Merge "Allow (hw)servicemanager use bootstrap bionic"
diff --git a/microdroid/system/private/logcat.te b/microdroid/system/private/logcat.te
index a26cff3..a5b59fb 100644
--- a/microdroid/system/private/logcat.te
+++ b/microdroid/system/private/logcat.te
@@ -17,3 +17,6 @@
get_prop(logcat, logd_prop)
allow logcat self:global_capability_class_set { sys_nice };
+
+# logcat uses bootstrap to be run before apexd
+use_bootstrap_libs(logcat)
diff --git a/microdroid/system/private/logd.te b/microdroid/system/private/logd.te
index 46cdb7d..5381212 100644
--- a/microdroid/system/private/logd.te
+++ b/microdroid/system/private/logd.te
@@ -41,4 +41,7 @@
# Logd sets defaults if certain properties are empty.
set_prop(logd, logd_prop)
+# logd uses bootstrap to be run before apexd
+use_bootstrap_libs(logd)
+
dontaudit domain runtime_event_log_tags_file:file { map open read };
diff --git a/microdroid/system/private/microdroid_manager.te b/microdroid/system/private/microdroid_manager.te
index a8eba6c..37ffadb 100644
--- a/microdroid/system/private/microdroid_manager.te
+++ b/microdroid/system/private/microdroid_manager.te
@@ -66,6 +66,9 @@
set_prop(microdroid_manager, ctl_tombstone_transmit_prop)
set_prop(microdroid_manager, ctl_zipfuse_prop)
+# Allow microdroid_manager to stop tombstoned
+set_prop(microdroid_manager, ctl_tombstoned_prop)
+
# Allow microdroid_manager to wait for linkerconfig to be ready
get_prop(microdroid_manager, apex_config_prop)
diff --git a/microdroid/system/private/property.te b/microdroid/system/private/property.te
index 28fb8e1..a02a7f2 100644
--- a/microdroid/system/private/property.te
+++ b/microdroid/system/private/property.te
@@ -1,3 +1,5 @@
+system_internal_prop(ctl_tombstoned_prop)
+
system_restricted_prop(boot_status_prop)
# Declare ART properties for CompOS
diff --git a/microdroid/system/private/property_contexts b/microdroid/system/private/property_contexts
index 57f28ae..16b40bc 100644
--- a/microdroid/system/private/property_contexts
+++ b/microdroid/system/private/property_contexts
@@ -23,6 +23,8 @@
ctl.stop$apexd u:object_r:ctl_apexd_prop:s0
+ctl.stop$tombstoned u:object_r:ctl_tombstoned_prop:s0
+
ctl.start$apexd-vm u:object_r:ctl_apexd_vm_prop:s0
ctl.start$apkdmverity u:object_r:ctl_apkdmverity_prop:s0
ctl.start$seriallogging u:object_r:ctl_seriallogging_prop:s0
diff --git a/private/file_contexts b/private/file_contexts
index 09b53b5..de2c898 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -268,6 +268,8 @@
/system/bin/audioserver u:object_r:audioserver_exec:s0
/system/bin/mediadrmserver u:object_r:mediadrmserver_exec:s0
/system/bin/mediaserver u:object_r:mediaserver_exec:s0
+/system/bin/mediaserver32 u:object_r:mediaserver_exec:s0
+/system/bin/mediaserver64 u:object_r:mediaserver_exec:s0
/system/bin/mediametrics u:object_r:mediametrics_exec:s0
/system/bin/cameraserver u:object_r:cameraserver_exec:s0
/system/bin/mediaextractor u:object_r:mediaextractor_exec:s0
diff --git a/private/property_contexts b/private/property_contexts
index 97aec63..fa794fd 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -276,8 +276,10 @@
persist.device_config.global_settings.sys_traced u:object_r:device_config_sys_traced_prop:s0
apexd. u:object_r:apexd_prop:s0
+apexd.config. u:object_r:apexd_config_prop:s0
apexd.config.dm_delete.timeout u:object_r:apexd_config_prop:s0 exact uint
apexd.config.dm_create.timeout u:object_r:apexd_config_prop:s0 exact uint
+apexd.config.loop_wait.attempts u:object_r:apexd_config_prop:s0 exact uint
persist.apexd. u:object_r:apexd_prop:s0
persist.vendor.apex. u:object_r:apexd_select_prop:s0
ro.boot.vendor.apex. u:object_r:apexd_select_prop:s0
diff --git a/private/system_server.te b/private/system_server.te
index 32b1abf..aac29f6 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -396,6 +396,7 @@
hal_graphics_allocator_server
hal_graphics_composer_server
hal_health_server
+ hal_input_processor_server
hal_light_server
hal_neuralnetworks_server
hal_omx_server