Merge Android 12

Bug: 202323961 Merged-In: I6fa94587515408347e353e4705a7895779e30a3a Change-Id: Ic02300d50186b692c80c2b76e8447e30f256a900
author: Xin Li <delphij@google.com> 2021-10-06 22:52:14 +0000
committer: Xin Li <delphij@google.com> 2021-10-06 22:52:14 +0000
commit: ef32dde3c047f27294d1960be81b0eabf2ed57d1 (patch)
tree: a31b9fe97fe43e08244a691337f67568807c7952
parent: b9f4bfb397722a388c12aff6bc14751889969204 (diff)
parent: 0a3cb85552fec87178a01223442a4440192e52a7 (diff)
download: bonito-sepolicy-ef32dde3c047f27294d1960be81b0eabf2ed57d1.tar.gz
15 files changed, 9 insertions, 86 deletions
diff --git a/bonito-sepolicy.mk b/bonito-sepolicy.mk
index c065caf2..6765e0c4 100644
--- a/bonito-sepolicy.mk
+++ b/bonito-sepolicy.mk
@@ -9,4 +9,5 @@ BOARD_VENDOR_SEPOLICY_DIRS += device/google/bonito-sepolicy/vendor/verizon
 BOARD_VENDOR_SEPOLICY_DIRS += device/google/bonito-sepolicy/tracking_denials
 
 # Pixel-wide policy
+BOARD_VENDOR_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/ramdump/common
 BOARD_VENDOR_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/powerstats
diff --git a/vendor/google/bug_map b/vendor/google/bug_map
index de4630d2..f8911caa 100644
--- a/vendor/google/bug_map
+++ b/vendor/google/bug_map
@@ -3,6 +3,7 @@ cdsprpcd system_file dir b/109882276
 dataservice_app vendor_default_prop file b/78460200
 drmserver sdcardfs dir b/77869200
 e2fs tmpfs lnk_file b/133126350
+google_camera_app selinuxfs file b/175910397
 hal_bluetooth_default hal_bluetooth_default socket b/132313059
 hal_rcsservice sysfs_soc dir b/78460200
 hardware_info_app sysfs_msm_subsys dir b/78460200
diff --git a/vendor/google/file.te b/vendor/google/file.te
index ae65f49b..7a7d9319 100644
--- a/vendor/google/file.te
+++ b/vendor/google/file.te
@@ -5,6 +5,3 @@ type sysfs_display, sysfs_type, fs_type;
 type sysfs_pixelstats, sysfs_type, fs_type;
 type persist_battery_file, file_type;
 type sysfs_chargelevel, sysfs_type, fs_type;
-
-# RamdumpFS
-allow ramdump_vendor_mnt_file self:filesystem associate;
diff --git a/vendor/google/file_contexts b/vendor/google/file_contexts
index 50807609..d36ee811 100644
--- a/vendor/google/file_contexts
+++ b/vendor/google/file_contexts
@@ -4,7 +4,7 @@
 /dev/access-ramoops                                                         u:object_r:ramoops_device:s0
 
