Merge "Allow surfaceflinger to call into mediacodec"
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 5c4aa40..6407755 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -231,7 +231,6 @@
hal_wifi_supplicant_hwservice
hidl_base_hwservice
system_net_netd_hwservice
- thermalcallback_hwservice
}:hwservice_manager find;
# HwBinder services offered by core components (as opposed to vendor components)
# are considered somewhat safer due to point #2 above.
diff --git a/private/compat/27.0/27.0.cil b/private/compat/27.0/27.0.cil
index 8eedf56..e3ca2d0 100644
--- a/private/compat/27.0/27.0.cil
+++ b/private/compat/27.0/27.0.cil
@@ -7,6 +7,7 @@
(type rild)
(type webview_zygote_socket)
(type vold_socket)
+(type thermalcallback_hwservice)
(expandtypeattribute (accessibility_service_27_0) true)
(expandtypeattribute (account_service_27_0) true)
diff --git a/private/genfs_contexts b/private/genfs_contexts
index b4d7cbc..a538544 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -46,6 +46,8 @@
genfscon proc /sys/kernel/panic_on_oops u:object_r:proc_panic:s0
genfscon proc /sys/kernel/perf_event_max_sample_rate u:object_r:proc_perf:s0
genfscon proc /sys/kernel/perf_event_paranoid u:object_r:proc_perf:s0
+genfscon proc /sys/kernel/perf_cpu_time_max_percent u:object_r:proc_perf:s0
+genfscon proc /sys/kernel/perf_event_mlock_kb u:object_r:proc_perf:s0
genfscon proc /sys/kernel/pid_max u:object_r:proc_pid_max:s0
genfscon proc /sys/kernel/poweroff_cmd u:object_r:usermodehelper:s0
genfscon proc /sys/kernel/random u:object_r:proc_random:s0
diff --git a/private/hwservice_contexts b/private/hwservice_contexts
index c75c0a5..7a90ad5 100644
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts
@@ -49,7 +49,6 @@
android.hardware.tetheroffload.config::IOffloadConfig u:object_r:hal_tetheroffload_hwservice:s0
android.hardware.tetheroffload.control::IOffloadControl u:object_r:hal_tetheroffload_hwservice:s0
android.hardware.thermal::IThermal u:object_r:hal_thermal_hwservice:s0
-android.hardware.thermal::IThermalCallback u:object_r:thermalcallback_hwservice:s0
android.hardware.tv.cec::IHdmiCec u:object_r:hal_tv_cec_hwservice:s0
android.hardware.tv.input::ITvInput u:object_r:hal_tv_input_hwservice:s0
android.hardware.usb::IUsb u:object_r:hal_usb_hwservice:s0
diff --git a/public/hwservice.te b/public/hwservice.te
index 5fba86a..6f09efc 100644
--- a/public/hwservice.te
+++ b/public/hwservice.te
@@ -59,4 +59,3 @@
type hidl_token_hwservice, hwservice_manager_type, coredomain_hwservice;
type system_net_netd_hwservice, hwservice_manager_type, coredomain_hwservice;
type system_wifi_keystore_hwservice, hwservice_manager_type, coredomain_hwservice;
-type thermalcallback_hwservice, hwservice_manager_type;
diff --git a/public/netd.te b/public/netd.te
index faf7cac..7657eaf 100644
--- a/public/netd.te
+++ b/public/netd.te
@@ -94,6 +94,7 @@
# Allow netd to operate on sockets that are passed to it.
allow netd netdomain:{
+ icmp_socket
tcp_socket
udp_socket
rawip_socket
diff --git a/public/thermalserviced.te b/public/thermalserviced.te
index 00e0071..f47f544 100644
--- a/public/thermalserviced.te
+++ b/public/thermalserviced.te
@@ -8,6 +8,5 @@
hwbinder_use(thermalserviced)
hal_client_domain(thermalserviced, hal_thermal)
-add_hwservice(thermalserviced, thermalcallback_hwservice)
binder_call(thermalserviced, platform_app)