Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / cc3da7fe58d68be13b75d80c8625fb5edd807823^2..cc3da7fe58d68be13b75d80c8625fb5edd807823 / .
commitcc3da7fe58d68be13b75d80c8625fb5edd807823[log] [tgz]
authorNikita Ioffe <ioffe@google.com>Tue Nov 29 11:46:54 2022 +0000
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>Tue Nov 29 11:46:54 2022 +0000
tree94bcd0edb6f0273237d7bdf4d13ca716ad52dfa7
parente2acc5f779a0834fb70c51ce0cd31954fb87ba20 [diff]
parent2039173556283ee0a1c5580ed0b7f4238ce91eeb [diff]
Merge "Add sepolicy for microdroid_config_prop sysprops" am: ddc29b8d79 am: 2039173556

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2318890

Change-Id: I4f4091e82b42fcbbf5ad71852637885fd5b18c7c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

diff --git a/prebuilts/api/33.0/private/compat/32.0/32.0.ignore.cil b/prebuilts/api/33.0/private/compat/32.0/32.0.ignore.cil
index b5aa501..7294656 100644
--- a/prebuilts/api/33.0/private/compat/32.0/32.0.ignore.cil
+++ b/prebuilts/api/33.0/private/compat/32.0/32.0.ignore.cil

@@ -5,6 +5,7 @@
 (typeattribute new_objects)
 (typeattributeset new_objects
   ( new_objects
+    adaptive_haptics_prop
     adservices_manager_service
     apexd_select_prop
     artd_service

diff --git a/prebuilts/api/33.0/private/property_contexts b/prebuilts/api/33.0/private/property_contexts
index 4eda4a1..2a46b1a 100644
--- a/prebuilts/api/33.0/private/property_contexts
+++ b/prebuilts/api/33.0/private/property_contexts

@@ -1341,3 +1341,6 @@
 
 # virtualization service properties
 virtualizationservice.state.last_cid u:object_r:virtualizationservice_prop:s0 exact uint
+
+# Adaptive haptics settings property
+vibrator.adaptive_haptics.enabled u:object_r:adaptive_haptics_prop:s0 exact string

diff --git a/prebuilts/api/33.0/private/system_app.te b/prebuilts/api/33.0/private/system_app.te
index 77cca3d..76e5f7d 100644
--- a/prebuilts/api/33.0/private/system_app.te
+++ b/prebuilts/api/33.0/private/system_app.te

@@ -34,6 +34,7 @@
 allow system_app icon_file:file r_file_perms;
 
 # Write to properties
+set_prop(system_app, adaptive_haptics_prop)
 set_prop(system_app, arm64_memtag_prop)
 set_prop(system_app, bluetooth_a2dp_offload_prop)
 set_prop(system_app, bluetooth_audio_hal_prop)
@@ -189,3 +190,6 @@
 # bug reports, but not reads.
 neverallow system_app shell_data_file:dir { no_w_dir_perms open search read };
 neverallow system_app shell_data_file:file { open read ioctl lock };
+
+# system_app should be the only domain writing the adaptive haptics prop
+neverallow { domain -init -system_app } adaptive_haptics_prop:property_service set;

diff --git a/prebuilts/api/33.0/public/dumpstate.te b/prebuilts/api/33.0/public/dumpstate.te
index 05a7317..f1c6d72 100644
--- a/prebuilts/api/33.0/public/dumpstate.te
+++ b/prebuilts/api/33.0/public/dumpstate.te

@@ -333,6 +333,7 @@
   mnt_vendor_file
   mirror_data_file
   mnt_user_file
+  mnt_product_file
 }:dir search;
 dontaudit dumpstate {
   apex_mnt_dir

diff --git a/prebuilts/api/33.0/public/property.te b/prebuilts/api/33.0/public/property.te
index 42fe979..763a80a 100644
--- a/prebuilts/api/33.0/public/property.te
+++ b/prebuilts/api/33.0/public/property.te

@@ -52,6 +52,7 @@
 
 # Properties which can't be written outside system
 system_restricted_prop(aac_drc_prop)
+system_restricted_prop(adaptive_haptics_prop)
 system_restricted_prop(arm64_memtag_prop)
 system_restricted_prop(binder_cache_bluetooth_server_prop)
 system_restricted_prop(binder_cache_system_server_prop)

diff --git a/private/compat/32.0/32.0.ignore.cil b/private/compat/32.0/32.0.ignore.cil
index 50e3be7..0665422 100644
--- a/private/compat/32.0/32.0.ignore.cil
+++ b/private/compat/32.0/32.0.ignore.cil

@@ -5,6 +5,7 @@
 (typeattribute new_objects)
 (typeattributeset new_objects
   ( new_objects
+    adaptive_haptics_prop
     adservices_manager_service
     apexd_select_prop
     artd_service