Merge "Allow artd to kill subprocesses during Pre-reboot Dexopt." into main
diff --git a/private/hal_power.te b/private/hal_power.te
index aae32a0..1eb10a1 100644
--- a/private/hal_power.te
+++ b/private/hal_power.te
@@ -7,3 +7,6 @@
binder_call(hal_power_server, servicemanager)
binder_call(hal_power_client, servicemanager)
+
+# power HAL sets dex2oat performance tuning properties
+set_prop(hal_power_server, dalvik_dynamic_config_prop)
diff --git a/private/property.te b/private/property.te
index a5a1d07..3b7fad3 100644
--- a/private/property.te
+++ b/private/property.te
@@ -357,12 +357,21 @@
-nfc_prop
-powerctl_prop
-radio_prop
+ -dalvik_dynamic_config_prop
}:file no_rw_file_perms;
neverallow {
domain
-coredomain
-appdomain
+ -vendor_init
+ -hal_power_server
+ } dalvik_dynamic_config_prop:file no_rw_file_perms;
+
+ neverallow {
+ domain
+ -coredomain
+ -appdomain
-hal_nfc_server
} {
nfc_prop
diff --git a/private/shell.te b/private/shell.te
index dbdd132..263db8c 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -430,6 +430,12 @@
# Allow reads (but not writes) of the MGLRU state
allow shell sysfs_lru_gen_enabled:file r_file_perms;
+# Allow communicating with the VM terminal.
+userdebug_or_eng(`
+ allow shell vmlauncher_app_devpts:chr_file rw_file_perms;
+ allowxperm shell vmlauncher_app_devpts:chr_file ioctl unpriv_tty_ioctls;
+')
+
# Allow access to ion memory allocation device.
allow shell ion_device:chr_file rw_file_perms;
diff --git a/private/vmlauncher_app.te b/private/vmlauncher_app.te
index dcc4f55..f0f372b 100644
--- a/private/vmlauncher_app.te
+++ b/private/vmlauncher_app.te
@@ -16,3 +16,10 @@
allow vmlauncher_app virtualizationservice:binder call;
allow vmlauncher_app crosvm:binder { call transfer };
')
+
+userdebug_or_eng(`
+ # Create pty/pts and connect it to the guest terminal.
+ create_pty(vmlauncher_app)
+ # Allow other processes to access the pts.
+ allow vmlauncher_app vmlauncher_app_devpts:chr_file setattr;
+')