Merge "/odm is another vendor partition other than /vendor" into pi-dev
diff --git a/Android.mk b/Android.mk
index 9f101e2..ccddace 100644
--- a/Android.mk
+++ b/Android.mk
@@ -259,6 +259,7 @@
sepolicy_policy.conf := $(intermediates)/policy.conf
$(sepolicy_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
$(sepolicy_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
+$(sepolicy_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := user
$(sepolicy_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
$(sepolicy_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
$(sepolicy_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
@@ -291,6 +292,7 @@
reqd_policy_mask.conf := $(intermediates)/reqd_policy_mask.conf
$(reqd_policy_mask.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
$(reqd_policy_mask.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
+$(reqd_policy_mask.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
$(reqd_policy_mask.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
$(reqd_policy_mask.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
$(reqd_policy_mask.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
@@ -318,6 +320,7 @@
plat_pub_policy.conf := $(intermediates)/plat_pub_policy.conf
$(plat_pub_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
$(plat_pub_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
+$(plat_pub_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
$(plat_pub_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
$(plat_pub_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
$(plat_pub_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
@@ -367,6 +370,7 @@
plat_policy.conf := $(intermediates)/plat_policy.conf
$(plat_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
$(plat_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
+$(plat_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
$(plat_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
$(plat_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
$(plat_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
@@ -518,6 +522,7 @@
vendor_policy.conf := $(intermediates)/vendor_policy.conf
$(vendor_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
$(vendor_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
+$(vendor_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
$(vendor_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
$(vendor_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
$(vendor_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
@@ -642,6 +647,7 @@
sepolicy.recovery.conf := $(intermediates)/sepolicy.recovery.conf
$(sepolicy.recovery.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
$(sepolicy.recovery.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
+$(sepolicy.recovery.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
$(sepolicy.recovery.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
$(sepolicy.recovery.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
$(sepolicy.recovery.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
@@ -687,6 +693,7 @@
$(LOCAL_BUILT_MODULE): PRIVATE_MLS_SENS := $(MLS_SENS)
$(LOCAL_BUILT_MODULE): PRIVATE_MLS_CATS := $(MLS_CATS)
+$(LOCAL_BUILT_MODULE): PRIVATE_TARGET_BUILD_VARIANT := user
$(LOCAL_BUILT_MODULE): PRIVATE_TGT_ARCH := $(my_target_arch)
$(LOCAL_BUILT_MODULE): PRIVATE_WITH_ASAN := false
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY_SPLIT := cts
@@ -1301,6 +1308,7 @@
base_plat_policy.conf := $(intermediates)/base_plat_policy.conf
$(base_plat_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
$(base_plat_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
+$(base_plat_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
$(base_plat_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
$(base_plat_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
$(base_plat_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
diff --git a/definitions.mk b/definitions.mk
index 8a8c9c6..4b9e098 100644
--- a/definitions.mk
+++ b/definitions.mk
@@ -4,7 +4,7 @@
@mkdir -p $(dir $@)
$(hide) m4 $(PRIVATE_ADDITIONAL_M4DEFS) \
-D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \
- -D target_build_variant=$(TARGET_BUILD_VARIANT) \
+ -D target_build_variant=$(PRIVATE_TARGET_BUILD_VARIANT) \
-D target_with_dexpreopt=$(WITH_DEXPREOPT) \
-D target_arch=$(PRIVATE_TGT_ARCH) \
-D target_with_asan=$(PRIVATE_TGT_WITH_ASAN) \
diff --git a/private/bug_map b/private/bug_map
index 1ff1ffe..9bc5154 100644
--- a/private/bug_map
+++ b/private/bug_map
@@ -3,6 +3,7 @@
crash_dump resourcecache_data_file dir 68319037
crash_dump system_data_file file 68319037
crash_dump vendor_overlay_file dir 68319037
+platform_app nfc_data_file dir 74331887
priv_app sysfs dir 72749888
priv_app sysfs_android_usb file 72749888
priv_app system_data_file dir 72811052
@@ -10,4 +11,3 @@
untrusted_app_25 system_data_file dir 72550646
untrusted_app_27 system_data_file dir 72550646
