Merge "Remove thermalcallback_hwservice."
diff --git a/private/atrace.te b/private/atrace.te
index 585c254..d4aed40 100644
--- a/private/atrace.te
+++ b/private/atrace.te
@@ -1,7 +1,6 @@
# Domain for atrace process.
# It is spawned either by traced_probes or by init for the boottrace service.
-type atrace, domain, coredomain;
type atrace_exec, exec_type, file_type, system_file_type;
# boottrace services uses /data/misc/boottrace/categories
diff --git a/private/bug_map b/private/bug_map
index eaa1593..ab267cf 100644
--- a/private/bug_map
+++ b/private/bug_map
@@ -28,7 +28,6 @@
system_server crash_dump process b/73128755
system_server overlayfs_file file b/142390309
system_server sdcardfs file b/77856826
-system_server storage_stub_file dir b/145267097
system_server zygote process b/77856826
untrusted_app untrusted_app netlink_route_socket b/155595000
vold system_data_file file b/124108085
diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index 4dce1a6..e523660 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -11,11 +11,16 @@
debugfs_kprobes
gki_apex_prepostinstall
gki_apex_prepostinstall_exec
+ hal_fingerprint_service
gnss_device
hal_dumpstate_config_prop
+ hal_power_stats_service
keystore2_key_contexts_file
+ location_time_zone_manager_service
mediatranscoding_tmpfs
people_service
+ power_stats_service
+ power_debug_prop
profcollectd
profcollectd_data_file
profcollectd_exec
diff --git a/private/property_contexts b/private/property_contexts
index 34cc0f8..4785707 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -891,3 +891,5 @@
# surfaceflinger-settable
graphics.display.kernel_idle_timer.enabled u:object_r:surfaceflinger_display_prop:s0 exact bool
+# Disable/enable charger input
+power.battery_input.suspended u:object_r:power_debug_prop:s0 exact bool
diff --git a/private/service_contexts b/private/service_contexts
index a78b108..7d36973 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -1,6 +1,8 @@
+android.hardware.biometrics.fingerprint.IFingerprint/default u:object_r:hal_fingerprint_service:s0
android.hardware.identity.IIdentityCredentialStore/default u:object_r:hal_identity_service:s0
android.hardware.light.ILights/default u:object_r:hal_light_service:s0
android.hardware.power.IPower/default u:object_r:hal_power_service:s0
+android.hardware.powerstats.IPowerStats/default u:object_r:hal_power_stats_service:s0
android.hardware.rebootescrow.IRebootEscrow/default u:object_r:hal_rebootescrow_service:s0
android.hardware.vibrator.IVibrator/default u:object_r:hal_vibrator_service:s0
@@ -122,6 +124,7 @@
launcherapps u:object_r:launcherapps_service:s0
lights u:object_r:light_service:s0
location u:object_r:location_service:s0
+location_time_zone_manager u:object_r:location_time_zone_manager_service:s0
lock_settings u:object_r:lock_settings_service:s0
looper_stats u:object_r:looper_stats_service:s0
lpdump_service u:object_r:lpdump_service:s0
diff --git a/private/system_server.te b/private/system_server.te
index 849676e..bd57ad8 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -777,7 +777,6 @@
allow system_server gatekeeper_service:service_manager find;
allow system_server gpu_service:service_manager find;
allow system_server gsi_service:service_manager find;
-allow system_server hal_fingerprint_service:service_manager find;
allow system_server idmap_service:service_manager find;
allow system_server incident_service:service_manager find;
allow system_server incremental_service:service_manager find;
diff --git a/public/atrace.te b/public/atrace.te
new file mode 100644
index 0000000..7327f84
--- /dev/null
+++ b/public/atrace.te
@@ -0,0 +1 @@
+type atrace, domain, coredomain;
diff --git a/public/attributes b/public/attributes
index ce6e540..75b0c25 100644
--- a/public/attributes
+++ b/public/attributes
@@ -91,15 +91,19 @@
# All properties defined by /system.
attribute system_property_type;
+expandattribute system_property_type false;
# All /system-defined properties used only in /system.
attribute system_internal_property_type;
+expandattribute system_internal_property_type false;
# All /system-defined properties which can't be written outside /system.
attribute system_restricted_property_type;
+expandattribute system_restricted_property_type false;
# All /system-defined properties with no restrictions.
attribute system_public_property_type;
+expandattribute system_public_property_type false;
# All keystore2_key labels.
attribute keystore2_key_type;
@@ -114,15 +118,19 @@
# All properties defined by /vendor.
attribute vendor_property_type;
+expandattribute vendor_property_type false;
# All /vendor-defined properties used only in /vendor.
attribute vendor_internal_property_type;
+expandattribute vendor_internal_property_type false;
# All /vendor-defined properties which can't be written outside /vendor.
attribute vendor_restricted_property_type;
+expandattribute vendor_restricted_property_type false;
