Merge "sepolicy: allow vendor system native experiments property"

commit: 1c8df204ff4399552a7204ee91cfa19e5c0d4963 [log] [tgz]
author: Richard Chang <richardycc@google.com> Fri Apr 15 03:47:28 2022 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Fri Apr 15 03:47:28 2022 +0000
tree: fc8da38fd725070030372edcaa3bfcab9c3a5545
parent: 791567ece6b1f79ac283cfbc535b273eb1ada83c [diff]
parent: 7057e4abca35a14279a96c467fecbecf897d3d1a [diff]
diff --git a/private/compat/32.0/32.0.ignore.cil b/private/compat/32.0/32.0.ignore.cil
index 5a1d863..58dba59 100644
--- a/private/compat/32.0/32.0.ignore.cil
+++ b/private/compat/32.0/32.0.ignore.cil

@@ -65,6 +65,7 @@
     smart_idle_maint_enabled_prop
     snapuserd_proxy_socket
     sysfs_fs_fuse_bpf
+    sysfs_lru_gen_enabled
     system_dlkm_file
     tare_service
     tv_iapp_service

diff --git a/private/flags_health_check.te b/private/flags_health_check.te
index 1af28c5..54ecd45 100644
--- a/private/flags_health_check.te
+++ b/private/flags_health_check.te

@@ -12,6 +12,7 @@
 set_prop(flags_health_check, device_config_nnapi_native_prop)
 set_prop(flags_health_check, device_config_activity_manager_native_boot_prop)
 set_prop(flags_health_check, device_config_media_native_prop)
+set_prop(flags_health_check, device_config_mglru_native_prop)
 set_prop(flags_health_check, device_config_profcollect_native_boot_prop)
 set_prop(flags_health_check, device_config_statsd_native_prop)
 set_prop(flags_health_check, device_config_statsd_native_boot_prop)

diff --git a/private/genfs_contexts b/private/genfs_contexts
index ca64733..2f1f84d 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts

@@ -162,6 +162,7 @@
 genfscon sysfs /kernel/ion u:object_r:sysfs_ion:s0
 genfscon sysfs /kernel/ipv4 u:object_r:sysfs_ipv4:s0
 genfscon sysfs /kernel/mm/transparent_hugepage u:object_r:sysfs_transparent_hugepage:s0
+genfscon sysfs /kernel/mm/lru_gen/enabled u:object_r:sysfs_lru_gen_enabled:s0
 genfscon sysfs /kernel/notes u:object_r:sysfs_kernel_notes:s0
 genfscon sysfs /kernel/uevent_helper u:object_r:sysfs_usermodehelper:s0
 genfscon sysfs /kernel/wakeup_reasons u:object_r:sysfs_wakeup_reasons:s0

diff --git a/private/property.te b/private/property.te
index 14221af..ccf6040 100644
--- a/private/property.te
+++ b/private/property.te

@@ -3,6 +3,7 @@
 system_internal_prop(apexd_payload_metadata_prop)
 system_internal_prop(ctl_snapuserd_prop)
 system_internal_prop(device_config_lmkd_native_prop)
+system_internal_prop(device_config_mglru_native_prop)
 system_internal_prop(device_config_profcollect_native_boot_prop)
 system_internal_prop(device_config_statsd_native_prop)
 system_internal_prop(device_config_statsd_native_boot_prop)

diff --git a/private/property_contexts b/private/property_contexts
index b74713c..1ad19c1 100644
--- a/private/property_contexts
+++ b/private/property_contexts

@@ -262,6 +262,9 @@
 # F2FS smart idle maint prop
 persist.device_config.storage_native_boot.smart_idle_maint_enabled u:object_r:smart_idle_maint_enabled_prop:s0 exact bool
 
+# MGLRU experiment prop
+persist.device_config.mglru_native.lru_gen_config   u:object_r:device_config_mglru_native_prop:s0 exact enum none core core_and_mm_walk core_and_nonleaf_young all
+
 # MM Events config props
 persist.mm_events.enabled                           u:object_r:mm_events_config_prop:s0 exact bool
 
@@ -481,6 +484,8 @@
 bluetooth.framework.support_persisted_state          u:object_r:bluetooth_config_prop:s0 exact bool
 bluetooth.framework.adapter_address_validation       u:object_r:bluetooth_config_prop:s0 exact bool
 
