Merge "Allow system server to access udc sysfs" into main
diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index 9484326..17d737f 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go
@@ -151,6 +151,7 @@
"android.hardware.wifi.hostapd.IHostapd/default": EXCEPTION_NO_FUZZER,
"android.hardware.wifi.supplicant.ISupplicant/default": EXCEPTION_NO_FUZZER,
"android.frameworks.cameraservice.service.ICameraService/default": EXCEPTION_NO_FUZZER,
+ "android.frameworks.devicestate.IDeviceStateService/default": EXCEPTION_NO_FUZZER,
"android.frameworks.location.altitude.IAltitudeService/default": EXCEPTION_NO_FUZZER,
"android.frameworks.sensorservice.ISensorManager/default": []string{"libsensorserviceaidl_fuzzer"},
"android.frameworks.stats.IStats/default": EXCEPTION_NO_FUZZER,
diff --git a/private/compat/202404/202404.ignore.cil b/private/compat/202404/202404.ignore.cil
index 0bf3f7e..f518eac 100644
--- a/private/compat/202404/202404.ignore.cil
+++ b/private/compat/202404/202404.ignore.cil
@@ -7,6 +7,7 @@
( new_objects
bluetooth_finder_prop
profcollectd_etr_prop
+ fwk_devicestate_service
fstype_prop
binderfs_logs_transactions
binderfs_logs_transaction_history
diff --git a/private/flags_health_check.te b/private/flags_health_check.te
index c6785dd..db7f08f 100644
--- a/private/flags_health_check.te
+++ b/private/flags_health_check.te
@@ -34,6 +34,7 @@
set_prop(flags_health_check, device_config_remote_key_provisioning_native_prop)
set_prop(flags_health_check, device_config_camera_native_prop)
set_prop(flags_health_check, device_config_tethering_u_or_later_native_prop)
+set_prop(flags_health_check, device_config_mmd_native_prop)
set_prop(flags_health_check, next_boot_prop)
allow flags_health_check server_configurable_flags_data_file:dir rw_dir_perms;
diff --git a/private/mmd.te b/private/mmd.te
index 193c307..d299bd8 100644
--- a/private/mmd.te
+++ b/private/mmd.te
@@ -5,6 +5,10 @@
init_daemon_domain(mmd)
+# Set mmd.enabled_aconfig properties.
+set_prop(mmd, mmd_prop)
+get_prop(mmd, device_config_mmd_native_prop)
+
# mmd binder setup
add_service(mmd, mmd_service)
binder_use(mmd)
diff --git a/private/property.te b/private/property.te
index 135bcad..3109253 100644
--- a/private/property.te
+++ b/private/property.te
@@ -10,6 +10,7 @@
system_internal_prop(device_config_core_experiments_team_internal_prop)
system_internal_prop(device_config_lmkd_native_prop)
system_internal_prop(device_config_mglru_native_prop)
+system_internal_prop(device_config_mmd_native_prop)
system_internal_prop(device_config_profcollect_native_boot_prop)
system_internal_prop(device_config_remote_key_provisioning_native_prop)
system_internal_prop(device_config_statsd_native_prop)
@@ -35,6 +36,7 @@
system_internal_prop(localization_prop)
system_internal_prop(logd_auditrate_prop)
system_internal_prop(lower_kptr_restrict_prop)
+system_internal_prop(mmd_prop)
system_internal_prop(net_464xlat_fromvendor_prop)
system_internal_prop(net_connectivity_prop)
system_internal_prop(netd_stable_secret_prop)
@@ -99,6 +101,11 @@
system_restricted_prop(profcollectd_etr_prop)
')
+# These types will be public starting at board api 202504
+until_board_api(202504, `
+ system_vendor_config_prop(trusty_security_vm_sys_vendor_prop)
+')
+
# Properties which should only be written by vendor_init
system_vendor_config_prop(avf_virtualizationservice_prop)
system_vendor_config_prop(high_barometer_quality_prop)
diff --git a/private/property_contexts b/private/property_contexts
index eaa55b9..6b825cb 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -305,6 +305,7 @@
persist.device_config.memory_safety_native_boot. u:object_r:device_config_memory_safety_native_boot_prop:s0
