Merge "Apply full_treble_only to whole rule." am: 0fa0d1e596 am: 4aa78f8054
am: e9f70f7c35
Change-Id: I627802b54da2cb9e4bd7265f50ea78a0ce3bb7c6
diff --git a/private/audioserver.te b/private/audioserver.te
index 445413e..6482c61 100644
--- a/private/audioserver.te
+++ b/private/audioserver.te
@@ -36,6 +36,7 @@
allow audioserver power_service:service_manager find;
allow audioserver scheduling_policy_service:service_manager find;
allow audioserver mediametrics_service:service_manager find;
+allow audioserver sensor_privacy_service:service_manager find;
# Allow read/write access to bluetooth-specific properties
set_prop(audioserver, bluetooth_a2dp_offload_prop)
diff --git a/private/compat/26.0/26.0.cil b/private/compat/26.0/26.0.cil
index abd5fc3..1e21719 100644
--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@@ -481,6 +481,9 @@
proc_panic
proc_pid_max
proc_pipe_conf
+ proc_pressure_cpu
+ proc_pressure_io
+ proc_pressure_mem
proc_random
proc_sched
proc_slabinfo
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 9a6de98..91724c0 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -30,6 +30,7 @@
broadcastradio_service
cgroup_bpf
color_display_service
+ content_capture_service
crossprofileapps_service
ctl_interface_restart_prop
ctl_interface_start_prop
@@ -96,7 +97,6 @@
heapprofd_socket
incident_helper
incident_helper_exec
- intelligence_service
iorapd
iorapd_data_file
iorapd_exec
diff --git a/private/compat/27.0/27.0.cil b/private/compat/27.0/27.0.cil
index 8bc2ca6..ee5a577 100644
--- a/private/compat/27.0/27.0.cil
+++ b/private/compat/27.0/27.0.cil
@@ -4,10 +4,10 @@
(type mediacodec_exec)
(type qtaguid_proc)
(type reboot_data_file)
-(type vold_socket)
(type rild)
(type untrusted_v2_app)
(type webview_zygote_socket)
+(type vold_socket)
(expandtypeattribute (accessibility_service_27_0) true)
(expandtypeattribute (account_service_27_0) true)
@@ -1196,6 +1196,9 @@
proc_panic
proc_pid_max
proc_pipe_conf
+ proc_pressure_cpu
+ proc_pressure_io
+ proc_pressure_mem
proc_random
proc_sched
proc_slabinfo
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 5bb1e65..ff1c857 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -28,6 +28,7 @@
bpfloader_exec
cgroup_bpf
color_display_service
+ content_capture_service
crossprofileapps_service
ctl_interface_restart_prop
ctl_interface_start_prop
@@ -87,7 +88,6 @@
heapprofd_socket
incident_helper
incident_helper_exec
- intelligence_service
iorapd
iorapd_data_file
iorapd_exec
diff --git a/private/compat/28.0/28.0.cil b/private/compat/28.0/28.0.cil
index d10ca35..e3bccd1 100644
--- a/private/compat/28.0/28.0.cil
+++ b/private/compat/28.0/28.0.cil
@@ -12,6 +12,8 @@
(type mtd_device)
(type qtaguid_proc)
(type thermalcallback_hwservice)
+(type thermalserviced)
+(type thermalserviced_exec)
(type untrusted_v2_app)
(type vcs_device)
@@ -738,8 +740,6 @@
(expandtypeattribute (textservices_service_28_0) true)
(expandtypeattribute (thermalcallback_hwservice_28_0) true)
(expandtypeattribute (thermal_service_28_0) true)
-(expandtypeattribute (thermalserviced_28_0) true)
-(expandtypeattribute (thermalserviced_exec_28_0) true)
(expandtypeattribute (timezone_service_28_0) true)
(expandtypeattribute (tmpfs_28_0) true)
(expandtypeattribute (tombstoned_28_0) true)
@@ -1377,6 +1377,9 @@
(typeattributeset priv_app_28_0 (priv_app))
(typeattributeset proc_28_0
( proc
+ proc_pressure_cpu
+ proc_pressure_io
+ proc_pressure_mem
proc_slabinfo))
(typeattributeset proc_abi_28_0 (proc_abi))
(typeattributeset proc_asound_28_0 (proc_asound))
@@ -1605,8 +1608,6 @@
(typeattributeset textservices_service_28_0 (textservices_service))
(typeattributeset thermalcallback_hwservice_28_0 (thermalcallback_hwservice))
(typeattributeset thermal_service_28_0 (thermal_service))
-(typeattributeset thermalserviced_28_0 (thermalserviced))
-(typeattributeset thermalserviced_exec_28_0 (thermalserviced_exec))
(typeattributeset timezone_service_28_0 (timezone_service))
(typeattributeset tmpfs_28_0 (tmpfs))
