Merge "Remove redundant comments"
diff --git a/METADATA b/METADATA
new file mode 100644
index 0000000..313792c
--- /dev/null
+++ b/METADATA
@@ -0,0 +1,3 @@
+third_party {
+ license_type: UNENCUMBERED
+}
diff --git a/apex/com.android.i18n-file_contexts b/apex/com.android.i18n-file_contexts
index c8b6ba1..51d45a0 100644
--- a/apex/com.android.i18n-file_contexts
+++ b/apex/com.android.i18n-file_contexts
@@ -2,3 +2,4 @@
# System files
#
(/.*)? u:object_r:system_file:s0
+/lib(64)?(/.*)? u:object_r:system_lib_file:s0
diff --git a/prebuilts/api/29.0/private/genfs_contexts b/prebuilts/api/29.0/private/genfs_contexts
index b737f60..380d4a0 100644
--- a/prebuilts/api/29.0/private/genfs_contexts
+++ b/prebuilts/api/29.0/private/genfs_contexts
@@ -234,6 +234,7 @@
genfscon tracefs /events/kmem/rss_stat/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/kmem/ion_heap_grow/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/kmem/ion_heap_shrink/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/ion/ion_stat/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/mm_event/mm_event_record/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/oom/oom_score_adj_update/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/task/task_rename/ u:object_r:debugfs_tracing:s0
@@ -278,6 +279,7 @@
genfscon debugfs /tracing/events/kmem/rss_stat/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/kmem/ion_heap_grow/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/kmem/ion_heap_shrink/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/ion/ion_stat/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/mm_event/mm_event_record/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/oom/oom_score_adj_update/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/task/task_rename/ u:object_r:debugfs_tracing:s0
diff --git a/private/bug_map b/private/bug_map
index 43a77aa..eaa1593 100644
--- a/private/bug_map
+++ b/private/bug_map
@@ -30,5 +30,6 @@
system_server sdcardfs file b/77856826
system_server storage_stub_file dir b/145267097
system_server zygote process b/77856826
+untrusted_app untrusted_app netlink_route_socket b/155595000
vold system_data_file file b/124108085
zygote untrusted_app_25 process b/77925912
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index b7d6b66..cb7eb22 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -163,6 +163,7 @@
statscompanion_service
storaged_data_file
super_block_device
+ surfaceflinger_color_prop
surfaceflinger_prop
sysfs_fs_ext4_features
system_boot_reason_prop
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 3fdb0b4..19cd7fb 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -149,6 +149,7 @@
statsdw_socket
storaged_data_file
super_block_device
+ surfaceflinger_color_prop
surfaceflinger_prop
staging_data_file
system_boot_reason_prop
diff --git a/private/compat/29.0/29.0.cil b/private/compat/29.0/29.0.cil
index 26a2d34..680d511 100644
--- a/private/compat/29.0/29.0.cil
+++ b/private/compat/29.0/29.0.cil
@@ -1201,7 +1201,9 @@
(typeattributeset exported2_config_prop_29_0 (exported2_config_prop systemsound_config_prop))
(typeattributeset exported2_default_prop_29_0 (exported2_default_prop))
(typeattributeset exported2_radio_prop_29_0 (exported2_radio_prop))
-(typeattributeset exported2_system_prop_29_0 (exported2_system_prop))
+(typeattributeset exported2_system_prop_29_0
+ ( exported2_system_prop
+ surfaceflinger_color_prop))
(typeattributeset exported2_vold_prop_29_0 (exported2_vold_prop vold_config_prop))
(typeattributeset exported3_default_prop_29_0 (exported3_default_prop))
(typeattributeset exported3_radio_prop_29_0 (exported3_radio_prop))
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index 39d1aee..fadc7db 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -56,6 +56,7 @@
hal_tv_tuner_hwservice
hal_vibrator_service
incremental_control_file
+ incremental_prop
incremental_service
init_perf_lsm_hooks_prop
init_svc_debug_prop
diff --git a/private/coredomain.te b/private/coredomain.te
index 32a1e3f..ab731f1 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te
@@ -88,7 +88,7 @@
-webview_zygote
-zygote
userdebug_or_eng(`-heapprofd')
- } vendor_overlay_file:file r_file_perms;
+ } vendor_overlay_file:file open;
')
# Core domains are not permitted to use kernel interfaces which are not
diff --git a/private/domain.te b/private/domain.te
