Merge "grant power hal client to access stable power hal service"
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index 7300dfe..3838f54 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -65,6 +65,7 @@
module_sdkextensions_prop
ota_metadata_file
ota_prop
+ prereboot_data_file
art_apex_dir
rebootescrow_hal_prop
service_manager_service
diff --git a/private/file_contexts b/private/file_contexts
index 62fbed3..a35cfb4 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -541,6 +541,7 @@
/data/misc/net(/.*)? u:object_r:net_data_file:s0
/data/misc/network_watchlist(/.*)? u:object_r:network_watchlist_data_file:s0
/data/misc/perfetto-traces(/.*)? u:object_r:perfetto_traces_data_file:s0
+/data/misc/prereboot(/.*)? u:object_r:prereboot_data_file:s0
/data/misc/recovery(/.*)? u:object_r:recovery_data_file:s0
/data/misc/shared_relro(/.*)? u:object_r:shared_relro_file:s0
/data/misc/sms(/.*)? u:object_r:radio_data_file:s0
diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index 78853bb..97203ba 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@@ -121,6 +121,11 @@
# TODO(146461633): remove this once native pullers talk to StatsManagerService
binder_call(surfaceflinger, statsd);
+# Allow pushing jank event atoms to statsd
+userdebug_or_eng(`
+ unix_socket_send(surfaceflinger, statsdw, statsd)
+')
+
###
### Neverallow rules
###
diff --git a/private/system_server.te b/private/system_server.te
index 56d91d6..9eea579 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -441,6 +441,10 @@
# with no DAC access to it, for dropbox to read.
allow system_server incident_data_file:file read;
+# Manage /data/misc/prereboot.
+allow system_server prereboot_data_file:dir rw_dir_perms;
+allow system_server prereboot_data_file:file create_file_perms;
+
# Allow dropbox to read /data/misc/perfetto-traces. Only the fd is sent over
# binder.
allow system_server perfetto_traces_data_file:file read;
diff --git a/public/dumpstate.te b/public/dumpstate.te
index 3f11b6a..909a6b8 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -218,6 +218,10 @@
allow dumpstate misc_logd_file:dir r_dir_perms;
allow dumpstate misc_logd_file:file r_file_perms;
+# Access /data/misc/prereboot
+allow dumpstate prereboot_data_file:dir r_dir_perms;
+allow dumpstate prereboot_data_file:file r_file_perms;
+
allow dumpstate app_fuse_file:dir r_dir_perms;
allow dumpstate overlayfs_file:dir r_dir_perms;
@@ -324,6 +328,10 @@
allow dumpstate snapshotctl_log_data_file:dir r_dir_perms;
allow dumpstate snapshotctl_log_data_file:file r_file_perms;
+#Allow access to /dev/binderfs/binder_logs
+allow dumpstate binderfs_logs:dir r_dir_perms;
+allow dumpstate binderfs_logs:file r_file_perms;
+
###
### neverallow rules
###
diff --git a/public/file.te b/public/file.te
index 3c3d1bc..a0d4cdf 100644
--- a/public/file.te
+++ b/public/file.te
@@ -283,6 +283,8 @@
type user_profile_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
# /data/misc/profman
type profman_dump_data_file, file_type, data_file_type, core_data_file_type;
+# /data/misc/prereboot
+type prereboot_data_file, file_type, data_file_type, core_data_file_type;
# /data/resource-cache
type resourcecache_data_file, file_type, data_file_type, core_data_file_type;
# /data/local - writable by shell