Merge "Expose max.active.modem to be vendor inittable." into rvc-dev
diff --git a/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil b/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil
index 7c7727b..e614c97 100644
--- a/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil
+++ b/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil
@@ -74,6 +74,7 @@
mirror_data_file
light_service
linkerconfig_file
+ lmkd_prop
media_variant_prop
metadata_bootstat_file
mnt_pass_through_file
diff --git a/prebuilts/api/30.0/private/lmkd.te b/prebuilts/api/30.0/private/lmkd.te
index a07ce87..e51cddb 100644
--- a/prebuilts/api/30.0/private/lmkd.te
+++ b/prebuilts/api/30.0/private/lmkd.te
@@ -1,3 +1,8 @@
typeattribute lmkd coredomain;
init_daemon_domain(lmkd)
+
+# Set lmkd.* properties.
+set_prop(lmkd, lmkd_prop)
+
+neverallow { -init -lmkd -vendor_init } lmkd_prop:property_service set;
diff --git a/prebuilts/api/30.0/private/permissioncontroller_app.te b/prebuilts/api/30.0/private/permissioncontroller_app.te
index 8a6f6aa..41185e3 100644
--- a/prebuilts/api/30.0/private/permissioncontroller_app.te
+++ b/prebuilts/api/30.0/private/permissioncontroller_app.te
@@ -27,6 +27,7 @@
allow permissioncontroller_app IProxyService_service:service_manager find;
allow permissioncontroller_app location_service:service_manager find;
allow permissioncontroller_app media_session_service:service_manager find;
+allow permissioncontroller_app radio_service:service_manager find;
allow permissioncontroller_app surfaceflinger_service:service_manager find;
allow permissioncontroller_app telecom_service:service_manager find;
allow permissioncontroller_app trust_service:service_manager find;
diff --git a/prebuilts/api/30.0/private/property_contexts b/prebuilts/api/30.0/private/property_contexts
index b29ef3c..a117fcc 100644
--- a/prebuilts/api/30.0/private/property_contexts
+++ b/prebuilts/api/30.0/private/property_contexts
@@ -42,6 +42,7 @@
khungtask. u:object_r:llkd_prop:s0
ro.llk. u:object_r:llkd_prop:s0
ro.khungtask. u:object_r:llkd_prop:s0
+lmkd.reinit u:object_r:lmkd_prop:s0 exact int
log. u:object_r:log_prop:s0
log.tag u:object_r:log_tag_prop:s0
log.tag.WifiHAL u:object_r:wifi_log_prop:s0
diff --git a/prebuilts/api/30.0/public/dumpstate.te b/prebuilts/api/30.0/public/dumpstate.te
index 55705a9..c305175 100644
--- a/prebuilts/api/30.0/public/dumpstate.te
+++ b/prebuilts/api/30.0/public/dumpstate.te
@@ -85,6 +85,7 @@
hal_graphics_allocator_server
hal_graphics_composer_server
hal_health_server
+ hal_neuralnetworks_server
hal_omx_server
hal_power_server
hal_power_stats_server
@@ -135,9 +136,10 @@
binder_call(dumpstate, binderservicedomain)
binder_call(dumpstate, { appdomain netd wificond })
-hal_client_domain(dumpstate, hal_dumpstate)
-hal_client_domain(dumpstate, hal_wifi)
-hal_client_domain(dumpstate, hal_graphics_allocator)
+dump_hal(hal_dumpstate)
+dump_hal(hal_wifi)
+dump_hal(hal_graphics_allocator)
+dump_hal(hal_neuralnetworks)
# Vibrate the device after we are done collecting the bugreport
hal_client_domain(dumpstate, hal_vibrator)
diff --git a/prebuilts/api/30.0/public/lmkd.te b/prebuilts/api/30.0/public/lmkd.te
index b852f44..67e93e1 100644
--- a/prebuilts/api/30.0/public/lmkd.te
+++ b/prebuilts/api/30.0/public/lmkd.te
@@ -60,6 +60,9 @@
# Read/Write /proc/pressure/memory
allow lmkd proc_pressure_mem:file rw_file_perms;
+# Allow lmkd to connect during reinit.