index 5b6dd80..9eed3db 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -82,6 +82,7 @@
get_prop(domain, exported3_default_prop)
get_prop(domain, exported3_radio_prop)
get_prop(domain, exported3_system_prop)
+ get_prop(domain, surfaceflinger_color_prop)
get_prop(domain, systemsound_config_prop)
get_prop(domain, vendor_default_prop)
get_prop(domain, vold_config_prop)
@@ -98,6 +99,7 @@
get_prop({coredomain appdomain shell}, exported3_radio_prop)
get_prop({coredomain appdomain shell}, exported3_system_prop)
get_prop({coredomain appdomain shell}, exported_camera_prop)
+ get_prop({coredomain appdomain shell}, surfaceflinger_color_prop)
get_prop({coredomain appdomain shell}, systemsound_config_prop)
get_prop({coredomain appdomain shell}, userspace_reboot_config_prop)
get_prop({coredomain appdomain shell}, vold_config_prop)
diff --git a/private/genfs_contexts b/private/genfs_contexts
index d4d7fff..b423e64 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -241,6 +241,7 @@
genfscon tracefs /events/kmem/rss_stat/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/kmem/ion_heap_grow/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/kmem/ion_heap_shrink/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/ion/ion_stat/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/mm_event/mm_event_record/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/oom/oom_score_adj_update/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/task/task_rename/ u:object_r:debugfs_tracing:s0
@@ -285,6 +286,7 @@
genfscon debugfs /tracing/events/kmem/rss_stat/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/kmem/ion_heap_grow/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/kmem/ion_heap_shrink/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/ion/ion_stat/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/mm_event/mm_event_record/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/oom/oom_score_adj_update/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/task/task_rename/ u:object_r:debugfs_tracing:s0
diff --git a/private/property.te b/private/property.te
index 84651ef..d479502 100644
--- a/private/property.te
+++ b/private/property.te
@@ -331,3 +331,11 @@
} {
userspace_reboot_test_prop
}:property_service set;
+
+neverallow {
+ -init
+ -system_server
+ -vendor_init
+} {
+ surfaceflinger_color_prop
+}:property_service set;
diff --git a/private/property_contexts b/private/property_contexts
index 66721e6..dffb3b0 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -261,67 +261,77 @@
camera.disable_zsl_mode u:object_r:exported3_default_prop:s0 exact bool
camera.fifo.disable u:object_r:exported3_default_prop:s0 exact int
-dalvik.vm.appimageformat u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.backgroundgctype u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.boot-dex2oat-cpu-set u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.boot-dex2oat-threads u:object_r:dalvik_config_prop:s0 exact int
-dalvik.vm.boot-image u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.checkjni u:object_r:dalvik_config_prop:s0 exact bool
-dalvik.vm.dex2oat-Xms u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.dex2oat-Xmx u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.dex2oat-cpu-set u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.dex2oat-filter u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.dex2oat-flags u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.dex2oat-threads u:object_r:dalvik_config_prop:s0 exact int
-dalvik.vm.dex2oat64.enabled u:object_r:dalvik_config_prop:s0 exact bool
-dalvik.vm.dexopt.secondary u:object_r:dalvik_config_prop:s0 exact bool
-dalvik.vm.execution-mode u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.extra-opts u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.foreground-heap-growth-multiplier u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.gctype u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.heapgrowthlimit u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.heapmaxfree u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.heapminfree u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.heapsize u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.heapstartsize u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.heaptargetutilization u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.hot-startup-method-samples u:object_r:dalvik_config_prop:s0 exact int
