Merge "sepolicy: Allow hal_wifi to set wlan driver status prop"
diff --git a/private/ephemeral_app.te b/private/ephemeral_app.te
index b4a2181..2b94827 100644
--- a/private/ephemeral_app.te
+++ b/private/ephemeral_app.te
@@ -20,8 +20,7 @@
# services
allow ephemeral_app surfaceflinger_service:service_manager find;
allow ephemeral_app radio_service:service_manager find;
-# TODO: Replace app_api_service with a smaller ephemeral_api_service
-allow ephemeral_app app_api_service:service_manager find;
+allow ephemeral_app ephemeral_app_api_service:service_manager find;
###
### neverallow rules
diff --git a/private/property_contexts b/private/property_contexts
index 7845505..c205e59 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -84,6 +84,8 @@
# set at runtime by system_server.
ro.build.fingerprint u:object_r:fingerprint_prop:s0
+ro.persistent_properties.ready u:object_r:persistent_properties_ready_prop:s0
+
# ctl properties
ctl.bootanim u:object_r:ctl_bootanim_prop:s0
ctl.dumpstate u:object_r:ctl_dumpstate_prop:s0
diff --git a/private/seapp_contexts b/private/seapp_contexts
index 15a019c..4356889 100644
--- a/private/seapp_contexts
+++ b/private/seapp_contexts
@@ -103,8 +103,8 @@
user=shell seinfo=platform domain=shell type=shell_data_file
user=_isolated domain=isolated_app levelFrom=user
user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user
-user=_app isV2App=true isEphemeralApp=true domain=ephemeral_app type=app_data_file levelFrom=all
-user=_app isV2App=true domain=untrusted_v2_app type=app_data_file levelFrom=all
+user=_app isV2App=true isEphemeralApp=true domain=ephemeral_app type=app_data_file levelFrom=user
+user=_app isV2App=true domain=untrusted_v2_app type=app_data_file levelFrom=user
user=_app isPrivApp=true domain=priv_app type=app_data_file levelFrom=user
user=_app minTargetSdkVersion=26 domain=untrusted_app type=app_data_file levelFrom=user
user=_app domain=untrusted_app_25 type=app_data_file levelFrom=user
diff --git a/private/service_contexts b/private/service_contexts
index e8f2501..4335957 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -45,6 +45,7 @@
drm.drmManager u:object_r:drmserver_service:s0
dropbox u:object_r:dropbox_service:s0
dumpstate u:object_r:dumpstate_service:s0
+econtroller u:object_r:radio_service:s0
ethernet u:object_r:ethernet_service:s0
fingerprint u:object_r:fingerprint_service:s0
font u:object_r:font_service:s0
diff --git a/public/attributes b/public/attributes
index 55f87ca..0fd9444 100644
--- a/public/attributes
+++ b/public/attributes
@@ -76,6 +76,9 @@
# services which should be available to all but isolated apps
attribute app_api_service;
+# services which should be available to all ephemeral apps
+attribute ephemeral_app_api_service;
+
# services which export only system_api
attribute system_api_service;
diff --git a/public/property.te b/public/property.te
index 5bf0c62..a3f5a1e 100644
--- a/public/property.te
+++ b/public/property.te
@@ -34,6 +34,7 @@
type overlay_prop, property_type;
type pan_result_prop, property_type, core_property_type;
type persist_debug_prop, property_type, core_property_type;
+type persistent_properties_ready_prop, property_type;
type powerctl_prop, property_type, core_property_type;
type radio_prop, property_type, core_property_type;
type restorecon_prop, property_type, core_property_type;
diff --git a/public/service.te b/public/service.te
index ec53bb9..a6e36ba 100644
--- a/public/service.te
+++ b/public/service.te
@@ -1,5 +1,5 @@
type audioserver_service, service_manager_type;
-type batteryproperties_service, app_api_service, service_manager_type;
+type batteryproperties_service, app_api_service, ephemeral_app_api_service, service_manager_type;
type bluetooth_service, service_manager_type;
type cameraserver_service, service_manager_type;
type default_android_service, service_manager_type;
@@ -29,113 +29,113 @@
type virtual_touchpad_service, service_manager_type;
# system_server_services broken down
-type accessibility_service, app_api_service, system_server_service, service_manager_type;
-type account_service, app_api_service, system_server_service, service_manager_type;
-type activity_service, app_api_service, system_server_service, service_manager_type;
-type alarm_service, app_api_service, system_server_service, service_manager_type;
-type appops_service, app_api_service, system_server_service, service_manager_type;
-type appwidget_service, app_api_service, system_server_service, service_manager_type;
-type assetatlas_service, app_api_service, system_server_service, service_manager_type;
-type audio_service, app_api_service, system_server_service, service_manager_type;
-type autofill_service, app_api_service, system_server_service, service_manager_type;
-type backup_service, app_api_service, system_server_service, service_manager_type;
-type batterystats_service, app_api_service, system_server_service, service_manager_type;
+type accessibility_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type account_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type activity_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type alarm_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type appops_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type appwidget_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type assetatlas_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type audio_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type autofill_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type backup_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type batterystats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type battery_service, system_server_service, service_manager_type;
-type bluetooth_manager_service, app_api_service, system_server_service, service_manager_type;
+type bluetooth_manager_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type cameraproxy_service, system_server_service, service_manager_type;
-type clipboard_service, app_api_service, system_server_service, service_manager_type;
-type contexthub_service, app_api_service, system_server_service, service_manager_type;
-type IProxyService_service, app_api_service, system_server_service, service_manager_type;
