Merge "Enable CAN HAL to scan /sys/devices for USB CAN" am: c58ad4b82c am: a2ad628f4f
Change-Id: I8d05c044bf753b4b5eb9572b3a13ea5a31de63e2
diff --git a/prebuilts/api/26.0/public/property.te b/prebuilts/api/26.0/public/property.te
index d6fa868..232872c 100644
--- a/prebuilts/api/26.0/public/property.te
+++ b/prebuilts/api/26.0/public/property.te
@@ -1,6 +1,7 @@
type asan_reboot_prop, property_type;
type audio_prop, property_type, core_property_type;
type boottime_prop, property_type;
+type boottime_public_prop, property_type;
type bluetooth_prop, property_type;
type config_prop, property_type, core_property_type;
type cppreopt_prop, property_type, core_property_type;
diff --git a/prebuilts/api/27.0/public/property.te b/prebuilts/api/27.0/public/property.te
index 95efcaa..2c716c5 100644
--- a/prebuilts/api/27.0/public/property.te
+++ b/prebuilts/api/27.0/public/property.te
@@ -1,5 +1,6 @@
type audio_prop, property_type, core_property_type;
type boottime_prop, property_type;
+type boottime_public_prop, property_type;
type bluetooth_prop, property_type;
type config_prop, property_type, core_property_type;
type cppreopt_prop, property_type, core_property_type;
diff --git a/prebuilts/api/28.0/public/property.te b/prebuilts/api/28.0/public/property.te
index b0397e9..a4f0d87 100644
--- a/prebuilts/api/28.0/public/property.te
+++ b/prebuilts/api/28.0/public/property.te
@@ -1,5 +1,6 @@
type audio_prop, property_type, core_property_type;
type boottime_prop, property_type;
+type boottime_public_prop, property_type;
type bluetooth_a2dp_offload_prop, property_type;
type bluetooth_prop, property_type;
type bootloader_boot_reason_prop, property_type;
diff --git a/prebuilts/api/29.0/private/system_server.te b/prebuilts/api/29.0/private/system_server.te
index 51cbd28..73891c9 100644
--- a/prebuilts/api/29.0/private/system_server.te
+++ b/prebuilts/api/29.0/private/system_server.te
@@ -847,6 +847,7 @@
r_dir_file(system_server, proc_net_type)
r_dir_file(system_server, proc_qtaguid_stat)
allow system_server {
+ proc_cmdline
proc_loadavg
proc_meminfo
proc_pagetypeinfo
diff --git a/prebuilts/api/29.0/public/adbd.te b/prebuilts/api/29.0/public/adbd.te
index 68a176c..4a1f633 100644
--- a/prebuilts/api/29.0/public/adbd.te
+++ b/prebuilts/api/29.0/public/adbd.te
@@ -6,3 +6,6 @@
# Only init is allowed to enter the adbd domain via exec()
neverallow { domain -init } adbd:process transition;
neverallow * adbd:process dyntransition;
+
+# Allow adbd start/stop mdnsd via ctl.start
+set_prop(adbd, ctl_mdnsd_prop)
diff --git a/prebuilts/api/29.0/public/property.te b/prebuilts/api/29.0/public/property.te
index cea50ac..4ccd8ac 100644
--- a/prebuilts/api/29.0/public/property.te
+++ b/prebuilts/api/29.0/public/property.te
@@ -1,6 +1,7 @@
type apexd_prop, property_type;
type audio_prop, property_type, core_property_type;
type boottime_prop, property_type;
+type boottime_public_prop, property_type;
type bluetooth_a2dp_offload_prop, property_type;
type bluetooth_audio_hal_prop, property_type;
type bluetooth_prop, property_type;
@@ -361,6 +362,7 @@
-bluetooth_prop
-bootloader_boot_reason_prop
-boottime_prop
+ -boottime_public_prop
-bpf_progs_loaded_prop
-config_prop
-cppreopt_prop
diff --git a/prebuilts/api/29.0/public/property_contexts b/prebuilts/api/29.0/public/property_contexts
index f59b5de..865502e 100644
--- a/prebuilts/api/29.0/public/property_contexts
+++ b/prebuilts/api/29.0/public/property_contexts
@@ -11,11 +11,13 @@
camera.fifo.disable u:object_r:exported3_default_prop:s0 exact int
dalvik.vm.appimageformat u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.backgroundgctype u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.boot-dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.boot-dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