-dalvik.vm.image-dex2oat-Xms u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.image-dex2oat-Xmx u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.image-dex2oat-cpu-set u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.image-dex2oat-filter u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.image-dex2oat-flags u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.image-dex2oat-threads u:object_r:dalvik_config_prop:s0 exact int
-dalvik.vm.isa.arm.features u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.isa.arm.variant u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.isa.arm64.features u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.isa.arm64.variant u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.isa.mips.features u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.isa.mips.variant u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.isa.mips64.features u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.isa.mips64.variant u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.isa.unknown.features u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.isa.unknown.variant u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.isa.x86.features u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.isa.x86.variant u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.isa.x86_64.features u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.isa.x86_64.variant u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.jitinitialsize u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.jitmaxsize u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.jitprithreadweight u:object_r:dalvik_config_prop:s0 exact int
-dalvik.vm.jitthreshold u:object_r:dalvik_config_prop:s0 exact int
-dalvik.vm.jittransitionweight u:object_r:dalvik_config_prop:s0 exact int
-dalvik.vm.jniopts u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.lockprof.threshold u:object_r:dalvik_config_prop:s0 exact int
-dalvik.vm.method-trace u:object_r:dalvik_config_prop:s0 exact bool
-dalvik.vm.method-trace-file u:object_r:dalvik_config_prop:s0 exact string
-dalvik.vm.method-trace-file-siz u:object_r:dalvik_config_prop:s0 exact int
-dalvik.vm.method-trace-stream u:object_r:dalvik_config_prop:s0 exact bool
-dalvik.vm.profilesystemserver u:object_r:dalvik_config_prop:s0 exact bool
-dalvik.vm.profilebootclasspath u:object_r:dalvik_config_prop:s0 exact bool
-dalvik.vm.usejit u:object_r:dalvik_config_prop:s0 exact bool
-dalvik.vm.usejitprofiles u:object_r:dalvik_config_prop:s0 exact bool
-dalvik.vm.zygote.max-boot-retry u:object_r:dalvik_config_prop:s0 exact int
+# Should always_debuggable be bool? It's checked against the string "1".
+dalvik.vm.always_debuggable u:object_r:dalvik_config_prop:s0 exact int
+dalvik.vm.appimageformat u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.backgroundgctype u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.boot-dex2oat-cpu-set u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.boot-dex2oat-threads u:object_r:dalvik_config_prop:s0 exact int
+dalvik.vm.boot-image u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.checkjni u:object_r:dalvik_config_prop:s0 exact bool
+dalvik.vm.dex2oat-Xms u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.dex2oat-Xmx u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.dex2oat-cpu-set u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.dex2oat-filter u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.dex2oat-flags u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.dex2oat-max-image-block-size u:object_r:dalvik_config_prop:s0 exact int
+dalvik.vm.dex2oat-minidebuginfo u:object_r:dalvik_config_prop:s0 exact bool
+dalvik.vm.dex2oat-resolve-startup-strings u:object_r:dalvik_config_prop:s0 exact bool
+dalvik.vm.dex2oat-threads u:object_r:dalvik_config_prop:s0 exact int
+dalvik.vm.dex2oat-updatable-bcp-packages-file u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.dex2oat-very-large u:object_r:dalvik_config_prop:s0 exact int
+dalvik.vm.dex2oat-swap u:object_r:dalvik_config_prop:s0 exact bool
+dalvik.vm.dex2oat64.enabled u:object_r:dalvik_config_prop:s0 exact bool
+dalvik.vm.dexopt.secondary u:object_r:dalvik_config_prop:s0 exact bool
