diff options
| author | Xin Li <delphij@google.com> | 2023-12-08 13:14:16 -0800 |
|---|---|---|
| committer | Xin Li <delphij@google.com> | 2023-12-08 13:14:16 -0800 |
| commit | 33bda813407a757a5c1245f30f9f5616d16833a4 (patch) | |
| tree | 91dad70e559f209de8270ffcd73414766d4d8251 | |
| parent | f65fa83b3e1d030042caa3853d66f2fbfd69a33e (diff) | |
| parent | 9e1e63e56816193f424381cea3f480712061d429 (diff) | |
| download | pixel-sepolicy-33bda813407a757a5c1245f30f9f5616d16833a4.tar.gz | |
Merge Android 14 QPR1
Merged-In: Iff6e6e673c3ec71811e4d6526bae733f3574e5b6
Bug: 315507370
Change-Id: I99037cbcd51ceb1f8c06b76bb24b99b71bcbf68f
| -rw-r--r-- | common/vendor/attributes | 2 | ||||
| -rw-r--r-- | debugpolicy/init_dpm.te | 1 | ||||
| -rw-r--r-- | googlebattery/hal_googlebattery.te | 2 | ||||
| -rw-r--r-- | googlebattery/service.te | 2 | ||||
| -rw-r--r-- | input/platform_app.te | 1 | ||||
| -rw-r--r-- | input/service.te | 1 | ||||
| -rw-r--r-- | input/service_contexts | 1 | ||||
| -rw-r--r-- | input/twoshay.te | 1 | ||||
| -rw-r--r-- | power-libperfmgr/hal_power_default.te | 3 | ||||
| -rw-r--r-- | sota_app/system_ext/factory_ota_app.te | 32 | ||||
| -rw-r--r-- | sota_app/system_ext/property_contexts | 4 | ||||
| -rw-r--r-- | sota_app/system_ext/seapp_contexts | 2 | ||||
| -rw-r--r-- | sota_app/system_ext/vendor_init.te | 1 |
13 files changed, 11 insertions, 42 deletions
diff --git a/common/vendor/attributes b/common/vendor/attributes new file mode 100644 index 0000000..25b59ac --- /dev/null +++ b/common/vendor/attributes @@ -0,0 +1,2 @@ +attribute pixel_battery_domain; +attribute pixel_battery_service_type; diff --git a/debugpolicy/init_dpm.te b/debugpolicy/init_dpm.te index 3a4f936..8938eef 100644 --- a/debugpolicy/init_dpm.te +++ b/debugpolicy/init_dpm.te @@ -8,4 +8,5 @@ allow init_dpm vendor_toolbox_exec:file execute_no_trans; allow init_dpm sysfs_dpm:file r_file_perms; allow init_dpm block_device:dir search; allow init_dpm dpm_block_device:blk_file rw_file_perms; +allow init_dpm custom_ab_block_device:blk_file rw_file_perms; ') diff --git a/googlebattery/hal_googlebattery.te b/googlebattery/hal_googlebattery.te index 2cc3a7c..370b8d6 100644 --- a/googlebattery/hal_googlebattery.te +++ b/googlebattery/hal_googlebattery.te @@ -1,4 +1,4 @@ -type hal_googlebattery, domain; +type hal_googlebattery, domain, pixel_battery_domain; type hal_googlebattery_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(hal_googlebattery) diff --git a/googlebattery/service.te b/googlebattery/service.te index e68baa9..440b1ce 100644 --- a/googlebattery/service.te +++ b/googlebattery/service.te @@ -1 +1 @@ -type hal_googlebattery_service, hal_service_type, service_manager_type; +type hal_googlebattery_service, hal_service_type, service_manager_type, pixel_battery_service_type; diff --git a/input/platform_app.te b/input/platform_app.te index 2d47236..9b4a7af 100644 --- a/input/platform_app.te +++ b/input/platform_app.te @@ -1,3 +1,4 @@ +allow platform_app screen_protector_detector_service:service_manager find; allow platform_app touch_context_service:service_manager find; allow platform_app gril_antenna_tuning_service:service_manager find; binder_call(platform_app, twoshay) diff --git a/input/service.te b/input/service.te index d521666..d59328b 100644 --- a/input/service.te +++ b/input/service.te @@ -1,2 +1,3 @@ type gril_antenna_tuning_service, service_manager_type, hal_service_type; type touch_context_service, service_manager_type, hal_service_type; +type screen_protector_detector_service, service_manager_type, hal_service_type; diff --git a/input/service_contexts b/input/service_contexts index ed69aef..f48eee4 100644 --- a/input/service_contexts +++ b/input/service_contexts @@ -1,2 +1,3 @@ com.google.input.algos.gril.IGrilAntennaTuningService/default u:object_r:gril_antenna_tuning_service:s0 com.google.input.ITouchContextService/default