dalvik.vm.boot-image u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.checkjni u:object_r:exported_dalvik_prop:s0 exact bool
dalvik.vm.dex2oat-Xms u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.dex2oat-Xmx u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.dex2oat-filter u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.dex2oat-flags u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
@@ -33,6 +35,7 @@
dalvik.vm.hot-startup-method-samples u:object_r:exported_dalvik_prop:s0 exact int
dalvik.vm.image-dex2oat-Xms u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.image-dex2oat-Xmx u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.image-dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.image-dex2oat-filter u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.image-dex2oat-flags u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.image-dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
@@ -212,6 +215,8 @@
ro.boot.bootdevice u:object_r:exported2_default_prop:s0 exact string
ro.boot.bootloader u:object_r:exported2_default_prop:s0 exact string
ro.boot.boottime u:object_r:exported2_default_prop:s0 exact string
+ro.boottime.init.mount.data u:object_r:boottime_public_prop:s0 exact string
+ro.boottime.init.fsck.data u:object_r:boottime_public_prop:s0 exact string
ro.boot.console u:object_r:exported2_default_prop:s0 exact string
ro.boot.hardware u:object_r:exported2_default_prop:s0 exact string
ro.boot.hardware.color u:object_r:exported2_default_prop:s0 exact string
diff --git a/private/compat/26.0/26.0.cil b/private/compat/26.0/26.0.cil
index 1cdde2b..498bca5 100644
--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@@ -2,11 +2,15 @@
(typeattribute hal_wifi_keystore)
(typeattribute hal_wifi_keystore_client)
(typeattribute hal_wifi_keystore_server)
+(typeattribute hal_wifi_offload)
+(typeattribute hal_wifi_offload_client)
+(typeattribute hal_wifi_offload_server)
;; types removed from current policy
(type untrusted_v2_app)
(type asan_reboot_prop)
(type commontime_management_service)
+(type hal_wifi_offload_hwservice)
(type log_device)
(type mediacasserver_service)
(type mediacodec)
diff --git a/private/compat/27.0/27.0.cil b/private/compat/27.0/27.0.cil
index 0996e97..0d883c0 100644
--- a/private/compat/27.0/27.0.cil
+++ b/private/compat/27.0/27.0.cil
@@ -1,5 +1,11 @@
+;; attributes removed from current policy
+(typeattribute hal_wifi_offload)
+(typeattribute hal_wifi_offload_client)
+(typeattribute hal_wifi_offload_server)
+
;; types removed from current policy
(type commontime_management_service)
+(type hal_wifi_offload_hwservice)
(type mediacodec)
(type mediacodec_exec)
(type netd_socket)
diff --git a/private/compat/28.0/28.0.cil b/private/compat/28.0/28.0.cil
index 0de0ad5..321e938 100644
--- a/private/compat/28.0/28.0.cil
+++ b/private/compat/28.0/28.0.cil
@@ -1,3 +1,8 @@
+;; attributes removed from current policy
+(typeattribute hal_wifi_offload)
+(typeattribute hal_wifi_offload_client)
+(typeattribute hal_wifi_offload_server)
+
;; types removed from current policy
(type alarm_device)
(type audio_seq_device)
@@ -5,6 +10,7 @@
(type commontime_management_service)
(type cpuctl_device)
(type full_device)
+(type hal_wifi_offload_hwservice)
(type i2c_device)
(type kmem_device)
(type mediacodec)
diff --git a/private/compat/29.0/29.0.cil b/private/compat/29.0/29.0.cil
index 60e6fb1..5231498 100644
--- a/private/compat/29.0/29.0.cil
+++ b/private/compat/29.0/29.0.cil
@@ -7,6 +7,7 @@
(type perfprofd_data_file)
(type perfprofd_service)
(type sysfs_mac_address)
+(type wificond_service)
(expandtypeattribute (accessibility_service_29_0) true)