+dalvik.vm.execution-mode u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.extra-opts u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.foreground-heap-growth-multiplier u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.gctype u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.heapgrowthlimit u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.heapmaxfree u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.heapminfree u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.heapsize u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.heapstartsize u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.heaptargetutilization u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.hot-startup-method-samples u:object_r:dalvik_config_prop:s0 exact int
+dalvik.vm.image-dex2oat-Xms u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.image-dex2oat-Xmx u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.image-dex2oat-cpu-set u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.image-dex2oat-filter u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.image-dex2oat-flags u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.image-dex2oat-threads u:object_r:dalvik_config_prop:s0 exact int
+dalvik.vm.isa.arm.features u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.isa.arm.variant u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.isa.arm64.features u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.isa.arm64.variant u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.isa.mips.features u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.isa.mips.variant u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.isa.mips64.features u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.isa.mips64.variant u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.isa.unknown.features u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.isa.unknown.variant u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.isa.x86.features u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.isa.x86.variant u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.isa.x86_64.features u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.isa.x86_64.variant u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.jitinitialsize u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.jitmaxsize u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.jitprithreadweight u:object_r:dalvik_config_prop:s0 exact int
+dalvik.vm.jitthreshold u:object_r:dalvik_config_prop:s0 exact int
+dalvik.vm.jittransitionweight u:object_r:dalvik_config_prop:s0 exact int
+dalvik.vm.jniopts u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.lockprof.threshold u:object_r:dalvik_config_prop:s0 exact int
+dalvik.vm.method-trace u:object_r:dalvik_config_prop:s0 exact bool
+dalvik.vm.method-trace-file u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.method-trace-file-siz u:object_r:dalvik_config_prop:s0 exact int
+dalvik.vm.method-trace-stream u:object_r:dalvik_config_prop:s0 exact bool
+dalvik.vm.profilesystemserver u:object_r:dalvik_config_prop:s0 exact bool
+dalvik.vm.profilebootclasspath u:object_r:dalvik_config_prop:s0 exact bool
+dalvik.vm.restore-dex2oat-cpu-set u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.restore-dex2oat-threads u:object_r:dalvik_config_prop:s0 exact int
+dalvik.vm.usejit u:object_r:dalvik_config_prop:s0 exact bool
+dalvik.vm.usejitprofiles u:object_r:dalvik_config_prop:s0 exact bool
+dalvik.vm.zygote.max-boot-retry u:object_r:dalvik_config_prop:s0 exact int
drm.service.enabled u:object_r:exported3_default_prop:s0 exact bool
@@ -348,9 +358,6 @@
persist.sys.dalvik.vm.lib.2 u:object_r:exported2_system_prop:s0 exact string
persist.sys.media.avsync u:object_r:exported2_system_prop:s0 exact bool
persist.sys.hdmi.keep_awake u:object_r:exported2_system_prop:s0 exact bool
-persist.sys.sf.color_mode u:object_r:exported2_system_prop:s0 exact int
-persist.sys.sf.color_saturation u:object_r:exported2_system_prop:s0 exact string
-persist.sys.sf.native_mode u:object_r:exported2_system_prop:s0 exact int
pm.dexopt.ab-ota u:object_r:exported_pm_prop:s0 exact string
pm.dexopt.bg-dexopt u:object_r:exported_pm_prop:s0 exact string
@@ -428,6 +435,7 @@
ro.lmk.psi_partial_stall_ms u:object_r:exported3_default_prop:s0 exact int
ro.lmk.psi_complete_stall_ms u:object_r:exported3_default_prop:s0 exact int
ro.lmk.swap_free_low_percentage u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.swap_util_max u:object_r:exported3_default_prop:s0 exact int
