Merge "wificond_service: drop system_service typeattribute"
diff --git a/Android.mk b/Android.mk
index 269e66e..0061c76 100644
--- a/Android.mk
+++ b/Android.mk
@@ -666,16 +666,21 @@
ifneq ($(filter address,$(SANITIZE_TARGET)),)
local_fc_files += $(PLAT_PRIVATE_POLICY)/file_contexts_asan
endif
+local_fcfiles_with_nl := $(call add_nl, $(local_fc_files), $(built_nl))
-$(LOCAL_BUILT_MODULE): PRIVATE_FC_FILES := $(local_fcfiles)
+$(LOCAL_BUILT_MODULE): PRIVATE_FC_FILES := $(local_fcfiles_with_nl)
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
-$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/checkfc $(local_fcfiles) $(built_sepolicy)
+$(LOCAL_BUILT_MODULE): PRIVATE_FC_SORT := $(HOST_OUT_EXECUTABLES)/fc_sort
+$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/checkfc $(HOST_OUT_EXECUTABLES)/fc_sort \
+$(local_fcfiles_with_nl) $(built_sepolicy)
@mkdir -p $(dir $@)
- $(hide) m4 -s $(PRIVATE_FC_FILES) > $@
- $(hide) $< $(PRIVATE_SEPOLICY) $@
+ $(hide) m4 -s $(PRIVATE_FC_FILES) > $@.tmp
+ $(hide) $< $(PRIVATE_SEPOLICY) $@.tmp
+ $(hide) $(PRIVATE_FC_SORT) $@.tmp $@
built_plat_fc := $(LOCAL_BUILT_MODULE)
local_fc_files :=
+local_fcfiles_with_nl :=
##################################
include $(CLEAR_VARS)
@@ -694,7 +699,7 @@
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
$(LOCAL_BUILT_MODULE): PRIVATE_FC_SORT := $(HOST_OUT_EXECUTABLES)/fc_sort
$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/checkfc $(HOST_OUT_EXECUTABLES)/fc_sort \
-$(device_fcfiles_with_nl) $(built_sepolicy)
+$(nonplat_fcfiles_with_nl) $(built_sepolicy)
@mkdir -p $(dir $@)
$(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_FC_FILES) > $@.tmp
$(hide) $< $(PRIVATE_SEPOLICY) $@.tmp
diff --git a/private/file_contexts b/private/file_contexts
index 16ecbf0..ae910de 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -239,11 +239,11 @@
/system/fake-lib(64)?/libart.* u:object_r:libart_file:s0
/system/lib(64)?/libart.* u:object_r:libart_file:s0
/system/bin/hw/android\.hardware\.audio@2\.0-service u:object_r:hal_audio_default_exec:s0
-/system/bin/hw/android\.hardware\.bluetooth@1\.0-service u:object_r:hal_bluetooth_default_exec:s0
-/system/bin/hw/android\.hardware\.camera\.provider@2\.4-service u:object_r:hal_camera_default_exec:s0
-/system/bin/hw/android\.hardware\.boot@1\.0-service u:object_r:hal_boot_exec:s0
-/system/bin/hw/android\.hardware\.contexthub@1\.0-service u:object_r:hal_contexthub_default_exec:s0
/system/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service u:object_r:hal_fingerprint_default_exec:s0
+/system/bin/hw/android\.hardware\.bluetooth@1\.0-service u:object_r:hal_bluetooth_default_exec:s0
+/system/bin/hw/android\.hardware\.boot@1\.0-service u:object_r:hal_boot_exec:s0
+/system/bin/hw/android\.hardware\.camera\.provider@2\.4-service u:object_r:hal_camera_default_exec:s0
+/system/bin/hw/android\.hardware\.contexthub@1\.0-service u:object_r:hal_contexthub_default_exec:s0
/system/bin/hw/android\.hardware\.dumpstate@1\.0-service u:object_r:hal_dumpstate_default_exec:s0
/system/bin/hw/android\.hardware\.gatekeeper@1\.0-service u:object_r:hal_gatekeeper_default_exec:s0
/system/bin/hw/android\.hardware\.gnss@1\.0-service u:object_r:hal_gnss_default_exec:s0
@@ -436,12 +436,12 @@
# debugfs files
#
/sys/kernel/debug/mmc0(/.*)? u:object_r:debugfs_mmc:s0
-/sys/kernel/debug/tracing(/.*)? u:object_r:debugfs_tracing:s0
-/sys/kernel/debug/tracing/trace_marker u:object_r:debugfs_trace_marker:s0
-/sys/kernel/debug/tracing/instances(/.*)? u:object_r:debugfs_tracing_instances:s0
-/sys/kernel/debug/tracing/instances/wifi/free_buffer u:object_r:debugfs_wifi_tracing:s0
-/sys/kernel/debug/tracing/instances/wifi/trace u:object_r:debugfs_wifi_tracing:s0