 /vendor/bin/hw/android\.hardware\.atrace@1\.0-service.pixel                 u:object_r:hal_atrace_default_exec:s0
-/vendor/bin/hw/android\.hardware\.contexthub@1\.1-service\.generic          u:object_r:hal_contexthub_default_exec:s0
+/vendor/bin/hw/android\.hardware\.contexthub@1\.2-service\.generic          u:object_r:hal_contexthub_default_exec:s0
 /vendor/bin/hw/android\.hardware\.secure_element@1\.1-service-disabled      u:object_r:hal_secure_element_default_exec:s0
 /vendor/bin/hw/android\.hardware\.power\.stats@1\.0-service\.pixel     u:object_r:hal_power_stats_default_exec:s0
 /vendor/bin/modem_svc                                                       u:object_r:modem_svc_exec:s0
diff --git a/vendor/google/genfs_contexts b/vendor/google/genfs_contexts
index 9975c07b..6f71a4c1 100644
--- a/vendor/google/genfs_contexts
+++ b/vendor/google/genfs_contexts
@@ -1,7 +1,7 @@
 genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-03/c440000.qcom,spmi:qcom,pm660l@3:analog-codec@f000     u:object_r:sysfs_pixelstats:s0
 genfscon sysfs /devices/platform/soc/a88000.i2c/i2c-0/0-0057    u:object_r:sysfs_pixelstats:s0
 genfscon sysfs /devices/virtual/misc/msm_cirrus_playback/resistance_left_right    u:object_r:sysfs_pixelstats:s0
-genfscon sysfs /devices/platform/soc/a88000.i2c/i2c-0/0-005a            u:object_r:sysfs_leds:s0
+genfscon sysfs /devices/platform/soc/a88000.i2c/i2c-0/0-005a            u:object_r:sysfs_vibrator:s0
 genfscon sysfs /devices/virtual/ramoops/pstore/aes_key                  u:object_r:sysfs_pstore:s0
 genfscon sysfs /devices/virtual/ramoops/pstore/aes_key_iv               u:object_r:sysfs_pstore:s0
 genfscon sysfs /devices/virtual/ramoops/pstore/aes_key_tag              u:object_r:sysfs_pstore:s0
diff --git a/vendor/google/pixelstats_vendor.te b/vendor/google/pixelstats_vendor.te
index 25d4757f..51adc313 100644
--- a/vendor/google/pixelstats_vendor.te
+++ b/vendor/google/pixelstats_vendor.te
@@ -11,7 +11,6 @@ binder_call(pixelstats_vendor, pixelstats_system)
 
 binder_use(pixelstats_vendor)
 allow pixelstats_vendor fwk_stats_service:service_manager find;
-allow pixelstats_vendor fwk_stats_hwservice:hwservice_manager find;
 
 unix_socket_connect(pixelstats_vendor, chre, chre)
 
diff --git a/vendor/google/property_contexts b/vendor/google/property_contexts
index abdf1dbe..9f5a7b1d 100644
--- a/vendor/google/property_contexts
+++ b/vendor/google/property_contexts
@@ -4,17 +4,6 @@ vendor.ramoops.                    u:object_r:vendor_ramoops_prop:s0
 persist.vendor.radio.no_wait_for_card u:object_r:vendor_radio_prop:s0
 persist.vendor.shutdown.           u:object_r:vendor_shutdown_prop:s0
 
-# haptics
-ro.vibrator.hal.closeloop.threshold     u:object_r:vendor_vibrator_prop:s0
-ro.vibrator.hal.config.dynamic          u:object_r:vendor_vibrator_prop:s0
-ro.vibrator.hal.click.duration          u:object_r:vendor_vibrator_prop:s0
-ro.vibrator.hal.tick.duration           u:object_r:vendor_vibrator_prop:s0
-ro.vibrator.hal.heavyclick.duration     u:object_r:vendor_vibrator_prop:s0
-ro.vibrator.hal.short.voltage           u:object_r:vendor_vibrator_prop:s0
-ro.vibrator.hal.long.voltage            u:object_r:vendor_vibrator_prop:s0
-ro.vibrator.hal.long.frequency.shift    u:object_r:vendor_vibrator_prop:s0
-ro.vibrator.hal.double_click.duration   u:object_r:vendor_vibrator_prop:s0
-
 # battery
 vendor.battery.defender.                      u:object_r:vendor_battery_defender_prop:s0
 
diff --git a/vendor/qcom/common/file.te b/vendor/qcom/common/file.te
index f5544b18..e4435d17 100644
--- a/vendor/qcom/common/file.te
+++ b/vendor/qcom/common/file.te
@@ -91,8 +91,6 @@ type display_vendor_data_file, file_type, data_file_type;
 type nfc_vendor_data_file, file_type, data_file_type;
 type radio_vendor_data_file, file_type, data_file_type, mlstrustedobject;
 type cnss_vendor_data_file, file_type, data_file_type, mlstrustedobject;
-type ramdump_vendor_data_file, file_type, data_file_type, mlstrustedobject;
-type ramdump_vendor_mnt_file, file_type, data_file_type, mlstrustedobject;
 type wifidump_vendor_data_file, file_type, data_file_type;
 type modem_dump_file, file_type, data_file_type;
 type sensors_vendor_data_file, file_type, data_file_type;
diff --git a/vendor/qcom/common/file_contexts b/vendor/qcom/common/file_contexts
index c0ecc271..aebf4df8 100644
--- a/vendor/qcom/common/file_contexts
+++ b/vendor/qcom/common/file_contexts
@@ -77,12 +77,6 @@
 # Block devices for the drive that holds the xbl_a and xbl_b partitions.
 /dev/block/sd[bc]1?                             u:object_r:xbl_block_device:s0
 
