Merge "Enable CAN HAL to scan /sys/devices for USB CAN"
diff --git a/build/soong/selinux_contexts.go b/build/soong/selinux_contexts.go
index 03f8f19..6a7123b 100644
--- a/build/soong/selinux_contexts.go
+++ b/build/soong/selinux_contexts.go
@@ -149,10 +149,7 @@
inputs = append(inputs, segroup.SystemExtPrivateSrcs()...)
} else {
inputs = append(inputs, segroup.SystemPrivateSrcs()...)
-
- if ctx.Config().ProductCompatibleProperty() {
- inputs = append(inputs, segroup.SystemPublicSrcs()...)
- }
+ inputs = append(inputs, segroup.SystemPublicSrcs()...)
}
if proptools.Bool(m.properties.Reqd_mask) {
diff --git a/prebuilts/api/29.0/private/adbd.te b/prebuilts/api/29.0/private/adbd.te
index 2fa4af6..ec5c57e 100644
--- a/prebuilts/api/29.0/private/adbd.te
+++ b/prebuilts/api/29.0/private/adbd.te
@@ -23,6 +23,10 @@
unix_socket_connect(adbd, recovery, recovery)
')
+# Control Perfetto traced and obtain traces from it.
+# Needed to allow port forwarding directly to traced.
+unix_socket_connect(adbd, traced_consumer, traced)
+
# Do not sanitize the environment or open fds of the shell. Allow signaling
# created processes.
allow adbd shell:process { noatsecure signal };
diff --git a/prebuilts/api/29.0/private/gpuservice.te b/prebuilts/api/29.0/private/gpuservice.te
index ebfff76..9e17d06 100644
--- a/prebuilts/api/29.0/private/gpuservice.te
+++ b/prebuilts/api/29.0/private/gpuservice.te
@@ -31,6 +31,10 @@
# Needed for interactive shell
allow gpuservice devpts:chr_file { read write getattr };
+# Needed for dumpstate to dumpsys gpu.
+allow gpuservice dumpstate:fd use;
+allow gpuservice dumpstate:fifo_file write;
+
add_service(gpuservice, gpu_service)
# Only uncomment below line when in development
diff --git a/prebuilts/api/29.0/public/property_contexts b/prebuilts/api/29.0/public/property_contexts
index 111923f..f59b5de 100644
--- a/prebuilts/api/29.0/public/property_contexts
+++ b/prebuilts/api/29.0/public/property_contexts
@@ -89,6 +89,7 @@
pm.dexopt.ab-ota u:object_r:exported_pm_prop:s0 exact string
pm.dexopt.bg-dexopt u:object_r:exported_pm_prop:s0 exact string
pm.dexopt.boot u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.disable_bg_dexopt u:object_r:exported_pm_prop:s0 exact bool
pm.dexopt.downgrade_after_inactive_days u:object_r:exported_pm_prop:s0 exact int
pm.dexopt.first-boot u:object_r:exported_pm_prop:s0 exact string
pm.dexopt.inactive u:object_r:exported_pm_prop:s0 exact string
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index 6ae83a3..c1ea949 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -40,6 +40,7 @@
device_config_storage_native_boot_prop
device_config_sys_traced_prop
device_config_window_manager_native_boot_prop
+ device_config_configuration_prop
exported_camera_prop
file_integrity_service
fwk_automotive_display_hwservice
@@ -80,7 +81,9 @@
prereboot_data_file
art_apex_dir
rebootescrow_hal_prop
+ securityfs
service_manager_service
+ service_manager_vndservice
simpleperf
snapshotctl_log_data_file
socket_hook_prop
@@ -102,6 +105,7 @@
userspace_reboot_config_prop
userspace_reboot_exported_prop
userspace_reboot_log_prop
+ userspace_reboot_test_prop
vehicle_hal_prop
tv_tuner_resource_mgr_service
vendor_apex_file
@@ -110,4 +114,5 @@
vendor_install_recovery
vendor_install_recovery_exec
vendor_socket_hook_prop
+ vendor_socket_hook_prop
virtual_ab_prop))
diff --git a/private/domain.te b/private/domain.te
index 32b40c1..3f5bbaa 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -101,6 +101,7 @@
get_prop({coredomain appdomain shell}, userspace_reboot_config_prop)
get_prop({coredomain shell}, userspace_reboot_exported_prop)
get_prop({coredomain shell}, userspace_reboot_log_prop)
+ get_prop({coredomain shell}, userspace_reboot_test_prop)
get_prop({domain -coredomain -appdomain}, vendor_default_prop)
')
diff --git a/private/fs_use b/private/fs_use
index 6fcc2cc..93d7f1b 100644
--- a/private/fs_use
+++ b/private/fs_use
@@ -11,6 +11,7 @@
fs_use_xattr overlay u:object_r:labeledfs:s0;
fs_use_xattr erofs u:object_r:labeledfs:s0;
fs_use_xattr incremental-fs u:object_r:labeledfs:s0;
+fs_use_xattr virtiofs u:object_r:labeledfs:s0;
# Label inodes from task label.
fs_use_task pipefs u:object_r:pipefs:s0;
diff --git a/private/genfs_contexts b/private/genfs_contexts
index ccf6784..828929f 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -291,6 +291,8 @@
genfscon debugfs /kcov u:object_r:debugfs_kcov:s0
+genfscon securityfs / u:object_r:securityfs:s0
+
genfscon binder /binder u:object_r:binder_device:s0
genfscon binder /hwbinder u:object_r:hwbinder_device:s0
genfscon binder /vndbinder u:object_r:vndbinder_device:s0
diff --git a/private/gsid.te b/private/gsid.te
index 5d7b043..3ff9d67 100644
--- a/private/gsid.te
+++ b/private/gsid.te
@@ -135,6 +135,8 @@
ota_image_data_file
}:file ioctl FS_IOC_FIEMAP;
+allow gsid system_server:binder call;
+
neverallow {
domain
-init
diff --git a/private/property_contexts b/private/property_contexts
index cba09a5..216531c 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -91,6 +91,7 @@
sys.boot.reason.last u:object_r:last_boot_reason_prop:s0
pm. u:object_r:pm_prop:s0
test.sys.boot.reason u:object_r:test_boot_reason_prop:s0
+test.userspace_reboot.requested u:object_r:userspace_reboot_test_prop:s0
sys.lmk. u:object_r:system_lmk_prop:s0
sys.trace. u:object_r:system_trace_prop:s0
@@ -203,6 +204,7 @@
persist.device_config.media_native. u:object_r:device_config_media_native_prop:s0
persist.device_config.storage_native_boot. u:object_r:device_config_storage_native_boot_prop:s0
persist.device_config.window_manager_native_boot. u:object_r:device_config_window_manager_native_boot_prop:s0
+persist.device_config.configuration. u:object_r:device_config_configuration_prop:s0
# Properties that relate to legacy server configurable flags
persist.device_config.global_settings.sys_traced u:object_r:device_config_sys_traced_prop:s0
@@ -245,3 +247,574 @@
# by devices with video decoding pipelines long enough to overflow the default
# history size.
ro.lib_gui.frame_event_history_size u:object_r:bq_config_prop:s0
+
+# vendor-init-readable
+persist.radio.airplane_mode_on u:object_r:exported2_radio_prop:s0 exact int
+
+# vendor-init-settable
+af.fast_track_multiplier u:object_r:exported3_default_prop:s0 exact int
+
+audio.camerasound.force u:object_r:exported_audio_prop:s0 exact bool
+audio.deep_buffer.media u:object_r:exported3_default_prop:s0 exact bool
+audio.offload.video u:object_r:exported3_default_prop:s0 exact bool
+audio.offload.min.duration.secs u:object_r:exported3_default_prop:s0 exact int
+
+camera.disable_zsl_mode u:object_r:exported3_default_prop:s0 exact bool
+camera.fifo.disable u:object_r:exported3_default_prop:s0 exact int
+
+dalvik.vm.appimageformat u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.backgroundgctype u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.boot-dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.boot-dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
+dalvik.vm.boot-image u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.checkjni u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.dex2oat-Xms u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.dex2oat-Xmx u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.dex2oat-filter u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.dex2oat-flags u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
+dalvik.vm.dexopt.secondary u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.execution-mode u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.extra-opts u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.foreground-heap-growth-multiplier u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.gctype u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.heapgrowthlimit u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.heapmaxfree u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.heapminfree u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.heapsize u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.heapstartsize u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.heaptargetutilization u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.hot-startup-method-samples u:object_r:exported_dalvik_prop:s0 exact int
+dalvik.vm.image-dex2oat-Xms u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.image-dex2oat-Xmx u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.image-dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.image-dex2oat-filter u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.image-dex2oat-flags u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.image-dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
+dalvik.vm.isa.arm.features u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.arm.variant u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.arm64.features u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.arm64.variant u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.mips.features u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.mips.variant u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.mips64.features u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.mips64.variant u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.unknown.features u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.unknown.variant u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.x86.features u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.x86.variant u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.x86_64.features u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.x86_64.variant u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.jitinitialsize u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.jitmaxsize u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.jitprithreadweight u:object_r:exported_dalvik_prop:s0 exact int
+dalvik.vm.jitthreshold u:object_r:exported_dalvik_prop:s0 exact int
+dalvik.vm.jittransitionweight u:object_r:exported_dalvik_prop:s0 exact int
