Merge "Allow vndservicemanager to self-register." into rvc-dev
diff --git a/prebuilts/api/26.0/public/property.te b/prebuilts/api/26.0/public/property.te
index d6fa868..232872c 100644
--- a/prebuilts/api/26.0/public/property.te
+++ b/prebuilts/api/26.0/public/property.te
@@ -1,6 +1,7 @@
type asan_reboot_prop, property_type;
type audio_prop, property_type, core_property_type;
type boottime_prop, property_type;
+type boottime_public_prop, property_type;
type bluetooth_prop, property_type;
type config_prop, property_type, core_property_type;
type cppreopt_prop, property_type, core_property_type;
diff --git a/prebuilts/api/27.0/public/property.te b/prebuilts/api/27.0/public/property.te
index 95efcaa..2c716c5 100644
--- a/prebuilts/api/27.0/public/property.te
+++ b/prebuilts/api/27.0/public/property.te
@@ -1,5 +1,6 @@
type audio_prop, property_type, core_property_type;
type boottime_prop, property_type;
+type boottime_public_prop, property_type;
type bluetooth_prop, property_type;
type config_prop, property_type, core_property_type;
type cppreopt_prop, property_type, core_property_type;
diff --git a/prebuilts/api/28.0/public/property.te b/prebuilts/api/28.0/public/property.te
index b0397e9..a4f0d87 100644
--- a/prebuilts/api/28.0/public/property.te
+++ b/prebuilts/api/28.0/public/property.te
@@ -1,5 +1,6 @@
type audio_prop, property_type, core_property_type;
type boottime_prop, property_type;
+type boottime_public_prop, property_type;
type bluetooth_a2dp_offload_prop, property_type;
type bluetooth_prop, property_type;
type bootloader_boot_reason_prop, property_type;
diff --git a/prebuilts/api/29.0/public/property.te b/prebuilts/api/29.0/public/property.te
index cea50ac..4ccd8ac 100644
--- a/prebuilts/api/29.0/public/property.te
+++ b/prebuilts/api/29.0/public/property.te
@@ -1,6 +1,7 @@
type apexd_prop, property_type;
type audio_prop, property_type, core_property_type;
type boottime_prop, property_type;
+type boottime_public_prop, property_type;
type bluetooth_a2dp_offload_prop, property_type;
type bluetooth_audio_hal_prop, property_type;
type bluetooth_prop, property_type;
@@ -361,6 +362,7 @@
-bluetooth_prop
-bootloader_boot_reason_prop
-boottime_prop
+ -boottime_public_prop
-bpf_progs_loaded_prop
-config_prop
-cppreopt_prop
diff --git a/prebuilts/api/29.0/public/property_contexts b/prebuilts/api/29.0/public/property_contexts
index 9944ae9..865502e 100644
--- a/prebuilts/api/29.0/public/property_contexts
+++ b/prebuilts/api/29.0/public/property_contexts
@@ -215,6 +215,8 @@
ro.boot.bootdevice u:object_r:exported2_default_prop:s0 exact string
ro.boot.bootloader u:object_r:exported2_default_prop:s0 exact string
ro.boot.boottime u:object_r:exported2_default_prop:s0 exact string
+ro.boottime.init.mount.data u:object_r:boottime_public_prop:s0 exact string
+ro.boottime.init.fsck.data u:object_r:boottime_public_prop:s0 exact string
ro.boot.console u:object_r:exported2_default_prop:s0 exact string
ro.boot.hardware u:object_r:exported2_default_prop:s0 exact string
ro.boot.hardware.color u:object_r:exported2_default_prop:s0 exact string
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index e0123ae..b4d39bb 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -106,7 +106,6 @@
tv_tuner_resource_mgr_service
vendor_apex_file
vendor_boringssl_self_test
- vendor_incremental_module
vendor_install_recovery
vendor_install_recovery_exec
vendor_socket_hook_prop
diff --git a/private/file_contexts b/private/file_contexts