persist.device_config.memory_safety_native. u:object_r:device_config_memory_safety_native_prop:s0
persist.device_config.tethering_u_or_later_native. u:object_r:device_config_tethering_u_or_later_native_prop:s0
+persist.device_config.mmd_native. u:object_r:device_config_mmd_native_prop:s0
# Prop indicates the apex that bundles input configuration files (*.idc,*.kl,*.kcm)
input_device.config_file.apex u:object_r:input_device_config_prop:s0 exact string
@@ -1772,3 +1773,11 @@
# Properties related to Trusty VMs
trusty.security_vm.nonsecure_vm_ready u:object_r:trusty_security_vm_sys_prop:s0 exact bool
trusty.security_vm.vm_cid u:object_r:trusty_security_vm_sys_prop:s0 exact int
+
+# Properties that allows vendors to enable Trusty security VM features
+trusty.security_vm.enabled u:object_r:trusty_security_vm_sys_vendor_prop:s0 exact bool
+trusty.security_vm.keymint.enabled u:object_r:trusty_security_vm_sys_vendor_prop:s0 exact bool
+
+# Properties for mmd
+mmd. u:object_r:mmd_prop:s0
+mmd.enabled_aconfig u:object_r:mmd_prop:s0 exact bool
diff --git a/private/service_contexts b/private/service_contexts
index fbdc081..77f1eec 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -3,6 +3,9 @@
android.frameworks.stats.IStats/default u:object_r:fwk_stats_service:s0
android.frameworks.sensorservice.ISensorManager/default u:object_r:fwk_sensor_service:s0
android.frameworks.vibrator.IVibratorControlService/default u:object_r:fwk_vibrator_control_service:s0
+starting_at_board_api(202504, `
+ android.frameworks.devicestate.IDeviceStateService/default u:object_r:fwk_devicestate_service:s0
+')
android.hardware.audio.core.IConfig/default u:object_r:hal_audio_service:s0
# 'default' IModule is equivalent to 'primary' in HIDL
android.hardware.audio.core.IModule/default u:object_r:hal_audio_service:s0
diff --git a/private/system_server.te b/private/system_server.te
index e61f8b8..4e86232 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -816,6 +816,7 @@
set_prop(system_server, device_config_memory_safety_native_prop)
set_prop(system_server, device_config_remote_key_provisioning_native_prop)
set_prop(system_server, device_config_tethering_u_or_later_native_prop)
+set_prop(system_server, device_config_mmd_native_prop)
set_prop(system_server, smart_idle_maint_enabled_prop)
set_prop(system_server, arm64_memtag_prop)
@@ -1402,6 +1403,7 @@
device_config_aconfig_flags_prop
device_config_window_manager_native_boot_prop
device_config_tethering_u_or_later_native_prop
+ device_config_mmd_native_prop
next_boot_prop
}:property_service set;
diff --git a/public/property.te b/public/property.te
index a186f04..cb18741 100644
--- a/public/property.te
+++ b/public/property.te
@@ -206,6 +206,9 @@
system_vendor_config_prop(usb_uvc_enabled_prop)
system_vendor_config_prop(setupwizard_mode_prop)
system_vendor_config_prop(pm_archiving_enabled_prop)
+starting_at_board_api(202504, `
+ system_vendor_config_prop(trusty_security_vm_sys_vendor_prop)
+')
# Properties with no restrictions
system_public_prop(adbd_config_prop)
diff --git a/public/service.te b/public/service.te
index 854ceef..2b75cc6 100644
--- a/public/service.te
+++ b/public/service.te
@@ -151,6 +151,9 @@
type forensic_service, app_api_service, system_api_service, system_server_service, service_manager_type;
')
type fwk_altitude_service, system_server_service, service_manager_type;
+starting_at_board_api(202504, `
+ type fwk_devicestate_service, system_server_service, service_manager_type;
+')
type fwk_stats_service, app_api_service, system_server_service, service_manager_type;
type fwk_sensor_service, system_server_service, service_manager_type;
type fwk_vibrator_control_service, system_server_service, service_manager_type;