+dalvik.vm.jniopts u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.lockprof.threshold u:object_r:exported_dalvik_prop:s0 exact int
+dalvik.vm.method-trace u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.method-trace-file u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.method-trace-file-siz u:object_r:exported_dalvik_prop:s0 exact int
+dalvik.vm.method-trace-stream u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.profilesystemserver u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.profilebootclasspath u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.usejit u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.usejitprofiles u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.zygote.max-boot-retry u:object_r:exported_dalvik_prop:s0 exact int
+
+drm.service.enabled u:object_r:exported3_default_prop:s0 exact bool
+
+keyguard.no_require_sim u:object_r:exported3_default_prop:s0 exact bool
+
+media.recorder.show_manufacturer_and_model u:object_r:exported3_default_prop:s0 exact bool
+
+media.stagefright.cache-params u:object_r:exported3_default_prop:s0 exact string
+media.stagefright.thumbnail.prefer_hw_codecs u:object_r:exported3_default_prop:s0 exact bool
+
+persist.bluetooth.a2dp_offload.cap u:object_r:bluetooth_a2dp_offload_prop:s0 exact string
+persist.bluetooth.a2dp_offload.disabled u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool
+persist.bluetooth.bluetooth_audio_hal.disabled u:object_r:bluetooth_audio_hal_prop:s0 exact bool
+persist.bluetooth.btsnoopenable u:object_r:exported_bluetooth_prop:s0 exact bool
+
+persist.config.calibration_fac u:object_r:exported3_default_prop:s0 exact string
+
+persist.dbg.volte_avail_ovr u:object_r:exported3_default_prop:s0 exact int
+persist.dbg.vt_avail_ovr u:object_r:exported3_default_prop:s0 exact int
+persist.dbg.wfc_avail_ovr u:object_r:exported3_default_prop:s0 exact int
+
+persist.radio.multisim.config u:object_r:exported3_radio_prop:s0 exact string
+
+persist.sys.dalvik.vm.lib.2 u:object_r:exported2_system_prop:s0 exact string
+persist.sys.media.avsync u:object_r:exported2_system_prop:s0 exact bool
+persist.sys.hdmi.keep_awake u:object_r:exported2_system_prop:s0 exact bool
+persist.sys.sf.color_mode u:object_r:exported2_system_prop:s0 exact int
+persist.sys.sf.color_saturation u:object_r:exported2_system_prop:s0 exact string
+persist.sys.sf.native_mode u:object_r:exported2_system_prop:s0 exact int
+
+pm.dexopt.ab-ota u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.bg-dexopt u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.boot u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.disable_bg_dexopt u:object_r:exported_pm_prop:s0 exact bool
+pm.dexopt.downgrade_after_inactive_days u:object_r:exported_pm_prop:s0 exact int
+pm.dexopt.first-boot u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.inactive u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.install u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.shared u:object_r:exported_pm_prop:s0 exact string
+
+ro.af.client_heap_size_kbyte u:object_r:exported3_default_prop:s0 exact int
+
+ro.apk_verity.mode u:object_r:apk_verity_prop:s0 exact int
+
+ro.audio.monitorRotation u:object_r:exported3_default_prop:s0 exact bool
+
+ro.bluetooth.a2dp_offload.supported u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool
+
+ro.boot.vendor.overlay.theme u:object_r:exported_overlay_prop:s0 exact string
+ro.boot.wificountrycode u:object_r:exported3_default_prop:s0 exact string
+
+ro.bt.bdaddr_path u:object_r:exported_bluetooth_prop:s0 exact string
+
+ro.camera.notify_nfc u:object_r:exported3_default_prop:s0 exact int
+ro.camera.enableLazyHal u:object_r:exported3_default_prop:s0 exact bool
+
+ro.com.android.dataroaming u:object_r:exported3_default_prop:s0 exact bool
+ro.com.android.prov_mobiledata u:object_r:exported3_default_prop:s0 exact bool
+
+ro.config.alarm_alert u:object_r:exported2_config_prop:s0 exact string
+ro.config.media_vol_steps u:object_r:exported2_config_prop:s0 exact int
+ro.config.notification_sound u:object_r:exported2_config_prop:s0 exact string
+ro.config.per_app_memcg u:object_r:exported3_default_prop:s0 exact bool
+ro.config.ringtone u:object_r:exported2_config_prop:s0 exact string
+
+ro.control_privapp_permissions u:object_r:exported3_default_prop:s0 exact string
+
+ro.cp_system_other_odex u:object_r:exported3_default_prop:s0 exact int
+
+ro.crypto.allow_encrypt_override u:object_r:exported2_vold_prop:s0 exact bool
+ro.crypto.fde_algorithm u:object_r:exported2_vold_prop:s0 exact string
+ro.crypto.fde_sector_size u:object_r:exported2_vold_prop:s0 exact int
+ro.crypto.scrypt_params u:object_r:exported2_vold_prop:s0 exact string
+ro.crypto.set_dun u:object_r:exported2_vold_prop:s0 exact bool
+ro.crypto.volume.contents_mode u:object_r:exported2_vold_prop:s0 exact string
+ro.crypto.volume.filenames_mode u:object_r:exported2_vold_prop:s0 exact string
+ro.crypto.volume.metadata.encryption u:object_r:exported2_vold_prop:s0 exact string
+ro.crypto.volume.metadata.method u:object_r:exported2_vold_prop:s0 exact string
+ro.crypto.volume.options u:object_r:exported2_vold_prop:s0 exact string
+
+ro.dalvik.vm.native.bridge u:object_r:exported_dalvik_prop:s0 exact string
+
+ro.enable_boot_charger_mode u:object_r:exported3_default_prop:s0 exact bool
+
+ro.gfx.driver.0 u:object_r:exported3_default_prop:s0 exact string
+ro.gfx.angle.supported u:object_r:exported3_default_prop:s0 exact bool
+
+ro.hdmi.device_type u:object_r:exported3_default_prop:s0 exact string
+ro.hdmi.wake_on_hotplug u:object_r:exported3_default_prop:s0 exact bool
+
+ro.lmk.critical u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.critical_upgrade u:object_r:exported3_default_prop:s0 exact bool
+ro.lmk.debug u:object_r:exported3_default_prop:s0 exact bool
+ro.lmk.downgrade_pressure u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.kill_heaviest_task u:object_r:exported3_default_prop:s0 exact bool
+ro.lmk.kill_timeout_ms u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.low u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.medium u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.psi_partial_stall_ms u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.psi_complete_stall_ms u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.swap_free_low_percentage u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.thrashing_limit u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.thrashing_limit_decay u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.use_minfree_levels u:object_r:exported3_default_prop:s0 exact bool
+ro.lmk.upgrade_pressure u:object_r:exported3_default_prop:s0 exact int
+
+ro.minui.default_rotation u:object_r:exported3_default_prop:s0 exact string
+ro.minui.overscan_percent u:object_r:exported3_default_prop:s0 exact int
+ro.minui.pixel_format u:object_r:exported3_default_prop:s0 exact string
+
+ro.oem_unlock_supported u:object_r:exported3_default_prop:s0 exact int
+
+ro.opengles.version u:object_r:exported3_default_prop:s0 exact int
+
+ro.radio.noril u:object_r:exported3_default_prop:s0 exact string
+
+ro.rebootescrow.device u:object_r:rebootescrow_hal_prop:s0 exact string
+
+ro.retaildemo.video_path u:object_r:exported3_default_prop:s0 exact string
+
+ro.statsd.enable u:object_r:exported3_default_prop:s0 exact bool
+
+ro.sf.disable_triple_buffer u:object_r:exported3_default_prop:s0 exact bool
+ro.sf.lcd_density u:object_r:exported3_default_prop:s0 exact int
+
+ro.storage_manager.enabled u:object_r:exported3_default_prop:s0 exact bool
+
+ro.telephony.call_ring.multiple u:object_r:exported3_default_prop:s0 exact bool
+ro.telephony.default_cdma_sub u:object_r:exported3_default_prop:s0 exact int
+ro.telephony.default_network u:object_r:exported3_default_prop:s0 exact string
+
+ro.vehicle.hal u:object_r:vehicle_hal_prop:s0 exact string
+
+ro.vendor.build.security_patch u:object_r:vendor_security_patch_level_prop:s0 exact string
+
+ro.zram.mark_idle_delay_mins u:object_r:exported3_default_prop:s0 exact int
+ro.zram.first_wb_delay_mins u:object_r:exported3_default_prop:s0 exact int
+ro.zram.periodic_wb_delay_hours u:object_r:exported3_default_prop:s0 exact int
+
+ro.zygote u:object_r:exported3_default_prop:s0 exact string
+
+sendbug.preferred.domain u:object_r:exported3_default_prop:s0 exact string
+
+sys.usb.controller u:object_r:exported2_system_prop:s0 exact string
+sys.usb.ffs.max_read u:object_r:exported_ffs_prop:s0 exact int
+sys.usb.ffs.max_write u:object_r:exported_ffs_prop:s0 exact int
+sys.usb.ffs.ready u:object_r:exported_ffs_prop:s0 exact bool
+sys.usb.mtp.device_type u:object_r:exported2_system_prop:s0 exact int
+sys.usb.ffs.mtp.ready u:object_r:exported_ffs_prop:s0 exact bool
+sys.usb.state u:object_r:exported2_system_prop:s0 exact string
+
+telephony.lteOnCdmaDevice u:object_r:exported3_default_prop:s0 exact int
+
+tombstoned.max_tombstone_count u:object_r:exported3_default_prop:s0 exact int
+
+vold.post_fs_data_done u:object_r:exported2_vold_prop:s0 exact int
+
+vts.native_server.on u:object_r:exported3_default_prop:s0 exact bool
+
+wlan.driver.status u:object_r:exported_wifi_prop:s0 exact enum ok unloaded
+
+zram.force_writeback u:object_r:exported3_default_prop:s0 exact bool
+
+# vendor-init-readable
+apexd.status u:object_r:apexd_prop:s0 exact enum starting activated ready
+
+dev.bootcomplete u:object_r:exported3_system_prop:s0 exact bool
+
+persist.sys.device_provisioned u:object_r:exported3_system_prop:s0 exact string
+persist.sys.theme u:object_r:theme_prop:s0 exact string
+persist.sys.usb.usbradio.config u:object_r:exported3_system_prop:s0 exact string
+
+sys.boot_completed u:object_r:exported3_system_prop:s0 exact bool
+sys.retaildemo.enabled u:object_r:exported3_system_prop:s0 exact int
+sys.user.0.ce_available u:object_r:exported3_system_prop:s0 exact bool
+sys.vdso u:object_r:exported3_system_prop:s0 exact string
+
+# vendor-init-settable
+persist.sys.zram_enabled u:object_r:exported2_system_prop:s0 exact bool
+
+sys.usb.config u:object_r:exported_system_radio_prop:s0 exact string
