Merge "bugmap selinux failure" into main
diff --git a/Android.mk b/Android.mk
index 5ce31d2..384c416 100644
--- a/Android.mk
+++ b/Android.mk
@@ -94,13 +94,6 @@
$(strip $(foreach type, $(1), $(foreach file, $(addsuffix /$(type), $(2)), $(sort $(wildcard $(file))))))
endef
-# Builds paths for all policy files found in BOARD_VENDOR_SEPOLICY_DIRS.
-# $(1): the set of policy name paths to build
-build_vendor_policy = $(call build_policy, $(1), $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS))
-
-# Builds paths for all policy files found in BOARD_ODM_SEPOLICY_DIRS.
-build_odm_policy = $(call build_policy, $(1), $(BOARD_ODM_SEPOLICY_DIRS))
-
sepolicy_build_files := security_classes \
initial_sids \
access_vectors \
@@ -465,21 +458,14 @@
# Note: That a newline file is placed between each file_context file found to
# ensure a proper build when an fc file is missing an ending newline.
-local_fc_files := $(call build_policy, file_contexts, $(PLAT_PRIVATE_POLICY))
+local_fc_files := $(call intermediates-dir-for,ETC,plat_file_contexts)/plat_file_contexts
ifdef HAS_SYSTEM_EXT_SEPOLICY_DIR
-local_fc_files += $(call build_policy, file_contexts, $(SYSTEM_EXT_PRIVATE_POLICY))
+local_fc_files += $(call intermediates-dir-for,ETC,system_ext_file_contexts)/system_ext_file_contexts
endif
ifdef HAS_PRODUCT_SEPOLICY_DIR
-local_fc_files += $(call build_policy, file_contexts, $(PRODUCT_PRIVATE_POLICY))
-endif
-
-ifneq ($(filter address,$(SANITIZE_TARGET)),)
- local_fc_files += $(wildcard $(addsuffix /file_contexts_asan, $(PLAT_PRIVATE_POLICY)))
-endif
-ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
- local_fc_files += $(wildcard $(addsuffix /file_contexts_overlayfs, $(PLAT_PRIVATE_POLICY)))
+local_fc_files += $(call intermediates-dir-for,ETC,product_file_contexts)/product_file_contexts
endif
###########################################################
@@ -506,10 +492,10 @@
# it gathers LOCAL_FILE_CONTEXTS from product_MODULES
file_contexts.modules.tmp := $(intermediates)/file_contexts.modules.tmp
-device_fc_files := $(call build_vendor_policy, file_contexts)
+device_fc_files += $(call intermediates-dir-for,ETC,vendor_file_contexts)/vendor_file_contexts
ifdef BOARD_ODM_SEPOLICY_DIRS
-device_fc_files += $(call build_odm_policy, file_contexts)
+device_fc_files += $(call intermediates-dir-for,ETC,odm_file_contexts)/odm_file_contexts
endif
file_contexts.device.tmp := $(intermediates)/file_contexts.device.tmp
@@ -573,8 +559,6 @@
#################################
-build_vendor_policy :=
-build_odm_policy :=
build_policy :=
built_sepolicy :=
built_sepolicy_neverallows :=
diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index f35ce44..05dc848 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go
@@ -459,6 +459,7 @@
"uwb": EXCEPTION_NO_FUZZER,
"vcn_management": EXCEPTION_NO_FUZZER,
"vibrator": EXCEPTION_NO_FUZZER,
+ "vibrator_control": EXCEPTION_NO_FUZZER,
"vibrator_manager": EXCEPTION_NO_FUZZER,
"virtualdevice": EXCEPTION_NO_FUZZER,
"virtualdevice_native": EXCEPTION_NO_FUZZER,
diff --git a/private/compat/34.0/34.0.ignore.cil b/private/compat/34.0/34.0.ignore.cil
index f8451fa..d98d69e 100644
--- a/private/compat/34.0/34.0.ignore.cil
+++ b/private/compat/34.0/34.0.ignore.cil
@@ -10,6 +10,7 @@
ota_build_prop
snapuserd_log_data_file
hal_authgraph_service
+ vibrator_control_service
hal_codec2_service
hal_threadnetwork_service
virtual_camera_service
diff --git a/private/service_contexts b/private/service_contexts
index ae30b3f..3b088bf 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -435,6 +435,7 @@
uwb u:object_r:uwb_service:s0
vcn_management u:object_r:vcn_management_service:s0
vibrator u:object_r:vibrator_service:s0
+vibrator_control u:object_r:vibrator_control_service:s0
vibrator_manager u:object_r:vibrator_manager_service:s0
virtualdevice u:object_r:virtual_device_service:s0
virtualdevice_native u:object_r:virtual_device_native_service:s0
diff --git a/public/hal_vibrator.te b/public/hal_vibrator.te
index c902495..85b8e8c 100644
--- a/public/hal_vibrator.te
+++ b/public/hal_vibrator.te
@@ -12,3 +12,6 @@
# vibrator sysfs rw access
allow hal_vibrator sysfs_vibrator:file rw_file_perms;
allow hal_vibrator sysfs_vibrator:dir search;
+
+# Allow HAL vibrator to control some parameters of a vibration, such as scaling.
+allow hal_vibrator vibrator_control_service:service_manager find;
diff --git a/public/service.te b/public/service.te
index 3484469..77196d3 100644
--- a/public/service.te
+++ b/public/service.te
@@ -254,6 +254,7 @@
type user_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type uwb_service, app_api_service, system_server_service, service_manager_type;
type vcn_management_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type vibrator_control_service, system_server_service, service_manager_type;
type vibrator_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type vibrator_manager_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type virtual_device_service, app_api_service, system_server_service, service_manager_type;