ro.lmk.thrashing_limit u:object_r:exported3_default_prop:s0 exact int
ro.lmk.thrashing_limit_decay u:object_r:exported3_default_prop:s0 exact int
ro.lmk.use_minfree_levels u:object_r:exported3_default_prop:s0 exact bool
@@ -453,9 +461,6 @@
ro.statsd.enable u:object_r:exported3_default_prop:s0 exact bool
-ro.sf.disable_triple_buffer u:object_r:exported3_default_prop:s0 exact bool
-ro.sf.lcd_density u:object_r:exported3_default_prop:s0 exact int
-
ro.storage_manager.enabled u:object_r:exported3_default_prop:s0 exact bool
ro.telephony.call_ring.multiple u:object_r:exported3_default_prop:s0 exact bool
@@ -763,6 +768,9 @@
ro.apex.updatable u:object_r:exported_default_prop:s0 exact bool
+# Property to enable incremental feature
+ro.incremental.enable u:object_r:incremental_prop:s0
+
# Properties to configure userspace reboot.
init.userspace_reboot.is_supported u:object_r:userspace_reboot_config_prop:s0 exact bool
init.userspace_reboot.sigkill.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int
@@ -779,7 +787,7 @@
sys.shutdown.requested u:object_r:exported_system_prop:s0 exact string
-# Using Sysprop as API. So the ro.surface_flinger.* are guaranteed to be API-stable
+# surfaceflinger properties
ro.surface_flinger.default_composition_dataspace u:object_r:surfaceflinger_prop:s0 exact int
ro.surface_flinger.default_composition_pixel_format u:object_r:surfaceflinger_prop:s0 exact int
ro.surface_flinger.force_hwc_copy_for_virtual_displays u:object_r:surfaceflinger_prop:s0 exact bool
@@ -814,6 +822,13 @@
ro.surface_flinger.color_space_agnostic_dataspace u:object_r:surfaceflinger_prop:s0 exact int
ro.surface_flinger.refresh_rate_switching u:object_r:surfaceflinger_prop:s0 exact bool
+ro.sf.disable_triple_buffer u:object_r:surfaceflinger_prop:s0 exact bool
+ro.sf.lcd_density u:object_r:surfaceflinger_prop:s0 exact int
+
+persist.sys.sf.color_mode u:object_r:surfaceflinger_color_prop:s0 exact int
+persist.sys.sf.color_saturation u:object_r:surfaceflinger_color_prop:s0 exact string
+persist.sys.sf.native_mode u:object_r:surfaceflinger_color_prop:s0 exact int
+
# Binder cache properties. These are world-readable
cache_key.app_inactive u:object_r:binder_cache_system_server_prop:s0
cache_key.is_compat_change_enabled u:object_r:binder_cache_system_server_prop:s0
diff --git a/private/seapp_contexts b/private/seapp_contexts
index 1bad9c1..12e46dc 100644
--- a/private/seapp_contexts
+++ b/private/seapp_contexts
@@ -153,12 +153,12 @@
user=webview_zygote seinfo=webview_zygote domain=webview_zygote
user=_isolated domain=isolated_app levelFrom=all
user=_app seinfo=app_zygote domain=app_zygote levelFrom=all
-user=_app seinfo=media domain=mediaprovider name=android.process.media type=app_data_file levelFrom=user
+user=_app seinfo=media domain=mediaprovider type=app_data_file levelFrom=user
user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user
user=_app isEphemeralApp=true domain=ephemeral_app type=app_data_file levelFrom=all
user=_app isPrivApp=true domain=priv_app type=privapp_data_file levelFrom=user
user=_app isPrivApp=true name=com.google.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all
-user=_app isPrivApp=true name=com.android.providers.media.module domain=mediaprovider_app type=privapp_data_file levelFrom=all
+user=_app seinfo=media isPrivApp=true name=com.android.providers.media.module domain=mediaprovider_app type=privapp_data_file levelFrom=all
user=_app isPrivApp=true name=com.google.android.providers.media.module domain=mediaprovider_app type=privapp_data_file levelFrom=all
user=_app isPrivApp=true name=com.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all
user=_app isPrivApp=true name=com.android.vzwomatrigger domain=vzwomatrigger_app type=privapp_data_file levelFrom=all
diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index cf709df..973350e 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@@ -54,7 +54,6 @@