+sys.usb.configfs u:object_r:exported_system_radio_prop:s0 exact int
+
+# public-readable
+aac_drc_boost u:object_r:exported2_default_prop:s0 exact int
+aac_drc_cut u:object_r:exported2_default_prop:s0 exact int
+aac_drc_enc_target_level u:object_r:exported2_default_prop:s0 exact int
+aac_drc_heavy u:object_r:exported2_default_prop:s0 exact int
+aac_drc_reference_level u:object_r:exported2_default_prop:s0 exact int
+
+build.version.extensions. u:object_r:module_sdkextensions_prop:s0 prefix int
+
+ro.aac_drc_effect_type u:object_r:exported2_default_prop:s0 exact int
+
+drm.64bit.enabled u:object_r:exported2_default_prop:s0 exact bool
+
+dumpstate.dry_run u:object_r:exported_dumpstate_prop:s0 exact bool
+dumpstate.unroot u:object_r:exported_dumpstate_prop:s0 exact bool
+
+hal.instrumentation.enable u:object_r:exported2_default_prop:s0 exact bool
+
+init.svc.bugreport u:object_r:exported2_default_prop:s0 exact string
+init.svc.console u:object_r:exported2_default_prop:s0 exact string
+init.svc.dumpstatez u:object_r:exported2_default_prop:s0 exact string
+init.svc.mediadrm u:object_r:exported2_default_prop:s0 exact string
+init.svc.surfaceflinger u:object_r:exported2_default_prop:s0 exact string
+init.svc.tombstoned u:object_r:exported2_default_prop:s0 exact string
+init.svc.zygote u:object_r:exported2_default_prop:s0 exact string
+
+libc.debug.malloc.options u:object_r:exported2_default_prop:s0 exact string
+libc.debug.malloc.program u:object_r:exported2_default_prop:s0 exact string
+libc.debug.hooks.enable u:object_r:exported2_default_prop:s0 exact string
+
+net.redirect_socket_calls.hooked u:object_r:socket_hook_prop:s0 exact bool
+
+persist.sys.locale u:object_r:exported_system_prop:s0 exact string
+persist.sys.timezone u:object_r:exported_system_prop:s0 exact string
+persist.sys.test_harness u:object_r:test_harness_prop:s0 exact bool
+
+ro.adb.secure u:object_r:exported_secure_prop:s0 exact int
+
+ro.arch u:object_r:exported2_default_prop:s0 exact string
+
+ro.audio.ignore_effects u:object_r:exported2_default_prop:s0 exact bool
+
+ro.baseband u:object_r:exported2_default_prop:s0 exact string
+
+ro.boot.avb_version u:object_r:exported2_default_prop:s0 exact string
+ro.boot.baseband u:object_r:exported2_default_prop:s0 exact string
+ro.boot.bootdevice u:object_r:exported2_default_prop:s0 exact string
+ro.boot.bootloader u:object_r:exported2_default_prop:s0 exact string
+ro.boot.boottime u:object_r:exported2_default_prop:s0 exact string
+ro.boot.console u:object_r:exported2_default_prop:s0 exact string
+ro.boot.hardware u:object_r:exported2_default_prop:s0 exact string
+ro.boot.hardware.color u:object_r:exported2_default_prop:s0 exact string
+ro.boot.hardware.sku u:object_r:exported2_default_prop:s0 exact string
+ro.boot.keymaster u:object_r:exported2_default_prop:s0 exact string
+ro.boot.mode u:object_r:exported2_default_prop:s0 exact string
+ro.boot.vbmeta.avb_version u:object_r:exported2_default_prop:s0 exact string
+ro.boot.verifiedbootstate u:object_r:exported2_default_prop:s0 exact string
+ro.boot.veritymode u:object_r:exported2_default_prop:s0 exact string
+ro.boot.dynamic_partitions u:object_r:exported_default_prop:s0 exact string
+ro.boot.dynamic_partitions_retrofit u:object_r:exported_default_prop:s0 exact string
+
+ro.bootloader u:object_r:exported2_default_prop:s0 exact string
+
+ro.build.date u:object_r:exported2_default_prop:s0 exact string
+ro.build.date.utc u:object_r:exported2_default_prop:s0 exact int
+ro.build.description u:object_r:exported2_default_prop:s0 exact string
+ro.build.display.id u:object_r:exported2_default_prop:s0 exact string
+ro.build.fingerprint u:object_r:exported_fingerprint_prop:s0 exact string
+ro.build.host u:object_r:exported2_default_prop:s0 exact string
+ro.build.id u:object_r:exported2_default_prop:s0 exact string
+ro.build.product u:object_r:exported2_default_prop:s0 exact string
+ro.build.system_root_image u:object_r:exported2_default_prop:s0 exact bool
+ro.build.tags u:object_r:exported2_default_prop:s0 exact string
+ro.build.user u:object_r:exported2_default_prop:s0 exact string
+ro.build.version.base_os u:object_r:exported2_default_prop:s0 exact string
+ro.build.version.codename u:object_r:exported2_default_prop:s0 exact string
+ro.build.version.incremental u:object_r:exported2_default_prop:s0 exact string
+ro.build.version.preview_sdk u:object_r:exported2_default_prop:s0 exact int
+ro.build.version.release u:object_r:exported2_default_prop:s0 exact string
+ro.build.version.release_or_codename u:object_r:exported2_default_prop:s0 exact string
+ro.build.version.sdk u:object_r:exported2_default_prop:s0 exact int
+ro.build.version.security_patch u:object_r:exported2_default_prop:s0 exact string
+
+ro.crypto.state u:object_r:exported_vold_prop:s0 exact string
+ro.crypto.type u:object_r:exported_vold_prop:s0 exact string
+
+ro.debuggable u:object_r:exported2_default_prop:s0 exact int
+
+ro.hardware u:object_r:exported2_default_prop:s0 exact string
+
+ro.product.brand u:object_r:exported2_default_prop:s0 exact string
+ro.product.cpu.abi u:object_r:exported2_default_prop:s0 exact string
+ro.product.cpu.abilist u:object_r:exported2_default_prop:s0 exact string
+ro.product.device u:object_r:exported2_default_prop:s0 exact string
+ro.product.manufacturer u:object_r:exported2_default_prop:s0 exact string
+ro.product.model u:object_r:exported2_default_prop:s0 exact string
+ro.product.name u:object_r:exported2_default_prop:s0 exact string
+
+ro.property_service.version u:object_r:exported2_default_prop:s0 exact int
+
+ro.revision u:object_r:exported2_default_prop:s0 exact string
+
+ro.secure u:object_r:exported_secure_prop:s0 exact int
+
+ro.vendor.redirect_socket_calls u:object_r:vendor_socket_hook_prop:s0 exact bool
+
+service.bootanim.exit u:object_r:exported_system_prop:s0 exact int
+
+sys.boot_from_charger_mode u:object_r:exported_system_prop:s0 exact int
+sys.init.userspace_reboot.in_progress u:object_r:userspace_reboot_exported_prop:s0 exact bool
+sys.use_memfd u:object_r:use_memfd_prop:s0 exact bool
+
+vold.decrypt u:object_r:exported_vold_prop:s0 exact string
+
+# vendor-init-settable|public-readable
+aaudio.hw_burst_min_usec u:object_r:exported_default_prop:s0 exact int
+aaudio.minimum_sleep_usec u:object_r:exported_default_prop:s0 exact int
+aaudio.mixer_bursts u:object_r:exported_default_prop:s0 exact int
+aaudio.mmap_exclusive_policy u:object_r:exported_default_prop:s0 exact int
+aaudio.mmap_policy u:object_r:exported_default_prop:s0 exact int
+aaudio.wakeup_delay_usec u:object_r:exported_default_prop:s0 exact int
+
+config.disable_cameraservice u:object_r:exported_camera_prop:s0 exact bool
+
+gsm.sim.operator.numeric u:object_r:exported_radio_prop:s0 exact string
+
+media.mediadrmservice.enable u:object_r:exported_default_prop:s0 exact bool
+
+persist.rcs.supported u:object_r:exported_default_prop:s0 exact int
+
+rcs.publish.status u:object_r:exported_radio_prop:s0 exact string
+
+ro.bionic.2nd_arch u:object_r:cpu_variant_prop:s0 exact string
+ro.bionic.2nd_cpu_variant u:object_r:cpu_variant_prop:s0 exact string
+ro.bionic.arch u:object_r:cpu_variant_prop:s0 exact string
+ro.bionic.cpu_variant u:object_r:cpu_variant_prop:s0 exact string
+
+ro.board.platform u:object_r:exported_default_prop:s0 exact string
+
+ro.boot.fake_battery u:object_r:exported_default_prop:s0 exact int
+ro.boot.hardware.revision u:object_r:exported_default_prop:s0 exact string
+ro.boot.product.hardware.sku u:object_r:exported_default_prop:s0 exact string
+ro.boot.product.vendor.sku u:object_r:exported_default_prop:s0 exact string
+ro.boot.slot_suffix u:object_r:exported_default_prop:s0 exact string
+
+ro.bootimage.build.date u:object_r:exported_default_prop:s0 exact string
+ro.bootimage.build.date.utc u:object_r:exported_default_prop:s0 exact int
+ro.bootimage.build.fingerprint u:object_r:exported_default_prop:s0 exact string
+
+ro.boringcrypto.hwrand u:object_r:exported_default_prop:s0 exact bool
+
+ro.build.ab_update u:object_r:exported_default_prop:s0 exact string
+ro.build.expect.baseband u:object_r:exported_default_prop:s0 exact string
+ro.build.expect.bootloader u:object_r:exported_default_prop:s0 exact string
+
+ro.carrier u:object_r:exported_default_prop:s0 exact string
+
+ro.config.low_ram u:object_r:exported_config_prop:s0 exact bool
+ro.config.vc_call_vol_steps u:object_r:exported_config_prop:s0 exact int
+
+ro.frp.pst u:object_r:exported_default_prop:s0 exact string
+
+ro.hardware.activity_recognition u:object_r:exported_default_prop:s0 exact string
+ro.hardware.audio u:object_r:exported_default_prop:s0 exact string
+ro.hardware.audio.a2dp u:object_r:exported_default_prop:s0 exact string
+ro.hardware.audio.hearing_aid u:object_r:exported_default_prop:s0 exact string
+ro.hardware.audio.primary u:object_r:exported_default_prop:s0 exact string
+ro.hardware.audio.usb u:object_r:exported_default_prop:s0 exact string
+ro.hardware.audio_policy u:object_r:exported_default_prop:s0 exact string
+ro.hardware.bootctrl u:object_r:exported_default_prop:s0 exact string
+ro.hardware.camera u:object_r:exported_default_prop:s0 exact string
+ro.hardware.consumerir u:object_r:exported_default_prop:s0 exact string
+ro.hardware.context_hub u:object_r:exported_default_prop:s0 exact string
+ro.hardware.egl u:object_r:exported_default_prop:s0 exact string
+ro.hardware.fingerprint u:object_r:exported_default_prop:s0 exact string
+ro.hardware.flp u:object_r:exported_default_prop:s0 exact string
+ro.hardware.gatekeeper u:object_r:exported_default_prop:s0 exact string
+ro.hardware.gps u:object_r:exported_default_prop:s0 exact string
+ro.hardware.gralloc u:object_r:exported_default_prop:s0 exact string
+ro.hardware.hdmi_cec u:object_r:exported_default_prop:s0 exact string
+ro.hardware.hwcomposer u:object_r:exported_default_prop:s0 exact string
+ro.hardware.input u:object_r:exported_default_prop:s0 exact string
+ro.hardware.keystore u:object_r:exported_default_prop:s0 exact string
+ro.hardware.keystore_desede u:object_r:exported_default_prop:s0 exact string
