Merge "Add the `service.adb.transport` property"
diff --git a/private/bug_map b/private/bug_map
index a404de3..5b042ae 100644
--- a/private/bug_map
+++ b/private/bug_map
@@ -11,7 +11,6 @@
init shell_data_file lnk_file b/77873135
init shell_data_file sock_file b/77873135
init system_data_file chr_file b/77873135
-installd device file b/177187042
isolated_app privapp_data_file dir b/119596573
isolated_app app_data_file dir b/120394782
mediaextractor app_data_file file b/77923736
diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index c19413c..6868554 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -32,12 +32,14 @@
hal_audiocontrol_service
hal_face_service
hal_fingerprint_service
+ hal_health_storage_service
hal_memtrack_service
hal_oemlock_service
gnss_device
hal_dumpstate_config_prop
hal_gnss_service
hal_keymint_service
+ hal_neuralnetworks_service
hal_power_stats_service
keystore_compat_hal_service
keystore2_key_contexts_file
@@ -70,6 +72,7 @@
snapuserd
snapuserd_exec
snapuserd_socket
+ speech_recognition_service
sysfs_devices_cs_etm
system_server_dumper_service
system_suspend_control_internal_service
diff --git a/private/mediatranscoding.te b/private/mediatranscoding.te
index b2f6cea..5f4a943 100644
--- a/private/mediatranscoding.te
+++ b/private/mediatranscoding.te
@@ -24,6 +24,7 @@
allow mediatranscoding mediametrics_service:service_manager find;
allow mediatranscoding mediaextractor_service:service_manager find;
allow mediatranscoding package_native_service:service_manager find;
+allow mediatranscoding thermal_service:service_manager find;
allow mediatranscoding system_server:fd use;
allow mediatranscoding activity_service:service_manager find;
diff --git a/private/service_contexts b/private/service_contexts
index 5d65e35..96384e2 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -3,6 +3,7 @@
android.hardware.biometrics.face.IFace/default u:object_r:hal_face_service:s0
android.hardware.biometrics.fingerprint.IFingerprint/default u:object_r:hal_fingerprint_service:s0
android.hardware.gnss.IGnss/default u:object_r:hal_gnss_service:s0
+android.hardware.health.storage.IStorage/default u:object_r:hal_health_storage_service:s0
android.hardware.identity.IIdentityCredentialStore/default u:object_r:hal_identity_service:s0
android.hardware.light.ILights/default u:object_r:hal_light_service:s0
android.hardware.memtrack.IMemtrack/default u:object_r:hal_memtrack_service:s0
@@ -225,6 +226,7 @@
sip u:object_r:radio_service:s0
slice u:object_r:slice_service:s0
smartspace u:object_r:smartspace_service:s0
+speech_recognition u:object_r:speech_recognition_service:s0
stats u:object_r:stats_service:s0
statscompanion u:object_r:statscompanion_service:s0
statsmanager u:object_r:statsmanager_service:s0
diff --git a/private/system_server.te b/private/system_server.te
index bf5c8e8..f2e336c 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -1181,6 +1181,9 @@
allow system_server watchdog_metadata_file:dir rw_dir_perms;
allow system_server watchdog_metadata_file:file create_file_perms;
+# Allow system server r access to /system/bin/surfaceflinger for PinnerService.
+allow system_server surfaceflinger_exec:file r_file_perms;
+
# Allow init to set sysprop used to compute stats about userspace reboot.
set_prop(system_server, userspace_reboot_log_prop)
diff --git a/public/hal_health_storage.te b/public/hal_health_storage.te
index 61e609b..cb7c01d 100644
--- a/public/hal_health_storage.te
+++ b/public/hal_health_storage.te
@@ -2,4 +2,7 @@
binder_call(hal_health_storage_client, hal_health_storage_server)
binder_call(hal_health_storage_server, hal_health_storage_client)
+binder_use(hal_health_storage_server)
+
hal_attribute_hwservice(hal_health_storage, hal_health_storage_hwservice)
+hal_attribute_service(hal_health_storage, hal_health_storage_service)
diff --git a/public/hal_neuralnetworks.te b/public/hal_neuralnetworks.te
index 228d990..416448a 100644
--- a/public/hal_neuralnetworks.te
+++ b/public/hal_neuralnetworks.te
@@ -28,3 +28,9 @@
# This property is only expected to be found in /product/build.prop,
# allow to be set only by init.
neverallow { domain -init } nnapi_ext_deny_product_prop:property_service set;
+
+# Define sepolicy for NN AIDL HAL service
+hal_attribute_service(hal_neuralnetworks, hal_neuralnetworks_service)
+binder_call(hal_neuralnetworks_server, servicemanager)
+
+allow hal_neuralnetworks_server dumpstate:fifo_file write;
diff --git a/public/service.te b/public/service.te
index 03e659d..5837951 100644
--- a/public/service.te
+++ b/public/service.te
@@ -116,7 +116,7 @@
type graphicsstats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type hardware_service, system_server_service, service_manager_type;
type hardware_properties_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
-type hdmi_control_service, system_api_service, system_server_service, service_manager_type;
+type hdmi_control_service, app_api_service, system_server_service, service_manager_type;
type imms_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type incremental_service, system_server_service, service_manager_type;
type input_method_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
@@ -188,6 +188,7 @@
type system_server_dumper_service, system_api_service, system_server_service, service_manager_type;
type system_update_service, system_server_service, service_manager_type;
type soundtrigger_middleware_service, system_server_service, service_manager_type;
+type speech_recognition_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type task_service, system_server_service, service_manager_type;
type testharness_service, system_server_service, service_manager_type;
type textclassification_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
@@ -234,10 +235,12 @@
type hal_face_service, vendor_service, protected_service, service_manager_type;
type hal_fingerprint_service, vendor_service, protected_service, service_manager_type;
type hal_gnss_service, vendor_service, protected_service, service_manager_type;
+type hal_health_storage_service, vendor_service, protected_service, service_manager_type;
type hal_identity_service, vendor_service, protected_service, service_manager_type;
type hal_keymint_service, vendor_service, protected_service, service_manager_type;
type hal_light_service, vendor_service, protected_service, service_manager_type;
type hal_memtrack_service, vendor_service, protected_service, service_manager_type;
+type hal_neuralnetworks_service, vendor_service, service_manager_type;
type hal_oemlock_service, vendor_service, protected_service, service_manager_type;
type hal_power_service, vendor_service, protected_service, service_manager_type;
type hal_power_stats_service, vendor_service, protected_service, service_manager_type;
diff --git a/vendor/file_contexts b/vendor/file_contexts
index dd351cf..d05431c 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -43,6 +43,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.health@2\.0-service u:object_r:hal_health_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.health@2\.1-service u:object_r:hal_health_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.health\.storage@1\.0-service u:object_r:hal_health_storage_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.health\.storage-service\.default u:object_r:hal_health_storage_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.identity-service.example u:object_r:hal_identity_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.input\.classifier@1\.0-service u:object_r:hal_input_classifier_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.ir@1\.0-service u:object_r:hal_ir_default_exec:s0