Merge "Allow heap profiling of certain app domains on user builds"
diff --git a/Android.mk b/Android.mk
index f5f277d..4387090 100644
--- a/Android.mk
+++ b/Android.mk
@@ -103,8 +103,6 @@
endif
endif
-platform_mapping_file := $(BOARD_SEPOLICY_VERS).cil
-
###########################################################
# Compute policy files to be used in policy build.
# $(1): files to include
@@ -193,7 +191,7 @@
# These build targets are not used on non-Treble devices. However, we build these to avoid
# divergence between Treble and non-Treble devices.
LOCAL_REQUIRED_MODULES += \
- $(platform_mapping_file) \
+ plat_mapping_file \
$(addsuffix .cil,$(PLATFORM_SEPOLICY_COMPAT_VERSIONS)) \
plat_sepolicy.cil \
plat_and_mapping_sepolicy.cil.sha256 \
@@ -290,6 +288,7 @@
product_seapp_contexts \
product_service_contexts \
product_mac_permissions.xml \
+ product_mapping_file \
endif
include $(BUILD_PHONY_PACKAGE)
@@ -391,11 +390,36 @@
reqd_policy_mask.conf :=
##################################
-# plat_pub_policy - policy that will be exported to be a part of non-platform
+# pub_policy - policy that will be exported to be a part of non-platform
# policy corresponding to this platform version. This is a limited subset of
# policy that would not compile in checkpolicy on its own. To get around this
# limitation, add only the required files from private policy, which will
# generate CIL policy that will then be filtered out by the reqd_policy_mask.
+pub_policy.conf := $(intermediates)/pub_policy.conf
+$(pub_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
+$(pub_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
+$(pub_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
+$(pub_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
+$(pub_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
+$(pub_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
+$(pub_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
+$(pub_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
+$(pub_policy.conf): $(call build_policy, $(sepolicy_build_files), \
+$(PLAT_PUBLIC_POLICY) $(PRODUCT_PUBLIC_POLICY) $(REQD_MASK_POLICY))
+ $(transform-policy-to-conf)
+pub_policy.cil := $(intermediates)/pub_policy.cil
+$(pub_policy.cil): PRIVATE_POL_CONF := $(pub_policy.conf)
+$(pub_policy.cil): PRIVATE_REQD_MASK := $(reqd_policy_mask.cil)
+$(pub_policy.cil): $(HOST_OUT_EXECUTABLES)/checkpolicy \
+$(HOST_OUT_EXECUTABLES)/build_sepolicy $(pub_policy.conf) $(reqd_policy_mask.cil)
+ @mkdir -p $(dir $@)
+ $(hide) $(CHECKPOLICY_ASAN_OPTIONS) $< -C -M -c $(POLICYVERS) -o $@ $(PRIVATE_POL_CONF)
+ $(hide) $(HOST_OUT_EXECUTABLES)/build_sepolicy -a $(HOST_OUT_EXECUTABLES) filter_out \
+ -f $(PRIVATE_REQD_MASK) -t $@
+
+pub_policy.conf :=
+
+##################################
plat_pub_policy.conf := $(intermediates)/plat_pub_policy.conf
$(plat_pub_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
$(plat_pub_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
@@ -406,8 +430,9 @@
$(plat_pub_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
$(plat_pub_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
$(plat_pub_policy.conf): $(call build_policy, $(sepolicy_build_files), \
