Merge "system_server: create StatsManagerService"
diff --git a/private/compat/29.0/29.0.cil b/private/compat/29.0/29.0.cil
index 5eddc4e..c62edd5 100644
--- a/private/compat/29.0/29.0.cil
+++ b/private/compat/29.0/29.0.cil
@@ -1744,6 +1744,7 @@
(typeattributeset swap_block_device_29_0 (swap_block_device))
(typeattributeset sysfs_29_0
( sysfs
+ sysfs_ion
sysfs_suspend_stats
sysfs_wakeup))
(typeattributeset sysfs_android_usb_29_0 (sysfs_android_usb))
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 855f2d6..e33031a 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -139,6 +139,7 @@
genfscon sysfs /power/wake_lock u:object_r:sysfs_wake_lock:s0
genfscon sysfs /power/wake_unlock u:object_r:sysfs_wake_lock:s0
genfscon sysfs /kernel/memory_state_time u:object_r:sysfs_power:s0
+genfscon sysfs /kernel/ion u:object_r:sysfs_ion:s0
genfscon sysfs /kernel/ipv4 u:object_r:sysfs_ipv4:s0
genfscon sysfs /kernel/mm/transparent_hugepage u:object_r:sysfs_transparent_hugepage:s0
genfscon sysfs /kernel/notes u:object_r:sysfs_kernel_notes:s0
diff --git a/private/platform_app.te b/private/platform_app.te
index b620768..9e26d7a 100644
--- a/private/platform_app.te
+++ b/private/platform_app.te
@@ -68,7 +68,6 @@
allow platform_app vr_manager_service:service_manager find;
allow platform_app gpu_service:service_manager find;
allow platform_app stats_service:service_manager find;
-allow platform_app tethering_service:service_manager find;
userdebug_or_eng(`
allow platform_app platform_compat_service:service_manager find;
')
diff --git a/private/priv_app.te b/private/priv_app.te
index 11c9983..8a0a94f 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -52,7 +52,6 @@
allow priv_app radio_service:service_manager find;
allow priv_app recovery_service:service_manager find;
allow priv_app stats_service:service_manager find;
-allow priv_app tethering_service:service_manager find;
# Allow privileged apps to interact with gpuservice
binder_call(priv_app, gpuservice)
diff --git a/private/service_contexts b/private/service_contexts
index 2fe622d..a3680d3 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -100,6 +100,7 @@
ims u:object_r:radio_service:s0
imms u:object_r:imms_service:s0
incremental u:object_r:incremental_service:s0
+incremental_service u:object_r:incremental_service:s0
ipsec u:object_r:ipsec_service:s0
ircsmessage u:object_r:radio_service:s0
iris u:object_r:iris_service:s0
diff --git a/private/system_server.te b/private/system_server.te
index 513c70d..c1342d8 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -17,6 +17,9 @@
allow system_server zygote_tmpfs:file read;
allow system_server appdomain_tmpfs:file { getattr map read write };
+# For Incremental Service to check if incfs is available
+allow system_server proc_filesystems:file r_file_perms;
+
# For art.
allow system_server dalvikcache_data_file:dir r_dir_perms;
allow system_server dalvikcache_data_file:file r_file_perms;
@@ -157,6 +160,9 @@
# Read /sys/kernel/debug/wakeup_sources.
allow system_server debugfs_wakeup_sources:file r_file_perms;
+# Read /sys/kernel/ion/*.
+allow system_server sysfs_ion:file r_file_perms;
+
# The DhcpClient and WifiWatchdog use packet_sockets
allow system_server self:packet_socket create_socket_perms_no_ioctl;
@@ -728,6 +734,7 @@
allow system_server hal_fingerprint_service:service_manager find;
allow system_server idmap_service:service_manager find;
allow system_server incident_service:service_manager find;
+allow system_server incremental_service:service_manager find;
allow system_server installd_service:service_manager find;
allow system_server iorapd_service:service_manager find;
allow system_server keystore_service:service_manager find;
diff --git a/public/device.te b/public/device.te
index fad0f61..32563d6 100644
--- a/public/device.te
+++ b/public/device.te
@@ -51,6 +51,7 @@
type tun_device, dev_type, mlstrustedobject;
type usbaccessory_device, dev_type, mlstrustedobject;
type usb_device, dev_type, mlstrustedobject;
+type usb_serial_device, dev_type;
type properties_device, dev_type;
type properties_serial, dev_type;
type property_info, dev_type;
diff --git a/public/file.te b/public/file.te
index 5a5bd8c..9041894 100644
--- a/public/file.te
+++ b/public/file.te
@@ -83,6 +83,7 @@
type sysfs_dm, fs_type, sysfs_type;
type sysfs_dt_firmware_android, fs_type, sysfs_type;
type sysfs_extcon, fs_type, sysfs_type;
+type sysfs_ion, fs_type, sysfs_type;
type sysfs_ipv4, fs_type, sysfs_type;
type sysfs_kernel_notes, fs_type, sysfs_type, mlstrustedobject;
type sysfs_leds, fs_type, sysfs_type;
diff --git a/public/hal_can.te b/public/hal_can.te
index eb68e46..c75495b 100644
--- a/public/hal_can.te
+++ b/public/hal_can.te
@@ -7,6 +7,3 @@
binder_call(hal_can_bus_client, hal_can_bus_server)
add_hwservice(hal_can_bus_server, hal_can_bus_hwservice)
allow hal_can_bus_client hal_can_bus_hwservice:hwservice_manager find;
-
-# USB serial type for SLCAN
-type usb_serial_device, dev_type;
diff --git a/public/service.te b/public/service.te
index 6420dd7..8e9646f 100644
--- a/public/service.te
+++ b/public/service.te
@@ -196,7 +196,7 @@
type window_service, system_api_service, system_server_service, service_manager_type;
type inputflinger_service, system_api_service, system_server_service, service_manager_type;
type wpantund_service, system_api_service, service_manager_type;
-type tethering_service, system_server_service, service_manager_type;
+type tethering_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
###
### HAL Services