Merge "Add shutdown_checkpoints rules for platform_app" into main
diff --git a/private/domain.te b/private/domain.te
index 7b448c3..8db40a5 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -532,12 +532,6 @@
# TODO(384942085): Reduce the scope.
allow domain kernel:key search;
-# For testing purposes, allow access to keys installed with su.
-# TODO(277916185): Remove since this shouldn't be needed anymore.
-userdebug_or_eng(`
- allow domain su:key search;
-')
-
# Allow access to linkerconfig file
allow domain linkerconfig_file:dir search;
allow domain linkerconfig_file:file r_file_perms;
diff --git a/private/mmd.te b/private/mmd.te
index 69f12fc..fec356e 100644
--- a/private/mmd.te
+++ b/private/mmd.te
@@ -6,7 +6,8 @@
init_daemon_domain(mmd)
# Set mmd.enabled_aconfig properties.
-set_prop(mmd, mmd_prop)
+set_prop(mmd, mmd_status_prop)
+get_prop(mmd, mmd_prop)
get_prop(mmd, device_config_mmd_native_prop)
# mmd binder setup
diff --git a/private/overlay_remounter.te b/private/overlay_remounter.te
index 766ed68..12f7b0d 100644
--- a/private/overlay_remounter.te
+++ b/private/overlay_remounter.te
@@ -36,5 +36,12 @@
vendor_file_type
system_file_type
adb_keys_file
+ }:chr_file unlink;
+
+ allow overlay_remounter {
+ system_dlkm_file_type
+ vendor_file_type
+ system_file_type
+ adb_keys_file
}:{ dir lnk_file } *;
')
diff --git a/private/property.te b/private/property.te
index dec43e1..f42ac47 100644
--- a/private/property.te
+++ b/private/property.te
@@ -36,7 +36,7 @@
system_internal_prop(localization_prop)
system_internal_prop(logd_auditrate_prop)
system_internal_prop(lower_kptr_restrict_prop)
-system_internal_prop(mmd_prop)
+system_internal_prop(mmd_status_prop)
system_internal_prop(net_464xlat_fromvendor_prop)
system_internal_prop(net_connectivity_prop)
system_internal_prop(netd_stable_secret_prop)
@@ -111,6 +111,8 @@
# Properties which should only be written by vendor_init
system_vendor_config_prop(avf_virtualizationservice_prop)
system_vendor_config_prop(high_barometer_quality_prop)
+system_vendor_config_prop(mmd_prop)
+system_vendor_config_prop(mmd_shared_prop)
system_vendor_config_prop(prefetch_boot_prop)
system_vendor_config_prop(widevine_sys_vendor_prop)
diff --git a/private/property_contexts b/private/property_contexts
index fa82e29..a43cfbe 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -718,6 +718,7 @@
bluetooth.core.le.connection_scan_window_slow u:object_r:bluetooth_config_prop:s0 exact uint
bluetooth.core.le.inquiry_scan_interval u:object_r:bluetooth_config_prop:s0 exact uint
bluetooth.core.le.inquiry_scan_window u:object_r:bluetooth_config_prop:s0 exact uint
+bluetooth.core.le.msft_vendor_opcode u:object_r:bluetooth_config_prop:s0 exact uint
bluetooth.core.le.vendor_capabilities.enabled u:object_r:bluetooth_config_prop:s0 exact bool
bluetooth.hfp.software_datapath.enabled u:object_r:bluetooth_config_prop:s0 exact bool
@@ -1818,4 +1819,5 @@
# Properties for mmd
mmd. u:object_r:mmd_prop:s0
-mmd.enabled_aconfig u:object_r:mmd_prop:s0 exact bool
+mmd.zram.enabled u:object_r:mmd_shared_prop:s0 exact bool
+mmd.enabled_aconfig u:object_r:mmd_status_prop:s0 exact bool
diff --git a/private/system_server.te b/private/system_server.te
index be486ac..92caa60 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -429,6 +429,9 @@
hal_sensors_server
hal_vibrator_server
hal_vr_server
+ hal_wifi_hostapd_server
+ hal_wifi_server
+ hal_wifi_supplicant_server
system_suspend_server
}:process { signal };
@@ -920,6 +923,9 @@
# Allow system server to determine if system services are enabled
get_prop(system_server, system_service_enable_prop)
+# Allow system server to read shared mmd properties
+get_prop(system_server, mmd_shared_prop)
+
# Create a socket for connections from debuggerd.
allow system_server system_ndebug_socket:sock_file create_file_perms;