Merge "Allow hal_codec2_server to read fifo_file from platform_app" into main
diff --git a/private/mediaserver.te b/private/mediaserver.te
index 92ec40d..5fc13a8 100644
--- a/private/mediaserver.te
+++ b/private/mediaserver.te
@@ -29,3 +29,7 @@
allow mediaserver stats_service:service_manager find;
allow mediaserver statsmanager_service:service_manager find;
binder_call(mediaserver, statsd)
+
+# Allow mediaserver to communicate with Surface provided
+# by virtual camera.
+binder_call(mediaserver, virtual_camera)
diff --git a/private/property.te b/private/property.te
index 87b0446..a098d05 100644
--- a/private/property.te
+++ b/private/property.te
@@ -61,6 +61,7 @@
system_internal_prop(hypervisor_virtualizationmanager_prop)
system_internal_prop(game_manager_config_prop)
system_internal_prop(hidl_memory_prop)
+system_internal_prop(suspend_debug_prop)
# Properties which can't be written outside system
system_restricted_prop(device_config_virtualization_framework_native_prop)
@@ -342,8 +343,26 @@
} {
suspend_prop
}:property_service set;
+
+ neverallow {
+ domain
+ -init
+ } {
+ suspend_debug_prop
+ }:property_service set;
+
+ neverallow {
+ domain
+ -init
+ -dumpstate
+ userdebug_or_eng(`-system_suspend')
+ } {
+ suspend_debug_prop
+ }:file no_rw_file_perms;
')
+dontaudit system_suspend suspend_debug_prop:file r_file_perms;
+
compatible_property_only(`
# Neverallow coredomain to set vendor properties
neverallow {
diff --git a/private/property_contexts b/private/property_contexts
index 8860024..2350011 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -119,6 +119,9 @@
suspend.short_suspend_backoff_enabled u:object_r:suspend_prop:s0 exact bool
suspend.disable_sync_on_suspend u:object_r:suspend_prop:s0 exact bool
+# Suspend service debug properties
+suspend.debug.wakestats_log.enabled u:object_r:suspend_debug_prop:s0 exact bool
+
# Fastbootd protocol control property
fastbootd.protocol u:object_r:fastbootd_protocol_prop:s0 exact enum usb tcp
diff --git a/private/system_suspend.te b/private/system_suspend.te
index 683d913..a525866 100644
--- a/private/system_suspend.te
+++ b/private/system_suspend.te
@@ -22,6 +22,11 @@
# Access to suspend_hal system properties
get_prop(system_suspend, suspend_prop)
+# Access to system_suspend debug system properties
+userdebug_or_eng(`
+ get_prop(system_suspend, suspend_debug_prop)
+')
+
# To call BTAA registered callbacks
allow system_suspend bluetooth:binder call;
diff --git a/private/virtual_camera.te b/private/virtual_camera.te
index 4c4ac7a..dde98c0 100644
--- a/private/virtual_camera.te
+++ b/private/virtual_camera.te
@@ -12,6 +12,15 @@
binder_call(virtual_camera, cameraserver)
binder_call(virtual_camera, system_server)
+# Allow virtual_camera to communicate with
+# mediaserver (required for using Surface originating
+# from virtual camera in mediaserver).
+binder_call(virtual_camera, mediaserver)
+
+# Required for the codecs to be able to decode
+# video into surface provided by virtual camera.
+hal_client_domain(virtual_camera, hal_codec2)
+hal_client_domain(virtual_camera, hal_omx)
# Allow virtualCamera to call apps via binder.
binder_call(virtual_camera, appdomain)