Merge "Allow system_server access to hidraw devices." into main
diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index 9e047df..9118cba 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go
@@ -51,6 +51,7 @@
"android.hardware.broadcastradio.IBroadcastRadio/amfm": EXCEPTION_NO_FUZZER,
"android.hardware.broadcastradio.IBroadcastRadio/dab": EXCEPTION_NO_FUZZER,
"android.hardware.bluetooth.IBluetoothHci/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.bluetooth.finder.IBluetoothFinder/default": EXCEPTION_NO_FUZZER,
"android.hardware.camera.provider.ICameraProvider/internal/0": EXCEPTION_NO_FUZZER,
"android.hardware.camera.provider.ICameraProvider/virtual/0": EXCEPTION_NO_FUZZER,
"android.hardware.cas.IMediaCasService/default": EXCEPTION_NO_FUZZER,
diff --git a/private/compat/34.0/34.0.ignore.cil b/private/compat/34.0/34.0.ignore.cil
index 3364462..2c9961d 100644
--- a/private/compat/34.0/34.0.ignore.cil
+++ b/private/compat/34.0/34.0.ignore.cil
@@ -19,6 +19,7 @@
hidraw_device
virtual_camera_service
ot_daemon_service
+ pm_archiving_enabled_prop
remote_auth_service
security_state_service
setupwizard_mode_prop
diff --git a/private/property.te b/private/property.te
index d599751..ff0b693 100644
--- a/private/property.te
+++ b/private/property.te
@@ -711,3 +711,10 @@
-system_app
-device_as_webcam
} usb_uvc_enabled_prop:file no_rw_file_perms;
+
+neverallow {
+ domain
+ -init
+ -vendor_init
+} pm_archiving_enabled_prop:property_service set;
+
diff --git a/private/property_contexts b/private/property_contexts
index a8ac38a..4166c55 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -1607,5 +1607,9 @@
# Properties for sensor service
sensors.aosp_low_power_sensor_fusion.maximum_rate u:object_r:sensors_config_prop:s0 exact uint
-# Propertues for game manager service
+# Properties for game manager service
persist.graphics.game_default_frame_rate.enabled u:object_r:game_manager_config_prop:s0 exact bool
+
+# Properties for app archiving
+pm.archiving.enabled u:object_r:pm_archiving_enabled_prop:s0 exact bool
+
diff --git a/private/service_contexts b/private/service_contexts
index 90fb943..2209c6a 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -29,6 +29,7 @@
android.hardware.biometrics.fingerprint.IFingerprint/default u:object_r:hal_fingerprint_service:s0
android.hardware.biometrics.fingerprint.IFingerprint/virtual u:object_r:hal_fingerprint_service:s0
android.hardware.bluetooth.IBluetoothHci/default u:object_r:hal_bluetooth_service:s0
+android.hardware.bluetooth.finder.IBluetoothFinder/default u:object_r:hal_bluetooth_service:s0
android.hardware.bluetooth.audio.IBluetoothAudioProviderFactory/default u:object_r:hal_audio_service:s0
android.hardware.broadcastradio.IBroadcastRadio/amfm u:object_r:hal_broadcastradio_service:s0
android.hardware.broadcastradio.IBroadcastRadio/dab u:object_r:hal_broadcastradio_service:s0
diff --git a/private/system_app.te b/private/system_app.te
index 055c9f9..88c3a62 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -165,6 +165,9 @@
# Settings app reads ro.usb.uvc.enabled
get_prop(system_app, usb_uvc_enabled_prop)
+# Settings and Launcher apps read pm.archiving.enabled
+get_prop(system_app, pm_archiving_enabled_prop)
+
###
### Neverallow rules
###
diff --git a/public/property.te b/public/property.te
index 44b0aef..b072b5b 100644
--- a/public/property.te
+++ b/public/property.te
@@ -198,6 +198,7 @@
system_vendor_config_prop(tuner_config_prop)
system_vendor_config_prop(usb_uvc_enabled_prop)
system_vendor_config_prop(setupwizard_mode_prop)
+system_vendor_config_prop(pm_archiving_enabled_prop)
# Properties with no restrictions
system_public_prop(adbd_config_prop)