+allow lmkd lmkd_socket:sock_file write;
+
# Allow lmkd to write to statsd.
unix_socket_send(lmkd, statsdw, statsd)
diff --git a/prebuilts/api/30.0/public/modprobe.te b/prebuilts/api/30.0/public/modprobe.te
index 1190409..2c7d64b 100644
--- a/prebuilts/api/30.0/public/modprobe.te
+++ b/prebuilts/api/30.0/public/modprobe.te
@@ -1,6 +1,7 @@
type modprobe, domain;
allow modprobe proc_modules:file r_file_perms;
+allow modprobe proc_cmdline:file r_file_perms;
allow modprobe self:global_capability_class_set sys_module;
allow modprobe kernel:key search;
recovery_only(`
diff --git a/prebuilts/api/30.0/public/property.te b/prebuilts/api/30.0/public/property.te
index b96efa9..316d3c6 100644
--- a/prebuilts/api/30.0/public/property.te
+++ b/prebuilts/api/30.0/public/property.te
@@ -155,6 +155,7 @@
system_public_prop(exported_wifi_prop)
system_public_prop(sota_prop)
system_public_prop(hwservicemanager_prop)
+system_public_prop(lmkd_prop)
system_public_prop(logd_prop)
system_public_prop(logpersistd_logging_prop)
system_public_prop(log_prop)
diff --git a/prebuilts/api/30.0/public/update_engine.te b/prebuilts/api/30.0/public/update_engine.te
index 078e494..8b767be 100644
--- a/prebuilts/api/30.0/public/update_engine.te
+++ b/prebuilts/api/30.0/public/update_engine.te
@@ -69,6 +69,9 @@
# Allow to set the OTA related properties, e.g. ota.warm_reset.
set_prop(update_engine, ota_prop)
+# Allow to get the DSU status
+get_prop(update_engine, gsid_prop)
+
# update_engine tries to determine the parent path for all devices (e.g.
# /dev/block/by-name) by reading the default fstab and looking for the misc
# device. ReadDefaultFstab() checks whether a GSI is running by checking
diff --git a/prebuilts/api/30.0/public/vendor_init.te b/prebuilts/api/30.0/public/vendor_init.te
index 9db846b..12a360e 100644
--- a/prebuilts/api/30.0/public/vendor_init.te
+++ b/prebuilts/api/30.0/public/vendor_init.te
@@ -229,6 +229,7 @@
set_prop(vendor_init, exported3_default_prop)
set_prop(vendor_init, exported3_radio_prop)
set_prop(vendor_init, incremental_prop)
+set_prop(vendor_init, lmkd_prop)
set_prop(vendor_init, logd_prop)
set_prop(vendor_init, log_tag_prop)
set_prop(vendor_init, log_prop)
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index 7c7727b..e614c97 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -74,6 +74,7 @@
mirror_data_file
light_service
linkerconfig_file
+ lmkd_prop
media_variant_prop
metadata_bootstat_file
mnt_pass_through_file
diff --git a/private/lmkd.te b/private/lmkd.te
index a07ce87..e51cddb 100644
--- a/private/lmkd.te
+++ b/private/lmkd.te
@@ -1,3 +1,8 @@
typeattribute lmkd coredomain;
init_daemon_domain(lmkd)
+
+# Set lmkd.* properties.
