Merge "Bluetooth LMP Events: Add Lmp Events Hal" into main
diff --git a/apex/com.android.art-file_contexts b/apex/com.android.art-file_contexts
index ada6c3b..83d081a 100644
--- a/apex/com.android.art-file_contexts
+++ b/apex/com.android.art-file_contexts
@@ -9,4 +9,5 @@
/bin/dexoptanalyzer u:object_r:dexoptanalyzer_exec:s0
/bin/odrefresh u:object_r:odrefresh_exec:s0
/bin/profman u:object_r:profman_exec:s0
+/bin/oatdump u:object_r:oatdump_exec:s0
/lib(64)?(/.*)? u:object_r:system_lib_file:s0
diff --git a/contexts/plat_file_contexts_test b/contexts/plat_file_contexts_test
index 54dc1f3..9558425 100644
--- a/contexts/plat_file_contexts_test
+++ b/contexts/plat_file_contexts_test
@@ -1269,3 +1269,7 @@
/product/bin/otapreopt_script postinstall_exec
/system/bin/otapreopt postinstall_dexopt_exec
/product/bin/otapreopt postinstall_dexopt_exec
+/data/misc/uprobestats-configs uprobestats_configs_data_file
+/data/misc/uprobestats-configs/test uprobestats_configs_data_file
+
+/tmp shell_data_file
diff --git a/private/bug_map b/private/bug_map
index 3a78a40..53cb8b1 100644
--- a/private/bug_map
+++ b/private/bug_map
@@ -19,9 +19,7 @@
mediaprovider cache_file blk_file b/77925342
mediaprovider mnt_media_rw_file dir b/77925342
mediaprovider shell_data_file dir b/77925342
-mediaprovider_app device_config_media_native_prop file b/308043377
mediaswcodec ashmem_device chr_file b/142679232
-nfc device_config_media_native_prop file b/308043377
platform_app device_config_media_native_prop file b/308043377
platform_app nfc_data_file dir b/74331887
platform_app system_data_file dir b/306090533
diff --git a/private/file.te b/private/file.te
index f4c3e2d..de2581d 100644
--- a/private/file.te
+++ b/private/file.te
@@ -28,6 +28,12 @@
# /data/misc/perfetto-configs for perfetto configs
type perfetto_configs_data_file, file_type, data_file_type, core_data_file_type;
+# /data/misc/uprobestats-configs for uprobestats configs
+type uprobestats_configs_data_file, file_type, data_file_type, core_data_file_type;
+
+# /apex/com.android.art/bin/oatdump
+type oatdump_exec, system_file_type, exec_type, file_type;
+
# /data/misc_{ce/de}/<user>/sdksandbox root data directory for sdk sandbox processes
type sdk_sandbox_system_data_file, file_type, data_file_type, core_data_file_type;
# /data/misc_{ce/de}/<user>/sdksandbox/<app-name>/* subdirectory for sdk sandbox processes
diff --git a/private/file_contexts b/private/file_contexts
index 3cfbaf0..a1bc85f 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -54,6 +54,7 @@
/sys u:object_r:sysfs:s0
/apex u:object_r:apex_mnt_dir:s0
/bootstrap-apex u:object_r:apex_mnt_dir:s0
+/tmp u:object_r:shell_data_file:s0
# Postinstall directories
/postinstall u:object_r:postinstall_mnt_dir:s0
@@ -663,6 +664,7 @@
/data/misc/perfetto-traces(/.*)? u:object_r:perfetto_traces_data_file:s0
/data/misc/perfetto-traces/bugreport(.*)? u:object_r:perfetto_traces_bugreport_data_file:s0
/data/misc/perfetto-configs(/.*)? u:object_r:perfetto_configs_data_file:s0
+/data/misc/uprobestats-configs(/.*)? u:object_r:uprobestats_configs_data_file:s0
/data/misc/prereboot(/.*)? u:object_r:prereboot_data_file:s0
/data/misc/profcollectd(/.*)? u:object_r:profcollectd_data_file:s0
/data/misc/radio(/.*)? u:object_r:radio_core_data_file:s0
diff --git a/private/network_stack.te b/private/network_stack.te
