Merge "Add new vibrator control service to system_server" into main
diff --git a/build/soong/selinux_contexts.go b/build/soong/selinux_contexts.go
index b053c7a..de7355c 100644
--- a/build/soong/selinux_contexts.go
+++ b/build/soong/selinux_contexts.go
@@ -289,8 +289,8 @@
}
func (m *selinuxContextsModule) buildFileContexts(ctx android.ModuleContext, inputs android.Paths) android.Path {
- if m.properties.Fc_sort == nil {
- m.properties.Fc_sort = proptools.BoolPtr(true)
+ if m.properties.Remove_comment == nil {
+ m.properties.Remove_comment = proptools.BoolPtr(true)
}
return m.buildGeneralContexts(ctx, inputs)
}
diff --git a/contexts/Android.bp b/contexts/Android.bp
index ca51847..914232a 100644
--- a/contexts/Android.bp
+++ b/contexts/Android.bp
@@ -103,6 +103,7 @@
":file_contexts_files{.vendor}",
],
soc_specific: true,
+ fc_sort: true,
}
file_contexts {
@@ -113,6 +114,7 @@
],
stem: "vendor_file_contexts",
recovery: true,
+ fc_sort: true,
}
file_contexts {
@@ -145,6 +147,7 @@
name: "odm_file_contexts",
srcs: [":file_contexts_files{.odm}"],
device_specific: true,
+ fc_sort: true,
}
file_contexts {
@@ -152,6 +155,7 @@
srcs: [":file_contexts_files{.odm}"],
stem: "odm_file_contexts",
recovery: true,
+ fc_sort: true,
}
hwservice_contexts {
diff --git a/private/access_vectors b/private/access_vectors
index adb3a61..32d73dd 100644
--- a/private/access_vectors
+++ b/private/access_vectors
@@ -726,6 +726,7 @@
early_boot_ended
get_attestation_key
get_auth_token
+ get_last_auth_time
get_state
list
lock
diff --git a/private/bug_map b/private/bug_map
index f35fbca..53cb8b1 100644
--- a/private/bug_map
+++ b/private/bug_map
@@ -20,6 +20,7 @@
mediaprovider mnt_media_rw_file dir b/77925342
mediaprovider shell_data_file dir b/77925342
mediaswcodec ashmem_device chr_file b/142679232
+platform_app device_config_media_native_prop file b/308043377
platform_app nfc_data_file dir b/74331887
platform_app system_data_file dir b/306090533
system_server overlayfs_file file b/142390309
@@ -30,4 +31,4 @@
untrusted_app untrusted_app netlink_route_socket b/155595000
vold system_data_file file b/124108085
zygote untrusted_app_25 process b/77925912
-zygote labeledfs filesystem b/170748799
+zygote labeledfs filesystem b/170748799
\ No newline at end of file
diff --git a/private/compat/34.0/34.0.ignore.cil b/private/compat/34.0/34.0.ignore.cil
index d3580ba..d98d69e 100644
--- a/private/compat/34.0/34.0.ignore.cil
+++ b/private/compat/34.0/34.0.ignore.cil
@@ -24,4 +24,5 @@
virtual_device_native_service
next_boot_prop
binderfs_logs_stats
+ drm_forcel3_prop
))
diff --git a/private/property_contexts b/private/property_contexts
index 6c81c03..69e4ec2 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -827,6 +827,7 @@
drm.64bit.enabled u:object_r:mediadrm_config_prop:s0 exact bool
media.mediadrmservice.enable u:object_r:mediadrm_config_prop:s0 exact bool
+persist.drm.forcel3.enabled u:object_r:drm_forcel3_prop:s0 exact bool
drm.service.enabled u:object_r:drm_service_config_prop:s0 exact bool
diff --git a/private/system_app.te b/private/system_app.te
index 4f344cc..06b0feb 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -52,6 +52,7 @@
set_prop(system_app, usb_control_prop)
set_prop(system_app, usb_prop)
set_prop(system_app, log_tag_prop)
+set_prop(system_app, drm_forcel3_prop)
userdebug_or_eng(`set_prop(system_app, logpersistd_logging_prop)')
auditallow system_app net_radio_prop:property_service set;
auditallow system_app usb_control_prop:property_service set;
diff --git a/private/system_server.te b/private/system_server.te
index 8a294e3..3d49a65 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -983,6 +983,7 @@
change_user
clear_ns
clear_uid
+ get_last_auth_time
lock
pull_metrics
reset
diff --git a/public/hal_drm.te b/public/hal_drm.te
index 34ca0b2..0ee0c5f 100644
--- a/public/hal_drm.te
+++ b/public/hal_drm.te
@@ -13,6 +13,8 @@
# Permit reading device's serial number from system properties
get_prop(hal_drm_server, serialno_prop)
+# Permit reading force L3 system property
+get_prop(hal_drm_server, drm_forcel3_prop)
# Read files already opened under /data
allow hal_drm system_data_file:file { getattr read };
diff --git a/public/property.te b/public/property.te
index 67463a5..1a5b105 100644
--- a/public/property.te
+++ b/public/property.te
@@ -75,6 +75,7 @@
system_restricted_prop(device_config_surface_flinger_native_boot_prop)
system_restricted_prop(device_config_vendor_system_native_prop)
system_restricted_prop(device_config_vendor_system_native_boot_prop)
+system_restricted_prop(drm_forcel3_prop)
system_restricted_prop(fingerprint_prop)
system_restricted_prop(gwp_asan_prop)
system_restricted_prop(hal_instrumentation_prop)
@@ -103,7 +104,6 @@
system_restricted_prop(vold_status_prop)
system_restricted_prop(vts_status_prop)
-
compatible_property_only(`
# DO NOT ADD ANY PROPERTIES HERE
system_restricted_prop(config_prop)