+set_prop(lmkd, lmkd_prop)
+
+neverallow { -init -lmkd -vendor_init } lmkd_prop:property_service set;
diff --git a/private/permissioncontroller_app.te b/private/permissioncontroller_app.te
index 8a6f6aa..41185e3 100644
--- a/private/permissioncontroller_app.te
+++ b/private/permissioncontroller_app.te
@@ -27,6 +27,7 @@
allow permissioncontroller_app IProxyService_service:service_manager find;
allow permissioncontroller_app location_service:service_manager find;
allow permissioncontroller_app media_session_service:service_manager find;
+allow permissioncontroller_app radio_service:service_manager find;
allow permissioncontroller_app surfaceflinger_service:service_manager find;
allow permissioncontroller_app telecom_service:service_manager find;
allow permissioncontroller_app trust_service:service_manager find;
diff --git a/private/property_contexts b/private/property_contexts
index b29ef3c..a117fcc 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -42,6 +42,7 @@
khungtask. u:object_r:llkd_prop:s0
ro.llk. u:object_r:llkd_prop:s0
ro.khungtask. u:object_r:llkd_prop:s0
+lmkd.reinit u:object_r:lmkd_prop:s0 exact int
log. u:object_r:log_prop:s0
log.tag u:object_r:log_tag_prop:s0
log.tag.WifiHAL u:object_r:wifi_log_prop:s0
diff --git a/public/dumpstate.te b/public/dumpstate.te
index 55705a9..c305175 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -85,6 +85,7 @@
hal_graphics_allocator_server
hal_graphics_composer_server
hal_health_server
+ hal_neuralnetworks_server
hal_omx_server
hal_power_server
hal_power_stats_server
@@ -135,9 +136,10 @@
binder_call(dumpstate, binderservicedomain)
binder_call(dumpstate, { appdomain netd wificond })
-hal_client_domain(dumpstate, hal_dumpstate)
-hal_client_domain(dumpstate, hal_wifi)
-hal_client_domain(dumpstate, hal_graphics_allocator)
+dump_hal(hal_dumpstate)
+dump_hal(hal_wifi)
+dump_hal(hal_graphics_allocator)
+dump_hal(hal_neuralnetworks)
# Vibrate the device after we are done collecting the bugreport
hal_client_domain(dumpstate, hal_vibrator)
diff --git a/public/lmkd.te b/public/lmkd.te
index b852f44..67e93e1 100644
--- a/public/lmkd.te
+++ b/public/lmkd.te
@@ -60,6 +60,9 @@
# Read/Write /proc/pressure/memory
allow lmkd proc_pressure_mem:file rw_file_perms;
+# Allow lmkd to connect during reinit.
+allow lmkd lmkd_socket:sock_file write;
+
# Allow lmkd to write to statsd.
unix_socket_send(lmkd, statsdw, statsd)
diff --git a/public/modprobe.te b/public/modprobe.te
index 1190409..2c7d64b 100644
--- a/public/modprobe.te
+++ b/public/modprobe.te
@@ -1,6 +1,7 @@
type modprobe, domain;
allow modprobe proc_modules:file r_file_perms;
+allow modprobe proc_cmdline:file r_file_perms;
allow modprobe self:global_capability_class_set sys_module;
allow modprobe kernel:key search;
recovery_only(`
diff --git a/public/property.te b/public/property.te
index b96efa9..316d3c6 100644
--- a/public/property.te
+++ b/public/property.te
@@ -155,6 +155,7 @@
system_public_prop(exported_wifi_prop)
system_public_prop(sota_prop)
system_public_prop(hwservicemanager_prop)
+system_public_prop(lmkd_prop)
system_public_prop(logd_prop)
system_public_prop(logpersistd_logging_prop)
system_public_prop(log_prop)
diff --git a/public/update_engine.te b/public/update_engine.te
index 078e494..8b767be 100644
--- a/public/update_engine.te
+++ b/public/update_engine.te
@@ -69,6 +69,9 @@
# Allow to set the OTA related properties, e.g. ota.warm_reset.
set_prop(update_engine, ota_prop)
+# Allow to get the DSU status
+get_prop(update_engine, gsid_prop)
+
# update_engine tries to determine the parent path for all devices (e.g.
# /dev/block/by-name) by reading the default fstab and looking for the misc
# device. ReadDefaultFstab() checks whether a GSI is running by checking
diff --git a/public/vendor_init.te b/public/vendor_init.te
index 9db846b..12a360e 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -229,6 +229,7 @@
set_prop(vendor_init, exported3_default_prop)
set_prop(vendor_init, exported3_radio_prop)
set_prop(vendor_init, incremental_prop)
+set_prop(vendor_init, lmkd_prop)
set_prop(vendor_init, logd_prop)
set_prop(vendor_init, log_tag_prop)
set_prop(vendor_init, log_prop)
diff --git a/vendor/vendor_modprobe.te b/vendor/vendor_modprobe.te
index 7689ca5..61df9e0 100644
--- a/vendor/vendor_modprobe.te
+++ b/vendor/vendor_modprobe.te
@@ -4,6 +4,7 @@
domain_trans(init, vendor_toolbox_exec, vendor_modprobe)
allow vendor_modprobe proc_modules:file r_file_perms;
+allow vendor_modprobe proc_cmdline:file r_file_perms;
allow vendor_modprobe self:global_capability_class_set sys_module;
allow vendor_modprobe kernel:key search;