Merge "Revert "Move allow rules of sdk_sandbox to apex policy""
diff --git a/mac_permissions/Android.bp b/mac_permissions/Android.bp
index 3a35814..401f78c 100644
--- a/mac_permissions/Android.bp
+++ b/mac_permissions/Android.bp
@@ -14,6 +14,15 @@
// This file contains module definitions for mac_permissions.xml files.
+package {
+ // See: http://go/android-license-faq
+ // A large-scale-change added 'default_applicable_licenses' to import
+ // all of the 'license_kinds' from "system_sepolicy_license"
+ // to get the below license kinds:
+ // SPDX-license-identifier-Apache-2.0
+ default_applicable_licenses: ["system_sepolicy_license"],
+}
+
se_build_files {
name: "keys.conf",
srcs: ["keys.conf"],
diff --git a/private/compat/33.0/33.0.cil b/private/compat/33.0/33.0.cil
index 4b296c9..163a300 100644
--- a/private/compat/33.0/33.0.cil
+++ b/private/compat/33.0/33.0.cil
@@ -10,9 +10,13 @@
(type iorapd_exec)
(type iorapd_service)
(type iorapd_tmpfs)
+(type lowpan_service)
(type timezone_service)
(type tzdatacheck)
(type tzdatacheck_exec)
+(type wpantund)
+(type wpantund_exec)
+(type wpantund_service)
(type zoneinfo_data_file)
(expandtypeattribute (DockObserver_service_33_0) true)
diff --git a/private/compat/33.0/33.0.ignore.cil b/private/compat/33.0/33.0.ignore.cil
index 40c035e..15f7c4a 100644
--- a/private/compat/33.0/33.0.ignore.cil
+++ b/private/compat/33.0/33.0.ignore.cil
@@ -9,6 +9,7 @@
device_config_memory_safety_native_prop
device_config_vendor_system_native_prop
hal_bootctl_service
+ hal_tv_input_service
keystore_config_prop
permissive_mte_prop
servicemanager_prop
diff --git a/private/file_contexts b/private/file_contexts
index de2c898..fedea70 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -333,7 +333,6 @@
/system/bin/profcollectd u:object_r:profcollectd_exec:s0
/system/bin/profcollectctl u:object_r:profcollectd_exec:s0
/system/bin/storaged u:object_r:storaged_exec:s0
-/system/bin/wpantund u:object_r:wpantund_exec:s0
/system/bin/virtual_touchpad u:object_r:virtual_touchpad_exec:s0
/system/bin/hw/android\.frameworks\.bufferhub@1\.0-service u:object_r:fwk_bufferhub_exec:s0
/system/bin/hw/android\.hidl\.allocator@1\.0-service u:object_r:hal_allocator_default_exec:s0
diff --git a/private/service_contexts b/private/service_contexts
index 0e9d4e8..1504bac 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -61,6 +61,7 @@
android.hardware.sensors.ISensors/default u:object_r:hal_sensors_service:s0
android.hardware.soundtrigger3.ISoundTriggerHw/default u:object_r:hal_audio_service:s0
android.hardware.tv.tuner.ITuner/default u:object_r:hal_tv_tuner_service:s0
+android.hardware.tv.input.ITvInput/default u:object_r:hal_tv_input_service:s0
android.hardware.usb.IUsb/default u:object_r:hal_usb_service:s0
android.hardware.uwb.IUwb/default u:object_r:hal_uwb_service:s0
android.hardware.vibrator.IVibrator/default u:object_r:hal_vibrator_service:s0
@@ -178,7 +179,6 @@
emergency_affordance u:object_r:emergency_affordance_service:s0
euicc_card_controller u:object_r:radio_service:s0
external_vibrator_service u:object_r:external_vibrator_service:s0
-lowpan u:object_r:lowpan_service:s0
ethernet u:object_r:ethernet_service:s0
face u:object_r:face_service:s0
file_integrity u:object_r:file_integrity_service:s0
diff --git a/private/system_server.te b/private/system_server.te
index b783446..aa674d0 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -300,7 +300,6 @@
binder_call(system_server, vold)
binder_call(system_server, logd)
binder_call(system_server, wificond)
-binder_call(system_server, wpantund)
binder_service(system_server)
# Use HALs
diff --git a/private/wpantund.te b/private/wpantund.te
deleted file mode 100644
index e91662c..0000000
--- a/private/wpantund.te
+++ /dev/null
@@ -1,3 +0,0 @@
-typeattribute wpantund coredomain;
-
-init_daemon_domain(wpantund)
diff --git a/public/hal_tv_input.te b/public/hal_tv_input.te
index 5a5bdda..b345189 100644
--- a/public/hal_tv_input.te
+++ b/public/hal_tv_input.te
@@ -3,3 +3,7 @@
binder_call(hal_tv_input_server, hal_tv_input_client)
hal_attribute_hwservice(hal_tv_input, hal_tv_input_hwservice)
+hal_attribute_service(hal_tv_input, hal_tv_input_service)
