Merge "Update sepolicy to allow pushing atoms from surfaceflinger to statsd" am: c95ae9044d
Change-Id: Iad64c0ba3034f8a9fec168a72bfe60962b767fe1
diff --git a/prebuilts/api/29.0/private/adbd.te b/prebuilts/api/29.0/private/adbd.te
index 2fa4af6..ec5c57e 100644
--- a/prebuilts/api/29.0/private/adbd.te
+++ b/prebuilts/api/29.0/private/adbd.te
@@ -23,6 +23,10 @@
unix_socket_connect(adbd, recovery, recovery)
')
+# Control Perfetto traced and obtain traces from it.
+# Needed to allow port forwarding directly to traced.
+unix_socket_connect(adbd, traced_consumer, traced)
+
# Do not sanitize the environment or open fds of the shell. Allow signaling
# created processes.
allow adbd shell:process { noatsecure signal };
diff --git a/prebuilts/api/29.0/private/gpuservice.te b/prebuilts/api/29.0/private/gpuservice.te
index ebfff76..9e17d06 100644
--- a/prebuilts/api/29.0/private/gpuservice.te
+++ b/prebuilts/api/29.0/private/gpuservice.te
@@ -31,6 +31,10 @@
# Needed for interactive shell
allow gpuservice devpts:chr_file { read write getattr };
+# Needed for dumpstate to dumpsys gpu.
+allow gpuservice dumpstate:fd use;
+allow gpuservice dumpstate:fifo_file write;
+
add_service(gpuservice, gpu_service)
# Only uncomment below line when in development
diff --git a/prebuilts/api/29.0/public/property_contexts b/prebuilts/api/29.0/public/property_contexts
index 111923f..f59b5de 100644
--- a/prebuilts/api/29.0/public/property_contexts
+++ b/prebuilts/api/29.0/public/property_contexts
@@ -89,6 +89,7 @@
pm.dexopt.ab-ota u:object_r:exported_pm_prop:s0 exact string
pm.dexopt.bg-dexopt u:object_r:exported_pm_prop:s0 exact string
pm.dexopt.boot u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.disable_bg_dexopt u:object_r:exported_pm_prop:s0 exact bool
pm.dexopt.downgrade_after_inactive_days u:object_r:exported_pm_prop:s0 exact int
pm.dexopt.first-boot u:object_r:exported_pm_prop:s0 exact string
pm.dexopt.inactive u:object_r:exported_pm_prop:s0 exact string
diff --git a/public/property_contexts b/public/property_contexts
index 4ab4f59..1cbf9db 100644
--- a/public/property_contexts
+++ b/public/property_contexts
@@ -92,6 +92,7 @@
pm.dexopt.ab-ota u:object_r:exported_pm_prop:s0 exact string
pm.dexopt.bg-dexopt u:object_r:exported_pm_prop:s0 exact string
pm.dexopt.boot u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.disable_bg_dexopt u:object_r:exported_pm_prop:s0 exact bool
pm.dexopt.downgrade_after_inactive_days u:object_r:exported_pm_prop:s0 exact int
pm.dexopt.first-boot u:object_r:exported_pm_prop:s0 exact string
pm.dexopt.inactive u:object_r:exported_pm_prop:s0 exact string
@@ -281,18 +282,6 @@
sys.use_memfd u:object_r:use_memfd_prop:s0 exact bool
vold.decrypt u:object_r:exported_vold_prop:s0 exact string
-# r/o sanitizer properties, public-readable
-ro.sanitize.address u:object_r:exported2_default_prop:s0 exact bool
-ro.sanitize.cfi u:object_r:exported2_default_prop:s0 exact bool
-ro.sanitize.default-ub u:object_r:exported2_default_prop:s0 exact bool
-ro.sanitize.fuzzer u:object_r:exported2_default_prop:s0 exact bool
-ro.sanitize.hwaddress u:object_r:exported2_default_prop:s0 exact bool
-ro.sanitize.integer_overflow u:object_r:exported2_default_prop:s0 exact bool
-ro.sanitize.safe-stack u:object_r:exported2_default_prop:s0 exact bool
-ro.sanitize.scudo u:object_r:exported2_default_prop:s0 exact bool
-ro.sanitize.thread u:object_r:exported2_default_prop:s0 exact bool
-ro.sanitize.undefined u:object_r:exported2_default_prop:s0 exact bool
-
# vendor-init-settable|public-readable
aaudio.hw_burst_min_usec u:object_r:exported_default_prop:s0 exact int
aaudio.minimum_sleep_usec u:object_r:exported_default_prop:s0 exact int