Merge "Add sepolicy for /proc/bootconfig"
diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index 45826b0..0e89d37 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -84,6 +84,7 @@
profcollectd_exec
profcollectd_service
qemu_hw_prop
+ qemu_sf_lcd_density_prop
radio_core_data_file
reboot_readiness_service
remote_prov_app
diff --git a/private/file_contexts b/private/file_contexts
index a6b92bc..35b93a1 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -173,6 +173,7 @@
/dev/socket/usap_pool_primary u:object_r:zygote_socket:s0
/dev/socket/usap_pool_secondary u:object_r:zygote_socket:s0
/dev/spdif_out.* u:object_r:audio_device:s0
+/dev/sys/block/by-name/userdata(/.*)? u:object_r:userdata_sysdev:s0
/dev/sys/fs/by-name/userdata(/.*)? u:object_r:userdata_sysdev:s0
/dev/tty u:object_r:owntty_device:s0
/dev/tty[0-9]* u:object_r:tty_device:s0
diff --git a/private/init.te b/private/init.te
index 02d45a1..f00c65c 100644
--- a/private/init.te
+++ b/private/init.te
@@ -16,6 +16,7 @@
domain_trans(init, rootfs, fastbootd)
domain_trans(init, rootfs, recovery)
domain_trans(init, rootfs, linkerconfig)
+ domain_trans(init, rootfs, snapuserd)
')
domain_trans(init, shell_exec, shell)
domain_trans(init, init_exec, ueventd)
diff --git a/private/profcollectd.te b/private/profcollectd.te
index 54cde43..44f6434 100644
--- a/private/profcollectd.te
+++ b/private/profcollectd.te
@@ -18,6 +18,7 @@
# Allow profcollectd to read executable binaries.
allow profcollectd system_file_type:file r_file_perms;
allow profcollectd vendor_file_type:file r_file_perms;
+ allow profcollectd system_bootstrap_lib_file:file r_file_perms;
# Allow profcollectd to access tracefs.
allow profcollectd debugfs_tracing:dir r_dir_perms;
diff --git a/private/property_contexts b/private/property_contexts
index ff84dcc..5c3a84c 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -189,6 +189,9 @@
# qemu_hw_prop is read/written by both system and vendor.
qemu.hw.mainkeys u:object_r:qemu_hw_prop:s0
+# qemu_sf_lcd_density_prop is read/written by both system and vendor.
+qemu.sf.lcd_density u:object_r:qemu_sf_lcd_density_prop:s0 exact int
+
# Shared between system server and wificond
wifi. u:object_r:wifi_prop:s0
wlan. u:object_r:wifi_prop:s0
diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index 8549bd5..640306f 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@@ -58,6 +58,9 @@
set_prop(surfaceflinger, ctl_bootanim_prop)
set_prop(surfaceflinger, surfaceflinger_display_prop)
+# Get properties.
+get_prop(surfaceflinger, qemu_sf_lcd_density_prop)
+
# Use open files supplied by an app.
allow surfaceflinger appdomain:fd use;
allow surfaceflinger { app_data_file privapp_data_file }:file { read write };
diff --git a/private/zygote.te b/private/zygote.te
index 1a3bcc6..83323c9 100644
--- a/private/zygote.te
+++ b/private/zygote.te
@@ -213,6 +213,9 @@
# Allow zygote to read ro.control_privapp_permissions and ro.cp_system_other_odex
get_prop(zygote, packagemanager_config_prop)
+# Allow zygote to read qemu.sf.lcd_density
+get_prop(zygote, qemu_sf_lcd_density_prop)
+
# Allow zygote to read /apex/apex-info-list.xml
allow zygote apex_info_file:file r_file_perms;
diff --git a/public/property.te b/public/property.te
index 3f3f148..506e985 100644
--- a/public/property.te
+++ b/public/property.te
@@ -192,6 +192,7 @@
system_public_prop(ota_prop)
system_public_prop(powerctl_prop)
system_public_prop(qemu_hw_prop)
+system_public_prop(qemu_sf_lcd_density_prop)
system_public_prop(radio_control_prop)
system_public_prop(radio_prop)
system_public_prop(serialno_prop)