commit 2dfe2e293705e1335e7918fcb276c238d77aefea
author Treehugger Robot <treehugger-gerrit@google.com> Wed Mar 07 23:54:31 2018 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Wed Mar 07 23:54:31 2018 +0000
tree 672c86917ebdd80ce2a2e7f14e609c9af18f56c1
parent fa793deab68bb94840d4ba94423682c2eb128a55
parent 2f1015512d6d339d68da16d553c44e22631d1ec1

Merge "/odm is another vendor partition other than /vendor"

private/bug_map

diff --git a/private/bug_map b/private/bug_map
index 1ff1ffe..9bc5154 100644
--- a/private/bug_map
+++ b/private/bug_map
@@ -3,6 +3,7 @@
 crash_dump resourcecache_data_file dir 68319037
 crash_dump system_data_file file 68319037
 crash_dump vendor_overlay_file dir 68319037
+platform_app nfc_data_file dir 74331887
 priv_app sysfs dir 72749888
 priv_app sysfs_android_usb file 72749888
 priv_app system_data_file dir 72811052
@@ -10,4 +11,3 @@
 untrusted_app_25 system_data_file dir 72550646
 untrusted_app_27 system_data_file dir 72550646
 usbd usbd capability 72472544
-vold system_data_file file 62140539

private/compat/26.0/26.0.ignore.cil

diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 859e45d..4d36d8e 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -69,6 +69,7 @@
     perfprofd_service
     property_info
     secure_element
+    secure_element_device
     secure_element_tmpfs
     secure_element_service
     slice_service

private/compat/27.0/27.0.ignore.cil

diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 998ac5f..dcd9f88 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -53,6 +53,7 @@
     perfprofd_service
     property_info
     secure_element
+    secure_element_device
     secure_element_service
     secure_element_tmpfs
     slice_service

private/incidentd.te

diff --git a/private/incidentd.te b/private/incidentd.te
index a887a61..824dece 100644
--- a/private/incidentd.te
+++ b/private/incidentd.te
@@ -31,6 +31,9 @@
 # section id 2004, allow reading /sys/devices/system/cpu/cpufreq/all_time_in_state
 allow incidentd sysfs_devices_system_cpu:file r_file_perms;
 
+# section id 2005, allow reading ps dump in full
+allow incidentd domain:process getattr;
+
 # section id 2006, allow reading /sys/class/power_supply/bms/battery_type
 allow incidentd sysfs_batteryinfo:dir { search };
 allow incidentd sysfs_batteryinfo:file r_file_perms;
@@ -42,6 +45,11 @@
 # Get process attributes
 # TODO allow incidentd domain:process getattr;
 
+# Read files in /proc
+allow incidentd {
+  proc_stat
+}:file r_file_perms;
+
 # Signal java processes to dump their stack and get the results
 # TODO allow incidentd { appdomain ephemeral_app system_server }:process signal;
 # TODO allow incidentd anr_data_file:dir create_dir_perms;

public/device.te

diff --git a/public/device.te b/public/device.te
index 43c89ab..231c839 100644
--- a/public/device.te
+++ b/public/device.te
@@ -39,6 +39,7 @@
 type kmsg_debug_device, dev_type;
 type null_device, dev_type, mlstrustedobject;
 type random_device, dev_type, mlstrustedobject;
+type secure_element_device, dev_type;
 type sensors_device, dev_type;
 type serial_device, dev_type;
 type socket_device, dev_type;

vendor/hal_secure_element_default.te

diff --git a/vendor/hal_secure_element_default.te b/vendor/hal_secure_element_default.te
index 86fe0b9..b1a94a1 100644
--- a/vendor/hal_secure_element_default.te
+++ b/vendor/hal_secure_element_default.te
@@ -2,4 +2,6 @@
 hal_server_domain(hal_secure_element_default, hal_secure_element)
 type hal_secure_element_default_exec, exec_type, vendor_file_type, file_type;
 
+allow hal_secure_element_default secure_element_device:chr_file rw_file_perms;
+
 init_daemon_domain(hal_secure_element_default)