+bluetooth.core.gap.le.privacy.enabled                u:object_r:bluetooth_config_prop:s0 exact bool
+
 bluetooth.device.default_name                        u:object_r:bluetooth_config_prop:s0 exact string
 bluetooth.device.class_of_device                     u:object_r:bluetooth_config_prop:s0 exact string
 

diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index bc7543b..5223b50 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te

@@ -72,9 +72,13 @@
   allow surfaceflinger wm_trace_data_file:file { getattr setattr create w_file_perms };
 ')
 
-# Needed to register as a Perfetto producer.
+# Allow userspace tracing via perfetto.
 perfetto_producer(surfaceflinger)
 
+# Allow to be profiled by performance tools.
+can_profile_heap(surfaceflinger)
+can_profile_perf(surfaceflinger)
+
 # Use socket supplied by adbd, for cmd gpu vkjson etc.
 allow surfaceflinger adbd:unix_stream_socket { read write getattr };
 

diff --git a/private/system_server.te b/private/system_server.te
index 64197f2..8fc032f 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -731,6 +731,7 @@
 set_prop(system_server, device_config_runtime_native_prop)
 set_prop(system_server, device_config_lmkd_native_prop)
 set_prop(system_server, device_config_media_native_prop)
+set_prop(system_server, device_config_mglru_native_prop)
 set_prop(system_server, device_config_profcollect_native_boot_prop)
 set_prop(system_server, device_config_statsd_native_prop)
 set_prop(system_server, device_config_statsd_native_boot_prop)
@@ -1266,6 +1267,7 @@
   device_config_runtime_native_boot_prop
   device_config_runtime_native_prop
   device_config_media_native_prop
+  device_config_mglru_native_prop
   device_config_storage_native_boot_prop
   device_config_surface_flinger_native_boot_prop
   device_config_sys_traced_prop

diff --git a/public/file.te b/public/file.te
index 55f65b6..8867ebb 100644
--- a/public/file.te
+++ b/public/file.te

@@ -115,6 +115,7 @@
 type sysfs_suspend_stats, fs_type, sysfs_type;
 type sysfs_switch, fs_type, sysfs_type;
 type sysfs_transparent_hugepage, fs_type, sysfs_type;
+type sysfs_lru_gen_enabled, fs_type, sysfs_type;
 type sysfs_usb, fs_type, sysfs_type;
 type sysfs_wakeup, fs_type, sysfs_type;
 type sysfs_wakeup_reasons, fs_type, sysfs_type;

diff --git a/public/init.te b/public/init.te
index 5139038..e2010f3 100644
--- a/public/init.te
+++ b/public/init.te

@@ -423,6 +423,7 @@
   sysfs_power
   sysfs_fs_f2fs
   sysfs_dm
+  sysfs_lru_gen_enabled
 }:file w_file_perms;
 
 allow init {

diff --git a/public/service.te b/public/service.te
index dbd9bfa..0fd2360 100644
--- a/public/service.te
+++ b/public/service.te

@@ -163,7 +163,7 @@
 type midi_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type mount_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type music_recognition_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
-type nearby_service, system_api_service, system_server_service, service_manager_type;
+type nearby_service, app_api_service, system_server_service, service_manager_type;
 type netpolicy_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type netstats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type network_management_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;

diff --git a/vendor/tee.te b/vendor/tee.te
index 4b2e6c7..323c7e8 100644
--- a/vendor/tee.te
+++ b/vendor/tee.te

@@ -6,7 +6,7 @@
 
 allow tee self:global_capability_class_set { dac_override };
 allow tee tee_device:chr_file rw_file_perms;
-allow tee tee_data_file:dir rw_dir_perms;
+allow tee tee_data_file:dir create_dir_perms;
 allow tee tee_data_file:file create_file_perms;
 allow tee self:netlink_socket create_socket_perms_no_ioctl;
 allow tee self:netlink_generic_socket create_socket_perms_no_ioctl;
commit	1c8df204ff4399552a7204ee91cfa19e5c0d4963	[log] [tgz]
author	Richard Chang <richardycc@google.com>	Fri Apr 15 03:47:28 2022 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Fri Apr 15 03:47:28 2022 +0000
tree	fc8da38fd725070030372edcaa3bfcab9c3a5545
parent	791567ece6b1f79ac283cfbc535b273eb1ada83c [diff]
parent	7057e4abca35a14279a96c467fecbecf897d3d1a [diff]