/kernel/debug/wakeup_sources.
allow system_server debugfs_wakeup_sources:file r_file_perms;
-# Delete /data/misc/stats-data/ and /data/misc/stats-service/ directories.
-allow system_server stats_data_file:dir { open read remove_name search write };
-allow system_server stats_data_file:file unlink;
-
# The DhcpClient and WifiWatchdog use packet_sockets
allow system_server self:packet_socket create_socket_perms_no_ioctl;
@@ -216,6 +212,7 @@
hal_client_domain(system_server, hal_oemlock)
hal_client_domain(system_server, hal_omx)
hal_client_domain(system_server, hal_power)
+hal_client_domain(system_server, hal_power_stats)
hal_client_domain(system_server, hal_sensors)
hal_client_domain(system_server, hal_system_suspend)
hal_client_domain(system_server, hal_tetheroffload)
@@ -687,7 +684,6 @@
allow system_server nfc_service:service_manager find;
allow system_server radio_service:service_manager find;
allow system_server stats_service:service_manager find;
-allow system_server thermal_service:service_manager find;
allow system_server storaged_service:service_manager find;
allow system_server surfaceflinger_service:service_manager find;
allow system_server update_engine_service:service_manager find;
diff --git a/private/thermalserviced.te b/private/thermalserviced.te
deleted file mode 100644
index 1a09e20..0000000
--- a/private/thermalserviced.te
+++ /dev/null
@@ -1,4 +0,0 @@
-typeattribute thermalserviced coredomain;
-
-init_daemon_domain(thermalserviced)
-
diff --git a/public/attributes b/public/attributes
index 6453d7b..37c2b94 100644
--- a/public/attributes
+++ b/public/attributes
@@ -275,6 +275,7 @@
hal_attribute(oemlock);
hal_attribute(omx);
hal_attribute(power);
+hal_attribute(power_stats);
hal_attribute(secure_element);
hal_attribute(sensors);
hal_attribute(system_suspend);
diff --git a/public/cameraserver.te b/public/cameraserver.te
index ba45228..b49a5f3 100644
--- a/public/cameraserver.te
+++ b/public/cameraserver.te
@@ -17,6 +17,7 @@
allow cameraserver hal_graphics_composer:fd use;
add_service(cameraserver, cameraserver_service)
+add_hwservice(cameraserver, fwk_camera_hwservice)
allow cameraserver activity_service:service_manager find;
allow cameraserver appops_service:service_manager find;
diff --git a/public/file.te b/public/file.te
index cb0c543..456755d 100644
--- a/public/file.te
+++ b/public/file.te
@@ -43,6 +43,9 @@
type proc_perf, fs_type, proc_type;
type proc_pid_max, fs_type, proc_type;
type proc_pipe_conf, fs_type, proc_type;
+type proc_pressure_cpu, fs_type, proc_type;
+type proc_pressure_io, fs_type, proc_type;
+type proc_pressure_mem, fs_type, proc_type;
type proc_random, fs_type, proc_type;
type proc_sched, fs_type, proc_type;
type proc_slabinfo, fs_type, proc_type;
diff --git a/public/hal_power_stats.te b/public/hal_power_stats.te
new file mode 100644
index 0000000..2c04008
--- /dev/null
+++ b/public/hal_power_stats.te
@@ -0,0 +1,5 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_power_stats_client, hal_power_stats_server)
+binder_call(hal_power_stats_server, hal_power_stats_client)
+
+hal_attribute_hwservice(hal_power_stats, hal_power_stats_hwservice)
diff --git a/public/hwservice.te b/public/hwservice.te
index 8ded06b..4490ae8 100644
--- a/public/hwservice.te
+++ b/public/hwservice.te
@@ -1,5 +1,6 @@
type default_android_hwservice, hwservice_manager_type;
type fwk_bufferhub_hwservice, hwservice_manager_type, coredomain_hwservice;
+type fwk_camera_hwservice, hwservice_manager_type, coredomain_hwservice;
type fwk_display_hwservice, hwservice_manager_type, coredomain_hwservice;
type fwk_scheduler_hwservice, hwservice_manager_type, coredomain_hwservice;
type fwk_sensor_hwservice, hwservice_manager_type, coredomain_hwservice;
@@ -38,6 +39,7 @@
type hal_oemlock_hwservice, hwservice_manager_type;
type hal_omx_hwservice, hwservice_manager_type;
type hal_power_hwservice, hwservice_manager_type;
+type hal_power_stats_hwservice, hwservice_manager_type;
type hal_renderscript_hwservice, hwservice_manager_type, same_process_hwservice;
type hal_secure_element_hwservice, hwservice_manager_type;
type hal_sensors_hwservice, hwservice_manager_type;
diff --git a/public/lmkd.te b/public/lmkd.te
index 0fc5d0f..f691b90 100644
--- a/public/lmkd.te
+++ b/public/lmkd.te
@@ -49,6 +49,13 @@
# Read /proc/meminfo
allow lmkd proc_meminfo:file r_file_perms;
+# Read /proc/pressure/cpu and /proc/pressure/io
+allow lmkd proc_pressure_cpu:file r_file_perms;
+allow lmkd proc_pressure_io:file r_file_perms;
+
+# Read/Write /proc/pressure/memory
+allow lmkd proc_pressure_mem:file rw_file_perms;