+ro.hardware.lights u:object_r:exported_default_prop:s0 exact string
+ro.hardware.local_time u:object_r:exported_default_prop:s0 exact string
+ro.hardware.memtrack u:object_r:exported_default_prop:s0 exact string
+ro.hardware.nfc u:object_r:exported_default_prop:s0 exact string
+ro.hardware.nfc_nci u:object_r:exported_default_prop:s0 exact string
+ro.hardware.nfc_tag u:object_r:exported_default_prop:s0 exact string
+ro.hardware.nvram u:object_r:exported_default_prop:s0 exact string
+ro.hardware.power u:object_r:exported_default_prop:s0 exact string
+ro.hardware.radio u:object_r:exported_default_prop:s0 exact string
+ro.hardware.sensors u:object_r:exported_default_prop:s0 exact string
+ro.hardware.sound_trigger u:object_r:exported_default_prop:s0 exact string
+ro.hardware.thermal u:object_r:exported_default_prop:s0 exact string
+ro.hardware.tv_input u:object_r:exported_default_prop:s0 exact string
+ro.hardware.type u:object_r:exported_default_prop:s0 exact string
+ro.hardware.vehicle u:object_r:exported_default_prop:s0 exact string
+ro.hardware.vibrator u:object_r:exported_default_prop:s0 exact string
+ro.hardware.virtual_device u:object_r:exported_default_prop:s0 exact string
+ro.hardware.vulkan u:object_r:exported_default_prop:s0 exact string
+
+ro.hwui.use_vulkan u:object_r:exported_default_prop:s0 exact bool
+
+ro.kernel.qemu u:object_r:exported_default_prop:s0 exact bool
+ro.kernel.qemu. u:object_r:exported_default_prop:s0
+ro.kernel.android.bootanim u:object_r:exported_default_prop:s0 exact int
+
+ro.odm.build.date u:object_r:exported_default_prop:s0 exact string
+ro.odm.build.date.utc u:object_r:exported_default_prop:s0 exact int
+ro.odm.build.fingerprint u:object_r:exported_default_prop:s0 exact string
+ro.odm.build.version.incremental u:object_r:exported_default_prop:s0 exact string
+
+ro.oem.key1 u:object_r:exported_default_prop:s0 exact string
+
+ro.product.board u:object_r:exported_default_prop:s0 exact string
+ro.product.cpu.abilist32 u:object_r:exported_default_prop:s0 exact string
+ro.product.cpu.abilist64 u:object_r:exported_default_prop:s0 exact string
+ro.product.first_api_level u:object_r:exported_default_prop:s0 exact int
+ro.product.odm.brand u:object_r:exported_default_prop:s0 exact string
+ro.product.odm.device u:object_r:exported_default_prop:s0 exact string
+ro.product.odm.manufacturer u:object_r:exported_default_prop:s0 exact string
+ro.product.odm.model u:object_r:exported_default_prop:s0 exact string
+ro.product.odm.name u:object_r:exported_default_prop:s0 exact string
+ro.product.vendor.brand u:object_r:exported_default_prop:s0 exact string
+ro.product.vendor.device u:object_r:exported_default_prop:s0 exact string
+ro.product.vendor.manufacturer u:object_r:exported_default_prop:s0 exact string
+ro.product.vendor.model u:object_r:exported_default_prop:s0 exact string
+ro.product.vendor.name u:object_r:exported_default_prop:s0 exact string
+ro.product.vndk.version u:object_r:vndk_prop:s0 exact string
+
+ro.telephony.iwlan_operation_mode u:object_r:exported_radio_prop:s0 exact enum default legacy AP-assisted
+
+ro.vendor.build.date u:object_r:exported_default_prop:s0 exact string
+ro.vendor.build.date.utc u:object_r:exported_default_prop:s0 exact int
+ro.vendor.build.fingerprint u:object_r:exported_default_prop:s0 exact string
+ro.vendor.build.version.incremental u:object_r:exported_default_prop:s0 exact string
+
+ro.vndk.lite u:object_r:vndk_prop:s0 exact bool
+ro.vndk.version u:object_r:vndk_prop:s0 exact string
+
+ro.vts.coverage u:object_r:exported_default_prop:s0 exact int
+
+wifi.active.interface u:object_r:exported_wifi_prop:s0 exact string
+wifi.concurrent.interface u:object_r:exported_default_prop:s0 exact string
+wifi.direct.interface u:object_r:exported_default_prop:s0 exact string
+wifi.interface u:object_r:exported_default_prop:s0 exact string
+
+ro.apex.updatable u:object_r:exported_default_prop:s0 exact bool
+
+ro.init.userspace_reboot.is_supported u:object_r:userspace_reboot_config_prop:s0 exact bool
+
+# public-readable
+ro.boot.revision u:object_r:exported2_default_prop:s0 exact string
+
+ro.bootmode u:object_r:exported2_default_prop:s0 exact string
+
+ro.build.type u:object_r:exported2_default_prop:s0 exact string
+
+sys.shutdown.requested u:object_r:exported_system_prop:s0 exact string
+
+# Using Sysprop as API. So the ro.surface_flinger.* are guaranteed to be API-stable
+ro.surface_flinger.default_composition_dataspace u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.default_composition_pixel_format u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.force_hwc_copy_for_virtual_displays u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.has_HDR_display u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.has_wide_color_display u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.max_frame_buffer_acquired_buffers u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.max_graphics_height u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.max_graphics_width u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.max_virtual_display_dimension u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.primary_display_orientation u:object_r:exported_default_prop:s0 exact string
+ro.surface_flinger.present_time_offset_from_vsync_ns u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.running_without_sync_framework u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.start_graphics_allocator_service u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.use_color_management u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.use_context_priority u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.use_vr_flinger u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.vsync_event_phase_offset_ns u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.vsync_sf_event_phase_offset_ns u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.wcg_composition_dataspace u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.wcg_composition_pixel_format u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.display_primary_red u:object_r:exported_default_prop:s0 exact string
+ro.surface_flinger.display_primary_green u:object_r:exported_default_prop:s0 exact string
+ro.surface_flinger.display_primary_blue u:object_r:exported_default_prop:s0 exact string
+ro.surface_flinger.display_primary_white u:object_r:exported_default_prop:s0 exact string
+ro.surface_flinger.protected_contents u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.set_idle_timer_ms u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.set_touch_timer_ms u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.set_display_power_timer_ms u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.support_kernel_idle_timer u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.use_smart_90_for_video u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.use_content_detection_for_refresh_rate u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.color_space_agnostic_dataspace u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.refresh_rate_switching u:object_r:exported_default_prop:s0 exact bool
+
+# Binder cache properties. These are world-readable
+cache_key.app_inactive u:object_r:binder_cache_system_server_prop:s0
+cache_key.is_compat_change_enabled u:object_r:binder_cache_system_server_prop:s0
+cache_key.get_packages_for_uid u:object_r:binder_cache_system_server_prop:s0
+cache_key.has_system_feature u:object_r:binder_cache_system_server_prop:s0
+cache_key.is_interactive u:object_r:binder_cache_system_server_prop:s0
+cache_key.is_power_save_mode u:object_r:binder_cache_system_server_prop:s0
+cache_key.is_user_unlocked u:object_r:binder_cache_system_server_prop:s0
+cache_key.volume_list u:object_r:binder_cache_system_server_prop:s0
+cache_key.display_info u:object_r:binder_cache_system_server_prop:s0
+cache_key.location_enabled u:object_r:binder_cache_system_server_prop:s0
+cache_key.package_info u:object_r:binder_cache_system_server_prop:s0
+
+cache_key.bluetooth. u:object_r:binder_cache_bluetooth_server_prop:s0 prefix string
+cache_key.system_server. u:object_r:binder_cache_system_server_prop:s0 prefix string
+cache_key.telephony. u:object_r:binder_cache_telephony_server_prop:s0 prefix string
diff --git a/private/shell.te b/private/shell.te
index 2c69f95..76ff073 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -73,6 +73,10 @@
set_prop(shell, lpdumpd_prop);
binder_call(shell, lpdumpd)
+# Allow shell to set and read value of properties used for CTS tests of
+# userspace reboot
+set_prop(shell, userspace_reboot_test_prop)
+
# Allow shell to get encryption policy of /data/local/tmp/, for CTS
allowxperm shell shell_data_file:dir ioctl {
FS_IOC_GET_ENCRYPTION_POLICY
diff --git a/private/system_server.te b/private/system_server.te
index 67882ba..7c24598 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -301,6 +301,7 @@
hal_camera_server
hal_codec2_server
hal_face_server
+ hal_fingerprint_server
hal_graphics_allocator_server
hal_graphics_composer_server
hal_health_server
@@ -636,6 +637,7 @@
set_prop(system_server, device_config_storage_native_boot_prop)
set_prop(system_server, device_config_sys_traced_prop)
set_prop(system_server, device_config_window_manager_native_boot_prop)
+set_prop(system_server, device_config_configuration_prop)
# BootReceiver to read ro.boot.bootreason
get_prop(system_server, bootloader_boot_reason_prop)
diff --git a/private/system_server_startup.te b/private/system_server_startup.te
index f1427a9..902941e 100644
--- a/private/system_server_startup.te
+++ b/private/system_server_startup.te
@@ -7,13 +7,6 @@
allow system_server_startup self:process execmem;
allow system_server_startup system_server_startup_tmpfs:file { execute read write open map };
-# Allow to pick up integrity-checked artifacts from the dalvik cache.
-allow system_server_startup dalvikcache_data_file:dir r_dir_perms;
-allow system_server_startup dalvikcache_data_file:file { r_file_perms execute };
-
-# While doing the above, will touch the apex mount dir.