# All /vendor-defined properties with no restrictions.
attribute vendor_public_property_type;
+expandattribute vendor_public_property_type false;
# All service_manager types created by system_server
attribute system_server_service;
diff --git a/public/hal_fingerprint.te b/public/hal_fingerprint.te
index b673e29..99b6065 100644
--- a/public/hal_fingerprint.te
+++ b/public/hal_fingerprint.te
@@ -3,6 +3,9 @@
binder_call(hal_fingerprint_server, hal_fingerprint_client)
hal_attribute_hwservice(hal_fingerprint, hal_fingerprint_hwservice)
+hal_attribute_service(hal_fingerprint, hal_fingerprint_service)
+
+binder_call(hal_fingerprint_server, servicemanager)
# For memory allocation
allow hal_fingerprint ion_device:chr_file r_file_perms;
diff --git a/public/hal_identity.te b/public/hal_identity.te
index 3a95743..8d558ad 100644
--- a/public/hal_identity.te
+++ b/public/hal_identity.te
@@ -1,7 +1,6 @@
# HwBinder IPC from client to server
binder_call(hal_identity_client, hal_identity_server)
-add_service(hal_identity_server, hal_identity_service)
-binder_call(hal_identity_server, servicemanager)
+hal_attribute_service(hal_identity, hal_identity_service)
-allow hal_identity_client hal_identity_service:service_manager find;
+binder_call(hal_identity_server, servicemanager)
diff --git a/public/hal_light.te b/public/hal_light.te
index 4aa824a..40829b6 100644
--- a/public/hal_light.te
+++ b/public/hal_light.te
@@ -3,13 +3,9 @@
binder_call(hal_light_server, hal_light_client)
hal_attribute_hwservice(hal_light, hal_light_hwservice)
+hal_attribute_service(hal_light, hal_light_service)
-# server adds itself via service_manager
-add_service(hal_light_server, hal_light_service)
binder_call(hal_light_server, servicemanager)
-
-# client finds and uses server via service_manager
-allow hal_light_client hal_light_service:service_manager find;
binder_use(hal_light_client)
allow hal_light_server dumpstate:fifo_file write;
diff --git a/public/hal_power.te b/public/hal_power.te
index c94771b..aae32a0 100644
--- a/public/hal_power.te
+++ b/public/hal_power.te
@@ -3,8 +3,7 @@
binder_call(hal_power_server, hal_power_client)
hal_attribute_hwservice(hal_power, hal_power_hwservice)
+hal_attribute_service(hal_power, hal_power_service)
-add_service(hal_power_server, hal_power_service)
binder_call(hal_power_server, servicemanager)
binder_call(hal_power_client, servicemanager)
-allow hal_power_client hal_power_service:service_manager find;
diff --git a/public/hal_power_stats.te b/public/hal_power_stats.te
index 2c04008..b989e2e 100644
--- a/public/hal_power_stats.te
+++ b/public/hal_power_stats.te
@@ -3,3 +3,8 @@
binder_call(hal_power_stats_server, hal_power_stats_client)
hal_attribute_hwservice(hal_power_stats, hal_power_stats_hwservice)
+
+add_service(hal_power_stats_server, hal_power_stats_service)
+binder_call(hal_power_stats_server, servicemanager)
+
+allow hal_power_stats_client hal_power_stats_service:service_manager find;
diff --git a/public/hal_rebootescrow.te b/public/hal_rebootescrow.te
index 4352630..d16333b 100644
--- a/public/hal_rebootescrow.te
+++ b/public/hal_rebootescrow.te
@@ -1,7 +1,6 @@
# HwBinder IPC from client to server
binder_call(hal_rebootescrow_client, hal_rebootescrow_server)
-add_service(hal_rebootescrow_server, hal_rebootescrow_service)
-binder_use(hal_rebootescrow_server)
+hal_attribute_service(hal_rebootescrow, hal_rebootescrow_service)
-allow hal_rebootescrow_client hal_rebootescrow_service:service_manager find;
+binder_use(hal_rebootescrow_server)
diff --git a/public/hal_vibrator.te b/public/hal_vibrator.te
index a34621d..c902495 100644
--- a/public/hal_vibrator.te
+++ b/public/hal_vibrator.te
@@ -3,12 +3,10 @@
binder_call(hal_vibrator_server, hal_vibrator_client);
hal_attribute_hwservice(hal_vibrator, hal_vibrator_hwservice)
+hal_attribute_service(hal_vibrator, hal_vibrator_service)
-add_service(hal_vibrator_server, hal_vibrator_service)
binder_call(hal_vibrator_server, servicemanager)
-allow hal_vibrator_client hal_vibrator_service:service_manager find;
-
allow hal_vibrator_server dumpstate:fifo_file write;
# vibrator sysfs rw access
diff --git a/public/property.te b/public/property.te
index 5f48884..708fc38 100644
--- a/public/property.te
+++ b/public/property.te
@@ -70,6 +70,7 @@
system_restricted_prop(libc_debug_prop)
system_restricted_prop(module_sdkextensions_prop)
system_restricted_prop(nnapi_ext_deny_product_prop)
+system_restricted_prop(power_debug_prop)
system_restricted_prop(property_service_version_prop)
system_restricted_prop(provisioned_prop)
system_restricted_prop(restorecon_prop)
diff --git a/public/service.te b/public/service.te
index 07ab90f..2325292 100644
--- a/public/service.te
+++ b/public/service.te
@@ -9,7 +9,6 @@
type drmserver_service, service_manager_type;
type dumpstate_service, service_manager_type;
type fingerprintd_service, service_manager_type;
-type hal_fingerprint_service, service_manager_type;
type gatekeeper_service, app_api_service, service_manager_type;
type gpu_service, app_api_service, ephemeral_app_api_service, service_manager_type;
type idmap_service, service_manager_type;
@@ -122,6 +121,7 @@