usbd usbd capability 72472544
-vold system_data_file file 62140539
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index be8e750..f293d08 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -67,6 +67,7 @@
perfprofd_service
property_info
secure_element
+ secure_element_device
secure_element_tmpfs
secure_element_service
slice_service
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index d7bac8d..ed6f8bf 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -54,6 +54,7 @@
perfprofd_service
property_info
secure_element
+ secure_element_device
secure_element_service
secure_element_tmpfs
slice_service
diff --git a/private/incidentd.te b/private/incidentd.te
index a887a61..824dece 100644
--- a/private/incidentd.te
+++ b/private/incidentd.te
@@ -31,6 +31,9 @@
# section id 2004, allow reading /sys/devices/system/cpu/cpufreq/all_time_in_state
allow incidentd sysfs_devices_system_cpu:file r_file_perms;
+# section id 2005, allow reading ps dump in full
+allow incidentd domain:process getattr;
+
# section id 2006, allow reading /sys/class/power_supply/bms/battery_type
allow incidentd sysfs_batteryinfo:dir { search };
allow incidentd sysfs_batteryinfo:file r_file_perms;
@@ -42,6 +45,11 @@
# Get process attributes
# TODO allow incidentd domain:process getattr;
+# Read files in /proc
+allow incidentd {
+ proc_stat
+}:file r_file_perms;
+
# Signal java processes to dump their stack and get the results
# TODO allow incidentd { appdomain ephemeral_app system_server }:process signal;
# TODO allow incidentd anr_data_file:dir create_dir_perms;
diff --git a/public/device.te b/public/device.te
index 43c89ab..231c839 100644
--- a/public/device.te
+++ b/public/device.te
@@ -39,6 +39,7 @@
type kmsg_debug_device, dev_type;
type null_device, dev_type, mlstrustedobject;
type random_device, dev_type, mlstrustedobject;
+type secure_element_device, dev_type;
type sensors_device, dev_type;
type serial_device, dev_type;
type socket_device, dev_type;
diff --git a/public/property_contexts b/public/property_contexts
index 55fad2e..a58c948 100644
--- a/public/property_contexts
+++ b/public/property_contexts
@@ -67,7 +67,6 @@
persist.dbg.volte_avail_ovr u:object_r:exported3_default_prop:s0 exact int
persist.dbg.vt_avail_ovr u:object_r:exported3_default_prop:s0 exact int
persist.dbg.wfc_avail_ovr u:object_r:exported3_default_prop:s0 exact int
-persist.rcs.supported u:object_r:exported3_default_prop:s0 exact int
persist.sys.dalvik.vm.lib.2 u:object_r:exported2_system_prop:s0 exact string
persist.sys.sf.color_saturation u:object_r:exported2_system_prop:s0 exact string
pm.dexopt.ab-ota u:object_r:exported_pm_prop:s0 exact string
@@ -201,6 +200,7 @@
aaudio.wakeup_delay_usec u:object_r:exported_default_prop:s0 exact int
gsm.sim.operator.numeric u:object_r:exported_radio_prop:s0 exact string
media.mediadrmservice.enable u:object_r:exported_default_prop:s0 exact bool
+persist.rcs.supported u:object_r:exported_default_prop:s0 exact int
rcs.publish.status u:object_r:exported_radio_prop:s0 exact string
ro.board.platform u:object_r:exported_default_prop:s0 exact string
ro.boot.fake_battery u:object_r:exported_default_prop:s0 exact int
diff --git a/treble_sepolicy_tests_for_release.mk b/treble_sepolicy_tests_for_release.mk
index 22d9c46..ac8c808 100644
--- a/treble_sepolicy_tests_for_release.mk
+++ b/treble_sepolicy_tests_for_release.mk
@@ -19,6 +19,7 @@
$(version)_plat_policy.conf := $(intermediates)/$(version)_plat_policy.conf
$($(version)_plat_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
$($(version)_plat_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
+$($(version)_plat_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
$($(version)_plat_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
$($(version)_plat_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
$($(version)_plat_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
diff --git a/vendor/hal_secure_element_default.te b/vendor/hal_secure_element_default.te
index 86fe0b9..b1a94a1 100644
--- a/vendor/hal_secure_element_default.te
+++ b/vendor/hal_secure_element_default.te
@@ -2,4 +2,6 @@
hal_server_domain(hal_secure_element_default, hal_secure_element)
type hal_secure_element_default_exec, exec_type, vendor_file_type, file_type;
+allow hal_secure_element_default secure_element_device:chr_file rw_file_perms;
+
init_daemon_domain(hal_secure_element_default)
diff --git a/vendor/hal_wifi_hostapd_default.te b/vendor/hal_wifi_hostapd_default.te
index 5a3bbb6..1e0dcb8 100644
--- a/vendor/hal_wifi_hostapd_default.te
+++ b/vendor/hal_wifi_hostapd_default.te
@@ -7,5 +7,6 @@
net_domain(hal_wifi_hostapd_default)
# Allow hostapd to access it's data folder
-allow hal_wifi_hostapd_default hostapd_data_file:dir rw_dir_perms;
+allow hal_wifi_hostapd_default hostapd_data_file:dir create_dir_perms;
allow hal_wifi_hostapd_default hostapd_data_file:file create_file_perms;
+allow hal_wifi_hostapd_default hostapd_data_file:sock_file create_file_perms;