-allow system_server_startup mnt_expand_file:dir getattr;
-
# Allow system_server_startup to run setcon() and enter the
# system_server domain
allow system_server_startup self:process setcurrent;
diff --git a/public/app.te b/public/app.te
index 235d3f8..e5b9fd6 100644
--- a/public/app.te
+++ b/public/app.te
@@ -317,7 +317,7 @@
allow appdomain proc_meminfo:file r_file_perms;
# For app fuse.
-allow appdomain app_fuse_file:file { getattr read append write };
+allow appdomain app_fuse_file:file { getattr read append write map };
pdx_client({ appdomain -isolated_app -ephemeral_app }, display_client)
pdx_client({ appdomain -isolated_app -ephemeral_app }, display_manager)
diff --git a/public/dumpstate.te b/public/dumpstate.te
index b64fcdc..1e895e4 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -81,6 +81,7 @@
hal_codec2_server
hal_drm_server
hal_face_server
+ hal_fingerprint_server
hal_graphics_allocator_server
hal_graphics_composer_server
hal_health_server
diff --git a/public/file.te b/public/file.te
index 1cc34f5..bb83a44 100644
--- a/public/file.te
+++ b/public/file.te
@@ -137,6 +137,7 @@
type debugfs_tracing_instances, fs_type, debugfs_type;
type debugfs_wakeup_sources, fs_type, debugfs_type;
type debugfs_wifi_tracing, fs_type, debugfs_type;
+type securityfs, fs_type;
type pstorefs, fs_type;
type functionfs, fs_type, mlstrustedobject;
diff --git a/public/flags_health_check.te b/public/flags_health_check.te
index cf33ce7..6315d44 100644
--- a/public/flags_health_check.te
+++ b/public/flags_health_check.te
@@ -13,6 +13,7 @@
set_prop(flags_health_check, device_config_storage_native_boot_prop)
set_prop(flags_health_check, device_config_sys_traced_prop)
set_prop(flags_health_check, device_config_window_manager_native_boot_prop)
+set_prop(flags_health_check, device_config_configuration_prop)
allow flags_health_check server_configurable_flags_data_file:dir rw_dir_perms;
allow flags_health_check server_configurable_flags_data_file:file create_file_perms;
diff --git a/public/hal_neuralnetworks.te b/public/hal_neuralnetworks.te
index 1ef6cad..f8d6ff5 100644
--- a/public/hal_neuralnetworks.te
+++ b/public/hal_neuralnetworks.te
@@ -5,6 +5,8 @@
hal_attribute_hwservice(hal_neuralnetworks, hal_neuralnetworks_hwservice)
allow hal_neuralnetworks hidl_memory_hwservice:hwservice_manager find;
allow hal_neuralnetworks hal_allocator:fd use;
+allow hal_neuralnetworks hal_graphics_mapper_hwservice:hwservice_manager find;
+allow hal_neuralnetworks hal_graphics_allocator:fd use;
# Allow NN HAL service to use a client-provided fd residing in /data/data/.
allow hal_neuralnetworks_server app_data_file:file { read write getattr map };
@@ -13,6 +15,9 @@
# Allow NN HAL service to use a client-provided fd residing in /data/local/tmp/.
allow hal_neuralnetworks_server shell_data_file:file { read write getattr map };
+# Allow NN HAL service to read a client-provided ION memory fd.
+allow hal_neuralnetworks_server ion_device:chr_file r_file_perms;
+
# Allow NN HAL client to check the ro.nnapi.extensions.deny_on_product
# property to determine whether to deny NNAPI extensions use for apps
# on product partition (apps in GSI are not allowed to use NNAPI extensions).
diff --git a/public/property.te b/public/property.te
index 8f4b7a3..67a1fbe 100644
--- a/public/property.te
+++ b/public/property.te
@@ -12,6 +12,7 @@
system_internal_prop(device_config_storage_native_boot_prop)
system_internal_prop(device_config_sys_traced_prop)
system_internal_prop(device_config_window_manager_native_boot_prop)
+system_internal_prop(device_config_configuration_prop)
system_internal_prop(firstboot_prop)
system_internal_prop(gsid_prop)
system_internal_prop(init_perf_lsm_hooks_prop)
@@ -20,6 +21,7 @@
system_internal_prop(netd_stable_secret_prop)
system_internal_prop(pm_prop)
system_internal_prop(userspace_reboot_log_prop)
+system_internal_prop(userspace_reboot_test_prop)
system_internal_prop(system_adbd_prop)
system_internal_prop(adbd_prop)
system_internal_prop(traced_perf_enabled_prop)
@@ -586,3 +588,11 @@
} {
adbd_prop
}:property_service set;
+
+neverallow {
+ # Only allow init and shell to set userspace_reboot_test_prop
+ -init
+ -shell
+} {
+ userspace_reboot_test_prop
+}:property_service set;
diff --git a/public/property_contexts b/public/property_contexts
deleted file mode 100644
index f05a516..0000000
--- a/public/property_contexts
+++ /dev/null
@@ -1,465 +0,0 @@
-# vendor-init-readable
-persist.radio.airplane_mode_on u:object_r:exported2_radio_prop:s0 exact int
-
-# vendor-init-settable
-af.fast_track_multiplier u:object_r:exported3_default_prop:s0 exact int
-audio.camerasound.force u:object_r:exported_audio_prop:s0 exact bool
-audio.deep_buffer.media u:object_r:exported3_default_prop:s0 exact bool
-audio.offload.video u:object_r:exported3_default_prop:s0 exact bool
-audio.offload.min.duration.secs u:object_r:exported3_default_prop:s0 exact int
-camera.disable_zsl_mode u:object_r:exported3_default_prop:s0 exact bool
-camera.fifo.disable u:object_r:exported3_default_prop:s0 exact int
-dalvik.vm.appimageformat u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.backgroundgctype u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.boot-dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.boot-dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
-dalvik.vm.boot-image u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.checkjni u:object_r:exported_dalvik_prop:s0 exact bool
-dalvik.vm.dex2oat-Xms u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.dex2oat-Xmx u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.dex2oat-filter u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.dex2oat-flags u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
-dalvik.vm.dexopt.secondary u:object_r:exported_dalvik_prop:s0 exact bool
-dalvik.vm.execution-mode u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.extra-opts u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.foreground-heap-growth-multiplier u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.gctype u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.heapgrowthlimit u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.heapmaxfree u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.heapminfree u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.heapsize u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.heapstartsize u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.heaptargetutilization u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.hot-startup-method-samples u:object_r:exported_dalvik_prop:s0 exact int
-dalvik.vm.image-dex2oat-Xms u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.image-dex2oat-Xmx u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.image-dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.image-dex2oat-filter u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.image-dex2oat-flags u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.image-dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
-dalvik.vm.isa.arm.features u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.isa.arm.variant u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.isa.arm64.features u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.isa.arm64.variant u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.isa.mips.features u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.isa.mips.variant u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.isa.mips64.features u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.isa.mips64.variant u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.isa.unknown.features u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.isa.unknown.variant u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.isa.x86.features u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.isa.x86.variant u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.isa.x86_64.features u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.isa.x86_64.variant u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.jitinitialsize u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.jitmaxsize u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.jitprithreadweight u:object_r:exported_dalvik_prop:s0 exact int
-dalvik.vm.jitthreshold u:object_r:exported_dalvik_prop:s0 exact int
-dalvik.vm.jittransitionweight u:object_r:exported_dalvik_prop:s0 exact int
-dalvik.vm.jniopts u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.lockprof.threshold u:object_r:exported_dalvik_prop:s0 exact int
-dalvik.vm.method-trace u:object_r:exported_dalvik_prop:s0 exact bool
-dalvik.vm.method-trace-file u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.method-trace-file-siz u:object_r:exported_dalvik_prop:s0 exact int
-dalvik.vm.method-trace-stream u:object_r:exported_dalvik_prop:s0 exact bool
-dalvik.vm.profilesystemserver u:object_r:exported_dalvik_prop:s0 exact bool
-dalvik.vm.profilebootclasspath u:object_r:exported_dalvik_prop:s0 exact bool
-dalvik.vm.usejit u:object_r:exported_dalvik_prop:s0 exact bool
-dalvik.vm.usejitprofiles u:object_r:exported_dalvik_prop:s0 exact bool
-dalvik.vm.zygote.max-boot-retry u:object_r:exported_dalvik_prop:s0 exact int
-drm.service.enabled u:object_r:exported3_default_prop:s0 exact bool
-keyguard.no_require_sim u:object_r:exported3_default_prop:s0 exact bool
-media.recorder.show_manufacturer_and_model u:object_r:exported3_default_prop:s0 exact bool
-media.stagefright.cache-params u:object_r:exported3_default_prop:s0 exact string
-media.stagefright.thumbnail.prefer_hw_codecs u:object_r:exported3_default_prop:s0 exact bool
-persist.bluetooth.a2dp_offload.cap u:object_r:bluetooth_a2dp_offload_prop:s0 exact string
-persist.bluetooth.a2dp_offload.disabled u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool
-persist.bluetooth.bluetooth_audio_hal.disabled u:object_r:bluetooth_audio_hal_prop:s0 exact bool