(expandtypeattribute (account_service_29_0) true)
@@ -1949,7 +1950,7 @@
(typeattributeset wifiaware_service_29_0 (wifiaware_service))
(typeattributeset wificond_29_0 (wificond))
(typeattributeset wificond_exec_29_0 (wificond_exec))
-(typeattributeset wificond_service_29_0 (wificond_service))
+(typeattributeset wificond_service_29_0 (wificond_service wifinl80211_service))
(typeattributeset wifi_data_file_29_0 (wifi_data_file))
(typeattributeset wifi_log_prop_29_0 (wifi_log_prop))
(typeattributeset wifip2p_service_29_0 (wifip2p_service))
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index c1ea949..a7bdfd5 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -110,7 +110,6 @@
tv_tuner_resource_mgr_service
vendor_apex_file
vendor_boringssl_self_test
- vendor_incremental_module
vendor_install_recovery
vendor_install_recovery_exec
vendor_socket_hook_prop
diff --git a/private/file_contexts b/private/file_contexts
index ef4e042..f8561b8 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -375,7 +375,6 @@
/(vendor|system/vendor)/apex(/[^/]+){0,2} u:object_r:vendor_apex_file:s0
/(vendor|system/vendor)/bin/misc_writer u:object_r:vendor_misc_writer_exec:s0
/(vendor|system/vendor)/bin/boringssl_self_test(32|64) u:object_r:vendor_boringssl_self_test_exec:s0
-(/vendor|system/vendor)/lib(64)?/modules/incrementalfs\.ko u:object_r:vendor_incremental_module:s0
# HAL location
/(vendor|system/vendor)/lib(64)?/hw u:object_r:vendor_hal_file:s0
diff --git a/private/gmscore_app.te b/private/gmscore_app.te
index b70a397..2355326 100644
--- a/private/gmscore_app.te
+++ b/private/gmscore_app.te
@@ -56,6 +56,7 @@
dontaudit gmscore_app wifi_prop:file r_file_perms;
dontaudit gmscore_app { wifi_prop exported_wifi_prop }:file r_file_perms;
dontaudit gmscore_app mirror_data_file:dir search;
+dontaudit gmscore_app mnt_vendor_file:dir search;
# Access the network
net_domain(gmscore_app)
diff --git a/private/hwservice_contexts b/private/hwservice_contexts
index 9c471bc..6f92556 100644
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts
@@ -73,7 +73,6 @@
android.hardware.weaver::IWeaver u:object_r:hal_weaver_hwservice:s0
android.hardware.wifi::IWifi u:object_r:hal_wifi_hwservice:s0
android.hardware.wifi.hostapd::IHostapd u:object_r:hal_wifi_hostapd_hwservice:s0
-android.hardware.wifi.offload::IOffload u:object_r:hal_wifi_offload_hwservice:s0
android.hardware.wifi.supplicant::ISupplicant u:object_r:hal_wifi_supplicant_hwservice:s0
android.hidl.allocator::IAllocator u:object_r:hidl_allocator_hwservice:s0
android.hidl.base::IBase u:object_r:hidl_base_hwservice:s0
diff --git a/private/property_contexts b/private/property_contexts
index 216531c..79e2b18 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -568,6 +568,9 @@
ro.bootloader u:object_r:exported2_default_prop:s0 exact string
+ro.boottime.init.mount.data u:object_r:boottime_public_prop:s0 exact string
+ro.boottime.init.fsck.data u:object_r:boottime_public_prop:s0 exact string
+
ro.build.date u:object_r:exported2_default_prop:s0 exact string
ro.build.date.utc u:object_r:exported2_default_prop:s0 exact int
ro.build.description u:object_r:exported2_default_prop:s0 exact string
diff --git a/private/service_contexts b/private/service_contexts
index db2a62a..079f0a1 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -242,7 +242,7 @@
wifip2p u:object_r:wifip2p_service:s0
wifiscanner u:object_r:wifiscanner_service:s0
wifi u:object_r:wifi_service:s0
-wificond u:object_r:wificond_service:s0
+wifinl80211 u:object_r:wifinl80211_service:s0
wifiaware u:object_r:wifiaware_service:s0
wifirtt u:object_r:rttmanager_service:s0
window u:object_r:window_service:s0
diff --git a/private/system_server.te b/private/system_server.te