+type clipboard_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type contexthub_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type IProxyService_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type commontime_management_service, system_server_service, service_manager_type;
-type companion_device_service, app_api_service, system_server_service, service_manager_type;
-type connectivity_service, app_api_service, system_server_service, service_manager_type;
-type connmetrics_service, app_api_service, system_server_service, service_manager_type;
-type consumer_ir_service, app_api_service, system_server_service, service_manager_type;
-type content_service, app_api_service, system_server_service, service_manager_type;
-type country_detector_service, app_api_service, system_server_service, service_manager_type;
+type companion_device_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type connectivity_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type connmetrics_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type consumer_ir_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type content_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type country_detector_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
# Note: The coverage_service should only be enabled for userdebug / eng builds that were compiled
# with EMMA_INSTRUMENT=true. We should consider locking this down in the future.
type coverage_service, system_server_service, service_manager_type;
type cpuinfo_service, system_api_service, system_server_service, service_manager_type;
type dbinfo_service, system_api_service, system_server_service, service_manager_type;
-type device_policy_service, app_api_service, system_server_service, service_manager_type;
-type deviceidle_service, app_api_service, system_server_service, service_manager_type;
-type device_identifiers_service, app_api_service, system_server_service, service_manager_type;
+type device_policy_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type deviceidle_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type device_identifiers_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type devicestoragemonitor_service, system_server_service, service_manager_type;
type diskstats_service, system_api_service, system_server_service, service_manager_type;
-type display_service, app_api_service, system_server_service, service_manager_type;
-type font_service, app_api_service, system_server_service, service_manager_type;
+type display_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type font_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type netd_listener_service, system_server_service, service_manager_type;
type DockObserver_service, system_server_service, service_manager_type;
-type dreams_service, app_api_service, system_server_service, service_manager_type;
-type dropbox_service, app_api_service, system_server_service, service_manager_type;
-type ethernet_service, app_api_service, system_server_service, service_manager_type;
-type fingerprint_service, app_api_service, system_server_service, service_manager_type;
+type dreams_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type dropbox_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type ethernet_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type fingerprint_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type gfxinfo_service, system_api_service, system_server_service, service_manager_type;
-type graphicsstats_service, app_api_service, system_server_service, service_manager_type;
+type graphicsstats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type hardware_service, system_server_service, service_manager_type;
-type hardware_properties_service, app_api_service, system_server_service, service_manager_type;
+type hardware_properties_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type hdmi_control_service, system_api_service, system_server_service, service_manager_type;
-type input_method_service, app_api_service, system_server_service, service_manager_type;
-type input_service, app_api_service, system_server_service, service_manager_type;
-type imms_service, app_api_service, system_server_service, service_manager_type;
-type jobscheduler_service, app_api_service, system_server_service, service_manager_type;
-type launcherapps_service, app_api_service, system_server_service, service_manager_type;
-type location_service, app_api_service, system_server_service, service_manager_type;
+type input_method_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type input_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type imms_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type jobscheduler_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type launcherapps_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type location_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type lock_settings_service, system_api_service, system_server_service, service_manager_type;
-type media_projection_service, app_api_service, system_server_service, service_manager_type;
-type media_router_service, app_api_service, system_server_service, service_manager_type;
-type media_session_service, app_api_service, system_server_service, service_manager_type;
+type media_projection_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type media_router_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type media_session_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type meminfo_service, system_api_service, system_server_service, service_manager_type;
-type midi_service, app_api_service, system_server_service, service_manager_type;
-type mount_service, app_api_service, system_server_service, service_manager_type;
-type netpolicy_service, app_api_service, system_server_service, service_manager_type;
-type netstats_service, app_api_service, system_server_service, service_manager_type;
-type network_management_service, app_api_service, system_server_service, service_manager_type;
+type midi_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type mount_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type netpolicy_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type netstats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type network_management_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type network_score_service, system_api_service, system_server_service, service_manager_type;