-persist.bluetooth.btsnoopenable u:object_r:exported_bluetooth_prop:s0 exact bool
-persist.config.calibration_fac u:object_r:exported3_default_prop:s0 exact string
-persist.dbg.volte_avail_ovr u:object_r:exported3_default_prop:s0 exact int
-persist.dbg.vt_avail_ovr u:object_r:exported3_default_prop:s0 exact int
-persist.dbg.wfc_avail_ovr u:object_r:exported3_default_prop:s0 exact int
-persist.radio.multisim.config u:object_r:exported3_radio_prop:s0 exact string
-persist.sys.dalvik.vm.lib.2 u:object_r:exported2_system_prop:s0 exact string
-persist.sys.media.avsync u:object_r:exported2_system_prop:s0 exact bool
-persist.sys.hdmi.keep_awake u:object_r:exported2_system_prop:s0 exact bool
-persist.sys.sf.color_mode u:object_r:exported2_system_prop:s0 exact int
-persist.sys.sf.color_saturation u:object_r:exported2_system_prop:s0 exact string
-persist.sys.sf.native_mode u:object_r:exported2_system_prop:s0 exact int
-pm.dexopt.ab-ota u:object_r:exported_pm_prop:s0 exact string
-pm.dexopt.bg-dexopt u:object_r:exported_pm_prop:s0 exact string
-pm.dexopt.boot u:object_r:exported_pm_prop:s0 exact string
-pm.dexopt.downgrade_after_inactive_days u:object_r:exported_pm_prop:s0 exact int
-pm.dexopt.first-boot u:object_r:exported_pm_prop:s0 exact string
-pm.dexopt.inactive u:object_r:exported_pm_prop:s0 exact string
-pm.dexopt.install u:object_r:exported_pm_prop:s0 exact string
-pm.dexopt.shared u:object_r:exported_pm_prop:s0 exact string
-ro.af.client_heap_size_kbyte u:object_r:exported3_default_prop:s0 exact int
-ro.apk_verity.mode u:object_r:apk_verity_prop:s0 exact int
-ro.audio.monitorRotation u:object_r:exported3_default_prop:s0 exact bool
-ro.bluetooth.a2dp_offload.supported u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool
-ro.boot.vendor.overlay.theme u:object_r:exported_overlay_prop:s0 exact string
-ro.boot.wificountrycode u:object_r:exported3_default_prop:s0 exact string
-ro.bt.bdaddr_path u:object_r:exported_bluetooth_prop:s0 exact string
-ro.camera.notify_nfc u:object_r:exported3_default_prop:s0 exact int
-ro.camera.enableLazyHal u:object_r:exported3_default_prop:s0 exact bool
-ro.com.android.dataroaming u:object_r:exported3_default_prop:s0 exact bool
-ro.com.android.prov_mobiledata u:object_r:exported3_default_prop:s0 exact bool
-ro.config.alarm_alert u:object_r:exported2_config_prop:s0 exact string
-ro.config.media_vol_steps u:object_r:exported2_config_prop:s0 exact int
-ro.config.notification_sound u:object_r:exported2_config_prop:s0 exact string
-ro.config.per_app_memcg u:object_r:exported3_default_prop:s0 exact bool
-ro.config.ringtone u:object_r:exported2_config_prop:s0 exact string
-ro.control_privapp_permissions u:object_r:exported3_default_prop:s0 exact string
-ro.cp_system_other_odex u:object_r:exported3_default_prop:s0 exact int
-ro.crypto.allow_encrypt_override u:object_r:exported2_vold_prop:s0 exact bool
-ro.crypto.fde_algorithm u:object_r:exported2_vold_prop:s0 exact string
-ro.crypto.fde_sector_size u:object_r:exported2_vold_prop:s0 exact int
-ro.crypto.scrypt_params u:object_r:exported2_vold_prop:s0 exact string
-ro.crypto.set_dun u:object_r:exported2_vold_prop:s0 exact bool
-ro.crypto.volume.contents_mode u:object_r:exported2_vold_prop:s0 exact string
-ro.crypto.volume.filenames_mode u:object_r:exported2_vold_prop:s0 exact string
-ro.crypto.volume.metadata.encryption u:object_r:exported2_vold_prop:s0 exact string
-ro.crypto.volume.metadata.method u:object_r:exported2_vold_prop:s0 exact string
-ro.crypto.volume.options u:object_r:exported2_vold_prop:s0 exact string
-ro.dalvik.vm.native.bridge u:object_r:exported_dalvik_prop:s0 exact string
-ro.enable_boot_charger_mode u:object_r:exported3_default_prop:s0 exact bool
-ro.gfx.driver.0 u:object_r:exported3_default_prop:s0 exact string
-ro.gfx.angle.supported u:object_r:exported3_default_prop:s0 exact bool
-ro.hdmi.device_type u:object_r:exported3_default_prop:s0 exact string
-ro.hdmi.wake_on_hotplug u:object_r:exported3_default_prop:s0 exact bool
-ro.lmk.critical u:object_r:exported3_default_prop:s0 exact int
-ro.lmk.critical_upgrade u:object_r:exported3_default_prop:s0 exact bool
-ro.lmk.debug u:object_r:exported3_default_prop:s0 exact bool
-ro.lmk.downgrade_pressure u:object_r:exported3_default_prop:s0 exact int
-ro.lmk.kill_heaviest_task u:object_r:exported3_default_prop:s0 exact bool
-ro.lmk.kill_timeout_ms u:object_r:exported3_default_prop:s0 exact int
-ro.lmk.low u:object_r:exported3_default_prop:s0 exact int
-ro.lmk.medium u:object_r:exported3_default_prop:s0 exact int
-ro.lmk.psi_partial_stall_ms u:object_r:exported3_default_prop:s0 exact int
-ro.lmk.psi_complete_stall_ms u:object_r:exported3_default_prop:s0 exact int
-ro.lmk.swap_free_low_percentage u:object_r:exported3_default_prop:s0 exact int
-ro.lmk.thrashing_limit u:object_r:exported3_default_prop:s0 exact int
-ro.lmk.thrashing_limit_decay u:object_r:exported3_default_prop:s0 exact int
-ro.lmk.use_minfree_levels u:object_r:exported3_default_prop:s0 exact bool
-ro.lmk.upgrade_pressure u:object_r:exported3_default_prop:s0 exact int
-ro.minui.default_rotation u:object_r:exported3_default_prop:s0 exact string
-ro.minui.overscan_percent u:object_r:exported3_default_prop:s0 exact int
-ro.minui.pixel_format u:object_r:exported3_default_prop:s0 exact string
-ro.oem_unlock_supported u:object_r:exported3_default_prop:s0 exact int
-ro.opengles.version u:object_r:exported3_default_prop:s0 exact int
-ro.radio.noril u:object_r:exported3_default_prop:s0 exact string
-ro.rebootescrow.device u:object_r:rebootescrow_hal_prop:s0 exact string
-ro.retaildemo.video_path u:object_r:exported3_default_prop:s0 exact string
-ro.statsd.enable u:object_r:exported3_default_prop:s0 exact bool
-ro.sf.disable_triple_buffer u:object_r:exported3_default_prop:s0 exact bool
-ro.sf.lcd_density u:object_r:exported3_default_prop:s0 exact int
-ro.storage_manager.enabled u:object_r:exported3_default_prop:s0 exact bool
-ro.telephony.call_ring.multiple u:object_r:exported3_default_prop:s0 exact bool
-ro.telephony.default_cdma_sub u:object_r:exported3_default_prop:s0 exact int
-ro.telephony.default_network u:object_r:exported3_default_prop:s0 exact string
-ro.vehicle.hal u:object_r:vehicle_hal_prop:s0 exact string
-ro.vendor.build.security_patch u:object_r:vendor_security_patch_level_prop:s0 exact string
-ro.zram.mark_idle_delay_mins u:object_r:exported3_default_prop:s0 exact int
-ro.zram.first_wb_delay_mins u:object_r:exported3_default_prop:s0 exact int
-ro.zram.periodic_wb_delay_hours u:object_r:exported3_default_prop:s0 exact int
-ro.zygote u:object_r:exported3_default_prop:s0 exact string
-sendbug.preferred.domain u:object_r:exported3_default_prop:s0 exact string
-sys.usb.controller u:object_r:exported2_system_prop:s0 exact string
-sys.usb.ffs.max_read u:object_r:exported_ffs_prop:s0 exact int
-sys.usb.ffs.max_write u:object_r:exported_ffs_prop:s0 exact int
-sys.usb.ffs.ready u:object_r:exported_ffs_prop:s0 exact bool
-sys.usb.mtp.device_type u:object_r:exported2_system_prop:s0 exact int
-sys.usb.ffs.mtp.ready u:object_r:exported_ffs_prop:s0 exact bool
-sys.usb.state u:object_r:exported2_system_prop:s0 exact string
-telephony.lteOnCdmaDevice u:object_r:exported3_default_prop:s0 exact int
-tombstoned.max_tombstone_count u:object_r:exported3_default_prop:s0 exact int
-vold.post_fs_data_done u:object_r:exported2_vold_prop:s0 exact int
-vts.native_server.on u:object_r:exported3_default_prop:s0 exact bool
-wlan.driver.status u:object_r:exported_wifi_prop:s0 exact enum ok unloaded
-zram.force_writeback u:object_r:exported3_default_prop:s0 exact bool
-
-# vendor-init-readable
-apexd.status u:object_r:apexd_prop:s0 exact enum starting ready
-dev.bootcomplete u:object_r:exported3_system_prop:s0 exact bool
-persist.sys.device_provisioned u:object_r:exported3_system_prop:s0 exact string
-persist.sys.theme u:object_r:theme_prop:s0 exact string
-persist.sys.usb.usbradio.config u:object_r:exported3_system_prop:s0 exact string
-sys.boot_completed u:object_r:exported3_system_prop:s0 exact bool
-sys.retaildemo.enabled u:object_r:exported3_system_prop:s0 exact int
-sys.user.0.ce_available u:object_r:exported3_system_prop:s0 exact bool
-sys.vdso u:object_r:exported3_system_prop:s0 exact string
-
-# vendor-init-settable
-persist.sys.zram_enabled u:object_r:exported2_system_prop:s0 exact bool
-sys.usb.config u:object_r:exported_system_radio_prop:s0 exact string
-sys.usb.configfs u:object_r:exported_system_radio_prop:s0 exact int
-
-# public-readable
-aac_drc_boost u:object_r:exported2_default_prop:s0 exact int
-aac_drc_cut u:object_r:exported2_default_prop:s0 exact int
-aac_drc_enc_target_level u:object_r:exported2_default_prop:s0 exact int
-aac_drc_heavy u:object_r:exported2_default_prop:s0 exact int
-aac_drc_reference_level u:object_r:exported2_default_prop:s0 exact int
-build.version.extensions. u:object_r:module_sdkextensions_prop:s0 prefix int
-ro.aac_drc_effect_type u:object_r:exported2_default_prop:s0 exact int
-drm.64bit.enabled u:object_r:exported2_default_prop:s0 exact bool
-dumpstate.dry_run u:object_r:exported_dumpstate_prop:s0 exact bool
-dumpstate.unroot u:object_r:exported_dumpstate_prop:s0 exact bool
-hal.instrumentation.enable u:object_r:exported2_default_prop:s0 exact bool
-init.svc.bugreport u:object_r:exported2_default_prop:s0 exact string
-init.svc.console u:object_r:exported2_default_prop:s0 exact string
-init.svc.dumpstatez u:object_r:exported2_default_prop:s0 exact string
-init.svc.mediadrm u:object_r:exported2_default_prop:s0 exact string
-init.svc.surfaceflinger u:object_r:exported2_default_prop:s0 exact string
-init.svc.tombstoned u:object_r:exported2_default_prop:s0 exact string
-init.svc.zygote u:object_r:exported2_default_prop:s0 exact string
-libc.debug.malloc.options u:object_r:exported2_default_prop:s0 exact string
-libc.debug.malloc.program u:object_r:exported2_default_prop:s0 exact string
-libc.debug.hooks.enable u:object_r:exported2_default_prop:s0 exact string