index 7c24598..3b72518 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -257,7 +257,6 @@
hal_client_domain(system_server, hal_weaver)
hal_client_domain(system_server, hal_wifi)
hal_client_domain(system_server, hal_wifi_hostapd)
-hal_client_domain(system_server, hal_wifi_offload)
hal_client_domain(system_server, hal_wifi_supplicant)
# Talk with graphics composer fences
@@ -775,7 +774,7 @@
allow system_server surfaceflinger_service:service_manager find;
allow system_server update_engine_service:service_manager find;
allow system_server vold_service:service_manager find;
-allow system_server wificond_service:service_manager find;
+allow system_server wifinl80211_service:service_manager find;
add_service(system_server, batteryproperties_service)
diff --git a/private/wificond.te b/private/wificond.te
index cc76447..5476e33 100644
--- a/private/wificond.te
+++ b/private/wificond.te
@@ -1,4 +1,3 @@
typeattribute wificond coredomain;
init_daemon_domain(wificond)
-hal_client_domain(wificond, hal_wifi_offload)
diff --git a/public/attributes b/public/attributes
index a3728cf..19623af 100644
--- a/public/attributes
+++ b/public/attributes
@@ -343,7 +343,6 @@
hal_attribute(weaver);
hal_attribute(wifi);
hal_attribute(wifi_hostapd);
-hal_attribute(wifi_offload);
hal_attribute(wifi_supplicant);
# HwBinder services offered across the core-vendor boundary
diff --git a/public/domain.te b/public/domain.te
index 1b7d4fb..4bab794 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -997,6 +997,7 @@
-system_executes_vendor_violators
-traced_perf # library/binary access for symbolization
-ueventd # reads /vendor/ueventd.rc
+ -vold # loads incremental fs driver
} {
vendor_file_type
-same_process_hal_file
@@ -1010,7 +1011,6 @@
-vendor_overlay_file
-vendor_public_lib_file
-vendor_task_profiles_file
- -vendor_incremental_module
-vndk_sp_file
}:file *;
')
diff --git a/public/file.te b/public/file.te
index bb83a44..462e71d 100644
--- a/public/file.te
+++ b/public/file.te
@@ -211,8 +211,6 @@
# Type for all vendor public libraries. These libs should only be exposed to
# apps. ABI stability of these libs is vendor's responsibility.
type vendor_public_lib_file, vendor_file_type, file_type;
-# Default type for incremental file system driver
-type vendor_incremental_module, vendor_file_type, file_type;
# Input configuration
type vendor_keylayout_file, vendor_file_type, file_type;
diff --git a/public/hal_wifi_offload.te b/public/hal_wifi_offload.te
deleted file mode 100644
index 765e72a..0000000
--- a/public/hal_wifi_offload.te
+++ /dev/null
@@ -1,8 +0,0 @@
-## HwBinder IPC from client to server, and callbacks
-binder_call(hal_wifi_offload_client, hal_wifi_offload_server)
-binder_call(hal_wifi_offload_server, hal_wifi_offload_client)
-
-hal_attribute_hwservice(hal_wifi_offload, hal_wifi_offload_hwservice)
-
-r_dir_file(hal_wifi_offload, proc_net_type)
-r_dir_file(hal_wifi_offload, sysfs_type)
diff --git a/public/hwservice.te b/public/hwservice.te
index 3481385..6f223dd 100644
--- a/public/hwservice.te
+++ b/public/hwservice.te
@@ -54,7 +54,6 @@
type hal_weaver_hwservice, hwservice_manager_type, protected_hwservice;
type hal_wifi_hostapd_hwservice, hwservice_manager_type, protected_hwservice;
type hal_wifi_hwservice, hwservice_manager_type, protected_hwservice;
-type hal_wifi_offload_hwservice, hwservice_manager_type, protected_hwservice;
type hal_wifi_supplicant_hwservice, hwservice_manager_type, protected_hwservice;
type system_net_netd_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice;
type system_suspend_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice;
diff --git a/public/property.te b/public/property.te
index 67a1fbe..d78ec58 100644
--- a/public/property.te
+++ b/public/property.te
@@ -70,6 +70,7 @@
