Merge "Rename exported2_config_prop to systemsound_config_prop"
diff --git a/prebuilts/api/29.0/private/genfs_contexts b/prebuilts/api/29.0/private/genfs_contexts
index d2819b1..b737f60 100644
--- a/prebuilts/api/29.0/private/genfs_contexts
+++ b/prebuilts/api/29.0/private/genfs_contexts
@@ -234,6 +234,7 @@
genfscon tracefs /events/kmem/rss_stat/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/kmem/ion_heap_grow/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/kmem/ion_heap_shrink/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/mm_event/mm_event_record/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/oom/oom_score_adj_update/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/task/task_rename/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/task/task_newtask/ u:object_r:debugfs_tracing:s0
@@ -277,6 +278,7 @@
genfscon debugfs /tracing/events/kmem/rss_stat/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/kmem/ion_heap_grow/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/kmem/ion_heap_shrink/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/mm_event/mm_event_record/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/oom/oom_score_adj_update/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/task/task_rename/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/task/task_newtask/ u:object_r:debugfs_tracing:s0
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 828929f..d4d7fff 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -241,6 +241,7 @@
genfscon tracefs /events/kmem/rss_stat/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/kmem/ion_heap_grow/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/kmem/ion_heap_shrink/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/mm_event/mm_event_record/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/oom/oom_score_adj_update/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/task/task_rename/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/task/task_newtask/ u:object_r:debugfs_tracing:s0
@@ -284,6 +285,7 @@
genfscon debugfs /tracing/events/kmem/rss_stat/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/kmem/ion_heap_grow/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/kmem/ion_heap_shrink/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/mm_event/mm_event_record/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/oom/oom_score_adj_update/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/task/task_rename/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/task/task_newtask/ u:object_r:debugfs_tracing:s0
diff --git a/private/incidentd.te b/private/incidentd.te
index 8924d83..c379fa2 100644
--- a/private/incidentd.te
+++ b/private/incidentd.te
@@ -50,11 +50,8 @@
binder_call(incidentd, statsd)
# section id 3026, allow reading /data/misc/perfetto-traces.
-# TODO(b/134706389): remove when no longer used.
-userdebug_or_eng(`
- allow incidentd perfetto_traces_data_file:dir r_dir_perms;
- allow incidentd perfetto_traces_data_file:file r_file_perms;
-');
+allow incidentd perfetto_traces_data_file:dir r_dir_perms;
+allow incidentd perfetto_traces_data_file:file r_file_perms;
# Create and write into /data/misc/incidents
allow incidentd incident_data_file:dir rw_dir_perms;
@@ -176,13 +173,12 @@
###
# only specific domains can find the incident service
-# TODO(b/134706389): remove "perfetto" when no longer used.
neverallow {
domain
-dumpstate
-incident
-incidentd
- userdebug_or_eng(`-perfetto')
+ -perfetto
-permissioncontroller_app
-priv_app
-statsd
diff --git a/private/perfetto.te b/private/perfetto.te
index 58cfae8..25c70d2 100644
--- a/private/perfetto.te
+++ b/private/perfetto.te
@@ -44,11 +44,8 @@
allow perfetto devpts:chr_file rw_file_perms;
# Allow perfetto to ask incidentd to start a report.
-# TODO(b/134706389): remove when no longer used.
-userdebug_or_eng(`
- allow perfetto incident_service:service_manager find;
- binder_call(perfetto, incidentd)
-');
+allow perfetto incident_service:service_manager find;
+binder_call(perfetto, incidentd)
# perfetto log formatter calls isatty() on its stderr. Denial when running
# under adbd is harmless. Avoid generating denial logs.
diff --git a/public/dumpstate.te b/public/dumpstate.te
index 5f27d32..fd68bc7 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -233,7 +233,6 @@
-apex_service
-dumpstate_service
-gatekeeper_service
- -iorapd_service
-virtual_touchpad_service
-vold_service
-vr_hwc_service
@@ -244,7 +243,6 @@
apex_service
dumpstate_service
gatekeeper_service
- iorapd_service
virtual_touchpad_service
vold_service
vr_hwc_service
@@ -284,6 +282,9 @@
# Allow dumpstate to talk to installd over binder
binder_call(dumpstate, installd);
+# Allow dumpstate to talk to iorapd over binder.
+binder_call(dumpstate, iorapd)
+
# Allow dumpstate to run ip xfrm policy
allow dumpstate self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_read };
diff --git a/public/iorapd.te b/public/iorapd.te
index 4c08c72..426ecca 100644
--- a/public/iorapd.te
+++ b/public/iorapd.te
@@ -23,6 +23,9 @@
allow iorapd user_service:service_manager find;
# IPackageManagerNative
allow iorapd package_native_service:service_manager find;
+# Allow dumpstate (bugreport) to call into iorapd.
+allow iorapd dumpstate:fd use;
+allow iorapd dumpstate:fifo_file write;
# talk to batteryservice
binder_call(iorapd, healthd)
@@ -68,8 +71,8 @@
-iorapd
} { iorapd_data_file }:notdevfile_class_set *;
-# Only system_server can interact with iorapd over binder
-neverallow { domain -system_server -iorapd } iorapd_service:service_manager find;
+# Only system_server and shell (for dumpsys) can interact with iorapd over binder
+neverallow { domain -dumpstate -system_server -iorapd } iorapd_service:service_manager find;
neverallow iorapd {
domain
-healthd