-net.redirect_socket_calls.hooked u:object_r:socket_hook_prop:s0 exact bool
-persist.sys.locale u:object_r:exported_system_prop:s0 exact string
-persist.sys.timezone u:object_r:exported_system_prop:s0 exact string
-persist.sys.test_harness u:object_r:test_harness_prop:s0 exact bool
-ro.adb.secure u:object_r:exported_secure_prop:s0 exact int
-ro.arch u:object_r:exported2_default_prop:s0 exact string
-ro.audio.ignore_effects u:object_r:exported2_default_prop:s0 exact bool
-ro.baseband u:object_r:exported2_default_prop:s0 exact string
-ro.boot.avb_version u:object_r:exported2_default_prop:s0 exact string
-ro.boot.baseband u:object_r:exported2_default_prop:s0 exact string
-ro.boot.bootdevice u:object_r:exported2_default_prop:s0 exact string
-ro.boot.bootloader u:object_r:exported2_default_prop:s0 exact string
-ro.boot.boottime u:object_r:exported2_default_prop:s0 exact string
-ro.boot.console u:object_r:exported2_default_prop:s0 exact string
-ro.boot.hardware u:object_r:exported2_default_prop:s0 exact string
-ro.boot.hardware.color u:object_r:exported2_default_prop:s0 exact string
-ro.boot.hardware.sku u:object_r:exported2_default_prop:s0 exact string
-ro.boot.keymaster u:object_r:exported2_default_prop:s0 exact string
-ro.boot.mode u:object_r:exported2_default_prop:s0 exact string
-ro.boot.vbmeta.avb_version u:object_r:exported2_default_prop:s0 exact string
-ro.boot.verifiedbootstate u:object_r:exported2_default_prop:s0 exact string
-ro.boot.veritymode u:object_r:exported2_default_prop:s0 exact string
-ro.boot.dynamic_partitions u:object_r:exported_default_prop:s0 exact string
-ro.boot.dynamic_partitions_retrofit u:object_r:exported_default_prop:s0 exact string
-ro.bootloader u:object_r:exported2_default_prop:s0 exact string
-ro.build.date u:object_r:exported2_default_prop:s0 exact string
-ro.build.date.utc u:object_r:exported2_default_prop:s0 exact int
-ro.build.description u:object_r:exported2_default_prop:s0 exact string
-ro.build.display.id u:object_r:exported2_default_prop:s0 exact string
-ro.build.fingerprint u:object_r:exported_fingerprint_prop:s0 exact string
-ro.build.host u:object_r:exported2_default_prop:s0 exact string
-ro.build.id u:object_r:exported2_default_prop:s0 exact string
-ro.build.product u:object_r:exported2_default_prop:s0 exact string
-ro.build.system_root_image u:object_r:exported2_default_prop:s0 exact bool
-ro.build.tags u:object_r:exported2_default_prop:s0 exact string
-ro.build.user u:object_r:exported2_default_prop:s0 exact string
-ro.build.version.base_os u:object_r:exported2_default_prop:s0 exact string
-ro.build.version.codename u:object_r:exported2_default_prop:s0 exact string
-ro.build.version.incremental u:object_r:exported2_default_prop:s0 exact string
-ro.build.version.preview_sdk u:object_r:exported2_default_prop:s0 exact int
-ro.build.version.release u:object_r:exported2_default_prop:s0 exact string
-ro.build.version.release_or_codename u:object_r:exported2_default_prop:s0 exact string
-ro.build.version.sdk u:object_r:exported2_default_prop:s0 exact int
-ro.build.version.security_patch u:object_r:exported2_default_prop:s0 exact string
-ro.crypto.state u:object_r:exported_vold_prop:s0 exact string
-ro.crypto.type u:object_r:exported_vold_prop:s0 exact string
-ro.debuggable u:object_r:exported2_default_prop:s0 exact int
-ro.hardware u:object_r:exported2_default_prop:s0 exact string
-ro.product.brand u:object_r:exported2_default_prop:s0 exact string
-ro.product.cpu.abi u:object_r:exported2_default_prop:s0 exact string
-ro.product.cpu.abilist u:object_r:exported2_default_prop:s0 exact string
-ro.product.device u:object_r:exported2_default_prop:s0 exact string
-ro.product.manufacturer u:object_r:exported2_default_prop:s0 exact string
-ro.product.model u:object_r:exported2_default_prop:s0 exact string
-ro.product.name u:object_r:exported2_default_prop:s0 exact string
-ro.property_service.version u:object_r:exported2_default_prop:s0 exact int
-ro.revision u:object_r:exported2_default_prop:s0 exact string
-ro.secure u:object_r:exported_secure_prop:s0 exact int
-ro.vendor.redirect_socket_calls u:object_r:vendor_socket_hook_prop:s0 exact bool
-service.bootanim.exit u:object_r:exported_system_prop:s0 exact int
-sys.boot_from_charger_mode u:object_r:exported_system_prop:s0 exact int
-sys.init.userspace_reboot.in_progress u:object_r:userspace_reboot_exported_prop:s0 exact bool
-sys.use_memfd u:object_r:use_memfd_prop:s0 exact bool
-vold.decrypt u:object_r:exported_vold_prop:s0 exact string
-
-# r/o sanitizer properties, public-readable
-ro.sanitize.address u:object_r:exported2_default_prop:s0 exact bool
-ro.sanitize.cfi u:object_r:exported2_default_prop:s0 exact bool
-ro.sanitize.default-ub u:object_r:exported2_default_prop:s0 exact bool
-ro.sanitize.fuzzer u:object_r:exported2_default_prop:s0 exact bool
-ro.sanitize.hwaddress u:object_r:exported2_default_prop:s0 exact bool
-ro.sanitize.integer_overflow u:object_r:exported2_default_prop:s0 exact bool
-ro.sanitize.safe-stack u:object_r:exported2_default_prop:s0 exact bool
-ro.sanitize.scudo u:object_r:exported2_default_prop:s0 exact bool
-ro.sanitize.thread u:object_r:exported2_default_prop:s0 exact bool
-ro.sanitize.undefined u:object_r:exported2_default_prop:s0 exact bool
-
-# vendor-init-settable|public-readable
-aaudio.hw_burst_min_usec u:object_r:exported_default_prop:s0 exact int
-aaudio.minimum_sleep_usec u:object_r:exported_default_prop:s0 exact int
-aaudio.mixer_bursts u:object_r:exported_default_prop:s0 exact int
-aaudio.mmap_exclusive_policy u:object_r:exported_default_prop:s0 exact int
-aaudio.mmap_policy u:object_r:exported_default_prop:s0 exact int
-aaudio.wakeup_delay_usec u:object_r:exported_default_prop:s0 exact int
-config.disable_cameraservice u:object_r:exported_camera_prop:s0 exact bool
-gsm.sim.operator.numeric u:object_r:exported_radio_prop:s0 exact string
-media.mediadrmservice.enable u:object_r:exported_default_prop:s0 exact bool
-persist.rcs.supported u:object_r:exported_default_prop:s0 exact int
-rcs.publish.status u:object_r:exported_radio_prop:s0 exact string
-ro.bionic.2nd_arch u:object_r:cpu_variant_prop:s0 exact string
-ro.bionic.2nd_cpu_variant u:object_r:cpu_variant_prop:s0 exact string
-ro.bionic.arch u:object_r:cpu_variant_prop:s0 exact string
-ro.bionic.cpu_variant u:object_r:cpu_variant_prop:s0 exact string
-ro.board.platform u:object_r:exported_default_prop:s0 exact string
-ro.boot.fake_battery u:object_r:exported_default_prop:s0 exact int
-ro.boot.hardware.revision u:object_r:exported_default_prop:s0 exact string
-ro.boot.product.hardware.sku u:object_r:exported_default_prop:s0 exact string
-ro.boot.slot_suffix u:object_r:exported_default_prop:s0 exact string
-ro.bootimage.build.date u:object_r:exported_default_prop:s0 exact string
-ro.bootimage.build.date.utc u:object_r:exported_default_prop:s0 exact int
-ro.bootimage.build.fingerprint u:object_r:exported_default_prop:s0 exact string
-ro.boringcrypto.hwrand u:object_r:exported_default_prop:s0 exact bool
-ro.build.ab_update u:object_r:exported_default_prop:s0 exact string
-ro.build.expect.baseband u:object_r:exported_default_prop:s0 exact string
-ro.build.expect.bootloader u:object_r:exported_default_prop:s0 exact string
-ro.carrier u:object_r:exported_default_prop:s0 exact string
-ro.config.low_ram u:object_r:exported_config_prop:s0 exact bool
-ro.config.vc_call_vol_steps u:object_r:exported_config_prop:s0 exact int
-ro.frp.pst u:object_r:exported_default_prop:s0 exact string
-ro.hardware.activity_recognition u:object_r:exported_default_prop:s0 exact string
-ro.hardware.audio u:object_r:exported_default_prop:s0 exact string
-ro.hardware.audio.a2dp u:object_r:exported_default_prop:s0 exact string
-ro.hardware.audio.hearing_aid u:object_r:exported_default_prop:s0 exact string
-ro.hardware.audio.primary u:object_r:exported_default_prop:s0 exact string
-ro.hardware.audio.usb u:object_r:exported_default_prop:s0 exact string
-ro.hardware.audio_policy u:object_r:exported_default_prop:s0 exact string
-ro.hardware.bootctrl u:object_r:exported_default_prop:s0 exact string
-ro.hardware.camera u:object_r:exported_default_prop:s0 exact string
-ro.hardware.consumerir u:object_r:exported_default_prop:s0 exact string
-ro.hardware.context_hub u:object_r:exported_default_prop:s0 exact string
-ro.hardware.egl u:object_r:exported_default_prop:s0 exact string
-ro.hardware.fingerprint u:object_r:exported_default_prop:s0 exact string
-ro.hardware.flp u:object_r:exported_default_prop:s0 exact string
-ro.hardware.gatekeeper u:object_r:exported_default_prop:s0 exact string
-ro.hardware.gps u:object_r:exported_default_prop:s0 exact string
-ro.hardware.gralloc u:object_r:exported_default_prop:s0 exact string
-ro.hardware.hdmi_cec u:object_r:exported_default_prop:s0 exact string
-ro.hardware.hwcomposer u:object_r:exported_default_prop:s0 exact string
-ro.hardware.input u:object_r:exported_default_prop:s0 exact string
-ro.hardware.keystore u:object_r:exported_default_prop:s0 exact string
-ro.hardware.keystore_desede u:object_r:exported_default_prop:s0 exact string
-ro.hardware.lights u:object_r:exported_default_prop:s0 exact string
-ro.hardware.local_time u:object_r:exported_default_prop:s0 exact string
-ro.hardware.memtrack u:object_r:exported_default_prop:s0 exact string
-ro.hardware.nfc u:object_r:exported_default_prop:s0 exact string
-ro.hardware.nfc_nci u:object_r:exported_default_prop:s0 exact string
-ro.hardware.nfc_tag u:object_r:exported_default_prop:s0 exact string
-ro.hardware.nvram u:object_r:exported_default_prop:s0 exact string
-ro.hardware.power u:object_r:exported_default_prop:s0 exact string
-ro.hardware.radio u:object_r:exported_default_prop:s0 exact string
-ro.hardware.sensors u:object_r:exported_default_prop:s0 exact string
-ro.hardware.sound_trigger u:object_r:exported_default_prop:s0 exact string
-ro.hardware.thermal u:object_r:exported_default_prop:s0 exact string
