Merge "Sepolicy for rw mount point for product extensions."
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 5c4aa40..6407755 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -231,7 +231,6 @@
hal_wifi_supplicant_hwservice
hidl_base_hwservice
system_net_netd_hwservice
- thermalcallback_hwservice
}:hwservice_manager find;
# HwBinder services offered by core components (as opposed to vendor components)
# are considered somewhat safer due to point #2 above.
diff --git a/private/compat/27.0/27.0.cil b/private/compat/27.0/27.0.cil
index 8eedf56..e3ca2d0 100644
--- a/private/compat/27.0/27.0.cil
+++ b/private/compat/27.0/27.0.cil
@@ -7,6 +7,7 @@
(type rild)
(type webview_zygote_socket)
(type vold_socket)
+(type thermalcallback_hwservice)
(expandtypeattribute (accessibility_service_27_0) true)
(expandtypeattribute (account_service_27_0) true)
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 11b9974..a538544 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -46,6 +46,8 @@
genfscon proc /sys/kernel/panic_on_oops u:object_r:proc_panic:s0
genfscon proc /sys/kernel/perf_event_max_sample_rate u:object_r:proc_perf:s0
genfscon proc /sys/kernel/perf_event_paranoid u:object_r:proc_perf:s0
+genfscon proc /sys/kernel/perf_cpu_time_max_percent u:object_r:proc_perf:s0
+genfscon proc /sys/kernel/perf_event_mlock_kb u:object_r:proc_perf:s0
genfscon proc /sys/kernel/pid_max u:object_r:proc_pid_max:s0
genfscon proc /sys/kernel/poweroff_cmd u:object_r:usermodehelper:s0
genfscon proc /sys/kernel/random u:object_r:proc_random:s0
@@ -194,6 +196,7 @@
genfscon tracefs /buffer_size_kb u:object_r:debugfs_tracing:s0
genfscon tracefs /options/overwrite u:object_r:debugfs_tracing:s0
genfscon tracefs /options/print-tgid u:object_r:debugfs_tracing:s0
+genfscon tracefs /options/record-tgid u:object_r:debugfs_tracing:s0
genfscon tracefs /saved_cmdlines_size u:object_r:debugfs_tracing:s0
genfscon tracefs /events/sched/sched_switch/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/sched/sched_wakeup/ u:object_r:debugfs_tracing:s0
@@ -222,6 +225,7 @@
genfscon debugfs /tracing/buffer_size_kb u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/options/overwrite u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/options/print-tgid u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/options/record-tgid u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/saved_cmdlines_size u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/sched/sched_switch/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/sched/sched_wakeup/ u:object_r:debugfs_tracing:s0
diff --git a/private/hwservice_contexts b/private/hwservice_contexts
index c75c0a5..7a90ad5 100644
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts
@@ -49,7 +49,6 @@
android.hardware.tetheroffload.config::IOffloadConfig u:object_r:hal_tetheroffload_hwservice:s0
android.hardware.tetheroffload.control::IOffloadControl u:object_r:hal_tetheroffload_hwservice:s0
android.hardware.thermal::IThermal u:object_r:hal_thermal_hwservice:s0
-android.hardware.thermal::IThermalCallback u:object_r:thermalcallback_hwservice:s0
android.hardware.tv.cec::IHdmiCec u:object_r:hal_tv_cec_hwservice:s0
android.hardware.tv.input::ITvInput u:object_r:hal_tv_input_hwservice:s0
android.hardware.usb::IUsb u:object_r:hal_usb_hwservice:s0
diff --git a/private/priv_app.te b/private/priv_app.te
index 37d864f..a952769 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -173,6 +173,7 @@
dontaudit priv_app proc_stat:file read;
dontaudit priv_app proc_version:file read;
dontaudit priv_app sysfs:dir read;
+dontaudit priv_app sysfs:file read;
dontaudit priv_app sysfs_android_usb:file read;
dontaudit priv_app wifi_prop:file read;
dontaudit priv_app { wifi_prop exported_wifi_prop }:file read;
diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index e2f1a07..61c89e1 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@@ -13,6 +13,7 @@
# Perform HwBinder IPC.
hal_client_domain(surfaceflinger, hal_graphics_allocator)
hal_client_domain(surfaceflinger, hal_graphics_composer)
+hal_client_domain(surfaceflinger, hal_omx)
hal_client_domain(surfaceflinger, hal_configstore)
hal_client_domain(surfaceflinger, hal_power)
allow surfaceflinger hidl_token_hwservice:hwservice_manager find;
diff --git a/public/hwservice.te b/public/hwservice.te
index 5fba86a..6f09efc 100644
--- a/public/hwservice.te
+++ b/public/hwservice.te
@@ -59,4 +59,3 @@
type hidl_token_hwservice, hwservice_manager_type, coredomain_hwservice;
type system_net_netd_hwservice, hwservice_manager_type, coredomain_hwservice;
type system_wifi_keystore_hwservice, hwservice_manager_type, coredomain_hwservice;
-type thermalcallback_hwservice, hwservice_manager_type;
diff --git a/public/netd.te b/public/netd.te
index faf7cac..7657eaf 100644
--- a/public/netd.te
+++ b/public/netd.te
@@ -94,6 +94,7 @@
# Allow netd to operate on sockets that are passed to it.
allow netd netdomain:{
+ icmp_socket
tcp_socket
udp_socket
rawip_socket
diff --git a/public/thermalserviced.te b/public/thermalserviced.te
index 00e0071..f47f544 100644
--- a/public/thermalserviced.te
+++ b/public/thermalserviced.te
@@ -8,6 +8,5 @@
hwbinder_use(thermalserviced)
hal_client_domain(thermalserviced, hal_thermal)
-add_hwservice(thermalserviced, thermalcallback_hwservice)
binder_call(thermalserviced, platform_app)