(typeattributeset tombstoned_28_0 (tombstoned))
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 22b0efa..bb112be 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -18,6 +18,7 @@
apexd_prop
apexd_tmpfs
biometric_service
+ content_capture_service
content_suggestions_service
cpu_variant_prop
dev_cpu_variant
@@ -31,6 +32,7 @@
flags_health_check
flags_health_check_exec
fwk_bufferhub_hwservice
+ fwk_camera_hwservice
fwk_stats_hwservice
color_display_service
hal_atrace_hwservice
@@ -46,7 +48,6 @@
heapprofd_prop
heapprofd_socket
idmap_service
- intelligence_service
iris_service
iris_vendor_data_file
llkd
@@ -69,6 +70,7 @@
permissionmgr_service
recovery_socket
role_service
+ rollback_service
rs
rs_exec
rss_hwm_reset
diff --git a/private/file_contexts b/private/file_contexts
index 853d0a7..c2a9981 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -281,7 +281,6 @@
/system/bin/update_engine u:object_r:update_engine_exec:s0
/system/bin/bspatch u:object_r:update_engine_exec:s0
/system/bin/storaged u:object_r:storaged_exec:s0
-/system/bin/thermalserviced u:object_r:thermalserviced_exec:s0
/system/bin/wpantund u:object_r:wpantund_exec:s0
/system/bin/virtual_touchpad u:object_r:virtual_touchpad_exec:s0
/system/bin/hw/android\.frameworks\.bufferhub@1\.0-service u:object_r:fwk_bufferhub_exec:s0
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 88aca5b..3667af0 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -23,6 +23,9 @@
genfscon proc /net/xt_qtaguid/ u:object_r:proc_qtaguid_stat:s0
genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
genfscon proc /pagetypeinfo u:object_r:proc_pagetypeinfo:s0
+genfscon proc /pressure/cpu u:object_r:proc_pressure_cpu:s0
+genfscon proc /pressure/io u:object_r:proc_pressure_io:s0
+genfscon proc /pressure/memory u:object_r:proc_pressure_mem:s0
genfscon proc /slabinfo u:object_r:proc_slabinfo:s0
genfscon proc /softirqs u:object_r:proc_timer:s0
genfscon proc /stat u:object_r:proc_stat:s0
diff --git a/private/hwservice_contexts b/private/hwservice_contexts
index 1fead40..908762b 100644
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts
@@ -1,4 +1,5 @@
android.frameworks.bufferhub::IBufferHub u:object_r:fwk_bufferhub_hwservice:s0
+android.frameworks.cameraservice.service::ICameraService u:object_r:fwk_camera_hwservice:s0
android.frameworks.displayservice::IDisplayService u:object_r:fwk_display_hwservice:s0
android.frameworks.schedulerservice::ISchedulingPolicyService u:object_r:fwk_scheduler_hwservice:s0
android.frameworks.sensorservice::ISensorManager u:object_r:fwk_sensor_hwservice:s0
diff --git a/private/service_contexts b/private/service_contexts
index 9ab0b0a..85e41ec 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -32,6 +32,7 @@
connmetrics u:object_r:connmetrics_service:s0
consumer_ir u:object_r:consumer_ir_service:s0
content u:object_r:content_service:s0
+content_capture u:object_r:content_capture_service:s0
content_suggestions u:object_r:content_suggestions_service:s0
contexthub u:object_r:contexthub_service:s0
country_detector u:object_r:country_detector_service:s0
@@ -81,7 +82,6 @@
iphonesubinfo u:object_r:radio_service:s0
ims u:object_r:radio_service:s0
imms u:object_r:imms_service:s0
-intelligence u:object_r:intelligence_service:s0
ipsec u:object_r:ipsec_service:s0
iris u:object_r:iris_service:s0
isms_msim u:object_r:radio_service:s0
@@ -148,6 +148,7 @@
recovery u:object_r:recovery_service:s0
restrictions u:object_r:restrictions_service:s0
role u:object_r:role_service:s0
+rollback u:object_r:rollback_service:s0
rttmanager u:object_r:rttmanager_service:s0
runtime u:object_r:runtime_service:s0
samplingprofiler u:object_r:samplingprofiler_service:s0
diff --git a/private/system_server.te b/private/system_server.te
index ccc2017..4b22921 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -143,10 +143,6 @@
# Read /sys/kernel/debug/wakeup_sources.
allow system_server debugfs_wakeup_sources:file r_file_perms;
-# Delete /data/misc/stats-data/ and /data/misc/stats-service/ directories.