+
+binder_call(hal_tv_input_server, servicemanager)
+binder_call(hal_tv_input_client, servicemanager)
diff --git a/public/service.te b/public/service.te
index b8a628c..4bd5e65 100644
--- a/public/service.te
+++ b/public/service.te
@@ -122,7 +122,6 @@
type DockObserver_service, system_server_service, service_manager_type;
type dreams_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type dropbox_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
-type lowpan_service, system_api_service, system_server_service, service_manager_type;
type ethernet_service, app_api_service, system_server_service, service_manager_type;
type biometric_service, app_api_service, system_server_service, service_manager_type;
type bugreport_service, app_api_service, system_server_service, service_manager_type;
@@ -258,7 +257,6 @@
type wifiaware_service, app_api_service, system_server_service, service_manager_type;
type window_service, system_api_service, system_server_service, service_manager_type;
type inputflinger_service, system_api_service, system_server_service, service_manager_type;
-type wpantund_service, system_api_service, service_manager_type;
type tethering_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type emergency_affordance_service, system_server_service, service_manager_type;
@@ -301,6 +299,7 @@
type hal_secureclock_service, protected_service, hal_service_type, service_manager_type;
type hal_sharedsecret_service, protected_service, hal_service_type, service_manager_type;
type hal_system_suspend_service, protected_service, hal_service_type, service_manager_type;
+type hal_tv_input_service, protected_service, hal_service_type, service_manager_type;
type hal_tv_tuner_service, protected_service, hal_service_type, service_manager_type;
type hal_usb_service, protected_service, hal_service_type, service_manager_type;
type hal_uwb_service, protected_service, hal_service_type, service_manager_type;
diff --git a/public/wpantund.te b/public/wpantund.te
deleted file mode 100644
index 8ddd693..0000000
--- a/public/wpantund.te
+++ /dev/null
@@ -1,29 +0,0 @@
-type wpantund, domain;
-type wpantund_exec, system_file_type, exec_type, file_type;
-
-hal_client_domain(wpantund, hal_lowpan)
-net_domain(wpantund)
-
-binder_use(wpantund)
-binder_call(wpantund, system_server)
-
-# wpantund needs to be able to check in with the lowpan_service
-allow wpantund lowpan_service:service_manager find;
-
-# Allow wpantund to call any callbacks that have been registered with it.
-# Generally, only privileged apps are able to register callbacks with
-# wpantund, so we are limiting the scope for callbacks to only privileged
-# apps. We also add shell to allow the command-line utility `lowpanctl`
-# to work properly from `adb shell`.
-allow wpantund {priv_app shell}:binder call;
-
-# create sockets to set interfaces up and down, add multicast groups, etc.
-allow wpantund self:udp_socket create_socket_perms;
-
-# setting interface state up/down and changing MTU are privileged ioctls
-allowxperm wpantund self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFMTU };
-
-# Allow us to bring up a TUN network interface.
-allow wpantund tun_device:chr_file rw_file_perms;
-allow wpantund self:global_capability_class_set { net_admin net_raw };
-allow wpantund self:tun_socket create;
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 1cff892..24f0d51 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -92,6 +92,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.thermal@1\.[01]-service u:object_r:hal_thermal_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.cec@1\.[01]-service u:object_r:hal_tv_cec_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.input@1\.0-service u:object_r:hal_tv_input_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.input-service\.example u:object_r:hal_tv_input_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.tuner@1\.[01]-service u:object_r:hal_tv_tuner_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.tuner-service\.example(-lazy)? u:object_r:hal_tv_tuner_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.0-service u:object_r:hal_usb_default_exec:s0