Merge changes Ie0396d59,I75b2bade
* changes:
Allow apexd to configure /sys/block/dm-
Allow the kernel to access apexd file descriptors.
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 1a8c536..3dfbe3e 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -28,8 +28,6 @@
bpfloader
bpfloader_exec
broadcastradio_service
- ;; TODO(b/116344577): remove after the issue is resolved
- buffer_hub_service
cgroup_bpf
color_display_service
crossprofileapps_service
@@ -96,6 +94,7 @@
heapprofd_socket
incident_helper
incident_helper_exec
+ intelligence_service
iorapd
iorapd_data_file
iorapd_exec
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 4e42041..b2c619c 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -26,8 +26,6 @@
bluetooth_a2dp_offload_prop
bpfloader
bpfloader_exec
- ;; TODO(b/116344577): remove after the issue is resolved
- buffer_hub_service
cgroup_bpf
color_display_service
crossprofileapps_service
@@ -87,6 +85,7 @@
heapprofd_socket
incident_helper
incident_helper_exec
+ intelligence_service
iorapd
iorapd_data_file
iorapd_exec
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 25e95c7..7e1993c 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -17,9 +17,8 @@
apexd_prop
apexd_tmpfs
biometric_service
- ;; TODO(b/116344577): remove after the issue is resolved
- buffer_hub_service
device_config_boot_count_prop
+ face_service
fastbootd
flags_health_check
flags_health_check_exec
@@ -34,6 +33,8 @@
heapprofd
heapprofd_exec
heapprofd_socket
+ intelligence_service
+ iris_service
llkd
llkd_exec
llkd_prop
diff --git a/private/file_contexts b/private/file_contexts
index ae20f5d..0f5dad3 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -68,8 +68,6 @@
# Devices
#
/dev(/.*)? u:object_r:device:s0
-/dev/akm8973.* u:object_r:sensors_device:s0
-/dev/accelerometer u:object_r:sensors_device:s0
/dev/adf[0-9]* u:object_r:graphics_device:s0
/dev/adf-interface[0-9]*\.[0-9]* u:object_r:graphics_device:s0
/dev/adf-overlay-engine[0-9]*\.[0-9]* u:object_r:graphics_device:s0
diff --git a/private/service_contexts b/private/service_contexts
index c2a4ca1..458c43a 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -56,6 +56,7 @@
euicc_card_controller u:object_r:radio_service:s0
lowpan u:object_r:lowpan_service:s0
ethernet u:object_r:ethernet_service:s0
+face u:object_r:face_service:s0
fingerprint u:object_r:fingerprint_service:s0
font u:object_r:font_service:s0
android.hardware.fingerprint.IFingerprintDaemon u:object_r:fingerprintd_service:s0
@@ -77,7 +78,9 @@
iphonesubinfo u:object_r:radio_service:s0
ims u:object_r:radio_service:s0
imms u:object_r:imms_service:s0
+intelligence u:object_r:intelligence_service:s0
ipsec u:object_r:ipsec_service:s0
+iris u:object_r:iris_service:s0
isms_msim u:object_r:radio_service:s0
isms2 u:object_r:radio_service:s0
isms u:object_r:radio_service:s0
diff --git a/public/clatd.te b/public/clatd.te
index 5c9d724..7d3d40e 100644
--- a/public/clatd.te
+++ b/public/clatd.te
@@ -34,3 +34,4 @@
allow clatd self:netlink_route_socket nlmsg_write;
allow clatd self:{ packet_socket rawip_socket tun_socket } create_socket_perms_no_ioctl;
allow clatd tun_device:chr_file rw_file_perms;
+allowxperm clatd tun_device:chr_file ioctl { TUNGETIFF TUNSETIFF };
diff --git a/public/domain.te b/public/domain.te
index 0244b7a..b17893b 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -1063,7 +1063,6 @@
-vendor_init
} {
system_file_type
- -system_file # TODO(b/111243627): remove once Treble violations are fixed.
-system_lib_file
-system_linker_exec
-crash_dump_exec
@@ -1141,7 +1140,6 @@
-vendor_init
} {
system_file_type
- -system_file # TODO(b/111243627): remove once Treble violations are fixed.
-crash_dump_exec
-file_contexts_file
-netutils_wrapper_exec
diff --git a/public/service.te b/public/service.te
index 10222eb..0ea7638 100644
--- a/public/service.te
+++ b/public/service.te
@@ -87,16 +87,19 @@
type lowpan_service, system_api_service, system_server_service, service_manager_type;
type ethernet_service, app_api_service, system_server_service, service_manager_type;
type biometric_service, app_api_service, system_server_service, service_manager_type;
+type face_service, app_api_service, system_server_service, service_manager_type;
type fingerprint_service, app_api_service, system_server_service, service_manager_type;
type gfxinfo_service, system_api_service, system_server_service, service_manager_type;
type graphicsstats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type hardware_service, system_server_service, service_manager_type;
type hardware_properties_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type hdmi_control_service, system_api_service, system_server_service, service_manager_type;
+type imms_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type input_method_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type input_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
-type imms_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type intelligence_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type ipsec_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type iris_service, app_api_service, system_server_service, service_manager_type;
type jobscheduler_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type launcherapps_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type location_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;