Merge "Allow remote_provisioning to query IRPC"
diff --git a/TEST_MAPPING b/TEST_MAPPING
index 4148002..9aa510b 100644
--- a/TEST_MAPPING
+++ b/TEST_MAPPING
@@ -16,14 +16,14 @@
"include-filter": "android.security.cts.SeamendcHostTest"
}
]
+ }
+ ],
+ "avf-presubmit": [
+ {
+ "name": "ComposHostTestCases"
},
{
"name": "MicrodroidHostTestCases"
}
- ],
- "avf-postsubmit": [
- {
- "name": "ComposHostTestCases"
- }
]
}
diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index d91ef21..c8359f0 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go
@@ -39,6 +39,7 @@
"android.hardware.boot.IBootControl/default": EXCEPTION_NO_FUZZER,
"android.hardware.automotive.can.ICanController/default": EXCEPTION_NO_FUZZER,
"android.hardware.automotive.evs.IEvsEnumerator/hw/1": EXCEPTION_NO_FUZZER,
+ "android.hardware.automotive.ivn.IIvnAndroidDevice/default": EXCEPTION_NO_FUZZER,
"android.hardware.automotive.remoteaccess.IRemoteAccess/default": EXCEPTION_NO_FUZZER,
"android.hardware.automotive.vehicle.IVehicle/default": EXCEPTION_NO_FUZZER,
"android.hardware.automotive.audiocontrol.IAudioControl/default": EXCEPTION_NO_FUZZER,
diff --git a/private/compat/33.0/33.0.ignore.cil b/private/compat/33.0/33.0.ignore.cil
index cfbe2da..3bfdcc8 100644
--- a/private/compat/33.0/33.0.ignore.cil
+++ b/private/compat/33.0/33.0.ignore.cil
@@ -26,9 +26,11 @@
fwk_camera_service
fwk_sensor_service
grammatical_inflection_service
+ graphics_config_writable_prop
hal_bluetooth_service
hal_bootctl_service
hal_cas_service
+ hal_ivn_service
hal_remoteaccess_service
hal_secure_element_service
hal_tetheroffload_service
diff --git a/private/coredomain.te b/private/coredomain.te
index f8b2ee5..83930a5 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te
@@ -6,6 +6,7 @@
get_prop(coredomain, exported_pm_prop)
get_prop(coredomain, ffs_config_prop)
get_prop(coredomain, graphics_config_prop)
+get_prop(coredomain, graphics_config_writable_prop)
get_prop(coredomain, hdmi_config_prop)
get_prop(coredomain, init_service_status_private_prop)
get_prop(coredomain, lmkd_config_prop)
diff --git a/private/domain.te b/private/domain.te
index 1c27662..b51fd3c 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -683,6 +683,7 @@
-dumpstate
-installd
userdebug_or_eng(`-uncrypt')
+ userdebug_or_eng(`-virtualizationmanager')
userdebug_or_eng(`-virtualizationservice')
userdebug_or_eng(`-crosvm')
} shell_data_file:file open;
@@ -729,6 +730,7 @@
-simpleperf_app_runner
-system_server # why?
