Merge "Remove code about mixed sepolicy build" into main
diff --git a/private/file_contexts b/private/file_contexts
index 11e4922..9d12ab4 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -256,7 +256,6 @@
/system/bin/app_process32 u:object_r:zygote_exec:s0
/system/bin/app_process64 u:object_r:zygote_exec:s0
/system/bin/servicemanager u:object_r:servicemanager_exec:s0
-/system/bin/hwservicemanager u:object_r:hwservicemanager_exec:s0
/system/bin/surfaceflinger u:object_r:surfaceflinger_exec:s0
/system/bin/gpuservice u:object_r:gpuservice_exec:s0
/system/bin/bufferhubd u:object_r:bufferhubd_exec:s0
@@ -342,7 +341,6 @@
/system/bin/storaged u:object_r:storaged_exec:s0
/system/bin/virtual_touchpad u:object_r:virtual_touchpad_exec:s0
/system/bin/hw/android\.frameworks\.bufferhub@1\.0-service u:object_r:fwk_bufferhub_exec:s0
-/system/bin/hw/android\.hidl\.allocator@1\.0-service u:object_r:hal_allocator_default_exec:s0
/system/bin/hw/android\.system\.suspend-service u:object_r:system_suspend_exec:s0
/system/etc/cgroups\.json u:object_r:cgroup_desc_file:s0
/system/etc/task_profiles/cgroups_[0-9]+\.json u:object_r:cgroup_desc_api_file:s0
@@ -497,6 +495,9 @@
/(system_ext|system/system_ext)/bin/aidl_lazy_cb_test_server u:object_r:aidl_lazy_test_server_exec:s0
/(system_ext|system/system_ext)/bin/hidl_lazy_test_server u:object_r:hidl_lazy_test_server_exec:s0
/(system_ext|system/system_ext)/bin/hidl_lazy_cb_test_server u:object_r:hidl_lazy_test_server_exec:s0
+/(system_ext|system/system_ext)/bin/hwservicemanager u:object_r:hwservicemanager_exec:s0
+/(system_ext|system/system_ext)/bin/hw/android\.hidl\.allocator@1\.0-service u:object_r:hal_allocator_default_exec:s0
+
/(system_ext|system/system_ext)/bin/canhalconfigurator(-aidl)? u:object_r:canhalconfigurator_exec:s0
diff --git a/private/property.te b/private/property.te
index 892c94e..def39f0 100644
--- a/private/property.te
+++ b/private/property.te
@@ -52,6 +52,7 @@
system_internal_prop(ctl_odsign_prop)
system_internal_prop(virtualizationservice_prop)
system_internal_prop(ctl_apex_load_prop)
+system_internal_prop(enable_16k_pages_prop)
system_internal_prop(sensors_config_prop)
diff --git a/private/property_contexts b/private/property_contexts
index a7f6732..1f4e95f 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -945,6 +945,10 @@
ro.actionable_compatible_property.enabled u:object_r:build_prop:s0 exact bool
+
+# Property for enabling 16k pages developer option.
+ro.product.build.16k_page.enabled u:object_r:enable_16k_pages_prop:s0 exact bool
+
ro.debuggable u:object_r:userdebug_or_eng_prop:s0 exact bool
ro.force.debuggable u:object_r:build_prop:s0 exact bool
diff --git a/private/system_app.te b/private/system_app.te
index e2bec30..d0d88e9 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -66,6 +66,9 @@
# Allow developer settings to query gsid status
get_prop(system_app, gsid_prop)
+# Allow developer settings to check 16k pages boot option status
+get_prop(system_app, enable_16k_pages_prop)
+
# Create /data/anr/traces.txt.
allow system_app anr_data_file:dir ra_dir_perms;
allow system_app anr_data_file:file create_file_perms;
diff --git a/private/traceur_app.te b/private/traceur_app.te
index 2937e26..a743917 100644
--- a/private/traceur_app.te
+++ b/private/traceur_app.te
@@ -10,6 +10,8 @@
allow traceur_app trace_data_file:file create_file_perms;
allow traceur_app trace_data_file:dir rw_dir_perms;
+allow traceur_app wm_trace_data_file:dir rw_dir_perms;
+allow traceur_app wm_trace_data_file:file { getattr r_file_perms unlink };
allow traceur_app atrace_exec:file rx_file_perms;
# To exec the perfetto cmdline client and pass it the trace config on
diff --git a/public/logpersist.te b/public/logpersist.te
index 6c1c404..f2e856b 100644
--- a/public/logpersist.te
+++ b/public/logpersist.te
@@ -28,3 +28,8 @@
# -system_app # Smith.apk
# } logpersist:process transition;
neverallow * logpersist:process dyntransition;
+
+allowxperm logpersist misc_logd_file:file ioctl {
+ F2FS_IOC_RELEASE_COMPRESS_BLOCKS
+ FS_IOC_SETFLAGS
+};