-allow system_server stats_data_file:dir { open read remove_name search write };
-allow system_server stats_data_file:file unlink;
-
# The DhcpClient and WifiWatchdog use packet_sockets
allow system_server self:packet_socket create_socket_perms_no_ioctl;
@@ -693,7 +689,6 @@
allow system_server nfc_service:service_manager find;
allow system_server radio_service:service_manager find;
allow system_server stats_service:service_manager find;
-allow system_server thermal_service:service_manager find;
allow system_server storaged_service:service_manager find;
allow system_server surfaceflinger_service:service_manager find;
allow system_server update_engine_service:service_manager find;
diff --git a/private/thermalserviced.te b/private/thermalserviced.te
deleted file mode 100644
index 1a09e20..0000000
--- a/private/thermalserviced.te
+++ /dev/null
@@ -1,4 +0,0 @@
-typeattribute thermalserviced coredomain;
-
-init_daemon_domain(thermalserviced)
-
diff --git a/public/cameraserver.te b/public/cameraserver.te
index ba45228..b49a5f3 100644
--- a/public/cameraserver.te
+++ b/public/cameraserver.te
@@ -17,6 +17,7 @@
allow cameraserver hal_graphics_composer:fd use;
add_service(cameraserver, cameraserver_service)
+add_hwservice(cameraserver, fwk_camera_hwservice)
allow cameraserver activity_service:service_manager find;
allow cameraserver appops_service:service_manager find;
diff --git a/public/file.te b/public/file.te
index 86a85dc..951c97f 100644
--- a/public/file.te
+++ b/public/file.te
@@ -43,6 +43,9 @@
type proc_perf, fs_type, proc_type;
type proc_pid_max, fs_type, proc_type;
type proc_pipe_conf, fs_type, proc_type;
+type proc_pressure_cpu, fs_type, proc_type;
+type proc_pressure_io, fs_type, proc_type;
+type proc_pressure_mem, fs_type, proc_type;
type proc_random, fs_type, proc_type;
type proc_sched, fs_type, proc_type;
type proc_slabinfo, fs_type, proc_type;
diff --git a/public/hwservice.te b/public/hwservice.te
index a511981..6363392 100644
--- a/public/hwservice.te
+++ b/public/hwservice.te
@@ -1,5 +1,6 @@
type default_android_hwservice, hwservice_manager_type;
type fwk_bufferhub_hwservice, hwservice_manager_type, coredomain_hwservice;
+type fwk_camera_hwservice, hwservice_manager_type, coredomain_hwservice;
type fwk_display_hwservice, hwservice_manager_type, coredomain_hwservice;
type fwk_scheduler_hwservice, hwservice_manager_type, coredomain_hwservice;
type fwk_sensor_hwservice, hwservice_manager_type, coredomain_hwservice;
diff --git a/public/lmkd.te b/public/lmkd.te
index 0fc5d0f..f691b90 100644
--- a/public/lmkd.te
+++ b/public/lmkd.te
@@ -49,6 +49,13 @@
# Read /proc/meminfo
allow lmkd proc_meminfo:file r_file_perms;
+# Read /proc/pressure/cpu and /proc/pressure/io
+allow lmkd proc_pressure_cpu:file r_file_perms;
+allow lmkd proc_pressure_io:file r_file_perms;
+
+# Read/Write /proc/pressure/memory
+allow lmkd proc_pressure_mem:file rw_file_perms;
