Merge "Clean up LOCAL_C_INCLUDES"
diff --git a/bluetooth.te b/bluetooth.te
index 2b99c3e..d8448a6 100644
--- a/bluetooth.te
+++ b/bluetooth.te
@@ -10,6 +10,8 @@
# Data file accesses.
allow bluetooth bluetooth_data_file:dir create_dir_perms;
allow bluetooth bluetooth_data_file:notdevfile_class_set create_file_perms;
+allow bluetooth bluetooth_logs_data_file:dir rw_dir_perms;
+allow bluetooth bluetooth_logs_data_file:file create_file_perms;
# Socket creation under /data/misc/bluedroid.
type_transition bluetooth bluetooth_data_file:sock_file bluetooth_socket;
diff --git a/debuggerd.te b/debuggerd.te
index 1e84e8d..80d3f5c 100644
--- a/debuggerd.te
+++ b/debuggerd.te
@@ -18,7 +18,7 @@
-keystore
-ueventd
-watchdogd
-}:process { ptrace getattr };
+}:process { execmem ptrace getattr };
allow debuggerd tombstone_data_file:dir rw_dir_perms;
allow debuggerd tombstone_data_file:file create_file_perms;
allow debuggerd shared_relro_file:dir r_dir_perms;
diff --git a/dumpstate.te b/dumpstate.te
index 2ed725d..29695b7 100644
--- a/dumpstate.te
+++ b/dumpstate.te
@@ -125,6 +125,11 @@
allow dumpstate dalvikcache_data_file:file execute;
allow dumpstate dalvikcache_data_file:lnk_file r_file_perms;
+# For Bluetooth
+allow dumpstate bluetooth_data_file:dir search;
+allow dumpstate bluetooth_logs_data_file:dir r_dir_perms;
+allow dumpstate bluetooth_logs_data_file:file r_file_perms;
+
# Dumpstate calls screencap, which grabs a screenshot. Needs gpu access
allow dumpstate gpu_device:chr_file rw_file_perms;
@@ -170,6 +175,8 @@
# Set properties.
# dumpstate_prop is used to share state with the Shell app.
set_prop(dumpstate, dumpstate_prop)
+# dumpstate_options_prop is used to pass extra command-line args.
+set_prop(dumpstate, dumpstate_options_prop)
# systrace support - allow atrace to run
allow dumpstate debugfs_tracing:dir r_dir_perms;
diff --git a/file.te b/file.te
index 75b4b3c..f80e46f 100644
--- a/file.te
+++ b/file.te
@@ -141,6 +141,7 @@
type audio_data_file, file_type, data_file_type;
type audioserver_data_file, file_type, data_file_type;
type bluetooth_data_file, file_type, data_file_type;
+type bluetooth_logs_data_file, file_type, data_file_type;
type bootstat_data_file, file_type, data_file_type;
type boottrace_data_file, file_type, data_file_type;
type camera_data_file, file_type, data_file_type;
diff --git a/file_contexts b/file_contexts
index 59cbdd0..eeda6c7 100644
--- a/file_contexts
+++ b/file_contexts
@@ -215,6 +215,8 @@
/system/bin/idmap u:object_r:idmap_exec:s0
/system/bin/update_engine u:object_r:update_engine_exec:s0
/system/bin/bspatch u:object_r:update_engine_exec:s0
+/system/bin/hw/wifi_hal_legacy u:object_r:wifi_hal_legacy_exec:s0
+
#############################
# Vendor files
@@ -268,6 +270,7 @@
/data/misc/bootstat(/.*)? u:object_r:bootstat_data_file:s0
/data/misc/boottrace(/.*)? u:object_r:boottrace_data_file:s0
/data/misc/bluetooth(/.*)? u:object_r:bluetooth_data_file:s0
+/data/misc/bluetooth/logs(/.*)? u:object_r:bluetooth_logs_data_file:s0
/data/misc/bluedroid(/.*)? u:object_r:bluetooth_data_file:s0
/data/misc/bluedroid/\.a2dp_ctrl u:object_r:bluetooth_socket:s0
/data/misc/bluedroid/\.a2dp_data u:object_r:bluetooth_socket:s0
diff --git a/netd.te b/netd.te
index f360531..f01022a 100644
--- a/netd.te
+++ b/netd.te
@@ -70,8 +70,8 @@
allow netd system_server:binder call;
allow netd permission_service:service_manager find;
-# Allow netd to talk to the framework service which collects DNS query metrics.
-allow netd dns_listener_service:service_manager find;
+# Allow netd to talk to the framework service which collects netd events.