-$(PLAT_PUBLIC_POLICY) $(PRODUCT_PUBLIC_POLICY) $(REQD_MASK_POLICY))
+$(PLAT_PUBLIC_POLICY) $(REQD_MASK_POLICY))
$(transform-policy-to-conf)
+
plat_pub_policy.cil := $(intermediates)/plat_pub_policy.cil
$(plat_pub_policy.cil): PRIVATE_POL_CONF := $(plat_pub_policy.conf)
$(plat_pub_policy.cil): PRIVATE_REQD_MASK := $(reqd_policy_mask.cil)
@@ -549,39 +574,48 @@
#################################
include $(CLEAR_VARS)
-LOCAL_MODULE := $(platform_mapping_file)
+LOCAL_MODULE := plat_mapping_file
+LOCAL_MODULE_STEM := $(PLATFORM_SEPOLICY_VERSION).cil
LOCAL_MODULE_CLASS := ETC
LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux/mapping
include $(BUILD_SYSTEM)/base_rules.mk
-current_mapping.cil := $(intermediates)/mapping/$(PLATFORM_SEPOLICY_VERSION).cil
-ifeq ($(BOARD_SEPOLICY_VERS), $(PLATFORM_SEPOLICY_VERSION))
# auto-generate the mapping file for current platform policy, since it needs to
# track platform policy development
-$(current_mapping.cil) : PRIVATE_VERS := $(PLATFORM_SEPOLICY_VERSION)
-$(current_mapping.cil) : $(plat_pub_policy.cil) $(HOST_OUT_EXECUTABLES)/version_policy
+$(LOCAL_BUILT_MODULE) : PRIVATE_VERS := $(PLATFORM_SEPOLICY_VERSION)
+$(LOCAL_BUILT_MODULE) : $(plat_pub_policy.cil) $(HOST_OUT_EXECUTABLES)/version_policy
@mkdir -p $(dir $@)
$(hide) $(HOST_OUT_EXECUTABLES)/version_policy -b $< -m -n $(PRIVATE_VERS) -o $@
-else # ifeq ($(BOARD_SEPOLICY_VERS), $(PLATFORM_SEPOLICY_VERSION))
-# TODO(b/119305624): Move product-specific sepolicy out of mapping files.
-prebuilt_mapping_files := $(wildcard \
- $(addsuffix /compat/$(BOARD_SEPOLICY_VERS)/$(BOARD_SEPOLICY_VERS).cil, \
- $(PLAT_PRIVATE_POLICY) $(PRODUCT_PRIVATE_POLICY)))
-$(current_mapping.cil) : $(prebuilt_mapping_files)
+built_plat_mapping_cil := $(LOCAL_BUILT_MODULE)
+
+#################################
+include $(CLEAR_VARS)
+
+ifdef HAS_PRODUCT_SEPOLICY
+LOCAL_MODULE := product_mapping_file
+LOCAL_MODULE_STEM := $(PLATFORM_SEPOLICY_VERSION).cil
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE_PATH := $(TARGET_OUT_PRODUCT)/etc/selinux/mapping
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(LOCAL_BUILT_MODULE) : PRIVATE_VERS := $(PLATFORM_SEPOLICY_VERSION)
+$(LOCAL_BUILT_MODULE) : PRIVATE_PLAT_MAPPING_CIL := $(built_plat_mapping_cil)
+$(LOCAL_BUILT_MODULE) : $(pub_policy.cil) $(HOST_OUT_EXECUTABLES)/version_policy \
+$(built_plat_mapping_cil)
@mkdir -p $(dir $@)
- cat $^ > $@
+ # Generate product mapping file as mapping file of all public sepolicy minus
+ # plat_mapping_file.
+ $(hide) $(HOST_OUT_EXECUTABLES)/version_policy -b $< -m -n $(PRIVATE_VERS) -o $@
+ $(hide) $(HOST_OUT_EXECUTABLES)/build_sepolicy -a $(HOST_OUT_EXECUTABLES) filter_out \
+ -f $(PRIVATE_PLAT_MAPPING_CIL) -t $@
-prebuilt_mapping_files :=
-endif
-
-$(LOCAL_BUILT_MODULE): $(current_mapping.cil) $(ACP)
- $(hide) $(ACP) $< $@
-
-built_mapping_cil := $(LOCAL_BUILT_MODULE)
-current_mapping.cil :=
+built_product_mapping_cil := $(LOCAL_BUILT_MODULE)
+endif # HAS_PRODUCT_SEPOLICY
#################################
include $(CLEAR_VARS)
@@ -593,7 +627,9 @@
include $(BUILD_SYSTEM)/base_rules.mk
-$(LOCAL_BUILT_MODULE): $(built_plat_cil) $(built_mapping_cil) $(built_product_cil)
+# TODO(b/119305624): Need one hash for system, one for product.
