Merge "move mediatranscoding type from public to private"
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 9605e34..4032646 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -51,6 +51,7 @@
device_config_reset_performed_prop
device_config_netd_native_prop
dnsresolver_service
+ drm_service_config_prop
exfat
exported2_config_prop
exported2_default_prop
@@ -121,6 +122,7 @@
lowpan_prop
lowpan_service
media_config_prop
+ mediadrm_config_prop
mediaextractor_update_service
mediaswcodec
mediaswcodec_exec
@@ -134,12 +136,14 @@
network_watchlist_data_file
network_watchlist_service
overlayfs_file
+ packagemanager_config_prop
perfetto
perfetto_exec
perfetto_tmpfs
perfetto_traces_data_file
property_info
provisioned_prop
+ recovery_config_prop
recovery_socket
retaildemo_prop
role_service
diff --git a/private/compat/30.0/30.0.cil b/private/compat/30.0/30.0.cil
index 8efa6cb..9810e2f 100644
--- a/private/compat/30.0/30.0.cil
+++ b/private/compat/30.0/30.0.cil
@@ -1359,9 +1359,13 @@
(typeattributeset exported3_default_prop_30_0
( exported3_default_prop
camera_config_prop
+ drm_service_config_prop
hdmi_config_prop
lmkd_config_prop
media_config_prop
+ mediadrm_config_prop
+ packagemanager_config_prop
+ recovery_config_prop
telephony_config_prop
zram_config_prop))
(typeattributeset exported3_radio_prop_30_0 (exported3_radio_prop))
diff --git a/private/drmserver.te b/private/drmserver.te
index afe4f0a..8449c3e 100644
--- a/private/drmserver.te
+++ b/private/drmserver.te
@@ -5,3 +5,5 @@
type_transition drmserver apk_data_file:sock_file drmserver_socket;
typeattribute drmserver_socket coredomain_socket;
+
+get_prop(drmserver, drm_service_config_prop)
diff --git a/private/mediaprovider_app.te b/private/mediaprovider_app.te
index 6cf9dba..fcc8734 100644
--- a/private/mediaprovider_app.te
+++ b/private/mediaprovider_app.te
@@ -50,3 +50,5 @@
#Allow MediaProvider to see if sdcardfs is in use
get_prop(mediaprovider_app, storage_config_prop)
+
+get_prop(mediaprovider_app, drm_service_config_prop)
diff --git a/private/mediaserver.te b/private/mediaserver.te
index fa2fc08..7fb8029 100644
--- a/private/mediaserver.te
+++ b/private/mediaserver.te
@@ -13,4 +13,5 @@
set_prop(mediaserver, audio_prop)
+get_prop(mediaserver, drm_service_config_prop)
get_prop(mediaserver, media_config_prop)
diff --git a/private/mediatranscoding.te b/private/mediatranscoding.te
index 1a8e25f..3534dfa 100644
--- a/private/mediatranscoding.te
+++ b/private/mediatranscoding.te
@@ -31,6 +31,7 @@
allow mediatranscoding sdcardfs:file { getattr read write };
allow mediatranscoding media_rw_data_file:file { getattr read write };
allow mediatranscoding apk_data_file:file { getattr read };
+allow mediatranscoding app_data_file:file { getattr read write };
allow mediatranscoding shell_data_file:file { getattr read write };
# mediatranscoding should never execute any executable without a
diff --git a/private/property.te b/private/property.te
index 1aa4ddf..eb09f4f 100644
--- a/private/property.te
+++ b/private/property.te
@@ -406,3 +406,11 @@
} {
graphics_config_prop
}:property_service set;
+
+neverallow {
+ -init
+ -dumpstate
+ -system_server
+ -vendor_init
+ -zygote
+} packagemanager_config_prop:file no_rw_file_perms;
diff --git a/private/property_contexts b/private/property_contexts
index 41eb3c8..1050aeb 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -339,8 +339,6 @@
persist.sys.dalvik.vm.lib.2 u:object_r:dalvik_runtime_prop:s0 exact string
-drm.service.enabled u:object_r:exported3_default_prop:s0 exact bool
-
keyguard.no_require_sim u:object_r:exported3_default_prop:s0 exact bool
media.recorder.show_manufacturer_and_model u:object_r:exported3_default_prop:s0 exact bool
@@ -396,9 +394,8 @@
ro.config.per_app_memcg u:object_r:exported3_default_prop:s0 exact bool
-ro.control_privapp_permissions u:object_r:exported3_default_prop:s0 exact string
-
-ro.cp_system_other_odex u:object_r:exported3_default_prop:s0 exact int
+ro.control_privapp_permissions u:object_r:packagemanager_config_prop:s0 exact enum disable enforce log
+ro.cp_system_other_odex u:object_r:packagemanager_config_prop:s0 exact bool
ro.crypto.allow_encrypt_override u:object_r:vold_config_prop:s0 exact bool