+allow netd netd_listener_service:service_manager find;
# Allow netd to operate on sockets that are passed to it.
allow netd netdomain:{tcp_socket udp_socket rawip_socket dccp_socket tun_socket} {read write getattr setattr getopt setopt};
diff --git a/property.te b/property.te
index 2802c0d..2c2ddcc 100644
--- a/property.te
+++ b/property.te
@@ -2,6 +2,7 @@
type shell_prop, property_type, core_property_type;
type debug_prop, property_type, core_property_type;
type dumpstate_prop, property_type, core_property_type;
+type dumpstate_options_prop, property_type;
type persist_debug_prop, property_type, core_property_type;
type debuggerd_prop, property_type, core_property_type;
type dhcp_prop, property_type, core_property_type;
diff --git a/property_contexts b/property_contexts
index 2ae1bb0..34191db 100644
--- a/property_contexts
+++ b/property_contexts
@@ -32,6 +32,7 @@
debug. u:object_r:debug_prop:s0
debug.db. u:object_r:debuggerd_prop:s0
dumpstate. u:object_r:dumpstate_prop:s0
+dumpstate.options u:object_r:dumpstate_options_prop:s0
log. u:object_r:log_prop:s0
log.tag u:object_r:log_tag_prop:s0
log.tag.WifiHAL u:object_r:wifi_log_prop:s0
diff --git a/service.te b/service.te
index 50aef26..9c8da49 100644
--- a/service.te
+++ b/service.te
@@ -47,10 +47,11 @@
type dbinfo_service, system_api_service, system_server_service, service_manager_type;
type device_policy_service, app_api_service, system_server_service, service_manager_type;
type deviceidle_service, app_api_service, system_server_service, service_manager_type;
+type device_identifiers_service, app_api_service, system_server_service, service_manager_type;
type devicestoragemonitor_service, system_server_service, service_manager_type;
type diskstats_service, system_api_service, system_server_service, service_manager_type;
type display_service, app_api_service, system_server_service, service_manager_type;
-type dns_listener_service, system_server_service, service_manager_type;
+type netd_listener_service, system_server_service, service_manager_type;
type DockObserver_service, system_server_service, service_manager_type;
type dreams_service, app_api_service, system_server_service, service_manager_type;
type dropbox_service, app_api_service, system_server_service, service_manager_type;
diff --git a/service_contexts b/service_contexts
index c0dfd2b..6111c37 100644
--- a/service_contexts
+++ b/service_contexts
@@ -30,12 +30,13 @@
cpuinfo u:object_r:cpuinfo_service:s0
dbinfo u:object_r:dbinfo_service:s0
device_policy u:object_r:device_policy_service:s0
+device_identifiers u:object_r:device_identifiers_service:s0
deviceidle u:object_r:deviceidle_service:s0
devicestoragemonitor u:object_r:devicestoragemonitor_service:s0
diskstats u:object_r:diskstats_service:s0
display.qservice u:object_r:surfaceflinger_service:s0
display u:object_r:display_service:s0
-dns_listener u:object_r:dns_listener_service:s0
+netd_listener u:object_r:netd_listener_service:s0
DockObserver u:object_r:DockObserver_service:s0
dreams u:object_r:dreams_service:s0
drm.drmManager u:object_r:drmserver_service:s0
diff --git a/system_server.te b/system_server.te
index 73ef436..b9fe97b 100644
--- a/system_server.te
+++ b/system_server.te
@@ -349,6 +349,7 @@
set_prop(system_server, fingerprint_prop)
set_prop(system_server, device_logging_prop)
set_prop(system_server, wifi_prop)
+set_prop(system_server, dumpstate_options_prop)
userdebug_or_eng(`set_prop(system_server, wifi_log_prop)')
# ctl interface
@@ -547,7 +548,7 @@
# Access to /data/preloads
allow system_server preloads_data_file:file { r_file_perms unlink };
-allow system_server preloads_data_file:dir { r_dir_perms write remove_name };
+allow system_server preloads_data_file:dir { r_dir_perms write remove_name rmdir };
r_dir_file(system_server, cgroup)
allow system_server ion_device:chr_file r_file_perms;
diff --git a/wifi_hal_legacy.te b/wifi_hal_legacy.te
new file mode 100644
index 0000000..a7fce57
--- /dev/null
+++ b/wifi_hal_legacy.te
@@ -0,0 +1,22 @@
+# wifi legacy hal
+type wifi_hal_legacy, domain;
+type wifi_hal_legacy_exec, exec_type, file_type;
+
+# may be started by init
+init_daemon_domain(wifi_hal_legacy)
+
+## hwbinder access
+hwbinder_use(wifi_hal_legacy)
+
+## call into wificond process (callbacks)
+binder_call(wifi_hal_legacy, wificond)
+
+r_dir_file(wifi_hal_legacy, proc_net)
+r_dir_file(wifi_hal_legacy, sysfs_type)
+
+allow wifi_hal_legacy self:udp_socket create_socket_perms;
+allow wifi_hal_legacy self:capability { net_admin net_raw };
+# allow wifi_hal_legacy to speak to nl80211 in the kernel
+allow wifi_hal_legacy self:netlink_socket create_socket_perms_no_ioctl;
+# newer kernels (e.g. 4.4 but not 4.1) have a new class for sockets
+allow wifi_hal_legacy self:netlink_generic_socket create_socket_perms_no_ioctl;
diff --git a/wificond.te b/wificond.te
index d7979ec..673394a 100644
--- a/wificond.te
+++ b/wificond.te
@@ -8,6 +8,9 @@
binder_call(wificond, system_server)
binder_call(wificond, wpa)
+hwbinder_use(wificond)
+binder_call(wificond, wifi_hal_legacy)
+
allow wificond wificond_service:service_manager { add find };
# wificond writes firmware paths to this file.