Merge "Allow mediaserver to find "audio" service"
diff --git a/Android.mk b/Android.mk
index 45dd30b..c311213 100644
--- a/Android.mk
+++ b/Android.mk
@@ -309,6 +309,11 @@
selinux_denial_metadata \
endif
+
+# Builds an addtional userdebug sepolicy into the debug ramdisk.
+LOCAL_REQUIRED_MODULES += \
+ userdebug_plat_sepolicy.cil \
+
include $(BUILD_PHONY_PACKAGE)
#################################
@@ -525,6 +530,47 @@
#################################
include $(CLEAR_VARS)
+LOCAL_MODULE := userdebug_plat_sepolicy.cil
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE_PATH := $(TARGET_DEBUG_RAMDISK_OUT)
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+# userdebug_plat_policy.conf - the userdebug version plat_sepolicy.cil
+userdebug_plat_policy.conf := $(intermediates)/userdebug_plat_policy.conf
+$(userdebug_plat_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
+$(userdebug_plat_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
+$(userdebug_plat_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := userdebug
+$(userdebug_plat_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
+$(userdebug_plat_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
+$(userdebug_plat_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
+$(userdebug_plat_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
+$(userdebug_plat_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
+$(userdebug_plat_policy.conf): $(call build_policy, $(sepolicy_build_files), \
+$(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY))
+ $(transform-policy-to-conf)
+ $(hide) sed '/^\s*dontaudit.*;/d' $@ | sed '/^\s*dontaudit/,/;/d' > $@.dontaudit
+
+$(LOCAL_BUILT_MODULE): PRIVATE_ADDITIONAL_CIL_FILES := \
+ $(call build_policy, $(sepolicy_build_cil_workaround_files), $(PLAT_PRIVATE_POLICY))
+$(LOCAL_BUILT_MODULE): PRIVATE_NEVERALLOW_ARG := $(NEVERALLOW_ARG)
+$(LOCAL_BUILT_MODULE): $(userdebug_plat_policy.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy \
+ $(HOST_OUT_EXECUTABLES)/secilc \
+ $(call build_policy, $(sepolicy_build_cil_workaround_files), $(PLAT_PRIVATE_POLICY)) \
+ $(built_sepolicy_neverallows)
+ @mkdir -p $(dir $@)
+ $(hide) $(CHECKPOLICY_ASAN_OPTIONS) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -C -c \
+ $(POLICYVERS) -o $@.tmp $<
+ $(hide) cat $(PRIVATE_ADDITIONAL_CIL_FILES) >> $@.tmp
+ $(hide) $(HOST_OUT_EXECUTABLES)/secilc -m -M true -G -c $(POLICYVERS) $(PRIVATE_NEVERALLOW_ARG) $@.tmp -o /dev/null -f /dev/null
+ $(hide) mv $@.tmp $@
+
+userdebug_plat_policy.conf :=
+
+#################################
+include $(CLEAR_VARS)
+
ifdef HAS_PRODUCT_SEPOLICY
LOCAL_MODULE := product_sepolicy.cil
LOCAL_MODULE_CLASS := ETC
diff --git a/private/statsd.te b/private/statsd.te
index 16d3aeb..99548a0 100644
--- a/private/statsd.te
+++ b/private/statsd.te
@@ -1,4 +1,5 @@
typeattribute statsd coredomain;
+typeattribute statsd stats_service_server;
init_daemon_domain(statsd)
diff --git a/private/system_server.te b/private/system_server.te
index 8c525de..14c6dd6 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -5,6 +5,8 @@
typeattribute system_server coredomain;
typeattribute system_server mlstrustedsubject;
+typeattribute system_server scheduler_service_server;
+typeattribute system_server sensor_service_server;
# Define a type for tmpfs-backed ashmem regions.
tmpfs_domain(system_server)
@@ -244,10 +246,6 @@
allow system_server hal_renderscript_hwservice:hwservice_manager find;
allow system_server same_process_hal_file:file { execute read open getattr map };
-# Offer HwBinder services
-add_hwservice(system_server, fwk_scheduler_hwservice)
-add_hwservice(system_server, fwk_sensor_hwservice)
-
# Talk to tombstoned to get ANR traces.
unix_socket_connect(system_server, tombstoned_intercept, tombstoned)
diff --git a/public/attributes b/public/attributes
index dbb9356..67979da 100644
--- a/public/attributes
+++ b/public/attributes
@@ -303,11 +303,14 @@
# from one core domain to another, without having to update the vendor image
# which contains clients of this service.
-attribute display_service_server;
-attribute wifi_keystore_service_server;
-attribute mediaswcodec_server;
-attribute system_suspend_server;
attribute camera_service_server;
+attribute display_service_server;
+attribute mediaswcodec_server;
+attribute scheduler_service_server;
+attribute sensor_service_server;
+attribute stats_service_server;
+attribute system_suspend_server;
+attribute wifi_keystore_service_server;
# All types used for super partition block devices.
attribute super_block_device_type;
diff --git a/public/init.te b/public/init.te
index bde7ac6..c5b88d2 100644
--- a/public/init.te
+++ b/public/init.te
@@ -52,8 +52,8 @@
# setrlimit
allow init self:global_capability_class_set sys_resource;
-# Remove /dev/.booting, created before initial policy load or restorecon /dev.
-allow init tmpfs:file unlink;
+# Remove /dev/.booting and load /debug_ramdisk/* files
+allow init tmpfs:file { getattr unlink };
# Access pty created for fsck.
allow init devpts:chr_file { read write open };
diff --git a/public/scheduler_service_server.te b/public/scheduler_service_server.te
new file mode 100644
index 0000000..b3cede1
--- /dev/null
+++ b/public/scheduler_service_server.te
@@ -0,0 +1 @@
+add_hwservice(scheduler_service_server, fwk_scheduler_hwservice)
diff --git a/public/sensor_service_server.te b/public/sensor_service_server.te
new file mode 100644
index 0000000..7c526a5
--- /dev/null
+++ b/public/sensor_service_server.te
@@ -0,0 +1 @@
+add_hwservice(sensor_service_server, fwk_sensor_hwservice)
diff --git a/public/stats_service_server.te b/public/stats_service_server.te
new file mode 100644
index 0000000..564ae23
--- /dev/null
+++ b/public/stats_service_server.te
@@ -0,0 +1 @@
+add_hwservice(stats_service_server, fwk_stats_hwservice)
diff --git a/public/statsd.te b/public/statsd.te
index 8ba7f63..089cae9 100644
--- a/public/statsd.te
+++ b/public/statsd.te
@@ -50,9 +50,6 @@
system_api_service
}:service_manager find;
-# Allow statsd to add as HIDL service.
-add_hwservice(statsd, fwk_stats_hwservice)
-
# Grant statsd to access health hal to access battery metrics.
allow statsd hal_health_hwservice:hwservice_manager find;
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 8890ca0..390ec0b 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -39,6 +39,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.memtrack@1\.0-service u:object_r:hal_memtrack_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.0-service u:object_r:hal_nfc_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.1-service u:object_r:hal_nfc_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.2-service u:object_r:hal_nfc_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.media\.omx@1\.0-service u:object_r:mediacodec_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.power@1\.0-service u:object_r:hal_power_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.power\.stats@1\.0-service u:object_r:hal_power_stats_default_exec:s0