Merge "Rename the binder cache key for hasSystemFeature()"
diff --git a/private/access_vectors b/private/access_vectors
index cd1ad12..c143c0e 100644
--- a/private/access_vectors
+++ b/private/access_vectors
@@ -133,7 +133,7 @@
common cap2
{
mac_override # unused by SELinux
- mac_admin # unused by SELinux
+ mac_admin
syslog
wake_alarm
block_suspend
diff --git a/private/compat/29.0/29.0.cil b/private/compat/29.0/29.0.cil
index c62edd5..60e6fb1 100644
--- a/private/compat/29.0/29.0.cil
+++ b/private/compat/29.0/29.0.cil
@@ -1206,7 +1206,9 @@
(typeattributeset exported_bluetooth_prop_29_0 (exported_bluetooth_prop))
(typeattributeset exported_config_prop_29_0 (exported_config_prop))
(typeattributeset exported_dalvik_prop_29_0 (exported_dalvik_prop))
-(typeattributeset exported_default_prop_29_0 (exported_default_prop))
+(typeattributeset exported_default_prop_29_0
+ ( exported_default_prop
+ vndk_prop))
(typeattributeset exported_dumpstate_prop_29_0 (exported_dumpstate_prop))
(typeattributeset exported_ffs_prop_29_0 (exported_ffs_prop))
(typeattributeset exported_fingerprint_prop_29_0 (exported_fingerprint_prop))
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index 2811683..76a8c6b 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -33,6 +33,7 @@
hal_can_bus_hwservice
hal_can_controller_hwservice
hal_identity_hwservice
+ hal_power_service
hal_rebootescrow_service
hal_tv_tuner_hwservice
hal_vibrator_service
@@ -60,6 +61,7 @@
simpleperf
soundtrigger_middleware_service
sysfs_dm_verity
+ system_config_service
system_group_file
system_jvmti_agent_prop
system_passwd_file
@@ -74,5 +76,4 @@
vendor_boringssl_self_test
vendor_install_recovery
vendor_install_recovery_exec
- vndk_prop
virtual_ab_prop))
diff --git a/private/priv_app.te b/private/priv_app.te
index 161b245..6983840 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -56,15 +56,6 @@
# /cache is a symlink to /data/cache on some devices. Allow reading the link.
allow priv_app cache_file:lnk_file r_file_perms;
-# Write to /data/ota_package for OTA packages.
-allow priv_app ota_package_file:dir rw_dir_perms;
-allow priv_app ota_package_file:file create_file_perms;
-# b/142672293: No other priv-app should need this allow rule now that GMS core runs in its own domain.
-userdebug_or_eng(`
- auditallow priv_app ota_package_file:dir rw_dir_perms;
- auditallow priv_app ota_package_file:file create_file_perms;
-')
-
# Access to /data/media.
allow priv_app media_rw_data_file:dir create_dir_perms;
allow priv_app media_rw_data_file:file create_file_perms;
@@ -81,13 +72,6 @@
allow priv_app { apk_tmp_file apk_private_tmp_file }:dir r_dir_perms;
allow priv_app { apk_tmp_file apk_private_tmp_file }:file r_file_perms;
-# b/18504118: Allow reads from /data/anr/traces.txt
-allow priv_app anr_data_file:file r_file_perms;
-# b/142672293: No other priv-app should need this allow rule now that GMS core runs in its own domain.
-userdebug_or_eng(`
- auditallow priv_app anr_data_file:file r_file_perms;
-')
