Merge "Fix error in systemui when toggling airplane mode"
diff --git a/Android.mk b/Android.mk
index 66ff2e3..6fd84e9 100644
--- a/Android.mk
+++ b/Android.mk
@@ -183,7 +183,7 @@
###########################################################
define build_policy
-$(foreach type, $(1), $(foreach file, $(addsuffix /$(type), $(2)), $(sort $(wildcard $(file)))))
+$(strip $(foreach type, $(1), $(foreach file, $(addsuffix /$(type), $(2)), $(sort $(wildcard $(file))))))
endef
# Builds paths for all policy files found in BOARD_VENDOR_SEPOLICY_DIRS.
diff --git a/private/compat/31.0/31.0.ignore.cil b/private/compat/31.0/31.0.ignore.cil
index 72efc39..0fdb697 100644
--- a/private/compat/31.0/31.0.ignore.cil
+++ b/private/compat/31.0/31.0.ignore.cil
@@ -15,6 +15,7 @@
hal_uwb_service
hal_uwb_vendor_service
hal_wifi_hostapd_service
+ hypervisor_prop
locale_service
power_stats_service
snapuserd_prop
diff --git a/private/compos_fd_server.te b/private/compos_fd_server.te
index 16a57e2..5b11f26 100644
--- a/private/compos_fd_server.te
+++ b/private/compos_fd_server.te
@@ -5,6 +5,9 @@
allow compos_fd_server odrefresh:fd use;
allow compos_fd_server apex_art_data_file:file { getattr read };
allow compos_fd_server apex_art_staging_data_file:file { getattr read write };
+# Use a pipe to signal readiness
+allow compos_fd_server odrefresh:fifo_file write;
+
# TODO(b/196109647) - remove this when no longer needed by minijail
allow compos_fd_server odrefresh:fifo_file read;
diff --git a/private/dumpstate.te b/private/dumpstate.te
index 37a9a0c..4fad585 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -91,6 +91,9 @@
set_prop(dumpstate, lpdumpd_prop)
binder_call(dumpstate, lpdumpd)
+# For dumping hypervisor information.
+get_prop(dumpstate, hypervisor_prop)
+
# For dumping device-mapper and snapshot information.
allow dumpstate gsid_exec:file rx_file_perms;
set_prop(dumpstate, ctl_gsid_prop)
diff --git a/private/init.te b/private/init.te
index f569e0c..200780d 100644
--- a/private/init.te
+++ b/private/init.te
@@ -92,6 +92,9 @@
# Only init can write normal ro.boot. properties
neverallow { domain -init } bootloader_prop:property_service set;
+# Only init can write ro.boot.hypervisor properties
+neverallow { domain -init } hypervisor_prop:property_service set;
+
# Only init can write hal.instrumentation.enable
neverallow { domain -init } hal_instrumentation_prop:property_service set;
diff --git a/private/property_contexts b/private/property_contexts
index e218d86..f4a0f78 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -432,6 +432,7 @@
media.c2.dmabuf.padding u:object_r:codec2_config_prop:s0 exact int
media.recorder.show_manufacturer_and_model u:object_r:media_config_prop:s0 exact bool
+media.resolution.limit.32bit u:object_r:media_config_prop:s0 exact int
media.stagefright.cache-params u:object_r:media_config_prop:s0 exact string
media.stagefright.enable-aac u:object_r:media_config_prop:s0 exact bool
media.stagefright.enable-fma2dp u:object_r:media_config_prop:s0 exact bool
@@ -677,6 +678,8 @@
ro.boot.vbmeta.avb_version u:object_r:bootloader_prop:s0 exact string
ro.boot.verifiedbootstate u:object_r:bootloader_prop:s0 exact string
ro.boot.veritymode u:object_r:bootloader_prop:s0 exact string
+# Properties specific to virtualized deployments of Android
+ro.boot.hypervisor.version u:object_r:hypervisor_prop:s0 exact string
# These ro.X properties are set to values of ro.boot.X by property_service.
ro.baseband u:object_r:bootloader_prop:s0 exact string
diff --git a/private/system_server.te b/private/system_server.te
index ee4cfe2..66f9ba4 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -20,7 +20,7 @@
# Create a socket for connections from zygotes.
type_transition system_server system_data_file:sock_file system_unsolzygote_socket "unsolzygotesocket";
-allow system_server zygote_tmpfs:file read;
+allow system_server zygote_tmpfs:file { map read };
allow system_server appdomain_tmpfs:file { getattr map read write };
# For Incremental Service to check if incfs is available
diff --git a/public/init.te b/public/init.te
index 5fd1715..60a1a4d 100644
--- a/public/init.te
+++ b/public/init.te
@@ -434,6 +434,7 @@
LOOP_SET_BLOCK_SIZE
LOOP_SET_DIRECT_IO
LOOP_GET_STATUS
+ LOOP_SET_STATUS64
};
# Allow init to write to vibrator/trigger
diff --git a/public/property.te b/public/property.te
index 1d3f358..2b2af6d 100644
--- a/public/property.te
+++ b/public/property.te
@@ -69,6 +69,7 @@
system_restricted_prop(device_config_runtime_native_prop)
system_restricted_prop(fingerprint_prop)
system_restricted_prop(hal_instrumentation_prop)
+system_restricted_prop(hypervisor_prop)
system_restricted_prop(init_service_status_prop)
system_restricted_prop(libc_debug_prop)
system_restricted_prop(module_sdkextensions_prop)