Merge "Move Broadcast Radio HAL to a separate binary."
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 3914cec..9f6ef5d 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -5,6 +5,7 @@
genfscon proc /config.gz u:object_r:config_gz:s0
genfscon proc /interrupts u:object_r:proc_interrupts:s0
genfscon proc /iomem u:object_r:proc_iomem:s0
+genfscon proc /kmsg u:object_r:proc_kmsg:s0
genfscon proc /meminfo u:object_r:proc_meminfo:s0
genfscon proc /misc u:object_r:proc_misc:s0
genfscon proc /modules u:object_r:proc_modules:s0
diff --git a/public/bootstat.te b/public/bootstat.te
index b3cca40..a55cfe6 100644
--- a/public/bootstat.te
+++ b/public/bootstat.te
@@ -30,3 +30,31 @@
read_logd(bootstat)
# ToDo: end
+
+neverallow {
+ domain
+ -bootanim
+ -bootstat
+ -dumpstate
+ -init
+ -recovery
+ -shell
+ -system_server
+} { bootloader_boot_reason_prop last_boot_reason_prop }:file r_file_perms;
+# ... and refine, as these components should not set the last boot reason
+neverallow { bootanim recovery } last_boot_reason_prop:file r_file_perms;
+
+neverallow {
+ domain
+ -bootstat
+ -init
+ -system_server
+} { bootloader_boot_reason_prop last_boot_reason_prop }:property_service set;
+# ... and refine ... for a ro propertly no less ... keep this _tight_
+neverallow system_server bootloader_boot_reason_prop:property_service set;
+
+neverallow {
+ domain
+ -bootstat
+ -init
+} system_boot_reason_prop:property_service set;
diff --git a/public/file.te b/public/file.te
index a525090..4a6feb8 100644
--- a/public/file.te
+++ b/public/file.te
@@ -15,6 +15,7 @@
type proc_cpuinfo, fs_type;
type proc_interrupts, fs_type;
type proc_iomem, fs_type;
+type proc_kmsg, fs_type;
type proc_meminfo, fs_type;
type proc_misc, fs_type;
type proc_modules, fs_type;
diff --git a/public/logd.te b/public/logd.te
index 62bff97..c47bfd7 100644
--- a/public/logd.te
+++ b/public/logd.te
@@ -4,7 +4,7 @@
# Read access to pseudo filesystems.
r_dir_file(logd, cgroup)
-r_dir_file(logd, proc)
+r_dir_file(logd, proc_kmsg)
r_dir_file(logd, proc_meminfo)
r_dir_file(logd, proc_net)
diff --git a/vendor/hal_sensors_default.te b/vendor/hal_sensors_default.te
index 8379c82..1bde858 100644
--- a/vendor/hal_sensors_default.te
+++ b/vendor/hal_sensors_default.te
@@ -5,3 +5,12 @@
init_daemon_domain(hal_sensors_default)
allow hal_sensors_default fwk_scheduler_hwservice:hwservice_manager find;
+
+# Allow sensor hals to access and use gralloc memory allocated by
+# android.hardware.graphics.allocator
+allow hal_sensors_default hal_graphics_allocator_default:fd use;
+allow hal_sensors_default ion_device:chr_file r_file_perms;
+
+# allow sensor hal to use lock for keeping system awake for wake up
+# events delivery.
+wakelock_use(hal_sensors_default);