+$(LOCAL_BUILT_MODULE): $(built_plat_cil) $(built_product_cil) \
+$(built_plat_mapping_cil) $(built_product_mapping_cil)
cat $^ | sha256sum | cut -d' ' -f1 > $@
#################################
@@ -610,16 +646,18 @@
include $(BUILD_SYSTEM)/base_rules.mk
$(LOCAL_BUILT_MODULE) : PRIVATE_VERS := $(BOARD_SEPOLICY_VERS)
-$(LOCAL_BUILT_MODULE) : PRIVATE_TGT_POL := $(plat_pub_policy.cil)
-$(LOCAL_BUILT_MODULE) : PRIVATE_DEP_CIL_FILES := $(built_plat_cil) $(built_mapping_cil)
-$(LOCAL_BUILT_MODULE) : $(plat_pub_policy.cil) $(HOST_OUT_EXECUTABLES)/version_policy \
- $(HOST_OUT_EXECUTABLES)/secilc $(built_plat_cil) $(built_mapping_cil)
+$(LOCAL_BUILT_MODULE) : PRIVATE_TGT_POL := $(pub_policy.cil)
+$(LOCAL_BUILT_MODULE) : PRIVATE_DEP_CIL_FILES := $(built_plat_cil) $(built_product_cil)\
+$(built_plat_mapping_cil) $(built_product_mapping_cil)
+$(LOCAL_BUILT_MODULE) : $(pub_policy.cil) $(HOST_OUT_EXECUTABLES)/version_policy \
+ $(HOST_OUT_EXECUTABLES)/secilc $(built_plat_cil) $(built_product_cil) \
+ $(built_plat_mapping_cil) $(built_product_mapping_cil)
@mkdir -p $(dir $@)
$(HOST_OUT_EXECUTABLES)/version_policy -b $< -t $(PRIVATE_TGT_POL) -n $(PRIVATE_VERS) -o $@
$(hide) $(HOST_OUT_EXECUTABLES)/secilc -m -M true -G -N -c $(POLICYVERS) \
$(PRIVATE_DEP_CIL_FILES) $@ -o /dev/null -f /dev/null
-built_plat_pub_vers_cil := $(LOCAL_BUILT_MODULE)
+built_pub_vers_cil := $(LOCAL_BUILT_MODULE)
#################################
include $(CLEAR_VARS)
@@ -652,13 +690,15 @@
$(LOCAL_BUILT_MODULE): PRIVATE_POL_CONF := $(vendor_policy.conf)
$(LOCAL_BUILT_MODULE): PRIVATE_REQD_MASK := $(reqd_policy_mask.cil)
-$(LOCAL_BUILT_MODULE): PRIVATE_BASE_CIL := $(plat_pub_policy.cil)
+$(LOCAL_BUILT_MODULE): PRIVATE_BASE_CIL := $(pub_policy.cil)
$(LOCAL_BUILT_MODULE): PRIVATE_VERS := $(BOARD_SEPOLICY_VERS)
-$(LOCAL_BUILT_MODULE): PRIVATE_DEP_CIL_FILES := $(built_plat_cil) $(built_plat_pub_vers_cil) $(built_mapping_cil)
-$(LOCAL_BUILT_MODULE): PRIVATE_FILTER_CIL := $(built_plat_pub_vers_cil)
+$(LOCAL_BUILT_MODULE): PRIVATE_DEP_CIL_FILES := $(built_plat_cil) $(built_product_cil)\
+$(built_pub_vers_cil) $(built_plat_mapping_cil) $(built_product_mapping_cil)
+$(LOCAL_BUILT_MODULE): PRIVATE_FILTER_CIL := $(built_pub_vers_cil)
$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/build_sepolicy \
- $(vendor_policy.conf) $(reqd_policy_mask.cil) $(plat_pub_policy.cil) \
- $(built_plat_cil) $(built_plat_pub_vers_cil) $(built_mapping_cil)
+ $(vendor_policy.conf) $(reqd_policy_mask.cil) $(pub_policy.cil) \