-ro.hardware.tv_input u:object_r:exported_default_prop:s0 exact string
-ro.hardware.type u:object_r:exported_default_prop:s0 exact string
-ro.hardware.vehicle u:object_r:exported_default_prop:s0 exact string
-ro.hardware.vibrator u:object_r:exported_default_prop:s0 exact string
-ro.hardware.virtual_device u:object_r:exported_default_prop:s0 exact string
-ro.hardware.vulkan u:object_r:exported_default_prop:s0 exact string
-ro.hwui.use_vulkan u:object_r:exported_default_prop:s0 exact bool
-ro.kernel.qemu u:object_r:exported_default_prop:s0 exact bool
-ro.kernel.qemu. u:object_r:exported_default_prop:s0
-ro.kernel.android.bootanim u:object_r:exported_default_prop:s0 exact int
-ro.odm.build.date u:object_r:exported_default_prop:s0 exact string
-ro.odm.build.date.utc u:object_r:exported_default_prop:s0 exact int
-ro.odm.build.fingerprint u:object_r:exported_default_prop:s0 exact string
-ro.odm.build.version.incremental u:object_r:exported_default_prop:s0 exact string
-ro.oem.key1 u:object_r:exported_default_prop:s0 exact string
-ro.product.board u:object_r:exported_default_prop:s0 exact string
-ro.product.cpu.abilist32 u:object_r:exported_default_prop:s0 exact string
-ro.product.cpu.abilist64 u:object_r:exported_default_prop:s0 exact string
-ro.product.first_api_level u:object_r:exported_default_prop:s0 exact int
-ro.product.odm.brand u:object_r:exported_default_prop:s0 exact string
-ro.product.odm.device u:object_r:exported_default_prop:s0 exact string
-ro.product.odm.manufacturer u:object_r:exported_default_prop:s0 exact string
-ro.product.odm.model u:object_r:exported_default_prop:s0 exact string
-ro.product.odm.name u:object_r:exported_default_prop:s0 exact string
-ro.product.vendor.brand u:object_r:exported_default_prop:s0 exact string
-ro.product.vendor.device u:object_r:exported_default_prop:s0 exact string
-ro.product.vendor.manufacturer u:object_r:exported_default_prop:s0 exact string
-ro.product.vendor.model u:object_r:exported_default_prop:s0 exact string
-ro.product.vendor.name u:object_r:exported_default_prop:s0 exact string
-ro.product.vndk.version u:object_r:vndk_prop:s0 exact string
-ro.telephony.iwlan_operation_mode u:object_r:exported_radio_prop:s0 exact enum default legacy AP-assisted
-ro.vendor.build.date u:object_r:exported_default_prop:s0 exact string
-ro.vendor.build.date.utc u:object_r:exported_default_prop:s0 exact int
-ro.vendor.build.fingerprint u:object_r:exported_default_prop:s0 exact string
-ro.vendor.build.version.incremental u:object_r:exported_default_prop:s0 exact string
-ro.vndk.lite u:object_r:vndk_prop:s0 exact bool
-ro.vndk.version u:object_r:vndk_prop:s0 exact string
-ro.vts.coverage u:object_r:exported_default_prop:s0 exact int
-wifi.active.interface u:object_r:exported_wifi_prop:s0 exact string
-wifi.concurrent.interface u:object_r:exported_default_prop:s0 exact string
-wifi.direct.interface u:object_r:exported_default_prop:s0 exact string
-wifi.interface u:object_r:exported_default_prop:s0 exact string
-ro.apex.updatable u:object_r:exported_default_prop:s0 exact bool
-ro.init.userspace_reboot.is_supported u:object_r:userspace_reboot_config_prop:s0 exact bool
-
-# public-readable
-ro.boot.revision u:object_r:exported2_default_prop:s0 exact string
-ro.bootmode u:object_r:exported2_default_prop:s0 exact string
-ro.build.type u:object_r:exported2_default_prop:s0 exact string
-sys.shutdown.requested u:object_r:exported_system_prop:s0 exact string
-
-# Using Sysprop as API. So the ro.surface_flinger.* are guaranteed to be API-stable
-ro.surface_flinger.default_composition_dataspace u:object_r:exported_default_prop:s0 exact int
-ro.surface_flinger.default_composition_pixel_format u:object_r:exported_default_prop:s0 exact int
-ro.surface_flinger.force_hwc_copy_for_virtual_displays u:object_r:exported_default_prop:s0 exact bool
-ro.surface_flinger.has_HDR_display u:object_r:exported_default_prop:s0 exact bool
-ro.surface_flinger.has_wide_color_display u:object_r:exported_default_prop:s0 exact bool
-ro.surface_flinger.max_frame_buffer_acquired_buffers u:object_r:exported_default_prop:s0 exact int
-ro.surface_flinger.max_virtual_display_dimension u:object_r:exported_default_prop:s0 exact int
-ro.surface_flinger.primary_display_orientation u:object_r:exported_default_prop:s0 exact string
-ro.surface_flinger.present_time_offset_from_vsync_ns u:object_r:exported_default_prop:s0 exact int
-ro.surface_flinger.running_without_sync_framework u:object_r:exported_default_prop:s0 exact bool
-ro.surface_flinger.start_graphics_allocator_service u:object_r:exported_default_prop:s0 exact bool
-ro.surface_flinger.use_color_management u:object_r:exported_default_prop:s0 exact bool
-ro.surface_flinger.use_context_priority u:object_r:exported_default_prop:s0 exact bool
-ro.surface_flinger.use_vr_flinger u:object_r:exported_default_prop:s0 exact bool
-ro.surface_flinger.vsync_event_phase_offset_ns u:object_r:exported_default_prop:s0 exact int
-ro.surface_flinger.vsync_sf_event_phase_offset_ns u:object_r:exported_default_prop:s0 exact int
-ro.surface_flinger.wcg_composition_dataspace u:object_r:exported_default_prop:s0 exact int
-ro.surface_flinger.wcg_composition_pixel_format u:object_r:exported_default_prop:s0 exact int
-ro.surface_flinger.display_primary_red u:object_r:exported_default_prop:s0 exact string
-ro.surface_flinger.display_primary_green u:object_r:exported_default_prop:s0 exact string
-ro.surface_flinger.display_primary_blue u:object_r:exported_default_prop:s0 exact string
-ro.surface_flinger.display_primary_white u:object_r:exported_default_prop:s0 exact string
-ro.surface_flinger.protected_contents u:object_r:exported_default_prop:s0 exact bool
-ro.surface_flinger.set_idle_timer_ms u:object_r:exported_default_prop:s0 exact int
-ro.surface_flinger.set_touch_timer_ms u:object_r:exported_default_prop:s0 exact int
-ro.surface_flinger.set_display_power_timer_ms u:object_r:exported_default_prop:s0 exact int
-ro.surface_flinger.support_kernel_idle_timer u:object_r:exported_default_prop:s0 exact bool
-ro.surface_flinger.use_smart_90_for_video u:object_r:exported_default_prop:s0 exact bool
-ro.surface_flinger.use_content_detection_for_refresh_rate u:object_r:exported_default_prop:s0 exact bool
-ro.surface_flinger.color_space_agnostic_dataspace u:object_r:exported_default_prop:s0 exact int
-ro.surface_flinger.refresh_rate_switching u:object_r:exported_default_prop:s0 exact bool
-
-# Binder cache properties. These are world-readable
-cache_key.app_inactive u:object_r:binder_cache_system_server_prop:s0
-cache_key.is_compat_change_enabled u:object_r:binder_cache_system_server_prop:s0
-cache_key.get_packages_for_uid u:object_r:binder_cache_system_server_prop:s0
-cache_key.has_system_feature u:object_r:binder_cache_system_server_prop:s0
-cache_key.is_interactive u:object_r:binder_cache_system_server_prop:s0
-cache_key.is_power_save_mode u:object_r:binder_cache_system_server_prop:s0
-cache_key.is_user_unlocked u:object_r:binder_cache_system_server_prop:s0
-cache_key.volume_list u:object_r:binder_cache_system_server_prop:s0
-cache_key.display_info u:object_r:binder_cache_system_server_prop:s0
-cache_key.location_enabled u:object_r:binder_cache_system_server_prop:s0
-cache_key.package_info u:object_r:binder_cache_system_server_prop:s0
-
-cache_key.bluetooth. u:object_r:binder_cache_bluetooth_server_prop:s0 prefix string
-cache_key.system_server. u:object_r:binder_cache_system_server_prop:s0 prefix string
-cache_key.telephony. u:object_r:binder_cache_telephony_server_prop:s0 prefix string
diff --git a/public/te_macros b/public/te_macros
index a9dea92..5afb791 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -767,6 +767,11 @@
allow $1 traced:fd use;
allow $1 traced_tmpfs:file { read write getattr map };
unix_socket_connect($1, traced_producer, traced)
+
+ # Also allow the service to use the producer file descriptors. This is
+ # necessary when the producer is creating the shared memory, as it will be
+ # passed to the service as a file descriptor (obtained from memfd_create).
+ allow traced $1:fd use;
')
###########################################
diff --git a/public/update_engine_common.te b/public/update_engine_common.te
index 806944f..57d8e7e 100644
--- a/public/update_engine_common.te
+++ b/public/update_engine_common.te
@@ -81,5 +81,6 @@
get_prop(update_engine_common, virtual_ab_prop)
# Allow to read/write/create OTA metadata files for snapshot status and COW file status.
+allow update_engine_common metadata_file:dir search;
allow update_engine_common ota_metadata_file:dir rw_dir_perms;
allow update_engine_common ota_metadata_file:file create_file_perms;
diff --git a/public/vndservice.te b/public/vndservice.te
index 0d309bf..efd9adf 100644
--- a/public/vndservice.te
+++ b/public/vndservice.te
@@ -1 +1,2 @@
+type service_manager_vndservice, vndservice_manager_type;
type default_android_vndservice, vndservice_manager_type;
diff --git a/public/vold.te b/public/vold.te
index fd3ed84..e17113d 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -204,6 +204,7 @@
set_prop(vold, ctl_fuse_prop)
set_prop(vold, restorecon_prop)
set_prop(vold, ota_prop)
+set_prop(vold, boottime_prop)
# ASEC
allow vold asec_image_file:file create_file_perms;
diff --git a/vendor/vndservice_contexts b/vendor/vndservice_contexts
index 4cca2fb..068056f 100644
--- a/vendor/vndservice_contexts
+++ b/vendor/vndservice_contexts
@@ -1 +1,2 @@
+manager u:object_r:service_manager_vndservice:s0
* u:object_r:default_android_vndservice:s0
diff --git a/vendor/vndservicemanager.te b/vendor/vndservicemanager.te
index 6e5c391..497e027 100644
--- a/vendor/vndservicemanager.te
+++ b/vendor/vndservicemanager.te
@@ -13,6 +13,8 @@
# Read vndservice_contexts
allow vndservicemanager vndservice_contexts_file:file r_file_perms;
+add_service(vndservicemanager, service_manager_vndservice)
+
# Start lazy services
set_prop(vndservicemanager, ctl_interface_start_prop)