index 9da83a9..44f28f2 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -374,7 +374,6 @@
/(vendor|system/vendor)/apex(/[^/]+){0,2} u:object_r:vendor_apex_file:s0
/(vendor|system/vendor)/bin/misc_writer u:object_r:vendor_misc_writer_exec:s0
/(vendor|system/vendor)/bin/boringssl_self_test(32|64) u:object_r:vendor_boringssl_self_test_exec:s0
-(/vendor|system/vendor)/lib(64)?/modules/incrementalfs\.ko u:object_r:vendor_incremental_module:s0
# HAL location
/(vendor|system/vendor)/lib(64)?/hw u:object_r:vendor_hal_file:s0
diff --git a/public/domain.te b/public/domain.te
index ede2c96..c7f851d 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -996,6 +996,7 @@
-system_executes_vendor_violators
-traced_perf # library/binary access for symbolization
-ueventd # reads /vendor/ueventd.rc
+ -vold # loads incremental fs driver
} {
vendor_file_type
-same_process_hal_file
@@ -1009,7 +1010,6 @@
-vendor_overlay_file
-vendor_public_lib_file
-vendor_task_profiles_file
- -vendor_incremental_module
-vndk_sp_file
}:file *;
')
diff --git a/public/file.te b/public/file.te
index 1cc34f5..58386c1 100644
--- a/public/file.te
+++ b/public/file.te
@@ -210,8 +210,6 @@
# Type for all vendor public libraries. These libs should only be exposed to
# apps. ABI stability of these libs is vendor's responsibility.
type vendor_public_lib_file, vendor_file_type, file_type;
-# Default type for incremental file system driver
-type vendor_incremental_module, vendor_file_type, file_type;
# Input configuration
type vendor_keylayout_file, vendor_file_type, file_type;
diff --git a/public/property.te b/public/property.te
index 21e220d..d7c1f4e 100644
--- a/public/property.te
+++ b/public/property.te
@@ -67,6 +67,7 @@
# Properties used by binder caches
system_restricted_prop(binder_cache_bluetooth_server_prop)
system_restricted_prop(binder_cache_system_server_prop)
+system_restricted_prop(boottime_public_prop)
system_restricted_prop(bq_config_prop)
system_restricted_prop(module_sdkextensions_prop)
system_restricted_prop(nnapi_ext_deny_product_prop)
diff --git a/public/property_contexts b/public/property_contexts
index a81373f..5640aa4 100644
--- a/public/property_contexts
+++ b/public/property_contexts
@@ -234,6 +234,8 @@
ro.boot.bootdevice u:object_r:exported2_default_prop:s0 exact string
ro.boot.bootloader u:object_r:exported2_default_prop:s0 exact string
ro.boot.boottime u:object_r:exported2_default_prop:s0 exact string
+ro.boottime.init.mount.data u:object_r:boottime_public_prop:s0 exact string
+ro.boottime.init.fsck.data u:object_r:boottime_public_prop:s0 exact string
ro.boot.console u:object_r:exported2_default_prop:s0 exact string
ro.boot.hardware u:object_r:exported2_default_prop:s0 exact string
ro.boot.hardware.color u:object_r:exported2_default_prop:s0 exact string
diff --git a/public/vold.te b/public/vold.te
index e17113d..9391649 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -52,11 +52,6 @@
FS_IOC_REMOVE_ENCRYPTION_KEY
};
-# Allow to load incremental file system driver
-allow vold self:capability sys_module;
-allow vold vendor_incremental_module:file r_file_perms;
-allow vold vendor_incremental_module:system module_load;
-
# Only vold and init should ever set file-based encryption policies.
neverallowxperm {
domain
@@ -205,6 +200,7 @@
set_prop(vold, restorecon_prop)
set_prop(vold, ota_prop)
set_prop(vold, boottime_prop)
+set_prop(vold, boottime_public_prop)
# ASEC
allow vold asec_image_file:file create_file_perms;