# Set properties.
set_prop(surfaceflinger, system_prop)
set_prop(surfaceflinger, exported_system_prop)
-set_prop(surfaceflinger, exported2_system_prop)
set_prop(surfaceflinger, exported3_system_prop)
set_prop(surfaceflinger, ctl_bootanim_prop)
diff --git a/private/system_server.te b/private/system_server.te
index 4fc507f..18b62a7 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -621,6 +621,7 @@
set_prop(system_server, socket_hook_prop)
set_prop(system_server, audio_prop)
set_prop(system_server, boot_status_prop)
+set_prop(system_server, surfaceflinger_color_prop)
userdebug_or_eng(`set_prop(system_server, wifi_log_prop)')
# ctl interface
@@ -680,6 +681,9 @@
# Read wifi.interface
get_prop(system_server, wifi_prop)
+# Read the vendor property that indicates if Incremental features is enabled
+get_prop(system_server, incremental_prop)
+
# Create a socket for connections from debuggerd.
allow system_server system_ndebug_socket:sock_file create_file_perms;
diff --git a/private/update_engine.te b/private/update_engine.te
index a76ab49..539399e 100644
--- a/private/update_engine.te
+++ b/private/update_engine.te
@@ -11,3 +11,6 @@
# Allow to set the OTA related properties, e.g. ota.warm_reset.
set_prop(update_engine, ota_prop)
+
+# Allow to get the DSU status
+get_prop(update_engine, gsid_prop)
diff --git a/private/vold.te b/private/vold.te
index 3332d63..e62d7a9 100644
--- a/private/vold.te
+++ b/private/vold.te
@@ -21,6 +21,7 @@
# Property Service
get_prop(vold, vold_config_prop)
get_prop(vold, storage_config_prop);
+get_prop(vold, incremental_prop);
set_prop(vold, vold_prop)
set_prop(vold, vold_status_prop)
diff --git a/public/domain.te b/public/domain.te
index 8e6e150..0ab5f22 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -948,6 +948,23 @@
')
full_treble_only(`
+ # Do not allow coredomain to access entrypoint for files other
+ # than system_file_type and postinstall_file
+ neverallow coredomain {
+ file_type
+ -system_file_type
+ -postinstall_file
+ }:file entrypoint;
+ # Do not allow domains other than coredomain to access entrypoint
+ # for anything but vendor_file_type and init_exec for vendor_init.
+ neverallow { domain -coredomain } {
+ file_type
+ -vendor_file_type
+ -init_exec
+ }:file entrypoint;
+')
+
+full_treble_only(`
# Do not allow system components to execute files from vendor
# except for the ones whitelisted here.
neverallow {
diff --git a/public/drmserver.te b/public/drmserver.te
index 12c080a..e2c6638 100644
--- a/public/drmserver.te
+++ b/public/drmserver.te
@@ -49,6 +49,9 @@
allow drmserver oemfs:dir search;
allow drmserver oemfs:file r_file_perms;
+# overlay package access
+allow drmserver vendor_overlay_file:file { read map };
+
add_service(drmserver, drmserver_service)
allow drmserver permission_service:service_manager find;
allow drmserver mediametrics_service:service_manager find;
diff --git a/public/hal_neuralnetworks.te b/public/hal_neuralnetworks.te
index f8d6ff5..228d990 100644
--- a/public/hal_neuralnetworks.te
+++ b/public/hal_neuralnetworks.te
@@ -18,6 +18,9 @@
# Allow NN HAL service to read a client-provided ION memory fd.
allow hal_neuralnetworks_server ion_device:chr_file r_file_perms;
+# Allow NN HAL service to use a client-provided fd residing in /storage
+allow hal_neuralnetworks_server storage_file:file { getattr map read };
