Merge "Allow statsd to access a new metadata directory" into rvc-dev

commit: 0d8d8cc3c7f102adafb6acf7b9e7e64e6b84f4fa [log] [tgz]
author: Jeffrey Huang <jeffreyhuang@google.com> Fri Mar 20 21:07:48 2020 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> Fri Mar 20 21:07:48 2020 +0000
tree: 0790a73e620f4fc727b61c975ffbddb169514dd0
parent: 59577f43b2041293366d7a639113d6af277efd65 [diff]
parent: 534befb29da0de9ed2680ca397cb89e0970c4bae [diff]
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index e47ca0f..4733042 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil

@@ -71,6 +71,7 @@
     mirror_data_file
     light_service
     linkerconfig_file
+    media_variant_prop
     metadata_bootstat_file
     mnt_pass_through_file
     mock_ota_prop

diff --git a/private/service_contexts b/private/service_contexts
index 079f0a1..f8dbcae 100644
--- a/private/service_contexts
+++ b/private/service_contexts

@@ -107,7 +107,6 @@
 ims                                       u:object_r:radio_service:s0
 imms                                      u:object_r:imms_service:s0
 incremental                               u:object_r:incremental_service:s0
-incremental_service                       u:object_r:incremental_service:s0
 ipsec                                     u:object_r:ipsec_service:s0
 ircsmessage                               u:object_r:radio_service:s0
 iris                                      u:object_r:iris_service:s0

diff --git a/private/zygote.te b/private/zygote.te
index f9e5476..f27005e 100644
--- a/private/zygote.te
+++ b/private/zygote.te

@@ -193,6 +193,9 @@
 # Send unsolicited message to system_server
 unix_socket_send(zygote, system_unsolzygote, system_server)
 
+# Allow zygote to access media_variant_prop for static initialization
+get_prop(zygote, media_variant_prop)
+
 ###
 ### neverallow rules
 ###

diff --git a/public/hal_codec2.te b/public/hal_codec2.te
index 60cd3b0..8c7816a 100644
--- a/public/hal_codec2.te
+++ b/public/hal_codec2.te

@@ -1,3 +1,6 @@
+get_prop(hal_codec2_client, media_variant_prop)
+get_prop(hal_codec2_server, media_variant_prop)
+
 binder_call(hal_codec2_client, hal_codec2_server)
 binder_call(hal_codec2_server, hal_codec2_client)
 

diff --git a/public/hal_omx.te b/public/hal_omx.te
index 707cae8..8e74383 100644
--- a/public/hal_omx.te
+++ b/public/hal_omx.te

@@ -22,6 +22,9 @@
 
 allow hal_omx_client hidl_token_hwservice:hwservice_manager find;
 
+get_prop(hal_omx_client, media_variant_prop)
+get_prop(hal_omx_server, media_variant_prop)
+
 binder_call(hal_omx_client, hal_omx_server)
 binder_call(hal_omx_server, hal_omx_client)
 

diff --git a/public/property.te b/public/property.te
index 7c1d5fa..d403d82 100644
--- a/public/property.te
+++ b/public/property.te

@@ -117,6 +117,7 @@
 system_vendor_config_prop(exported_config_prop)
 system_vendor_config_prop(exported_default_prop)
 system_vendor_config_prop(exported3_default_prop)
+system_vendor_config_prop(media_variant_prop)
 system_vendor_config_prop(userspace_reboot_config_prop)
 system_vendor_config_prop(vehicle_hal_prop)
 system_vendor_config_prop(vendor_security_patch_level_prop)

diff --git a/public/property_contexts b/public/property_contexts
index 8f1cf2d..b48bb62 100644
--- a/public/property_contexts
+++ b/public/property_contexts

@@ -164,6 +164,9 @@
 ro.telephony.default_network u:object_r:exported3_default_prop:s0 exact string
 ro.vehicle.hal u:object_r:vehicle_hal_prop:s0 exact string
 ro.vendor.build.security_patch u:object_r:vendor_security_patch_level_prop:s0 exact string
+ro.media.xml_variant.codecs u:object_r:media_variant_prop:s0 exact string
+ro.media.xml_variant.codecs_performance u:object_r:media_variant_prop:s0 exact string
+ro.media.xml_variant.profiles u:object_r:media_variant_prop:s0 exact string
 ro.zram.mark_idle_delay_mins u:object_r:exported3_default_prop:s0 exact int
 ro.zram.first_wb_delay_mins u:object_r:exported3_default_prop:s0 exact int
 ro.zram.periodic_wb_delay_hours u:object_r:exported3_default_prop:s0 exact int

diff --git a/public/recovery.te b/public/recovery.te
index 3bac03d..55568d4 100644
--- a/public/recovery.te
+++ b/public/recovery.te

@@ -148,6 +148,9 @@
   allow recovery gsi_metadata_file:dir search;
   allow recovery ota_metadata_file:dir rw_dir_perms;
   allow recovery ota_metadata_file:file create_file_perms;
+
+  # Allow mounting /metadata for writing update states
+  allow recovery metadata_file:dir { getattr mounton };
 ')
 
 ###
commit	0d8d8cc3c7f102adafb6acf7b9e7e64e6b84f4fa	[log] [tgz]
author	Jeffrey Huang <jeffreyhuang@google.com>	Fri Mar 20 21:07:48 2020 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	Fri Mar 20 21:07:48 2020 +0000
tree	0790a73e620f4fc727b61c975ffbddb169514dd0
parent	59577f43b2041293366d7a639113d6af277efd65 [diff]
parent	534befb29da0de9ed2680ca397cb89e0970c4bae [diff]