Merge "Add 28.0 prebuilts"
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index ae36f1c..5212b62 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -151,6 +151,7 @@
vold_prepare_subdirs
vold_prepare_subdirs_exec
vold_service
+ vrflinger_vsync_service
wait_for_keymaster
wait_for_keymaster_exec
wait_for_keymaster_tmpfs
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 4530df4..4b7ef92 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -126,6 +126,7 @@
vold_prepare_subdirs
vold_prepare_subdirs_exec
vold_service
+ vrflinger_vsync_service
wait_for_keymaster
wait_for_keymaster_exec
wait_for_keymaster_tmpfs
diff --git a/private/service_contexts b/private/service_contexts
index 0513073..de784d3 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -176,6 +176,7 @@
voiceinteraction u:object_r:voiceinteraction_service:s0
vold u:object_r:vold_service:s0
vr_hwc u:object_r:vr_hwc_service:s0
+vrflinger_vsync u:object_r:vrflinger_vsync_service:s0
vrmanager u:object_r:vr_manager_service:s0
wallpaper u:object_r:wallpaper_service:s0
webviewupdate u:object_r:webviewupdate_service:s0
diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index 61c89e1..d9d7dea 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@@ -84,6 +84,8 @@
#add_service(surfaceflinger, surfaceflinger_service)
allow surfaceflinger surfaceflinger_service:service_manager { add find };
+add_service(surfaceflinger, vrflinger_vsync_service)
+
allow surfaceflinger mediaserver_service:service_manager find;
allow surfaceflinger permission_service:service_manager find;
allow surfaceflinger power_service:service_manager find;
diff --git a/private/system_server.te b/private/system_server.te
index 182b004..01da377 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -375,6 +375,10 @@
allow system_server tombstoned:fd use;
allow system_server dumpstate:fifo_file append;
allow system_server incidentd:fifo_file append;
+# Write to a pipe created from `adb shell` (for debuggerd -j `pidof system_server`)
+userdebug_or_eng(`
+ allow system_server su:fifo_file append;
+')
# Read /data/misc/incidents - only read. The fd will be sent over binder,
# with no DAC access to it, for dropbox to read.
diff --git a/public/service.te b/public/service.te
index 11fb831..1ec0102 100644
--- a/public/service.te
+++ b/public/service.te
@@ -32,6 +32,7 @@
type virtual_touchpad_service, service_manager_type;
type vold_service, service_manager_type;
type vr_hwc_service, service_manager_type;
+type vrflinger_vsync_service, service_manager_type;
# system_server_services broken down
type accessibility_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
diff --git a/public/vr_hwc.te b/public/vr_hwc.te
index c05dd63..8e3cb51 100644
--- a/public/vr_hwc.te
+++ b/public/vr_hwc.te
@@ -29,3 +29,5 @@
# Requires access to the permission service to validate that clients have the
# appropriate VR permissions.
allow vr_hwc permission_service:service_manager find;
+
+allow vr_hwc vrflinger_vsync_service:service_manager find;