+
# Allow NN HAL client to check the ro.nnapi.extensions.deny_on_product
# property to determine whether to deny NNAPI extensions use for apps
# on product partition (apps in GSI are not allowed to use NNAPI extensions).
diff --git a/public/mediaextractor.te b/public/mediaextractor.te
index 4bee4f8..1f34030 100644
--- a/public/mediaextractor.te
+++ b/public/mediaextractor.te
@@ -34,6 +34,9 @@
allow mediaextractor asec_apk_file:file { read getattr };
allow mediaextractor ringtone_file:file { read getattr };
+# overlay package access
+allow mediaextractor vendor_overlay_file:file { read map };
+
# scan extractor library directory to dynamically load extractors
allow mediaextractor system_file:dir { read open };
diff --git a/public/mediaserver.te b/public/mediaserver.te
index 832eaa3..86db99c 100644
--- a/public/mediaserver.te
+++ b/public/mediaserver.te
@@ -128,6 +128,9 @@
# b/120491318 allow mediaserver to access void:fd
allow mediaserver vold:fd use;
+# overlay package access
+allow mediaserver vendor_overlay_file:file { read getattr map };
+
hal_client_domain(mediaserver, hal_allocator)
###
diff --git a/public/mediatranscoding.te b/public/mediatranscoding.te
index 386535b..5b64083 100644
--- a/public/mediatranscoding.te
+++ b/public/mediatranscoding.te
@@ -3,11 +3,13 @@
type mediatranscoding_exec, system_file_type, exec_type, file_type;
binder_use(mediatranscoding)
+binder_call(mediatranscoding, binderservicedomain)
binder_service(mediatranscoding)
add_service(mediatranscoding, mediatranscoding_service)
allow mediatranscoding system_server:fd use;
+allow mediatranscoding activity_service:service_manager find;
# mediatranscoding should never execute any executable without a
# domain transition
diff --git a/public/modprobe.te b/public/modprobe.te
index 1190409..2c7d64b 100644
--- a/public/modprobe.te
+++ b/public/modprobe.te
@@ -1,6 +1,7 @@
type modprobe, domain;
allow modprobe proc_modules:file r_file_perms;
+allow modprobe proc_cmdline:file r_file_perms;
allow modprobe self:global_capability_class_set sys_module;
allow modprobe kernel:key search;
recovery_only(`
diff --git a/public/property.te b/public/property.te
index 96866b3..8e5a7fc 100644
--- a/public/property.te
+++ b/public/property.te
@@ -106,6 +106,7 @@
system_vendor_config_prop(exported_config_prop)
system_vendor_config_prop(exported_default_prop)
system_vendor_config_prop(exported3_default_prop)
+system_vendor_config_prop(incremental_prop)
system_vendor_config_prop(media_variant_prop)
system_vendor_config_prop(storage_config_prop)
system_vendor_config_prop(surfaceflinger_prop)
@@ -152,6 +153,7 @@
system_public_prop(powerctl_prop)
system_public_prop(radio_prop)
system_public_prop(serialno_prop)
+system_public_prop(surfaceflinger_color_prop)
system_public_prop(system_prop)
system_public_prop(wifi_log_prop)
system_public_prop(wifi_prop)
diff --git a/public/vendor_init.te b/public/vendor_init.te
index d661d81..cd96643 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -225,11 +225,13 @@
set_prop(vendor_init, exported2_system_prop)
set_prop(vendor_init, exported3_default_prop)
set_prop(vendor_init, exported3_radio_prop)
+set_prop(vendor_init, incremental_prop)
set_prop(vendor_init, logd_prop)
set_prop(vendor_init, log_tag_prop)
set_prop(vendor_init, log_prop)
set_prop(vendor_init, rebootescrow_hal_prop)
set_prop(vendor_init, serialno_prop)
+set_prop(vendor_init, surfaceflinger_color_prop)
set_prop(vendor_init, userspace_reboot_config_prop)
set_prop(vendor_init, vehicle_hal_prop)
set_prop(vendor_init, vendor_default_prop)
diff --git a/vendor/vendor_modprobe.te b/vendor/vendor_modprobe.te
index 7689ca5..61df9e0 100644
--- a/vendor/vendor_modprobe.te
+++ b/vendor/vendor_modprobe.te
@@ -4,6 +4,7 @@
domain_trans(init, vendor_toolbox_exec, vendor_modprobe)
allow vendor_modprobe proc_modules:file r_file_perms;
+allow vendor_modprobe proc_cmdline:file r_file_perms;
allow vendor_modprobe self:global_capability_class_set sys_module;
allow vendor_modprobe kernel:key search;