Merge "Change Tethering package name"
diff --git a/apex/Android.bp b/apex/Android.bp
index 85d5b42..2196529 100644
--- a/apex/Android.bp
+++ b/apex/Android.bp
@@ -133,6 +133,13 @@
}
filegroup {
+ name: "com.android.telephony-file_contexts",
+ srcs: [
+ "com.android.telephony-file_contexts",
+ ],
+}
+
+filegroup {
name: "com.android.tzdata-file_contexts",
srcs: [
"com.android.tzdata-file_contexts",
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index 4bc2ee5..27dc3ae 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -26,7 +26,9 @@
hal_rebootescrow_service
hal_tv_tuner_hwservice
hal_vibrator_service
+ incfs
incremental_service
+ incremental_root_file
init_svc_debug_prop
iorap_prefetcherd
iorap_prefetcherd_data_file
diff --git a/private/file_contexts b/private/file_contexts
index 80f7f75..65d0e6f 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -481,6 +481,7 @@
/data/app-private/vmdl.*\.tmp(/.*)? u:object_r:apk_private_tmp_file:s0
/data/gsi(/.*)? u:object_r:gsi_data_file:s0
/data/gsi/ota(/.*)? u:object_r:ota_image_data_file:s0
+/data/incremental(/.*)? u:object_r:incremental_root_file:s0
/data/tombstones(/.*)? u:object_r:tombstone_data_file:s0
/data/vendor/tombstones/wifi(/.*)? u:object_r:tombstone_wifi_data_file:s0
/data/local/tmp(/.*)? u:object_r:shell_data_file:s0
diff --git a/private/genfs_contexts b/private/genfs_contexts
index e33031a..5b956da 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -304,3 +304,4 @@
genfscon usbfs / u:object_r:usbfs:s0
genfscon binfmt_misc / u:object_r:binfmt_miscfs:s0
genfscon bpf / u:object_r:fs_bpf:s0
+genfscon incremental-fs / u:object_r:incfs:s0
diff --git a/private/gmscore_app.te b/private/gmscore_app.te
index 372be7f..daca057 100644
--- a/private/gmscore_app.te
+++ b/private/gmscore_app.te
@@ -114,7 +114,20 @@
allow gmscore_app shell_data_file:file r_file_perms;
allow gmscore_app shell_data_file:dir r_dir_perms;
+# Write to /cache.
+allow gmscore_app { cache_file cache_recovery_file }:dir create_dir_perms;
+allow gmscore_app { cache_file cache_recovery_file }:file create_file_perms;
+# /cache is a symlink to /data/cache on some devices. Allow reading the link.
+allow gmscore_app cache_file:lnk_file r_file_perms;
+
# Write to /data/ota_package for OTA packages.
allow gmscore_app ota_package_file:dir rw_dir_perms;
allow gmscore_app ota_package_file:file create_file_perms;
+# Used by Finsky / Android "Verify Apps" functionality when
+# running "adb install foo.apk".
+allow gmscore_app shell_data_file:file r_file_perms;
+allow gmscore_app shell_data_file:dir r_dir_perms;
+
+# b/18504118: Allow reads from /data/anr/traces.txt
+allow gmscore_app anr_data_file:file r_file_perms;
diff --git a/private/priv_app.te b/private/priv_app.te
index 8a0a94f..e180b1d 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -80,6 +80,11 @@
# running "adb install foo.apk".
allow priv_app shell_data_file:file r_file_perms;
allow priv_app shell_data_file:dir r_dir_perms;
+# b/142672293: No other priv-app should need this allow rule now that GMS core runs in its own domain.
+userdebug_or_eng(`
+ auditallow priv_app shell_data_file:file r_file_perms;
+ auditallow priv_app shell_data_file:dir r_dir_perms;
+')
# Allow traceur to pass file descriptors through a content provider to betterbug
allow priv_app trace_data_file:file { getattr read };
@@ -90,6 +95,10 @@
# b/18504118: Allow reads from /data/anr/traces.txt
allow priv_app anr_data_file:file r_file_perms;
+# b/142672293: No other priv-app should need this allow rule now that GMS core runs in its own domain.
+userdebug_or_eng(`
+ auditallow priv_app anr_data_file:file r_file_perms;
+')
# For AppFuse.
allow priv_app vold:fd use;
diff --git a/public/file.te b/public/file.te
index 9041894..73ac226 100644
--- a/public/file.te
+++ b/public/file.te
@@ -141,6 +141,8 @@
type binfmt_miscfs, fs_type;
type app_fusefs, fs_type, contextmount_type;
+type incfs, fs_type;
+
# File types
type unlabeled, file_type;
@@ -303,6 +305,8 @@
type staging_data_file, file_type, data_file_type, core_data_file_type;
# /vendor/apex
type vendor_apex_file, vendor_file_type, file_type;
+# /data/incremental
+type incremental_root_file, file_type, data_file_type, core_data_file_type;
# Mount locations managed by vold
type mnt_media_rw_file, file_type;
diff --git a/vendor/hal_rebootescrow_default.te b/vendor/hal_rebootescrow_default.te
index c264e49..99fadde 100644
--- a/vendor/hal_rebootescrow_default.te
+++ b/vendor/hal_rebootescrow_default.te
@@ -3,3 +3,6 @@
type hal_rebootescrow_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_rebootescrow_default)
+
+type rebootescrow_device, dev_type;
+allow hal_rebootescrow_default rebootescrow_device:chr_file rw_file_perms;