+
# Allow lmkd to write to statsd.
unix_socket_send(lmkd, statsdw, statsd)
diff --git a/public/property_contexts b/public/property_contexts
index 1533a0f..1661d7d 100644
--- a/public/property_contexts
+++ b/public/property_contexts
@@ -61,6 +61,7 @@
dalvik.vm.method-trace-file-siz u:object_r:exported_dalvik_prop:s0 exact int
dalvik.vm.method-trace-stream u:object_r:exported_dalvik_prop:s0 exact bool
dalvik.vm.profilesystemserver u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.profilebootimage u:object_r:exported_dalvik_prop:s0 exact bool
dalvik.vm.usejit u:object_r:exported_dalvik_prop:s0 exact bool
dalvik.vm.usejitprofiles u:object_r:exported_dalvik_prop:s0 exact bool
dalvik.vm.zygote.max-boot-retry u:object_r:exported_dalvik_prop:s0 exact int
diff --git a/public/service.te b/public/service.te
index ce87ba9..c71db05 100644
--- a/public/service.te
+++ b/public/service.te
@@ -29,7 +29,6 @@
type storaged_service, service_manager_type;
type surfaceflinger_service, app_api_service, ephemeral_app_api_service, service_manager_type;
type system_app_service, service_manager_type;
-type thermal_service, service_manager_type;
type update_engine_service, service_manager_type;
type virtual_touchpad_service, service_manager_type;
type vold_service, service_manager_type;
@@ -64,6 +63,7 @@
type connectivity_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type connmetrics_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type consumer_ir_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type content_capture_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type content_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type country_detector_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
# Note: The coverage_service should only be enabled for userdebug / eng builds that were compiled
@@ -97,7 +97,6 @@
type imms_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type input_method_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type input_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
-type intelligence_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type ipsec_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type iris_service, app_api_service, system_server_service, service_manager_type;
type jobscheduler_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
@@ -152,6 +151,7 @@
type textclassification_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type textservices_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type telecom_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type thermal_service, system_server_service, service_manager_type;
type timedetector_service, system_server_service, service_manager_type;
type timezone_service, system_server_service, service_manager_type;
type timezonedetector_service, system_server_service, service_manager_type;
diff --git a/public/thermalserviced.te b/public/thermalserviced.te
deleted file mode 100644
index 4716826..0000000
--- a/public/thermalserviced.te
+++ /dev/null
@@ -1,14 +0,0 @@
-# thermalserviced -- thermal management services for system and vendor
-type thermalserviced, domain;
-type thermalserviced_exec, system_file_type, exec_type, file_type;
-
-binder_use(thermalserviced)
-binder_service(thermalserviced)
-add_service(thermalserviced, thermal_service)
-
-hwbinder_use(thermalserviced)
-hal_client_domain(thermalserviced, hal_thermal)
-add_hwservice(thermalserviced, thermalcallback_hwservice)
-
-binder_call(thermalserviced, platform_app)
-binder_call(thermalserviced, system_server)
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 44198cc..dee372f 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -25,6 +25,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.allocator@2\.0-service u:object_r:hal_graphics_allocator_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.composer@2\.1-service u:object_r:hal_graphics_composer_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.composer@2\.2-service u:object_r:hal_graphics_composer_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.composer@2\.3-service u:object_r:hal_graphics_composer_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.health@1\.0-service u:object_r:hal_health_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.health@2\.0-service u:object_r:hal_health_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.health\.storage@1\.0-service u:object_r:hal_health_storage_default_exec:s0
@@ -38,6 +39,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.1-service u:object_r:hal_nfc_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.media\.omx@1\.0-service u:object_r:mediacodec_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.power@1\.0-service u:object_r:hal_power_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.power\.stats@1\.0-service u:object_r:hal_power_stats_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.radio\.config@1\.0-service u:object_r:hal_radio_config_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.radio@1\.2-radio-service u:object_r:hal_radio_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.radio@1\.2-sap-service u:object_r:hal_radio_default_exec:s0
@@ -45,6 +47,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.0-service u:object_r:hal_secure_element_default_exec:s0
/(vendor|system/vendor)/bin/hw/rild u:object_r:rild_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.thermal@1\.[01]-service u:object_r:hal_thermal_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.thermal@2\.0-service u:object_r:hal_thermal_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.cec@1\.0-service u:object_r:hal_tv_cec_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.input@1\.0-service u:object_r:hal_tv_input_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.0-service u:object_r:hal_usb_default_exec:s0
diff --git a/vendor/hal_power_stats_default.te b/vendor/hal_power_stats_default.te
new file mode 100644
index 0000000..b7a2c02
--- /dev/null
+++ b/vendor/hal_power_stats_default.te
@@ -0,0 +1,5 @@
+type hal_power_stats_default, domain;
+hal_server_domain(hal_power_stats_default, hal_power_stats)
+
+type hal_power_stats_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_power_stats_default)
diff --git a/vendor/hal_wifi_supplicant_default.te b/vendor/hal_wifi_supplicant_default.te
index a446721..b6b9e09 100644
--- a/vendor/hal_wifi_supplicant_default.te
+++ b/vendor/hal_wifi_supplicant_default.te
@@ -9,7 +9,7 @@
type_transition hal_wifi_supplicant_default wifi_data_file:dir wpa_socket "sockets";
# Allow wpa_supplicant to configure nl80211
-allow hal_wifi_supplicant_default proc_net:file write;
+allow hal_wifi_supplicant_default proc_net_type:file write;
# Allow wpa_supplicant to talk to Wifi Keystore HwBinder service.
hwbinder_use(hal_wifi_supplicant_default)