userdebug_or_eng(`-uncrypt')
+ userdebug_or_eng(`-virtualizationmanager')
userdebug_or_eng(`-crosvm')
} shell_data_file:dir search;
diff --git a/private/file_contexts b/private/file_contexts
index 7432c2f..b1c7508 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -376,9 +376,11 @@
/system/bin/simpleperf u:object_r:simpleperf_exec:s0
/system/bin/simpleperf_app_runner u:object_r:simpleperf_app_runner_exec:s0
/system/bin/migrate_legacy_obb_data u:object_r:migrate_legacy_obb_data_exec:s0
+/system/bin/android\.frameworks\.automotive\.display@1\.0-service u:object_r:automotive_display_service_exec:s0
/system/bin/snapuserd u:object_r:snapuserd_exec:s0
/system/bin/odsign u:object_r:odsign_exec:s0
/system/bin/vehicle_binding_util u:object_r:vehicle_binding_util_exec:s0
+/system/bin/cardisplayproxyd u:object_r:automotive_display_service_exec:s0
/system/bin/evsmanagerd u:object_r:evsmanagerd_exec:s0
/system/bin/android\.automotive\.evs\.manager@1\.[0-9]+ u:object_r:evsmanagerd_exec:s0
@@ -494,9 +496,7 @@
/(system_ext|system/system_ext)/bin/hidl_lazy_test_server u:object_r:hidl_lazy_test_server_exec:s0
/(system_ext|system/system_ext)/bin/hidl_lazy_cb_test_server u:object_r:hidl_lazy_test_server_exec:s0
-/(system_ext|system/system_ext)/bin/android\.frameworks\.automotive\.display@1\.0-service u:object_r:automotive_display_service_exec:s0
/(system_ext|system/system_ext)/bin/canhalconfigurator(-aidl)? u:object_r:canhalconfigurator_exec:s0
-/(system_ext|system/system_ext)/bin/cardisplayproxyd u:object_r:automotive_display_service_exec:s0
/(system_ext|system/system_ext)/lib(64)?(/.*)? u:object_r:system_lib_file:s0
diff --git a/private/gpuservice.te b/private/gpuservice.te
index 8388e89..08c3902 100644
--- a/private/gpuservice.te
+++ b/private/gpuservice.te
@@ -61,5 +61,11 @@
add_service(gpuservice, gpu_service)
+# Needed for enabling write access to persist.graphics.egl from developer option switch UI, through gpuservice.
+set_prop(gpuservice, graphics_config_writable_prop)
+
+# Needed for querying permission
+allow gpuservice permission_service:service_manager find;
+
# Only uncomment below line when in development
# userdebug_or_eng(`permissive gpuservice;')
diff --git a/private/property_contexts b/private/property_contexts
index 603c70b..51e6cf8 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -390,6 +390,10 @@
# to enable head tracking for spatial audio
ro.audio.headtracking_enabled u:object_r:audio_config_prop:s0 exact bool
+# Boolean property used in UsbAlsaManager to decide if only one or multiple
+# USB devices can be connected to audio system at a certain time
+ro.audio.multi_usb_mode u:object_r:audio_config_prop:s0 exact bool
+
persist.config.calibration_fac u:object_r:camera_calibration_prop:s0 exact string
config.disable_cameraservice u:object_r:camera_config_prop:s0 exact bool
@@ -1389,6 +1393,7 @@
graphics.gpu.profiler.support u:object_r:graphics_config_prop:s0 exact bool
graphics.gpu.profiler.vulkan_layer_apk u:object_r:graphics_config_prop:s0 exact string
+persist.graphics.egl u:object_r:graphics_config_writable_prop:s0 exact string
ro.cpuvulkan.version u:object_r:graphics_config_prop:s0 exact int
diff --git a/private/service_contexts b/private/service_contexts
index 9755eaa..5fc14f3 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -20,6 +20,7 @@
android.hardware.automotive.can.ICanController/default u:object_r:hal_can_controller_service:s0
android.hardware.automotive.evs.IEvsEnumerator/hw/1 u:object_r:hal_evs_service:s0
android.hardware.automotive.audiocontrol.IAudioControl/default u:object_r:hal_audiocontrol_service:s0
+android.hardware.automotive.ivn.IIvnAndroidDevice/default u:object_r:hal_ivn_service:s0
android.hardware.automotive.remoteaccess.IRemoteAccess/default u:object_r:hal_remoteaccess_service:s0
android.hardware.automotive.vehicle.IVehicle/default u:object_r:hal_vehicle_service:s0
android.hardware.biometrics.face.IFace/default u:object_r:hal_face_service:s0
diff --git a/private/virtualizationmanager.te b/private/virtualizationmanager.te
index 946c783..bfad8e7 100644
--- a/private/virtualizationmanager.te
+++ b/private/virtualizationmanager.te
@@ -69,10 +69,17 @@
allow virtualizationmanager tombstone_data_file:file { append getattr };
allow virtualizationmanager tombstoned:fd use;
-# Allow virtualizationservice to read AVF debug policy
+# Allow virtualizationmanager to read AVF debug policy
allow virtualizationmanager sysfs_dt_avf:dir search;
allow virtualizationmanager sysfs_dt_avf:file { open read };
+# Let virtualizationmanager open test artifacts under /data/local/tmp with file path.
