Merge "same_process_hal_file: access to individual coredomains"
diff --git a/private/apexd.te b/private/apexd.te
index 3bfc3cd..d7a3173 100644
--- a/private/apexd.te
+++ b/private/apexd.te
@@ -14,7 +14,14 @@
allow apexd loop_control_device:chr_file rw_file_perms;
# allow apexd to access loop devices
allow apexd loop_device:blk_file rw_file_perms;
-allowxperm apexd loop_device:blk_file ioctl LOOP_GET_STATUS64;
+allowxperm apexd loop_device:blk_file ioctl {
+ LOOP_GET_STATUS64
+ LOOP_SET_STATUS64
+ LOOP_SET_FD
+ LOOP_SET_BLOCK_SIZE
+ LOOP_SET_DIRECT_IO
+ LOOP_CLR_FD
+};
# allow apexd to access /dev/block
allow apexd block_device:dir r_dir_perms;
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 24edae6..fe17bfa 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -19,6 +19,7 @@
;; TODO(b/116344577): remove after the issue is resolved
buffer_hub_service
fastbootd
+ fwk_bufferhub_hwservice
fwk_stats_hwservice
color_display_service
hal_atrace_hwservice
diff --git a/private/file_contexts b/private/file_contexts
index ecab5a2..6638b45 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -165,7 +165,6 @@
/dev/socket/zygote u:object_r:zygote_socket:s0
/dev/socket/zygote_secondary u:object_r:zygote_socket:s0
/dev/spdif_out.* u:object_r:audio_device:s0
-/dev/tegra.* u:object_r:video_device:s0
/dev/tty u:object_r:owntty_device:s0
/dev/tty[0-9]* u:object_r:tty_device:s0
/dev/ttyS[0-9]* u:object_r:serial_device:s0
@@ -289,6 +288,7 @@
/system/bin/thermalserviced u:object_r:thermalserviced_exec:s0
/system/bin/wpantund u:object_r:wpantund_exec:s0
/system/bin/virtual_touchpad u:object_r:virtual_touchpad_exec:s0
+/system/bin/hw/android\.frameworks\.bufferhub@1\.0-service u:object_r:fwk_bufferhub_exec:s0
/system/bin/hw/android\.hidl\.allocator@1\.0-service u:object_r:hal_allocator_default_exec:s0
/system/bin/hw/android\.system\.suspend@1\.0-service u:object_r:hal_system_suspend_default_exec:s0
/system/etc/ld\.config.* u:object_r:system_linker_config_file:s0
diff --git a/private/fwk_bufferhub.te b/private/fwk_bufferhub.te
new file mode 100644
index 0000000..fe84317
--- /dev/null
+++ b/private/fwk_bufferhub.te
@@ -0,0 +1,5 @@
+type fwk_bufferhub, domain, coredomain;
+type fwk_bufferhub_exec, system_file_type, exec_type, file_type;
+
+hal_server_domain(fwk_bufferhub, hal_bufferhub)
+init_daemon_domain(fwk_bufferhub)
diff --git a/private/hwservice_contexts b/private/hwservice_contexts
index 6c00f35..035d240 100644
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts
@@ -1,3 +1,4 @@
+android.frameworks.bufferhub::IBufferHub u:object_r:fwk_bufferhub_hwservice:s0
android.frameworks.displayservice::IDisplayService u:object_r:fwk_display_hwservice:s0
android.frameworks.schedulerservice::ISchedulingPolicyService u:object_r:fwk_scheduler_hwservice:s0
android.frameworks.sensorservice::ISensorManager u:object_r:fwk_sensor_hwservice:s0
diff --git a/public/attributes b/public/attributes
index f56919a..6453d7b 100644
--- a/public/attributes
+++ b/public/attributes
@@ -248,6 +248,7 @@
hal_attribute(authsecret);
hal_attribute(bluetooth);
hal_attribute(bootctl);
+hal_attribute(bufferhub);
hal_attribute(broadcastradio);
hal_attribute(camera);
hal_attribute(cas);
diff --git a/public/fwk_bufferhub.te b/public/fwk_bufferhub.te
new file mode 100644
index 0000000..240f04b
--- /dev/null
+++ b/public/fwk_bufferhub.te
@@ -0,0 +1,4 @@
+binder_call(hal_bufferhub_client, hal_bufferhub_server)
+binder_call(hal_bufferhub_server, hal_bufferhub_client)
+
+add_hwservice(hal_bufferhub_server, fwk_bufferhub_hwservice)
diff --git a/public/hwservice.te b/public/hwservice.te
index e5c254e..8ded06b 100644
--- a/public/hwservice.te
+++ b/public/hwservice.te
@@ -1,4 +1,5 @@
type default_android_hwservice, hwservice_manager_type;
+type fwk_bufferhub_hwservice, hwservice_manager_type, coredomain_hwservice;
type fwk_display_hwservice, hwservice_manager_type, coredomain_hwservice;
type fwk_scheduler_hwservice, hwservice_manager_type, coredomain_hwservice;
type fwk_sensor_hwservice, hwservice_manager_type, coredomain_hwservice;
diff --git a/public/ioctl_defines b/public/ioctl_defines
index a463023..97869f9 100644
--- a/public/ioctl_defines
+++ b/public/ioctl_defines
@@ -1363,7 +1363,9 @@
define(`LOOP_CTL_REMOVE', `0x00004c81')
define(`LOOP_GET_STATUS', `0x00004c03')
define(`LOOP_GET_STATUS64', `0x00004c05')
+define(`LOOP_SET_BLOCK_SIZE', `0x00004c09')
define(`LOOP_SET_CAPACITY', `0x00004c07')
+define(`LOOP_SET_DIRECT_IO', `0x00004c08')
define(`LOOP_SET_FD', `0x00004c00')
define(`LOOP_SET_STATUS', `0x00004c02')
define(`LOOP_SET_STATUS64', `0x00004c04')