Merge "Remove ro.com.google.clientidbase from exported prop list."
diff --git a/private/priv_app.te b/private/priv_app.te
index 341101b..e12cce7 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -24,7 +24,6 @@
allow priv_app app_api_service:service_manager find;
allow priv_app audioserver_service:service_manager find;
allow priv_app cameraserver_service:service_manager find;
-allow priv_app color_display_service:service_manager find;
allow priv_app drmserver_service:service_manager find;
allow priv_app mediacodec_service:service_manager find;
allow priv_app mediadrmserver_service:service_manager find;
diff --git a/public/service.te b/public/service.te
index 5e7ca4d..7a60ad4 100644
--- a/public/service.te
+++ b/public/service.te
@@ -76,7 +76,7 @@
type devicestoragemonitor_service, system_server_service, service_manager_type;
type diskstats_service, system_api_service, system_server_service, service_manager_type;
type display_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
-type color_display_service, system_server_service, service_manager_type;
+type color_display_service, system_api_service, system_server_service, service_manager_type;
type font_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type netd_listener_service, system_server_service, service_manager_type;
type network_watchlist_service, system_server_service, service_manager_type;
diff --git a/public/vold.te b/public/vold.te
index 13c6337..8db19fc 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -164,6 +164,9 @@
# talk to health storage HAL
hal_client_domain(vold, hal_health_storage)
+# talk to bootloader HAL
+full_treble_only(`hal_client_domain(vold, hal_bootctl)')
+
# Access userdata block device.
allow vold userdata_block_device:blk_file rw_file_perms;
@@ -266,6 +269,7 @@
-hal_health_storage_server
-hal_keymaster_server
-hal_system_suspend_server
+ -hal_bootctl
-healthd
-hwservicemanager
-servicemanager
diff --git a/tests/Android.bp b/tests/Android.bp
index 670d29d..a7d7023 100644
--- a/tests/Android.bp
+++ b/tests/Android.bp
@@ -70,4 +70,5 @@
"combine_maps.py",
"mini_parser.py",
],
+ defaults: ["py2_only"],
}
diff --git a/tests/sepolicy_tests.py b/tests/sepolicy_tests.py
index 70b036f..f8dc466 100644
--- a/tests/sepolicy_tests.py
+++ b/tests/sepolicy_tests.py
@@ -11,8 +11,8 @@
def TestDataTypeViolations(pol):
return pol.AssertPathTypesHaveAttr(["/data/"], [], "data_file_type")
-# def TestSystemTypeViolations(pol):
-# return pol.AssertPathTypesHaveAttr(["/system/"], [], "system_file_type")
+def TestSystemTypeViolations(pol):
+ return pol.AssertPathTypesHaveAttr(["/system/"], [], "system_file_type")
def TestProcTypeViolations(pol):
return pol.AssertGenfsFilesystemTypesHaveAttr("proc", "proc_type")
@@ -58,7 +58,7 @@
"TestDataTypeViolators",
"TestProcTypeViolations",
"TestSysfsTypeViolations",
- # "TestSystemTypeViolators",
+ "TestSystemTypeViolators",
"TestDebugfsTypeViolations",
"TestVendorTypeViolations",
"TestCoreDataTypeViolations",
@@ -107,8 +107,8 @@
results += TestProcTypeViolations(pol)
if options.test is None or "TestSysfsTypeViolations" in options.test:
results += TestSysfsTypeViolations(pol)
- # if options.test is None or "TestSystemTypeViolations" in options.test:
- # results += TestSystemTypeViolations(pol)
+ if options.test is None or "TestSystemTypeViolations" in options.test:
+ results += TestSystemTypeViolations(pol)
if options.test is None or "TestDebugfsTypeViolations" in options.test:
results += TestDebugfsTypeViolations(pol)
if options.test is None or "TestVendorTypeViolations" in options.test: