Merge "Bluetooth: add system property for HID transport selection" into main
diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index e2a35f9..a3a1393 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go
@@ -119,6 +119,7 @@
"android.hardware.security.dice.IDiceDevice/default": EXCEPTION_NO_FUZZER,
"android.hardware.security.keymint.IKeyMintDevice/default": EXCEPTION_NO_FUZZER,
"android.hardware.security.keymint.IRemotelyProvisionedComponent/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.security.secretkeeper.ISecretkeeper/nonsecure": EXCEPTION_NO_FUZZER,
"android.hardware.security.secureclock.ISecureClock/default": EXCEPTION_NO_FUZZER,
"android.hardware.security.sharedsecret.ISharedSecret/default": EXCEPTION_NO_FUZZER,
"android.hardware.sensors.ISensors/default": EXCEPTION_NO_FUZZER,
@@ -447,6 +448,7 @@
"translation": EXCEPTION_NO_FUZZER,
"transparency": EXCEPTION_NO_FUZZER,
"trust": EXCEPTION_NO_FUZZER,
+ "tv_ad": EXCEPTION_NO_FUZZER,
"tv_interactive_app": EXCEPTION_NO_FUZZER,
"tv_input": EXCEPTION_NO_FUZZER,
"tv_tuner_resource_mgr": EXCEPTION_NO_FUZZER,
diff --git a/private/compat/34.0/34.0.ignore.cil b/private/compat/34.0/34.0.ignore.cil
index 1af6750..1949fd6 100644
--- a/private/compat/34.0/34.0.ignore.cil
+++ b/private/compat/34.0/34.0.ignore.cil
@@ -10,6 +10,7 @@
ota_build_prop
snapuserd_log_data_file
hal_authgraph_service
+ hal_secretkeeper_service
vibrator_control_service
hal_codec2_service
hal_macsec_service
@@ -20,6 +21,7 @@
security_state_service
setupwizard_mode_prop
sysfs_sync_on_suspend
+ tv_ad_service
threadnetwork_service
device_config_aconfig_flags_prop
proc_memhealth
diff --git a/private/property.te b/private/property.te
index 9eed4de..d599751 100644
--- a/private/property.te
+++ b/private/property.te
@@ -27,6 +27,7 @@
system_internal_prop(keystore_listen_prop)
system_internal_prop(last_boot_reason_prop)
system_internal_prop(localization_prop)
+system_internal_prop(logd_auditrate_prop)
system_internal_prop(lower_kptr_restrict_prop)
system_internal_prop(net_464xlat_fromvendor_prop)
system_internal_prop(net_connectivity_prop)
diff --git a/private/property_contexts b/private/property_contexts
index 1b7a755..3771873 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -62,6 +62,7 @@
logd. u:object_r:logd_prop:s0
persist.logd. u:object_r:logd_prop:s0
ro.logd. u:object_r:logd_prop:s0
+persist.logd.audit.rate u:object_r:logd_auditrate_prop:s0
persist.logd.security u:object_r:device_logging_prop:s0
persist.logd.logpersistd u:object_r:logpersistd_logging_prop:s0
logd.logpersistd u:object_r:logpersistd_logging_prop:s0
@@ -1141,6 +1142,7 @@
ro.board.first_api_level u:object_r:build_vendor_prop:s0 exact int
ro.board.api_level u:object_r:build_vendor_prop:s0 exact int
ro.board.api_frozen u:object_r:build_vendor_prop:s0 exact bool
+ro.llndk.api_level u:object_r:build_vendor_prop:s0 exact int
ro.vendor.api_level u:object_r:build_vendor_prop:s0 exact int
# Boot image build props set by /{second_stage_resources/,}boot/etc/build.prop
diff --git a/private/service_contexts b/private/service_contexts
index 898cb14..d1662e4 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -122,6 +122,7 @@
android.hardware.secure_element.ISecureElement/SIM1 u:object_r:hal_secure_element_service:s0
android.hardware.secure_element.ISecureElement/SIM2 u:object_r:hal_secure_element_service:s0
android.hardware.secure_element.ISecureElement/SIM3 u:object_r:hal_secure_element_service:s0
+android.hardware.security.secretkeeper.ISecretkeeper/nonsecure u:object_r:hal_secretkeeper_service:s0
android.system.keystore2.IKeystoreService/default u:object_r:keystore_service:s0
android.system.net.netd.INetd/default u:object_r:system_net_netd_service:s0
android.system.suspend.ISystemSuspend/default u:object_r:hal_system_suspend_service:s0
@@ -423,6 +424,7 @@
translation u:object_r:translation_service:s0
transparency u:object_r:transparency_service:s0
trust u:object_r:trust_service:s0
+tv_ad u:object_r:tv_ad_service:s0
tv_interactive_app u:object_r:tv_iapp_service:s0
tv_input u:object_r:tv_input_service:s0
tv_tuner_resource_mgr u:object_r:tv_tuner_resource_mgr_service:s0
diff --git a/private/shell.te b/private/shell.te
index e410862..f32395e 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -159,6 +159,8 @@
# Allow shell to start/stop traced via the persist.traced.enable
# property (which also takes care of /data/misc initialization).
set_prop(shell, traced_enabled_prop)
+# adjust SELinux audit rates
+set_prop(shell, logd_auditrate_prop)
# adjust is_loggable properties
userdebug_or_eng(`set_prop(shell, log_prop)')
# logpersist script
diff --git a/public/attributes b/public/attributes
index fa47b25..892d650 100644
--- a/public/attributes
+++ b/public/attributes
@@ -376,6 +376,7 @@
hal_attribute(power_stats);
hal_attribute(rebootescrow);
hal_attribute(remoteaccess);
+hal_attribute(secretkeeper);
hal_attribute(secure_element);
hal_attribute(sensors);
hal_attribute(telephony);
diff --git a/public/dumpstate.te b/public/dumpstate.te
index 496d95974..549e6c6 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -178,6 +178,7 @@
dump_hal(hal_power)
dump_hal(hal_power_stats)
dump_hal(hal_rebootescrow)
+dump_hal(hal_secretkeeper)
dump_hal(hal_sensors)
dump_hal(hal_thermal)
dump_hal(hal_vehicle)
diff --git a/public/hal_secretkeeper.te b/public/hal_secretkeeper.te
new file mode 100644
index 0000000..809ed77
--- /dev/null
+++ b/public/hal_secretkeeper.te
@@ -0,0 +1,8 @@
+# Domains for the Secretkeeper HAL, which provides secure (tamper evident, rollback protected)
+# storage of secrets guarded by DICE policies.
+binder_call(hal_secretkeeper_client, hal_secretkeeper_server)
+
+hal_attribute_service(hal_secretkeeper, hal_secretkeeper_service)
+
+binder_use(hal_secretkeeper_server)
+binder_use(hal_secretkeeper_client)
diff --git a/public/service.te b/public/service.te
index a208dcf..62b473b 100644
--- a/public/service.te
+++ b/public/service.te
@@ -243,6 +243,7 @@
type timezonedetector_service, app_api_service, system_server_service, service_manager_type;
type translation_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type trust_service, app_api_service, system_server_service, service_manager_type;
+type tv_ad_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type tv_iapp_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type tv_input_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type tv_tuner_resource_mgr_service, app_api_service, system_server_service, service_manager_type;
@@ -321,6 +322,7 @@
type hal_remoteaccess_service, protected_service, hal_service_type, service_manager_type;
type hal_remotelyprovisionedcomponent_service, protected_service, hal_service_type, service_manager_type;
type hal_sensors_service, protected_service, hal_service_type, service_manager_type;
+type hal_secretkeeper_service, protected_service, hal_service_type, service_manager_type;
type hal_secureclock_service, protected_service, hal_service_type, service_manager_type;
type hal_secure_element_service, protected_service, hal_service_type, service_manager_type;
type hal_sharedsecret_service, protected_service, hal_service_type, service_manager_type;
diff --git a/public/su.te b/public/su.te
index 2887740..a893cdb 100644
--- a/public/su.te
+++ b/public/su.te
@@ -90,6 +90,7 @@
typeattribute su hal_oemlock_client;
typeattribute su hal_power_client;
typeattribute su hal_rebootescrow_client;
+ typeattribute su hal_secretkeeper_client;
typeattribute su hal_secure_element_client;
typeattribute su hal_sensors_client;
typeattribute su hal_telephony_client;
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 1c393f1..6888987 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -100,6 +100,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element-service.example u:object_r:hal_secure_element_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.security\.authgraph-service\.nonsecure u:object_r:hal_authgraph_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.security\.keymint-service u:object_r:hal_keymint_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.security\.secretkeeper-service.nonsecure u:object_r:hal_secretkeeper_default_exec:s0
/(vendor|system/vendor)/bin/hw/rild u:object_r:rild_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.tetheroffload-service\.example u:object_r:hal_tetheroffload_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.thermal@1\.[01]-service u:object_r:hal_thermal_default_exec:s0
diff --git a/vendor/hal_secretkeeper_default.te b/vendor/hal_secretkeeper_default.te
new file mode 100644
index 0000000..50f4ac1
--- /dev/null
+++ b/vendor/hal_secretkeeper_default.te
@@ -0,0 +1,5 @@
+type hal_secretkeeper_default, domain;
+hal_server_domain(hal_secretkeeper_default, hal_secretkeeper)
+
+type hal_secretkeeper_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_secretkeeper_default)