-/sys/kernel/debug/tracing/instances/wifi/tracing_on u:object_r:debugfs_wifi_tracing:s0
+/sys/kernel(/debug)?/tracing(/.*)? u:object_r:debugfs_tracing:s0
+/sys/kernel(/debug)?/tracing/trace_marker u:object_r:debugfs_trace_marker:s0
+/sys/kernel(/debug)?/tracing/instances(/.*)? u:object_r:debugfs_tracing_instances:s0
+/sys/kernel(/debug)?/tracing/instances/wifi/free_buffer u:object_r:debugfs_wifi_tracing:s0
+/sys/kernel(/debug)?/tracing/instances/wifi/trace u:object_r:debugfs_wifi_tracing:s0
+/sys/kernel(/debug)?/tracing/instances/wifi/tracing_on u:object_r:debugfs_wifi_tracing:s0
#############################
# asec containers
diff --git a/private/storaged.te b/private/storaged.te
index 6b7fa50..c6276a3 100644
--- a/private/storaged.te
+++ b/private/storaged.te
@@ -12,6 +12,9 @@
# Read /proc/uid_io/stats
allow storaged proc_uid_io_stats:file r_file_perms;
+# Read /data/system/packages.list
+allow storaged system_data_file:file r_file_perms;
+
allow storaged self:capability { setgid setuid sys_nice sys_ptrace };
userdebug_or_eng(`
@@ -22,7 +25,6 @@
# Binder permissions
allow storaged storaged_service:service_manager add;
-allow storaged permission_service:service_manager find;
binder_use(storaged)
binder_call(storaged, system_server)
diff --git a/public/attributes b/public/attributes
index aec85fb..299532b 100644
--- a/public/attributes
+++ b/public/attributes
@@ -121,6 +121,7 @@
attribute hal_audio;
attribute hal_bluetooth;
attribute hal_camera;
+attribute hal_contexthub;
attribute hal_dumpstate;
attribute hal_fingerprint;
attribute hal_gatekeeper;
@@ -139,4 +140,3 @@
attribute hal_vibrator;
attribute hal_vr;
attribute hal_wifi;
-attribute hal_contexthub;
diff --git a/public/gatekeeperd.te b/public/gatekeeperd.te
index 3831dff..88a2e00 100644
--- a/public/gatekeeperd.te
+++ b/public/gatekeeperd.te
@@ -1,5 +1,6 @@
+type gatekeeperd, domain;
# normally uses HAL; implements HAL in pass-through mode only
-type gatekeeperd, hal_gatekeeper, domain;
+hal_impl_domain(gatekeeperd, hal_gatekeeper)
type gatekeeperd_exec, exec_type, file_type;
# gatekeeperd
diff --git a/public/radio.te b/public/radio.te
index 1e9ac56..eb52f09 100644
--- a/public/radio.te
+++ b/public/radio.te
@@ -19,9 +19,7 @@
# Property service
set_prop(radio, radio_prop)
-set_prop(radio, system_radio_prop)
set_prop(radio, net_radio_prop)
-auditallow radio system_radio_prop:property_service set;
# ctl interface
set_prop(radio, ctl_rildaemon_prop)
diff --git a/public/rild.te b/public/rild.te
index 4d9cb21..1ce19e3 100644
--- a/public/rild.te
+++ b/public/rild.te
@@ -1,5 +1,6 @@
# rild - radio interface layer daemon
-type rild, domain, domain_deprecated, hal_telephony;
+type rild, domain, domain_deprecated;
+hal_impl_domain(rild, hal_telephony)
type rild_exec, exec_type, file_type;
net_domain(rild)
diff --git a/public/shell.te b/public/shell.te
index 5f7af0b..d643b7e 100644
--- a/public/shell.te
+++ b/public/shell.te
@@ -83,6 +83,10 @@
allow shell { service_manager_type -gatekeeper_service -netd_service -installd_service}:service_manager find;
allow shell dumpstate:binder call;
+# allow shell to get information from hwservicemanager
+# for instance, listing hardware services with dumpsys
+hwbinder_use(shell)
+
# allow shell to look through /proc/ for ps, top, netstat
r_dir_file(shell, proc)
r_dir_file(shell, proc_net)
diff --git a/public/tombstoned.te b/public/tombstoned.te
index c830d93..840c026 100644
--- a/public/tombstoned.te
+++ b/public/tombstoned.te
@@ -10,3 +10,4 @@
allow tombstoned domain:file r_file_perms;
allow tombstoned tombstone_data_file:dir rw_dir_perms;
allow tombstoned tombstone_data_file:file create_file_perms;
+allow tombstoned anr_data_file:file { getattr append };