+ $(built_plat_cil) $(built_product_cil) $(built_pub_vers_cil) \
+ $(built_plat_mapping_cil) $(built_product_mapping_cil)
@mkdir -p $(dir $@)
$(hide) $(HOST_OUT_EXECUTABLES)/build_sepolicy -a $(HOST_OUT_EXECUTABLES) build_cil \
-i $(PRIVATE_POL_CONF) -m $(PRIVATE_REQD_MASK) -c $(CHECKPOLICY_ASAN_OPTIONS) \
@@ -700,14 +740,16 @@
$(LOCAL_BUILT_MODULE): PRIVATE_POL_CONF := $(odm_policy.conf)
$(LOCAL_BUILT_MODULE): PRIVATE_REQD_MASK := $(reqd_policy_mask.cil)
-$(LOCAL_BUILT_MODULE): PRIVATE_BASE_CIL := $(plat_pub_policy.cil)
+$(LOCAL_BUILT_MODULE): PRIVATE_BASE_CIL := $(pub_policy.cil)
$(LOCAL_BUILT_MODULE): PRIVATE_VERS := $(BOARD_SEPOLICY_VERS)
-$(LOCAL_BUILT_MODULE): PRIVATE_DEP_CIL_FILES := $(built_plat_cil) $(built_plat_pub_vers_cil) \
- $(built_mapping_cil) $(built_vendor_cil)
-$(LOCAL_BUILT_MODULE) : PRIVATE_FILTER_CIL_FILES := $(built_plat_pub_vers_cil) $(built_vendor_cil)
+$(LOCAL_BUILT_MODULE): PRIVATE_DEP_CIL_FILES := $(built_plat_cil) $(built_product_cil) \
+ $(built_pub_vers_cil) $(built_plat_mapping_cil) $(built_product_mapping_cil)\
+ $(built_vendor_cil)
+$(LOCAL_BUILT_MODULE) : PRIVATE_FILTER_CIL_FILES := $(built_pub_vers_cil) $(built_vendor_cil)
$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/build_sepolicy \
- $(odm_policy.conf) $(reqd_policy_mask.cil) $(plat_pub_policy.cil) \
- $(built_plat_cil) $(built_plat_pub_vers_cil) $(built_mapping_cil) $(built_vendor_cil)
+ $(odm_policy.conf) $(reqd_policy_mask.cil) $(pub_policy.cil) \
+ $(built_plat_cil) $(built_product_cil) $(built_pub_vers_cil) \
+ $(built_plat_mapping_cil) $(built_product_mapping_cil) $(built_vendor_cil)
@mkdir -p $(dir $@)
$(hide) $(HOST_OUT_EXECUTABLES)/build_sepolicy -a $(HOST_OUT_EXECUTABLES) build_cil \
-i $(PRIVATE_POL_CONF) -m $(PRIVATE_REQD_MASK) -c $(CHECKPOLICY_ASAN_OPTIONS) \
@@ -737,12 +779,15 @@
all_cil_files := \
$(built_plat_cil) \
- $(built_mapping_cil) \
- $(built_plat_pub_vers_cil) \
+ $(built_plat_mapping_cil) \
+ $(built_pub_vers_cil) \
$(built_vendor_cil)
ifdef HAS_PRODUCT_SEPOLICY
-all_cil_files += $(built_product_cil)
+all_cil_files += \
+ $(built_product_cil) \
+ $(built_product_mapping_cil) \
+
endif
ifdef BOARD_ODM_SEPOLICY_DIRS
@@ -776,8 +821,11 @@
include $(BUILD_SYSTEM)/base_rules.mk
-$(LOCAL_BUILT_MODULE): PRIVATE_CIL_FILES := $(built_plat_cil) $(built_mapping_cil) $(built_product_cil)
-$(LOCAL_BUILT_MODULE): $(built_precompiled_sepolicy) $(built_plat_cil) $(built_mapping_cil)
+# TODO(b/119305624): Need one hash for system, one for product.