+# (e.g. custom debug policy)
+userdebug_or_eng(`
+ allow virtualizationmanager shell_data_file:dir search;
+ allow virtualizationmanager shell_data_file:file open;
+')
+
# Allow reading files under /proc/[crosvm pid]/, for collecting CPU & memory usage inside VM.
r_dir_file(virtualizationmanager, crosvm);
diff --git a/public/attributes b/public/attributes
index 1e2dabb..09463e3 100644
--- a/public/attributes
+++ b/public/attributes
@@ -352,6 +352,7 @@
hal_attribute(input_classifier);
hal_attribute(input_processor);
hal_attribute(ir);
+hal_attribute(ivn);
hal_attribute(keymaster);
hal_attribute(keymint);
hal_attribute(light);
diff --git a/public/hal_ivn.te b/public/hal_ivn.te
new file mode 100644
index 0000000..b10e9f2
--- /dev/null
+++ b/public/hal_ivn.te
@@ -0,0 +1,4 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_ivn_client, hal_ivn_server)
+
+hal_attribute_service(hal_ivn, hal_ivn_service)
\ No newline at end of file
diff --git a/public/property.te b/public/property.te
index 4427822..8d6b8ee 100644
--- a/public/property.te
+++ b/public/property.te
@@ -101,6 +101,8 @@
system_restricted_prop(userspace_reboot_exported_prop)
system_restricted_prop(vold_status_prop)
system_restricted_prop(vts_status_prop)
+system_restricted_prop(graphics_config_writable_prop)
+
compatible_property_only(`
# DO NOT ADD ANY PROPERTIES HERE
diff --git a/public/service.te b/public/service.te
index 3dc9d85..0936cc4 100644
--- a/public/service.te
+++ b/public/service.te
@@ -296,6 +296,7 @@
type hal_identity_service, protected_service, hal_service_type, service_manager_type;
type hal_input_processor_service, protected_service, hal_service_type, service_manager_type;
type hal_ir_service, protected_service, hal_service_type, service_manager_type;
+type hal_ivn_service, protected_service, hal_service_type, service_manager_type;
type hal_keymint_service, protected_service, hal_service_type, service_manager_type;
type hal_light_service, protected_service, hal_service_type, service_manager_type;
type hal_memtrack_service, protected_service, hal_service_type, service_manager_type;
diff --git a/vendor/file_contexts b/vendor/file_contexts
index ac23351..a2e460d 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -12,6 +12,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.can@1\.0-service u:object_r:hal_can_socketcan_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.can-service u:object_r:hal_can_socketcan_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.evs(.*)? u:object_r:hal_evs_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.ivn@V1-(.*)-service u:object_r:hal_ivn_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.vehicle@2\.0-((default|emulator)-)*(service|protocan-service) u:object_r:hal_vehicle_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.vehicle@V1-(default|emulator)-service u:object_r:hal_vehicle_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.remoteaccess@V1-(.*)-service u:object_r:hal_remoteaccess_default_exec:s0
diff --git a/vendor/hal_ivn_default.te b/vendor/hal_ivn_default.te
new file mode 100644
index 0000000..26fa973
--- /dev/null
+++ b/vendor/hal_ivn_default.te
@@ -0,0 +1,9 @@
+type hal_ivn_default, domain;
+hal_server_domain(hal_ivn_default, hal_ivn)
+
+# May be started by init
+type hal_ivn_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_ivn_default)
+
+# Allow registering with service manager.
+binder_call(hal_ivn_default, servicemanager)
\ No newline at end of file