Merge "traced_perf sepolicy tweaks"
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index 7063152..6e04a92 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -22,6 +22,7 @@
blob_store_service
binder_cache_bluetooth_server_prop
binder_cache_system_server_prop
+ binder_cache_telephony_server_prop
binderfs
binderfs_logs
binderfs_logs_proc
diff --git a/private/radio.te b/private/radio.te
index 4d48c93..17a4fdd 100644
--- a/private/radio.te
+++ b/private/radio.te
@@ -15,3 +15,8 @@
# Manage /data/misc/emergencynumberdb
allow radio emergency_data_file:dir r_dir_perms;
allow radio emergency_data_file:file r_file_perms;
+
+# allow telephony to access related cache properties
+set_prop(radio, binder_cache_telephony_server_prop);
+neverallow { domain -radio -init }
+ binder_cache_telephony_server_prop:property_service set;
diff --git a/public/domain.te b/public/domain.te
index ede2c96..1b7d4fb 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -112,6 +112,7 @@
# Binder cache properties are world-readable
get_prop(domain, binder_cache_bluetooth_server_prop)
get_prop(domain, binder_cache_system_server_prop)
+get_prop(domain, binder_cache_telephony_server_prop)
# Let everyone read log properties, so that liblog can avoid sending unloggable
# messages to logd.
diff --git a/public/property.te b/public/property.te
index 21e220d..8f4b7a3 100644
--- a/public/property.te
+++ b/public/property.te
@@ -67,6 +67,7 @@
# Properties used by binder caches
system_restricted_prop(binder_cache_bluetooth_server_prop)
system_restricted_prop(binder_cache_system_server_prop)
+system_restricted_prop(binder_cache_telephony_server_prop)
system_restricted_prop(bq_config_prop)
system_restricted_prop(module_sdkextensions_prop)
system_restricted_prop(nnapi_ext_deny_product_prop)
diff --git a/public/property_contexts b/public/property_contexts
index 3718e0f..f05a516 100644
--- a/public/property_contexts
+++ b/public/property_contexts
@@ -450,10 +450,6 @@
# Binder cache properties. These are world-readable
cache_key.app_inactive u:object_r:binder_cache_system_server_prop:s0
cache_key.is_compat_change_enabled u:object_r:binder_cache_system_server_prop:s0
-cache_key.bluetooth.get_bond_state u:object_r:binder_cache_bluetooth_server_prop:s0
-cache_key.bluetooth.get_profile_connection_state u:object_r:binder_cache_bluetooth_server_prop:s0
-cache_key.bluetooth.get_state u:object_r:binder_cache_bluetooth_server_prop:s0
-cache_key.bluetooth.is_offloaded_filtering_supported u:object_r:binder_cache_bluetooth_server_prop:s0
cache_key.get_packages_for_uid u:object_r:binder_cache_system_server_prop:s0
cache_key.has_system_feature u:object_r:binder_cache_system_server_prop:s0
cache_key.is_interactive u:object_r:binder_cache_system_server_prop:s0
@@ -463,3 +459,7 @@
cache_key.display_info u:object_r:binder_cache_system_server_prop:s0
cache_key.location_enabled u:object_r:binder_cache_system_server_prop:s0
cache_key.package_info u:object_r:binder_cache_system_server_prop:s0
+
+cache_key.bluetooth. u:object_r:binder_cache_bluetooth_server_prop:s0 prefix string
+cache_key.system_server. u:object_r:binder_cache_system_server_prop:s0 prefix string
+cache_key.telephony. u:object_r:binder_cache_telephony_server_prop:s0 prefix string