type network_time_update_service, system_server_service, service_manager_type;
-type notification_service, app_api_service, system_server_service, service_manager_type;
+type notification_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type otadexopt_service, system_server_service, service_manager_type;
type overlay_service, system_server_service, service_manager_type;
-type package_service, app_api_service, system_server_service, service_manager_type;
-type permission_service, app_api_service, system_server_service, service_manager_type;
+type package_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type permission_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type persistent_data_block_service, system_api_service, system_server_service, service_manager_type;
type pinner_service, system_server_service, service_manager_type;
-type power_service, app_api_service, system_server_service, service_manager_type;
-type print_service, app_api_service, system_server_service, service_manager_type;
+type power_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type print_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type processinfo_service, system_server_service, service_manager_type;
-type procstats_service, app_api_service, system_server_service, service_manager_type;
+type procstats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type recovery_service, system_server_service, service_manager_type;
-type registry_service, app_api_service, system_server_service, service_manager_type;
-type restrictions_service, app_api_service, system_server_service, service_manager_type;
-type rttmanager_service, app_api_service, system_server_service, service_manager_type;
+type registry_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type restrictions_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type rttmanager_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type samplingprofiler_service, system_server_service, service_manager_type;
type scheduling_policy_service, system_server_service, service_manager_type;
-type search_service, app_api_service, system_server_service, service_manager_type;
+type search_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type sec_key_att_app_id_provider_service, app_api_service, system_server_service, service_manager_type;
-type sensorservice_service, app_api_service, system_server_service, service_manager_type;
+type sensorservice_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type serial_service, system_api_service, system_server_service, service_manager_type;
-type servicediscovery_service, app_api_service, system_server_service, service_manager_type;
-type settings_service, app_api_service, system_server_service, service_manager_type;
-type shortcut_service, app_api_service, system_server_service, service_manager_type;
-type statusbar_service, app_api_service, system_server_service, service_manager_type;
-type storagestats_service, app_api_service, system_server_service, service_manager_type;
+type servicediscovery_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type settings_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type shortcut_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type statusbar_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type storagestats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type task_service, system_server_service, service_manager_type;
-type textclassification_service, app_api_service, system_server_service, service_manager_type;
-type textservices_service, app_api_service, system_server_service, service_manager_type;
-type telecom_service, app_api_service, system_server_service, service_manager_type;
-type trust_service, app_api_service, system_server_service, service_manager_type;
-type tv_input_service, app_api_service, system_server_service, service_manager_type;
-type uimode_service, app_api_service, system_server_service, service_manager_type;
+type textclassification_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type textservices_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type telecom_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type trust_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type tv_input_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type uimode_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type updatelock_service, system_api_service, system_server_service, service_manager_type;
-type usagestats_service, app_api_service, system_server_service, service_manager_type;
-type usb_service, app_api_service, system_server_service, service_manager_type;
-type user_service, app_api_service, system_server_service, service_manager_type;
-type vibrator_service, app_api_service, system_server_service, service_manager_type;
-type voiceinteraction_service, app_api_service, system_server_service, service_manager_type;
+type usagestats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type usb_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type user_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type vibrator_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type voiceinteraction_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type vr_manager_service, system_server_service, service_manager_type;
type wallpaper_service, app_api_service, system_server_service, service_manager_type;
-type webviewupdate_service, app_api_service, system_server_service, service_manager_type;
+type webviewupdate_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type wifip2p_service, app_api_service, system_server_service, service_manager_type;
type wifiscanner_service, system_api_service, system_server_service, service_manager_type;
type wifi_service, app_api_service, system_server_service, service_manager_type;
diff --git a/public/te_macros b/public/te_macros
index 70e489a..d6bdf61 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -291,7 +291,7 @@
# stability). getService must also check for data to be mounted
# if the vintf promises the hal will be registered over hwbinder.
get_prop($1, hal_binderization_prop)
-get_prop($1, boottime_prop)
+get_prop($1, persistent_properties_ready_prop)
get_prop($1, vold_prop)
# rw access to /dev/hwbinder and /dev/ashmem is presently granted to
# all domains in domain.te.