type launcherapps_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type light_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type location_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type location_time_zone_manager_service, system_server_service, service_manager_type;
type lock_settings_service, system_api_service, system_server_service, service_manager_type;
type looper_stats_service, system_server_service, service_manager_type;
type media_projection_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
@@ -212,9 +212,11 @@
### HAL Services
###
+type hal_fingerprint_service, vendor_service, service_manager_type;
type hal_identity_service, vendor_service, service_manager_type;
type hal_light_service, vendor_service, service_manager_type;
type hal_power_service, vendor_service, service_manager_type;
+type hal_power_stats_service, vendor_service, service_manager_type;
type hal_rebootescrow_service, vendor_service, service_manager_type;
type hal_vibrator_service, vendor_service, service_manager_type;
diff --git a/public/system_server.te b/public/system_server.te
index ff18bdf..09421cc 100644
--- a/public/system_server.te
+++ b/public/system_server.te
@@ -4,3 +4,13 @@
#
type system_server, domain;
type system_server_tmpfs, file_type, mlstrustedobject;
+
+# Power controls for debugging/diagnostics
+get_prop(system_server, power_debug_prop)
+set_prop(system_server, power_debug_prop)
+
+neverallow {
+ -init
+ -vendor_init
+ -system_server
+} power_debug_prop:property_service set;
diff --git a/public/te_macros b/public/te_macros
index 56f9775..fdf0675 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -654,10 +654,42 @@
add_hwservice($1_server, $2)
build_test_only(`
+ # if you are hitting this neverallow, try using:
+ # hal_client_domain(<your domain>, hal_<foo>)
+ # instead
neverallow { domain -$1_client -$1_server } $2:hwservice_manager find;
')
')
+###########################################
+# hal_attribute_service(attribute, service)
+# Ability for domain to get a service to hwservice_manager
+# and find it. It also creates a neverallow preventing
+# others from adding it.
+#
+# Used to pair hal_foo_client with hal_foo_hwservice
+define(`hal_attribute_service', `
+ allow $1_client $2:service_manager find;
+ add_service($1_server, $2)
+
+ build_test_only(`
+ # if you are hitting this neverallow, try using:
+ # hal_client_domain(<your domain>, hal_<foo>)
+ # instead
+ neverallow {
+ domain
+ -$1_client
+ -$1_server
+ # some services are allowed to find all services
+ -atrace
+ -dumpstate
+ -shell
+ -system_app
+ -traceur_app
+ } $2:service_manager find;
+ ')
+')
+
###################################
# can_profile_heap(domain)
# Allow processes within the domain to have their heap profiled by heapprofd.
diff --git a/public/vendor_init.te b/public/vendor_init.te
index 609880a..0bdf632 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -248,6 +248,7 @@
get_prop(vendor_init, boot_status_prop)
get_prop(vendor_init, exported3_system_prop)
get_prop(vendor_init, ota_prop)
+get_prop(vendor_init, power_debug_prop)
get_prop(vendor_init, provisioned_prop)
get_prop(vendor_init, retaildemo_prop)
get_prop(vendor_init, surfaceflinger_display_prop)
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 09b20d9..a721fd5 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -10,8 +10,9 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.vehicle@2\.0-(service|protocan-service) u:object_r:hal_vehicle_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.[0-9]+-service u:object_r:hal_bluetooth_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.[0-9]+-service\.btlinux u:object_r:hal_bluetooth_btlinux_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service u:object_r:hal_fingerprint_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.face@1\.[0-9]+-service\.example u:object_r:hal_face_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service u:object_r:hal_fingerprint_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint-service u:object_r:hal_fingerprint_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.boot@1\.[0-9]+-service u:object_r:hal_bootctl_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.broadcastradio@\d+\.\d+-service u:object_r:hal_broadcastradio_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider@2\.[0-9]+-service_64 u:object_r:hal_camera_default_exec:s0
@@ -53,7 +54,8 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.2-service u:object_r:hal_nfc_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.media\.omx@1\.0-service u:object_r:mediacodec_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.power@1\.0-service u:object_r:hal_power_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.power-service.example u:object_r:hal_power_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.power-service\.example u:object_r:hal_power_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.powerstats-service\.example u:object_r:hal_power_stats_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.power\.stats@1\.0-service u:object_r:hal_power_stats_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.radio\.config@1\.0-service u:object_r:hal_radio_config_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.radio@1\.2-radio-service u:object_r:hal_radio_default_exec:s0