ro.crypto.dm_default_key.options_format.version u:object_r:vold_config_prop:s0 exact int
@@ -445,9 +442,9 @@
ro.media.xml_variant.codecs_performance u:object_r:media_variant_prop:s0 exact string
ro.media.xml_variant.profiles u:object_r:media_variant_prop:s0 exact string
-ro.minui.default_rotation u:object_r:exported3_default_prop:s0 exact string
-ro.minui.overscan_percent u:object_r:exported3_default_prop:s0 exact int
-ro.minui.pixel_format u:object_r:exported3_default_prop:s0 exact string
+ro.minui.default_rotation u:object_r:recovery_config_prop:s0 exact string
+ro.minui.overscan_percent u:object_r:recovery_config_prop:s0 exact int
+ro.minui.pixel_format u:object_r:recovery_config_prop:s0 exact string
ro.oem_unlock_supported u:object_r:exported3_default_prop:s0 exact int
@@ -521,7 +518,10 @@
build.version.extensions. u:object_r:module_sdkextensions_prop:s0 prefix int
-drm.64bit.enabled u:object_r:exported2_default_prop:s0 exact bool
+drm.64bit.enabled u:object_r:mediadrm_config_prop:s0 exact bool
+media.mediadrmservice.enable u:object_r:mediadrm_config_prop:s0 exact bool
+
+drm.service.enabled u:object_r:drm_service_config_prop:s0 exact bool
dumpstate.dry_run u:object_r:exported_dumpstate_prop:s0 exact bool
dumpstate.unroot u:object_r:exported_dumpstate_prop:s0 exact bool
@@ -664,8 +664,6 @@
aaudio.mmap_policy u:object_r:exported_default_prop:s0 exact int
aaudio.wakeup_delay_usec u:object_r:exported_default_prop:s0 exact int
-media.mediadrmservice.enable u:object_r:exported_default_prop:s0 exact bool
-
persist.rcs.supported u:object_r:exported_default_prop:s0 exact int
ro.bionic.2nd_arch u:object_r:cpu_variant_prop:s0 exact string
diff --git a/private/recovery.te b/private/recovery.te
index 47547e3..207dfb6 100644
--- a/private/recovery.te
+++ b/private/recovery.te
@@ -33,4 +33,6 @@
# Set fastbootd protocol property
set_prop(recovery, fastbootd_protocol_prop)
+
+ get_prop(recovery, recovery_config_prop)
')
diff --git a/private/system_server.te b/private/system_server.te
index 88e7228..7fe6f0b 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -694,6 +694,9 @@
# Read/write persist.sys.dalvik.vm.lib.2
set_prop(system_server, dalvik_runtime_prop)
+# Read ro.control_privapp_permissions and ro.cp_system_other_odex
+get_prop(system_server, packagemanager_config_prop)
+
# Create a socket for connections from debuggerd.
allow system_server system_ndebug_socket:sock_file create_file_perms;
diff --git a/private/zygote.te b/private/zygote.te
index b1e2378..07154b0 100644
--- a/private/zygote.te
+++ b/private/zygote.te
@@ -200,6 +200,9 @@
# Allow zygote to access media_variant_prop for static initialization
get_prop(zygote, media_variant_prop)
+# Allow zygote to read ro.control_privapp_permissions and ro.cp_system_other_odex
+get_prop(zygote, packagemanager_config_prop)
+
# Allow zygote to read /apex/apex-info-list.xml
allow zygote apex_info_file:file r_file_perms;
diff --git a/public/domain.te b/public/domain.te
index 4d5a394..d4fbc62 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -108,6 +108,7 @@
get_prop(domain, init_service_status_prop)
get_prop(domain, libc_debug_prop)
get_prop(domain, logd_prop)
+get_prop(domain, mediadrm_config_prop)
get_prop(domain, socket_hook_prop)
get_prop(domain, surfaceflinger_prop)
get_prop(domain, telephony_status_prop)
diff --git a/public/property.te b/public/property.te
index 0fe8e91..704c58d 100644
--- a/public/property.te
+++ b/public/property.te
@@ -109,6 +109,7 @@
system_vendor_config_prop(camera_config_prop)
system_vendor_config_prop(cpu_variant_prop)
system_vendor_config_prop(dalvik_config_prop)
+system_vendor_config_prop(drm_service_config_prop)
system_vendor_config_prop(exported_camera_prop)
system_vendor_config_prop(exported_config_prop)
system_vendor_config_prop(exported_default_prop)
@@ -120,6 +121,9 @@
system_vendor_config_prop(lmkd_config_prop)
system_vendor_config_prop(media_config_prop)
system_vendor_config_prop(media_variant_prop)
+system_vendor_config_prop(mediadrm_config_prop)
+system_vendor_config_prop(packagemanager_config_prop)
+system_vendor_config_prop(recovery_config_prop)
system_vendor_config_prop(storage_config_prop)
system_vendor_config_prop(surfaceflinger_prop)
system_vendor_config_prop(systemsound_config_prop)