Merge "access_vectors: remove incorrect comment about mac_admin"
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index 2811683..d761865 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -33,6 +33,7 @@
hal_can_bus_hwservice
hal_can_controller_hwservice
hal_identity_hwservice
+ hal_power_service
hal_rebootescrow_service
hal_tv_tuner_hwservice
hal_vibrator_service
@@ -60,6 +61,7 @@
simpleperf
soundtrigger_middleware_service
sysfs_dm_verity
+ system_config_service
system_group_file
system_jvmti_agent_prop
system_passwd_file
diff --git a/private/property_contexts b/private/property_contexts
index faa425b..625bf37 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -48,6 +48,7 @@
security.perf_harden u:object_r:shell_prop:s0
service.adb.root u:object_r:shell_prop:s0
service.adb.tcp.port u:object_r:shell_prop:s0
+persist.adb.wifi. u:object_r:shell_prop:s0
persist.audio. u:object_r:audio_prop:s0
persist.bluetooth. u:object_r:bluetooth_prop:s0
diff --git a/private/service_contexts b/private/service_contexts
index 26d9f5c..641798a 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -1,5 +1,6 @@
-android.hardware.rebootescrow.IRebootEscrow/default u:object_r:hal_rebootescrow_service:s0
-android.hardware.vibrator.IVibrator/default u:object_r:hal_vibrator_service:s0
+android.hardware.power.IPower/default u:object_r:hal_power_service:s0
+android.hardware.rebootescrow.IRebootEscrow/default u:object_r:hal_rebootescrow_service:s0
+android.hardware.vibrator.IVibrator/default u:object_r:hal_vibrator_service:s0
accessibility u:object_r:accessibility_service:s0
account u:object_r:account_service:s0
@@ -201,6 +202,7 @@
storagestats u:object_r:storagestats_service:s0
SurfaceFlinger u:object_r:surfaceflinger_service:s0
suspend_control u:object_r:system_suspend_control_service:s0
+system_config u:object_r:system_config_service:s0
system_update u:object_r:system_update_service:s0
task u:object_r:task_service:s0
telecom u:object_r:telecom_service:s0
diff --git a/private/system_server.te b/private/system_server.te
index ec79319..8d4e4f8 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -831,6 +831,9 @@
allow system_server adbd:fd use;
allow system_server adbd:unix_stream_socket { getattr getopt ioctl read write shutdown };
+# Read persist.adb.wifi. properties
+get_prop(system_server, shell_prop)
+
# Allow invoking tools like "timeout"
allow system_server toolbox_exec:file rx_file_perms;
@@ -861,6 +864,7 @@
r_dir_file(system_server, proc_net_type)
r_dir_file(system_server, proc_qtaguid_stat)
allow system_server {
+ proc_cmdline
proc_loadavg
proc_meminfo
proc_pagetypeinfo
diff --git a/public/hal_power.te b/public/hal_power.te
index 028011a..2c80a51 100644
--- a/public/hal_power.te
+++ b/public/hal_power.te
@@ -3,3 +3,7 @@
binder_call(hal_power_server, hal_power_client)
hal_attribute_hwservice(hal_power, hal_power_hwservice)
+
+add_service(hal_power_server, hal_power_service)
+binder_call(hal_power_server, servicemanager)
+allow hal_power_client hal_power_service:service_manager find;
diff --git a/public/property_contexts b/public/property_contexts
index 8414e87..8397b85 100644
--- a/public/property_contexts
+++ b/public/property_contexts
@@ -442,3 +442,5 @@
# Binder cache properties. These are world-readable
binder.cache_key.has_system_feature u:object_r:binder_cache_system_server_prop:s0
+cache_key.is_interactive u:object_r:binder_cache_system_server_prop:s0
+cache_key.is_power_save_mode u:object_r:binder_cache_system_server_prop:s0
diff --git a/public/service.te b/public/service.te
index 67128d2..d9bf83d 100644
--- a/public/service.te
+++ b/public/service.te
@@ -166,6 +166,7 @@
type slice_service, app_api_service, system_server_service, service_manager_type;
type statusbar_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type storagestats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type system_config_service, system_api_service, system_server_service, service_manager_type;
type system_update_service, system_server_service, service_manager_type;
type soundtrigger_middleware_service, system_server_service, service_manager_type;
type task_service, system_server_service, service_manager_type;
@@ -204,6 +205,7 @@
### HAL Services
###
+type hal_power_service, vendor_service, service_manager_type;
type hal_rebootescrow_service, vendor_service, service_manager_type;
type hal_vibrator_service, vendor_service, service_manager_type;
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 6dd8e46..e0fcfcd 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -35,7 +35,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.health@2\.0-service u:object_r:hal_health_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.health@2\.1-service u:object_r:hal_health_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.health\.storage@1\.0-service u:object_r:hal_health_storage_default_exec:s0
-/(vendor|sustem/vendor)/bin/hw/android\.hardware\.identity@1\.0-service.example u:object_r:hal_identity_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.identity@1\.0-service.example u:object_r:hal_identity_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.input\.classifier@1\.0-service u:object_r:hal_input_classifier_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.ir@1\.0-service u:object_r:hal_ir_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@3\.0-service u:object_r:hal_keymaster_default_exec:s0
@@ -50,6 +50,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.2-service u:object_r:hal_nfc_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.media\.omx@1\.0-service u:object_r:mediacodec_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.power@1\.0-service u:object_r:hal_power_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.power-service.example u:object_r:hal_power_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.power\.stats@1\.0-service u:object_r:hal_power_stats_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.radio\.config@1\.0-service u:object_r:hal_radio_config_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.radio@1\.2-radio-service u:object_r:hal_radio_default_exec:s0