Merge "Move aac_drc props to aac_drc_prop" am: a00b1ea2db am: b9688d505d Change-Id: I76ba555e6d1e41e06c68088b59f5bd97a1aa809e

commit: 7a4adba63b86b607fead1bdc65ad5f9722288568 [log] [tgz]
author: Treehugger Robot <treehugger-gerrit@google.com> Tue May 12 05:16:46 2020 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Tue May 12 05:16:46 2020 +0000
tree: eb90719267a543aee50c8615fea0037f20075d6c
parent: 756676deefe0427d4be8baa2e204332aa198a380 [diff]
parent: b9688d505db8677086c2b6aef265a86f37c2517d [diff]
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index d99405f..e6b9f4f 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil

@@ -5,6 +5,7 @@
 (typeattribute new_objects)
 (typeattributeset new_objects
   ( new_objects
+    aac_drc_prop
     activity_task_service
     adb_service
     app_binding_service

diff --git a/private/compat/30.0/30.0.cil b/private/compat/30.0/30.0.cil
index b7a8eab..766518b 100644
--- a/private/compat/30.0/30.0.cil
+++ b/private/compat/30.0/30.0.cil

@@ -1339,7 +1339,10 @@
 (typeattributeset ethernet_service_30_0 (ethernet_service))
 (typeattributeset exfat_30_0 (exfat))
 (typeattributeset exported2_config_prop_30_0 (exported2_config_prop systemsound_config_prop))
-(typeattributeset exported2_default_prop_30_0 (exported2_default_prop libc_debug_prop))
+(typeattributeset exported2_default_prop_30_0
+  ( exported2_default_prop
+    aac_drc_prop
+    libc_debug_prop))
 (typeattributeset exported2_radio_prop_30_0 (exported2_radio_prop))
 (typeattributeset exported2_system_prop_30_0
   ( exported2_system_prop

diff --git a/private/property_contexts b/private/property_contexts
index af7879e..9fdcb1a 100644
--- a/private/property_contexts
+++ b/private/property_contexts

@@ -521,16 +521,15 @@
 sys.usb.config   u:object_r:exported_system_radio_prop:s0 exact string
 sys.usb.configfs u:object_r:exported_system_radio_prop:s0 exact int
 
-aac_drc_boost            u:object_r:exported2_default_prop:s0 exact int
-aac_drc_cut              u:object_r:exported2_default_prop:s0 exact int
-aac_drc_enc_target_level u:object_r:exported2_default_prop:s0 exact int
-aac_drc_heavy            u:object_r:exported2_default_prop:s0 exact int
-aac_drc_reference_level  u:object_r:exported2_default_prop:s0 exact int
+aac_drc_boost            u:object_r:aac_drc_prop:s0 exact int
+aac_drc_cut              u:object_r:aac_drc_prop:s0 exact int
+aac_drc_enc_target_level u:object_r:aac_drc_prop:s0 exact int
+aac_drc_heavy            u:object_r:aac_drc_prop:s0 exact int
+aac_drc_reference_level  u:object_r:aac_drc_prop:s0 exact int
+ro.aac_drc_effect_type   u:object_r:aac_drc_prop:s0 exact int
 
 build.version.extensions. u:object_r:module_sdkextensions_prop:s0 prefix int
 
-ro.aac_drc_effect_type u:object_r:exported2_default_prop:s0 exact int
-
 drm.64bit.enabled u:object_r:exported2_default_prop:s0 exact bool
 
 dumpstate.dry_run u:object_r:exported_dumpstate_prop:s0 exact bool

diff --git a/public/domain.te b/public/domain.te
index b23303d..2e17f42 100644
--- a/public/domain.te
+++ b/public/domain.te

@@ -541,6 +541,8 @@
     neverallow { domain -coredomain -vendor_init } exported_pm_prop:file no_rw_file_perms;
 ')
 
+neverallow { domain -init } aac_drc_prop:property_service set;
+
 # Do not allow reading device's serial number from system properties except form
 # a few whitelisted domains.
 neverallow {

diff --git a/public/property.te b/public/property.te
index c3da5ab..50ef6a2 100644
--- a/public/property.te
+++ b/public/property.te

@@ -54,6 +54,7 @@
 ')
 
 # Properties which can't be written outside system
+system_restricted_prop(aac_drc_prop)
 system_restricted_prop(binder_cache_bluetooth_server_prop)
 system_restricted_prop(binder_cache_system_server_prop)
 system_restricted_prop(binder_cache_telephony_server_prop)

diff --git a/vendor/mediacodec.te b/vendor/mediacodec.te
index d6d0de1..b4c6df4 100644
--- a/vendor/mediacodec.te
+++ b/vendor/mediacodec.te

@@ -23,6 +23,9 @@
 
 crash_dump_fallback(mediacodec)
 
+# get aac_drc_* properties
+get_prop(mediacodec, aac_drc_prop)
+
 # mediacodec should never execute any executable without a domain transition
 neverallow mediacodec { file_type fs_type }:file execute_no_trans;
commit	7a4adba63b86b607fead1bdc65ad5f9722288568	[log] [tgz]
author	Treehugger Robot <treehugger-gerrit@google.com>	Tue May 12 05:16:46 2020 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Tue May 12 05:16:46 2020 +0000
tree	eb90719267a543aee50c8615fea0037f20075d6c
parent	756676deefe0427d4be8baa2e204332aa198a380 [diff]
parent	b9688d505db8677086c2b6aef265a86f37c2517d [diff]