+$(LOCAL_BUILT_MODULE): PRIVATE_CIL_FILES := $(built_plat_cil) $(built_product_cil) \
+$(built_plat_mapping_cil) $(built_product_mapping_cil)
+$(LOCAL_BUILT_MODULE): $(built_precompiled_sepolicy) $(built_plat_cil) $(built_product_cil)\
+$(built_plat_mapping_cil) $(built_product_cil)
cat $(PRIVATE_CIL_FILES) | sha256sum | cut -d' ' -f1 > $@
#################################
@@ -793,12 +841,15 @@
all_cil_files := \
$(built_plat_cil) \
- $(built_mapping_cil) \
- $(built_plat_pub_vers_cil) \
+ $(built_plat_mapping_cil) \
+ $(built_pub_vers_cil) \
$(built_vendor_cil)
ifdef HAS_PRODUCT_SEPOLICY
-all_cil_files += $(built_product_cil)
+all_cil_files += \
+ $(built_product_cil) \
+ $(built_product_mapping_cil) \
+
endif
ifdef BOARD_ODM_SEPOLICY_DIRS
@@ -1961,8 +2012,9 @@
built_odm_fc :=
built_nl :=
built_plat_cil :=
-built_plat_pub_vers_cil :=
-built_mapping_cil :=
+built_pub_vers_cil :=
+built_plat_mapping_cil :=
+built_product_mapping_cil :=
built_plat_pc :=
built_product_pc :=
built_vendor_cil :=
@@ -1980,7 +2032,7 @@
built_plat_sepolicy :=
mapping_policy :=
my_target_arch :=
-plat_pub_policy.cil :=
+pub_policy.cil :=
reqd_policy_mask.cil :=
sepolicy_build_files :=
sepolicy_build_cil_workaround_files :=
diff --git a/private/bluetooth.te b/private/bluetooth.te
index 68cfb35..fcbd509 100644
--- a/private/bluetooth.te
+++ b/private/bluetooth.te
@@ -52,6 +52,7 @@
allow bluetooth radio_service:service_manager find;
allow bluetooth app_api_service:service_manager find;
allow bluetooth system_api_service:service_manager find;
+allow bluetooth network_stack_service:service_manager find;
# already open bugreport file descriptors may be shared with
# the bluetooth process, from a file in
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 5d90832..3633181 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -39,7 +39,6 @@
ctl_sigstop_prop
device_config_boot_count_prop
device_config_reset_performed_prop
- device_config_flags_health_check_prop
device_config_netd_native_prop
e2fs
e2fs_exec
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 1ce8f4d..3b7f7ff 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -37,7 +37,6 @@
ctl_sigstop_prop
device_config_boot_count_prop
device_config_reset_performed_prop
- device_config_flags_health_check_prop
device_config_netd_native_prop
exfat
exported2_config_prop
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 2040032..aeba945 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -26,7 +26,6 @@
cpu_variant_prop
dev_cpu_variant
device_config_boot_count_prop
- device_config_flags_health_check_prop
device_config_netd_native_prop
device_config_reset_performed_prop
device_config_service
diff --git a/private/property_contexts b/private/property_contexts
index 8d87262..80ccbdf 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -169,7 +169,6 @@
# Properties that relate to server configurable flags
device_config.reset_performed u:object_r:device_config_reset_performed_prop:s0
persist.device_config.attempted_boot_count u:object_r:device_config_boot_count_prop:s0
-persist.device_config.global_settings.native_flags_health_check_enabled u:object_r:device_config_flags_health_check_prop:s0
persist.device_config.netd_native. u:object_r:device_config_netd_native_prop:s0
apexd. u:object_r:apexd_prop:s0
diff --git a/private/system_server.te b/private/system_server.te
index e36d483..8648738 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -582,9 +582,6 @@
set_prop(system_server, cppreopt_prop)
# server configurable flags properties
-# STOPSHIP: Remove the ability for system_server to set property
-# device_config_flags_health_check_prop before release. (b/119627143)
-set_prop(system_server, device_config_flags_health_check_prop)
set_prop(system_server, device_config_netd_native_prop)
# BootReceiver to read ro.boot.bootreason
@@ -938,7 +935,6 @@
-system_server
-flags_health_check
} {
- device_config_flags_health_check_prop
device_config_netd_native_prop
}:property_service set;
diff --git a/public/flags_heatlh_check.te b/public/flags_heatlh_check.te
index bcae192..257abc6 100644
--- a/public/flags_heatlh_check.te
+++ b/public/flags_heatlh_check.te
@@ -5,9 +5,6 @@
set_prop(flags_health_check, device_config_boot_count_prop)
set_prop(flags_health_check, device_config_reset_performed_prop)
-# STOPSHIP: Remove the ability for flags_health_check to set property
-# device_config_flags_health_check_prop before release. (b/119627143)
-set_prop(flags_health_check, device_config_flags_health_check_prop)