+
# Allow lmkd to write to statsd.
unix_socket_send(lmkd, statsdw, statsd)
diff --git a/public/property_contexts b/public/property_contexts
index da12ae3..c1a4f1d 100644
--- a/public/property_contexts
+++ b/public/property_contexts
@@ -61,6 +61,7 @@
dalvik.vm.method-trace-file-siz u:object_r:exported_dalvik_prop:s0 exact int
dalvik.vm.method-trace-stream u:object_r:exported_dalvik_prop:s0 exact bool
dalvik.vm.profilesystemserver u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.profilebootimage u:object_r:exported_dalvik_prop:s0 exact bool
dalvik.vm.usejit u:object_r:exported_dalvik_prop:s0 exact bool
dalvik.vm.usejitprofiles u:object_r:exported_dalvik_prop:s0 exact bool
dalvik.vm.zygote.max-boot-retry u:object_r:exported_dalvik_prop:s0 exact int
@@ -97,6 +98,7 @@
ro.boot.wificountrycode u:object_r:exported3_default_prop:s0 exact string
ro.bt.bdaddr_path u:object_r:exported_bluetooth_prop:s0 exact string
ro.camera.notify_nfc u:object_r:exported3_default_prop:s0 exact int
+ro.camera.enableLazyHal u:object_r:exported3_default_prop:s0 exact bool
ro.com.android.dataroaming u:object_r:exported3_default_prop:s0 exact bool
ro.com.android.prov_mobiledata u:object_r:exported3_default_prop:s0 exact bool
ro.config.alarm_alert u:object_r:exported2_config_prop:s0 exact string
diff --git a/public/service.te b/public/service.te
index ed5f176..e192040 100644
--- a/public/service.te
+++ b/public/service.te
@@ -29,7 +29,6 @@
type storaged_service, service_manager_type;
type surfaceflinger_service, app_api_service, ephemeral_app_api_service, service_manager_type;
type system_app_service, service_manager_type;
-type thermal_service, service_manager_type;
type update_engine_service, service_manager_type;
type virtual_touchpad_service, service_manager_type;
type vold_service, service_manager_type;
@@ -65,6 +64,7 @@
type connectivity_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type connmetrics_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type consumer_ir_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type content_capture_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type content_suggestions_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type content_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type country_detector_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
@@ -100,7 +100,6 @@
type imms_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type input_method_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type input_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
-type intelligence_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type ipsec_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type iris_service, app_api_service, system_server_service, service_manager_type;
type jobscheduler_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
@@ -138,6 +137,7 @@
type registry_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type restrictions_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type role_service, app_api_service, system_server_service, service_manager_type;
+type rollback_service, app_api_service, system_server_service, service_manager_type;
type runtime_service, system_server_service, service_manager_type;
type rttmanager_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type samplingprofiler_service, system_server_service, service_manager_type;
@@ -158,6 +158,7 @@
type textclassification_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type textservices_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type telecom_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type thermal_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type timedetector_service, system_server_service, service_manager_type;
type timezone_service, system_server_service, service_manager_type;
type timezonedetector_service, system_server_service, service_manager_type;
diff --git a/public/thermalserviced.te b/public/thermalserviced.te
deleted file mode 100644
index 4716826..0000000
--- a/public/thermalserviced.te
+++ /dev/null
@@ -1,14 +0,0 @@
-# thermalserviced -- thermal management services for system and vendor
-type thermalserviced, domain;
-type thermalserviced_exec, system_file_type, exec_type, file_type;
-
-binder_use(thermalserviced)
-binder_service(thermalserviced)
-add_service(thermalserviced, thermal_service)
-
-hwbinder_use(thermalserviced)
-hal_client_domain(thermalserviced, hal_thermal)
-add_hwservice(thermalserviced, thermalcallback_hwservice)
-
-binder_call(thermalserviced, platform_app)
-binder_call(thermalserviced, system_server)
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 32e1871..b3e128d 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -13,11 +13,14 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.broadcastradio@\d+\.\d+-service u:object_r:hal_broadcastradio_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider@2\.4-service_64 u:object_r:hal_camera_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider@2\.4-service u:object_r:hal_camera_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider@2\.4-service-lazy_64 u:object_r:hal_camera_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider@2\.4-service-lazy u:object_r:hal_camera_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider@2\.4-external-service u:object_r:hal_camera_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.configstore@1\.[0-9]+-service u:object_r:hal_configstore_default_exec:s0
/(vendor|sustem/vendor)/bin/hw/android\.hardware\.confirmationui@1\.0-service u:object_r:hal_confirmationui_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.contexthub@1\.0-service u:object_r:hal_contexthub_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.0-service u:object_r:hal_drm_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.0-service-lazy u:object_r:hal_drm_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.cas@1\.0-service u:object_r:hal_cas_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.cas@1\.0-service-lazy u:object_r:hal_cas_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.dumpstate@1\.0-service u:object_r:hal_dumpstate_default_exec:s0
@@ -46,6 +49,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.0-service u:object_r:hal_secure_element_default_exec:s0
/(vendor|system/vendor)/bin/hw/rild u:object_r:rild_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.thermal@1\.[01]-service u:object_r:hal_thermal_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.thermal@2\.0-service u:object_r:hal_thermal_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.cec@1\.0-service u:object_r:hal_tv_cec_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.input@1\.0-service u:object_r:hal_tv_input_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.0-service u:object_r:hal_usb_default_exec:s0
diff --git a/vendor/hal_wifi_supplicant_default.te b/vendor/hal_wifi_supplicant_default.te
index a446721..b6b9e09 100644
--- a/vendor/hal_wifi_supplicant_default.te
+++ b/vendor/hal_wifi_supplicant_default.te
@@ -9,7 +9,7 @@
type_transition hal_wifi_supplicant_default wifi_data_file:dir wpa_socket "sockets";
# Allow wpa_supplicant to configure nl80211
-allow hal_wifi_supplicant_default proc_net:file write;
+allow hal_wifi_supplicant_default proc_net_type:file write;
# Allow wpa_supplicant to talk to Wifi Keystore HwBinder service.
hwbinder_use(hal_wifi_supplicant_default)