commit 452d6a5faa1a8769317d39279b8aa596327bb1a7
author Treehugger Robot <treehugger-gerrit@google.com> Wed Mar 06 17:38:46 2019 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Wed Mar 06 17:38:46 2019 +0000
tree 9c3537faa332bbaef7260c283d9090b89a244abe
parent 731e104acc543e94f17e0842f1fb4816f7d744fa
parent 48d0793ec0b3ea120e77f36d2ac5b0bd0ecc5ee3

Merge "Add a new system-to-vendor sysprop ro.apex.updatable"

apex/com.android.media.swcodec-file_contexts

diff --git a/apex/com.android.media.swcodec-file_contexts b/apex/com.android.media.swcodec-file_contexts
index f6b21da..b718121 100644
--- a/apex/com.android.media.swcodec-file_contexts
+++ b/apex/com.android.media.swcodec-file_contexts
@@ -1,2 +1,3 @@
 (/.*)?                u:object_r:system_file:s0
 /lib(64)?(/.*)        u:object_r:system_lib_file:s0
+/bin/mediaswcodec     u:object_r:mediaswcodec_exec:s0

private/compat/28.0/28.0.cil

diff --git a/private/compat/28.0/28.0.cil b/private/compat/28.0/28.0.cil
index cc3502b..18604bc 100644
--- a/private/compat/28.0/28.0.cil
+++ b/private/compat/28.0/28.0.cil
@@ -1538,6 +1538,7 @@
 (typeattributeset swap_block_device_28_0 (swap_block_device))
 (typeattributeset sysfs_28_0
   ( sysfs
+    sysfs_devices_block
     sysfs_extcon
     sysfs_loop))
 (typeattributeset sysfs_android_usb_28_0 (sysfs_android_usb))

private/genfs_contexts

diff --git a/private/genfs_contexts b/private/genfs_contexts
index 8700dc0..9eeb43a 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -111,6 +111,7 @@
 genfscon sysfs /class/switch                      u:object_r:sysfs_switch:s0
 genfscon sysfs /devices/platform/nfc-power/nfc_power u:object_r:sysfs_nfc_power_writable:s0
 genfscon sysfs /devices/virtual/android_usb     u:object_r:sysfs_android_usb:s0
+genfscon sysfs /devices/virtual/block/            u:object_r:sysfs_devices_block:s0
 genfscon sysfs /devices/virtual/block/dm-       u:object_r:sysfs_dm:s0
 genfscon sysfs /devices/virtual/block/loop       u:object_r:sysfs_loop:s0
 genfscon sysfs /devices/virtual/block/zram0     u:object_r:sysfs_zram:s0

public/dumpstate.te

diff --git a/public/dumpstate.te b/public/dumpstate.te
index 3e18b5d..0bd6f83 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -92,6 +92,7 @@
 allow dumpstate sysfs_type:dir r_dir_perms;
 
 allow dumpstate {
+  sysfs_devices_block
   sysfs_dm
   sysfs_loop
   sysfs_usb
@@ -102,6 +103,8 @@
 allow dumpstate debugfs:file r_file_perms;
 auditallow dumpstate debugfs:file r_file_perms;
 
+allow dumpstate debugfs_mmc:file r_file_perms;
+
 # df for
 allow dumpstate {
   block_device

public/file.te

diff --git a/public/file.te b/public/file.te
index bdcaae7..514f23d 100644
--- a/public/file.te
+++ b/public/file.te
@@ -73,6 +73,7 @@
 type sysfs_uio, sysfs_type, fs_type;
 type sysfs_batteryinfo, fs_type, sysfs_type;
 type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject;
+type sysfs_devices_block, fs_type, sysfs_type;
 type sysfs_dm, fs_type, sysfs_type;
 type sysfs_dt_firmware_android, fs_type, sysfs_type;
 type sysfs_extcon, fs_type, sysfs_type;

public/gatekeeperd.te

diff --git a/public/gatekeeperd.te b/public/gatekeeperd.te
index e1739c2..dc46d07 100644
--- a/public/gatekeeperd.te
+++ b/public/gatekeeperd.te
@@ -35,4 +35,7 @@
 # For hardware properties retrieval
 allow gatekeeperd hardware_properties_service:service_manager find;
 
+# For checking whether GSI is running
+get_prop(gatekeeperd, gsid_prop)
+
 r_dir_file(gatekeeperd, cgroup)

public/hal_evs.te

diff --git a/public/hal_evs.te b/public/hal_evs.te
index 710051e..bf2e38b 100644
--- a/public/hal_evs.te
+++ b/public/hal_evs.te
@@ -2,4 +2,4 @@
 hwbinder_use(hal_evs_server)
 binder_call(hal_evs_client, hal_evs_server)
 binder_call(hal_evs_server, hal_evs_client)
-
+allow hal_evs_client hal_evs_hwservice:hwservice_manager find;