set_prop(flags_health_check, device_config_netd_native_prop)
allow flags_health_check server_configurable_flags_data_file:dir rw_dir_perms;
diff --git a/public/init.te b/public/init.te
index 72c9c43..baf5333 100644
--- a/public/init.te
+++ b/public/init.te
@@ -356,6 +356,7 @@
allow init {
sysfs_dt_firmware_android
+ sysfs_fs_ext4_features
}:file r_file_perms;
allow init {
diff --git a/public/property.te b/public/property.te
index 91d1a11..a4893ea 100644
--- a/public/property.te
+++ b/public/property.te
@@ -30,7 +30,6 @@
type default_prop, property_type, core_property_type;
type device_config_boot_count_prop, property_type;
type device_config_reset_performed_prop, property_type;
-type device_config_flags_health_check_prop, property_type;
type device_config_netd_native_prop, property_type;
type device_logging_prop, property_type;
type dhcp_prop, property_type, core_property_type;
@@ -401,7 +400,6 @@
-firstboot_prop
-device_config_reset_performed_prop
-device_config_boot_count_prop
- -device_config_flags_health_check_prop
-device_config_netd_native_prop
-heapprofd_enabled_prop
-heapprofd_prop
diff --git a/public/property_contexts b/public/property_contexts
index 2b1b0e9..e7cddee 100644
--- a/public/property_contexts
+++ b/public/property_contexts
@@ -348,3 +348,23 @@
ro.bootmode u:object_r:exported2_default_prop:s0 exact string
ro.build.type u:object_r:exported2_default_prop:s0 exact string
sys.shutdown.requested u:object_r:exported_system_prop:s0 exact string
+
+# Using Sysprop as API. So the ro.surface_flinger.* are guaranteed to be API-stable
+ro.surface_flinger.default_composition_dataspace u:object_r:exported_default_prop:s0 int
+ro.surface_flinger.default_composition_pixel_format u:object_r:exported_default_prop:s0 int
+ro.surface_flinger.force_hwc_copy_for_virtual_displays u:object_r:exported_default_prop:s0 bool
+ro.surface_flinger.has_HDR_display u:object_r:exported_default_prop:s0 bool
+ro.surface_flinger.has_wide_color_display u:object_r:exported_default_prop:s0 bool
+ro.surface_flinger.max_frame_buffer_acquired_buffers u:object_r:exported_default_prop:s0 int
+ro.surface_flinger.max_virtual_display_dimension u:object_r:exported_default_prop:s0 int
+ro.surface_flinger.primary_display_orientation u:object_r:exported_default_prop:s0 string
+ro.surface_flinger.present_time_offset_from_vsync_ns u:object_r:exported_default_prop:s0 int
+ro.surface_flinger.running_without_sync_framework u:object_r:exported_default_prop:s0 bool
+ro.surface_flinger.start_graphics_allocator_service u:object_r:exported_default_prop:s0 bool
+ro.surface_flinger.use_color_management u:object_r:exported_default_prop:s0 bool
+ro.surface_flinger.use_context_priority u:object_r:exported_default_prop:s0 bool
+ro.surface_flinger.use_vr_flinger u:object_r:exported_default_prop:s0 bool
+ro.surface_flinger.vsync_event_phase_offset_ns u:object_r:exported_default_prop:s0 int
+ro.surface_flinger.vsync_sf_event_phase_offset_ns u:object_r:exported_default_prop:s0 int
+ro.surface_flinger.wcg_composition_dataspace u:object_r:exported_default_prop:s0 int
+ro.surface_flinger.wcg_composition_pixel_format u:object_r:exported_default_prop:s0 int
diff --git a/public/vendor_init.te b/public/vendor_init.te
index 9f0dab2..178f3fc 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -176,7 +176,6 @@
property_type
-device_config_boot_count_prop
-device_config_reset_performed_prop
- -device_config_flags_health_check_prop
-device_config_netd_native_prop
-restorecon_prop
-netd_stable_secret_prop
diff --git a/vendor/file_contexts b/vendor/file_contexts
index ada00d1..08701b4 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -44,7 +44,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.radio\.config@1\.0-service u:object_r:hal_radio_config_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.radio@1\.2-radio-service u:object_r:hal_radio_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.radio@1\.2-sap-service u:object_r:hal_radio_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.sensors@1\.0-service u:object_r:hal_sensors_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.sensors@[0-9]\.[0-9]-service u:object_r:hal_sensors_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.0-service u:object_r:hal_secure_element_default_exec:s0
/(vendor|system/vendor)/bin/hw/rild u:object_r:rild_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.thermal@1\.[01]-service u:object_r:hal_thermal_default_exec:s0