system_restricted_prop(binder_cache_bluetooth_server_prop)
system_restricted_prop(binder_cache_system_server_prop)
system_restricted_prop(binder_cache_telephony_server_prop)
+system_restricted_prop(boottime_public_prop)
system_restricted_prop(bq_config_prop)
system_restricted_prop(module_sdkextensions_prop)
system_restricted_prop(nnapi_ext_deny_product_prop)
diff --git a/public/service.te b/public/service.te
index 1dcd0a7..91eb6ae 100644
--- a/public/service.te
+++ b/public/service.te
@@ -197,7 +197,7 @@
type wifip2p_service, app_api_service, system_server_service, service_manager_type;
type wifiscanner_service, system_api_service, system_server_service, service_manager_type;
type wifi_service, app_api_service, system_server_service, service_manager_type;
-type wificond_service, service_manager_type;
+type wifinl80211_service, service_manager_type;
type wifiaware_service, app_api_service, system_server_service, service_manager_type;
type window_service, system_api_service, system_server_service, service_manager_type;
type inputflinger_service, system_api_service, system_server_service, service_manager_type;
diff --git a/public/su.te b/public/su.te
index 16ace6e..99d4603 100644
--- a/public/su.te
+++ b/public/su.te
@@ -102,6 +102,5 @@
typeattribute su hal_weaver_client;
typeattribute su hal_wifi_client;
typeattribute su hal_wifi_hostapd_client;
- typeattribute su hal_wifi_offload_client;
typeattribute su hal_wifi_supplicant_client;
')
diff --git a/public/vold.te b/public/vold.te
index e17113d..9391649 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -52,11 +52,6 @@
FS_IOC_REMOVE_ENCRYPTION_KEY
};
-# Allow to load incremental file system driver
-allow vold self:capability sys_module;
-allow vold vendor_incremental_module:file r_file_perms;
-allow vold vendor_incremental_module:system module_load;
-
# Only vold and init should ever set file-based encryption policies.
neverallowxperm {
domain
@@ -205,6 +200,7 @@
set_prop(vold, restorecon_prop)
set_prop(vold, ota_prop)
set_prop(vold, boottime_prop)
+set_prop(vold, boottime_public_prop)
# ASEC
allow vold asec_image_file:file create_file_perms;
diff --git a/public/wificond.te b/public/wificond.te
index af29511..b429884 100644
--- a/public/wificond.te
+++ b/public/wificond.te
@@ -6,7 +6,7 @@
binder_call(wificond, system_server)
binder_call(wificond, keystore)
-add_service(wificond, wificond_service)
+add_service(wificond, wifinl80211_service)
set_prop(wificond, exported_wifi_prop)
set_prop(wificond, wifi_prop)
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 94b8095..4e988a9 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -69,7 +69,6 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.vibrator@1\.0-service u:object_r:hal_vibrator_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.vibrator-service.example u:object_r:hal_vibrator_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.vr@1\.0-service u:object_r:hal_vr_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.wifi\.offload@1\.0-service u:object_r:hal_wifi_offload_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.wifi@1\.0-service u:object_r:hal_wifi_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.wifi@1\.0-service-lazy u:object_r:hal_wifi_default_exec:s0
/(vendor|system/vendor)/bin/hw/hostapd u:object_r:hal_wifi_hostapd_default_exec:s0
diff --git a/vendor/hal_wifi_offload_default.te b/vendor/hal_wifi_offload_default.te
deleted file mode 100644
index 44bd306..0000000
--- a/vendor/hal_wifi_offload_default.te
+++ /dev/null
@@ -1,5 +0,0 @@
-type hal_wifi_offload_default, domain;
-hal_server_domain(hal_wifi_offload_default, hal_wifi_offload)
-
-type hal_wifi_offload_default_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(hal_wifi_offload_default)