index 8e09be8..7587c1f 100644
--- a/private/network_stack.te
+++ b/private/network_stack.te
@@ -13,6 +13,8 @@
net_raw
};
+allow network_stack self:global_capability2_class_set wake_alarm;
+
# Allow access to net_admin ioctl, DHCP server uses SIOCSARP
allowxperm network_stack self:udp_socket ioctl priv_sock_ioctls;
diff --git a/private/property.te b/private/property.te
index ff0b693..20a9375 100644
--- a/private/property.te
+++ b/private/property.te
@@ -45,6 +45,7 @@
system_internal_prop(system_adbd_prop)
system_internal_prop(timezone_metadata_prop)
system_internal_prop(traced_perf_enabled_prop)
+system_internal_prop(uprobestats_start_with_config_prop)
system_internal_prop(tuner_server_ctl_prop)
system_internal_prop(userspace_reboot_log_prop)
system_internal_prop(userspace_reboot_test_prop)
diff --git a/private/property_contexts b/private/property_contexts
index 4166c55..53a3d4b 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -87,6 +87,7 @@
traced.lazy. u:object_r:traced_lazy_prop:s0
persist.heapprofd.enable u:object_r:heapprofd_enabled_prop:s0
persist.traced_perf.enable u:object_r:traced_perf_enabled_prop:s0
+uprobestats.start_with_config u:object_r:uprobestats_start_with_config_prop:s0
persist.vendor.debug.wifi. u:object_r:persist_vendor_debug_wifi_prop:s0
persist.vendor.overlay. u:object_r:overlay_prop:s0
ril.cdma.inecmmode u:object_r:radio_cdma_ecm_prop:s0 exact bool
@@ -734,6 +735,7 @@
ro.lmk.log_stats u:object_r:lmkd_config_prop:s0 exact bool
ro.lmk.low u:object_r:lmkd_config_prop:s0 exact int
ro.lmk.medium u:object_r:lmkd_config_prop:s0 exact int
+ro.lmk.pressure_after_kill_min_score u:object_r:lmkd_config_prop:s0 exact int
ro.lmk.psi_partial_stall_ms u:object_r:lmkd_config_prop:s0 exact int
ro.lmk.psi_complete_stall_ms u:object_r:lmkd_config_prop:s0 exact int
ro.lmk.stall_limit_critical u:object_r:lmkd_config_prop:s0 exact int
diff --git a/private/remount.te b/private/remount.te
index 4dd94a5..5ef7fac 100644
--- a/private/remount.te
+++ b/private/remount.te
@@ -12,4 +12,14 @@
# Allow searching for /metadata/gsi/remount/lp_metadata.
allow remount { metadata_file gsi_metadata_file_type }:dir search;
+
+ # Allow remount to flip the overlayfs bit in the super partition.
+ # This requires being able to read fstab, find /dev/block/by-name/super,
+ # and read-write super.
+ r_dir_file(remount, sysfs_dt_firmware_android)
+ allow remount proc_bootconfig:file r_file_perms;
+ allow remount proc_cmdline:file r_file_perms;
+ allow remount block_device:dir r_dir_perms;
+ allow remount super_block_device_type:blk_file rw_file_perms;
+ allowxperm remount super_block_device_type:blk_file ioctl { BLKIOMIN BLKALIGNOFF };
')
diff --git a/private/shell.te b/private/shell.te
index f32395e..bfcd5ac 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -258,3 +258,5 @@
# Allow shell to read the build properties for attestation feature
get_prop(shell, build_attestation_prop)
+# Allow shell to execute oatdump.
+allow shell oatdump_exec:file rx_file_perms;
diff --git a/private/statsd.te b/private/statsd.te
index 59948ff..051b99e 100644
--- a/private/statsd.te
+++ b/private/statsd.te
@@ -28,3 +28,10 @@
# Allow statsd to read its system properties
get_prop(statsd, device_config_statsd_native_prop)
get_prop(statsd, device_config_statsd_native_boot_prop)
+
+# Allow statsd to write uprobestats configs.
+allow statsd uprobestats_configs_data_file:dir rw_dir_perms;
+allow statsd uprobestats_configs_data_file:file create_file_perms;
+
+# Allow statsd to trigger uprobestats via property.
+set_prop(statsd, uprobestats_start_with_config_prop);
diff --git a/private/system_server.te b/private/system_server.te
index 474a7b6..62430b1 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -302,6 +302,7 @@
binder_call(system_server, vold)
binder_call(system_server, logd)
binder_call(system_server, wificond)
+binder_call(system_server, uprobestats)
binder_service(system_server)
# Use HALs
@@ -373,6 +374,7 @@
# This is derived from the list that system server defines as interesting native processes
# to dump during ANRs or watchdog aborts, defined in NATIVE_STACKS_OF_INTEREST in
# frameworks/base/services/core/java/com/android/server/Watchdog.java.
+ artd
audioserver
cameraserver
drmserver
diff --git a/private/traced_probes.te b/private/traced_probes.te
index 0d68fa3..003e992 100644
--- a/private/traced_probes.te
+++ b/private/traced_probes.te
@@ -84,6 +84,9 @@
proc_vmstat
proc_stat
proc_buddyinfo
+ proc_pressure_cpu
+ proc_pressure_io
+ proc_pressure_mem
}:file r_file_perms;
# Allow access to read /sys/class/devfreq/ and /$DEVICE/cur_freq files
diff --git a/private/uprobestats.te b/private/uprobestats.te
index f2a4ae3..78595f6 100644
--- a/private/uprobestats.te
+++ b/private/uprobestats.te
@@ -4,8 +4,8 @@
type uprobestats_exec, system_file_type, exec_type, file_type;
-# Allow uprobestats to be invoked by statsd.
-domain_auto_trans(statsd, uprobestats_exec, uprobestats)
+# Allow init to start uprobestats.
+init_daemon_domain(uprobestats)
allow uprobestats fs_bpf_uprobe_private:file { read write };
allow uprobestats fs_bpf_uprobe_private:dir search;
@@ -14,3 +14,24 @@
allow uprobestats self:perf_event { cpu open write };
allow uprobestats sysfs_uprobe:file { open read };
allow uprobestats sysfs_uprobe:dir { search };
+
+# Allow uprobestats to popen oatdump.
+allow uprobestats oatdump_exec:file rx_file_perms;
+
+# Allow uprobestats to write atoms to statsd
+unix_socket_send(uprobestats, statsdw, statsd)
+
+# For registration with system server as a process observer.
+binder_use(uprobestats)
+allow uprobestats activity_service:service_manager find;
+binder_call(uprobestats, system_server);
+
+# Allow uprobestats to talk to native package manager
+allow uprobestats package_native_service:service_manager find;
+
+# Allow uprobestats to scan /proc/<pid>/cmdline.
+r_dir_file(uprobestats, { domain -appdomain })
+
+# Allow uprobestats to manage its own config files.
+allow uprobestats uprobestats_configs_data_file:dir rw_dir_perms;
+allow uprobestats uprobestats_configs_data_file:file { r_file_perms unlink };
diff --git a/private/virtualizationmanager.te b/private/virtualizationmanager.te
index 40d95c6..725ca72 100644
--- a/private/virtualizationmanager.te
+++ b/private/virtualizationmanager.te
@@ -87,6 +87,10 @@
allow virtualizationmanager sysfs_dt_avf:dir search;
allow virtualizationmanager sysfs_dt_avf:file { open read };
+# virtualizationmanager to be client of secretkeeper HAL. It ferries SecretManagement messages
+# from pVM to HAL.
+hal_client_domain(virtualizationmanager, hal_secretkeeper);
+
# Let virtualizationmanager open test artifacts under /data/local/tmp with file path.
# (e.g. custom debug policy)
userdebug_or_eng(`
diff --git a/public/init.te b/public/init.te
index 29dd42d..47b8603 100644
--- a/public/init.te
+++ b/public/init.te
@@ -105,6 +105,7 @@
vendor_file
postinstall_mnt_dir
mirror_data_file
+ shell_data_file
}:dir mounton;
# Mount bpf fs on sys/fs/bpf