u:object_r:touch_context_service:s0 +com.google.input.algos.spd.IScreenProtectorDetectorService/default u:object_r:screen_protector_detector_service:s0 diff --git a/input/twoshay.te b/input/twoshay.te index 3d48318..1cbbbc6 100644 --- a/input/twoshay.te +++ b/input/twoshay.te @@ -7,6 +7,7 @@ allow twoshay touch_offload_device:chr_file rw_file_perms; allow twoshay twoshay:capability sys_nice; binder_use(twoshay) +add_service(twoshay, screen_protector_detector_service) add_service(twoshay, touch_context_service) add_service(twoshay, gril_antenna_tuning_service) binder_call(twoshay, platform_app) diff --git a/power-libperfmgr/hal_power_default.te b/power-libperfmgr/hal_power_default.te index b4d4f65..8d6a9fe 100644 --- a/power-libperfmgr/hal_power_default.te +++ b/power-libperfmgr/hal_power_default.te @@ -28,11 +28,12 @@ allow hal_power_default proc_stat:file r_file_perms; allow hal_power_default proc_vendor_sched:dir r_dir_perms; allow hal_power_default proc_vendor_sched:file r_file_perms; -# Allow read/write thermal sysfs +# Allow read/write thermal sysfs and property allow hal_power_default thermal_link_device:dir r_dir_perms; allow hal_power_default sysfs_thermal:dir r_dir_perms; allow hal_power_default sysfs_thermal:file rw_file_perms; allow hal_power_default sysfs_thermal:lnk_file r_file_perms; +set_prop(hal_power_default, vendor_thermal_prop) userdebug_or_eng(` # Allow reading /data/vendor/* for debugging diff --git a/sota_app/system_ext/factory_ota_app.te b/sota_app/system_ext/factory_ota_app.te deleted file mode 100644 index f48adeb..0000000 --- a/sota_app/system_ext/factory_ota_app.te +++ /dev/null @@ -1,32 +0,0 @@ -type factory_ota_app, domain, coredomain; - -app_domain(factory_ota_app) -net_domain(factory_ota_app) - -# Write to /data/ota_package for OTA packages. -# Factory OTA client will download OTA image into ota_package folder and unzip it. -# Than Update engine could use it to execute OTA process. -# So Factory OTA client need read / write and create file access right for this folder -allow factory_ota_app ota_package_file:dir rw_dir_perms; -allow factory_ota_app ota_package_file:file create_file_perms; - -# Properties -# For write system property persist.* -set_prop(factory_ota_app, sota_prop); - -# Services -# For get access WiFi manager service and activity service -allow factory_ota_app app_api_service:service_manager find; -# Allow Factory OTA to call Update Engine -binder_call(factory_ota_app, update_engine) -# Allow Update Engine to call the Factory OTA callback -binder_call(update_engine, factory_ota_app) -#For access update engine function -allow factory_ota_app update_engine_service:service_manager find; -#For disable NFC wake up device feature -allow factory_ota_app nfc_service:service_manager find; -#For get device IMEI -allow factory_ota_app radio_service:service_manager find; - -# For suppress more GPU service sepolicy error log. -dontaudit factory_ota_app gpuservice:binder call; diff --git a/sota_app/system_ext/property_contexts b/sota_app/system_ext/property_contexts deleted file mode 100644 index 444fda2..0000000 --- a/sota_app/system_ext/property_contexts +++ /dev/null @@ -1,4 +0,0 @@ -ro.boot.sota u:object_r:sota_prop:s0 -ro.boot.sota. u:object_r:sota_prop:s0 -persist.vendor.factoryota. u:object_r:sota_prop:s0 -persist.vendor.radio.bootwithlpm u:object_r:sota_prop:s0 diff --git a/sota_app/system_ext/seapp_contexts b/sota_app/system_ext/seapp_contexts deleted file mode 100644 index 673f451..0000000 --- a/sota_app/system_ext/seapp_contexts +++ /dev/null @@ -1,2 +0,0 @@ -# Factory OTA -user=_app seinfo=platform name=com.google.android.factoryota domain=factory_ota_app levelFrom=all diff --git a/sota_app/system_ext/vendor_init.te b/sota_app/system_ext/vendor_init.te deleted file mode 100644 index 11191e3..0000000 --- a/sota_app/system_ext/vendor_init.te +++ /dev/null @@ -1 +0,0 @@ -set_prop(vendor_init, sota_prop) |