Keep AOSP sepolicy up to date with internal master
This re-alignes aosp and internal master to avoid
conflicts when uploading CLs upstream.
Bug: 170126760
Change-Id: I9c087e70998cd529b71dec7428641c4bfef10d31
diff --git a/prebuilts/api/30.0/public/hal_audio.te b/prebuilts/api/30.0/public/hal_audio.te
index 5958f2c..d54b2b2 100644
--- a/prebuilts/api/30.0/public/hal_audio.te
+++ b/prebuilts/api/30.0/public/hal_audio.te
@@ -30,6 +30,10 @@
# Should never execute any executable without a domain transition
neverallow hal_audio_server { file_type fs_type }:file execute_no_trans;
+# Should never need network access.
+# Disallow network sockets.
+neverallow hal_audio_server domain:{ tcp_socket udp_socket rawip_socket } *;
+
# Only audio HAL may directly access the audio hardware
neverallow { halserverdomain -hal_audio_server -hal_omx_server } audio_device:chr_file *;
diff --git a/prebuilts/api/30.0/public/property_contexts b/prebuilts/api/30.0/public/property_contexts
index 40f6889..57167d1 100644
--- a/prebuilts/api/30.0/public/property_contexts
+++ b/prebuilts/api/30.0/public/property_contexts
@@ -67,6 +67,8 @@
dalvik.vm.method-trace-stream u:object_r:exported_dalvik_prop:s0 exact bool
dalvik.vm.profilesystemserver u:object_r:exported_dalvik_prop:s0 exact bool
dalvik.vm.profilebootclasspath u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.restore-dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.restore-dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
dalvik.vm.usejit u:object_r:exported_dalvik_prop:s0 exact bool
dalvik.vm.usejitprofiles u:object_r:exported_dalvik_prop:s0 exact bool
dalvik.vm.zygote.max-boot-retry u:object_r:exported_dalvik_prop:s0 exact int
diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index 5882ee7..e5f2315 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -24,8 +24,8 @@
mediatranscoding_tmpfs
music_recognition_service
people_service
- power_stats_service
power_debug_prop
+ power_stats_service
profcollectd
profcollectd_data_file
profcollectd_exec
diff --git a/private/service_contexts b/private/service_contexts
index be4aa2b..bbed660 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -175,6 +175,7 @@
phone2 u:object_r:radio_service:s0
phone u:object_r:radio_service:s0
pinner u:object_r:pinner_service:s0
+power_stats u:object_r:power_stats_service:s0
power u:object_r:power_service:s0
print u:object_r:print_service:s0
processinfo u:object_r:processinfo_service:s0
diff --git a/public/service.te b/public/service.te
index 8b95eb7..941abdf 100644
--- a/public/service.te
+++ b/public/service.te
@@ -148,6 +148,7 @@
type permissionmgr_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type persistent_data_block_service, system_api_service, system_server_service, service_manager_type;
type pinner_service, system_server_service, service_manager_type;
+type power_stats_service, app_api_service, system_server_service, service_manager_type;
type power_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type print_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type processinfo_service, system_server_service, service_manager_type;