-
# For AppFuse.
allow priv_app vold:fd use;
allow priv_app fuse_device:chr_file { read write };
diff --git a/private/service_contexts b/private/service_contexts
index 26d9f5c..641798a 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -1,5 +1,6 @@
-android.hardware.rebootescrow.IRebootEscrow/default u:object_r:hal_rebootescrow_service:s0
-android.hardware.vibrator.IVibrator/default u:object_r:hal_vibrator_service:s0
+android.hardware.power.IPower/default u:object_r:hal_power_service:s0
+android.hardware.rebootescrow.IRebootEscrow/default u:object_r:hal_rebootescrow_service:s0
+android.hardware.vibrator.IVibrator/default u:object_r:hal_vibrator_service:s0
accessibility u:object_r:accessibility_service:s0
account u:object_r:account_service:s0
@@ -201,6 +202,7 @@
storagestats u:object_r:storagestats_service:s0
SurfaceFlinger u:object_r:surfaceflinger_service:s0
suspend_control u:object_r:system_suspend_control_service:s0
+system_config u:object_r:system_config_service:s0
system_update u:object_r:system_update_service:s0
task u:object_r:task_service:s0
telecom u:object_r:telecom_service:s0
diff --git a/public/hal_power.te b/public/hal_power.te
index 028011a..2c80a51 100644
--- a/public/hal_power.te
+++ b/public/hal_power.te
@@ -3,3 +3,7 @@
binder_call(hal_power_server, hal_power_client)
hal_attribute_hwservice(hal_power, hal_power_hwservice)
+
+add_service(hal_power_server, hal_power_service)
+binder_call(hal_power_server, servicemanager)
+allow hal_power_client hal_power_service:service_manager find;
diff --git a/public/property.te b/public/property.te
index 2cf043a..7a1e4dd 100644
--- a/public/property.te
+++ b/public/property.te
@@ -66,7 +66,6 @@
system_restricted_prop(system_boot_reason_prop)
system_restricted_prop(system_jvmti_agent_prop)
system_restricted_prop(userspace_reboot_exported_prop)
-system_restricted_prop(vndk_prop)
compatible_property_only(`
# DO NOT ADD ANY PROPERTIES HERE
@@ -146,6 +145,7 @@
system_public_prop(userspace_reboot_config_prop)
system_public_prop(vehicle_hal_prop)
system_public_prop(vendor_security_patch_level_prop)
+system_public_prop(vndk_prop)
system_public_prop(wifi_log_prop)
system_public_prop(wifi_prop)
diff --git a/public/property_contexts b/public/property_contexts
index 6d0826b..0a000ec 100644
--- a/public/property_contexts
+++ b/public/property_contexts
@@ -392,8 +392,8 @@
ro.vendor.build.date.utc u:object_r:exported_default_prop:s0 exact int
ro.vendor.build.fingerprint u:object_r:exported_default_prop:s0 exact string
ro.vendor.build.version.incremental u:object_r:exported_default_prop:s0 exact string
-ro.vndk.lite u:object_r:exported_default_prop:s0 exact bool
-ro.vndk.version u:object_r:exported_default_prop:s0 exact string
+ro.vndk.lite u:object_r:vndk_prop:s0 exact bool
+ro.vndk.version u:object_r:vndk_prop:s0 exact string
ro.vts.coverage u:object_r:exported_default_prop:s0 exact int
wifi.active.interface u:object_r:exported_wifi_prop:s0 exact string
wifi.concurrent.interface u:object_r:exported_default_prop:s0 exact string
diff --git a/public/service.te b/public/service.te
index 67128d2..d9bf83d 100644
--- a/public/service.te
+++ b/public/service.te
@@ -166,6 +166,7 @@
type slice_service, app_api_service, system_server_service, service_manager_type;
type statusbar_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type storagestats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type system_config_service, system_api_service, system_server_service, service_manager_type;
type system_update_service, system_server_service, service_manager_type;
type soundtrigger_middleware_service, system_server_service, service_manager_type;
type task_service, system_server_service, service_manager_type;
@@ -204,6 +205,7 @@
### HAL Services
###
+type hal_power_service, vendor_service, service_manager_type;
type hal_rebootescrow_service, vendor_service, service_manager_type;
type hal_vibrator_service, vendor_service, service_manager_type;
diff --git a/public/vendor_init.te b/public/vendor_init.te
index eb93d13..6a20bf2 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -225,7 +225,6 @@
-module_sdkextensions_prop
-userspace_reboot_exported_prop
-userspace_reboot_prop
- -vndk_prop
})
')
@@ -262,6 +261,7 @@
set_prop(vendor_init, vehicle_hal_prop)
set_prop(vendor_init, vendor_default_prop)
set_prop(vendor_init, vendor_security_patch_level_prop)
+set_prop(vendor_init, vndk_prop)
set_prop(vendor_init, wifi_log_prop)
get_prop(vendor_init, exported2_radio_prop)
diff --git a/vendor/file_contexts b/vendor/file_contexts
index e79e7d7..e0fcfcd 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -50,6 +50,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.2-service u:object_r:hal_nfc_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.media\.omx@1\.0-service u:object_r:mediacodec_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.power@1\.0-service u:object_r:hal_power_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.power-service.example u:object_r:hal_power_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.power\.stats@1\.0-service u:object_r:hal_power_stats_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.radio\.config@1\.0-service u:object_r:hal_radio_config_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.radio@1\.2-radio-service u:object_r:hal_radio_default_exec:s0