-###################################
-# ramdumpfs files
-#
-/mnt/vendor/ramdump(/.*)?                       u:object_r:ramdump_vendor_mnt_file:s0
-/ramdump(/.*)?                                  u:object_r:ramdump_vendor_mnt_file:s0
-
 # Block device for hal_bootctl
 /dev/block/sde                                  u:object_r:boot_block_device:s0
 
@@ -114,7 +108,6 @@
 /vendor/bin/netmgrd             u:object_r:netmgrd_exec:s0
 /vendor/bin/port-bridge         u:object_r:port-bridge_exec:s0
 /vendor/bin/qti                 u:object_r:qti_exec:s0
-/vendor/bin/ramdump             u:object_r:ramdump_exec:s0
 /vendor/bin/smlog_dump          u:object_r:smlog_dump_exec:s0
 /vendor/bin/loc_launcher        u:object_r:location_exec:s0
 /vendor/bin/lowi-server         u:object_r:location_exec:s0
@@ -128,7 +121,7 @@
 /vendor/bin/msm_irqbalance      u:object_r:irqbalance_exec:s0
 /vendor/bin/cnd                 u:object_r:cnd_exec:s0
 /vendor/bin/easelmanagerd       u:object_r:easel_exec:s0
-/vendor/bin/hw/android\.hardware\.usb@1\.2-service\.bonito             u:object_r:hal_usb_impl_exec:s0
+/vendor/bin/hw/android\.hardware\.usb@1\.3-service\.bonito             u:object_r:hal_usb_impl_exec:s0
 /vendor/bin/chre                u:object_r:chre_exec:s0
 /vendor/bin/time_daemon         u:object_r:time_daemon_exec:s0
 /vendor/bin/tcpdump_logger      u:object_r:tcpdump_logger_exec:s0
@@ -148,6 +141,7 @@
 
 /vendor/bin/hw/android\.hardware\.drm@[0-9]+\.[0-9]+-service\.clearkey         u:object_r:hal_drm_clearkey_exec:s0
 /vendor/bin/hw/android\.hardware\.drm@[0-9]+\.[0-9]+-service\.widevine         u:object_r:hal_drm_widevine_exec:s0
+/vendor/bin/hw/android\.hardware\.drm@[0-9]+\.[0-9]+-service-lazy\.widevine         u:object_r:hal_drm_widevine_exec:s0
 /vendor/bin/hw/android\.hardware\.keymaster@4\.0-service-qti         u:object_r:hal_keymaster_qti_exec:s0
 /vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service-qti        u:object_r:hal_gatekeeper_qti_exec:s0
 /vendor/bin/hw/android\.hardware\.gnss@1\.1-service-qti              u:object_r:hal_gnss_qti_exec:s0
@@ -222,7 +216,6 @@
 /data/vendor/radio(/.*)?               u:object_r:radio_vendor_data_file:s0
 /data/vendor/wifi/cnss_diag(/.*)?      u:object_r:cnss_vendor_data_file:s0
 /data/vendor/wifi/wlan_logs(/.*)?      u:object_r:wifi_vendor_log_data_file:s0
-/data/vendor/ramdump(/.*)?             u:object_r:ramdump_vendor_data_file:s0
 /data/vendor/ssrdump(/.*)?             u:object_r:ramdump_vendor_data_file:s0
 /data/vendor/wifidump(/.*)?            u:object_r:wifidump_vendor_data_file:s0
 /data/vendor/modem_dump(/.*)?          u:object_r:modem_dump_file:s0
diff --git a/vendor/qcom/common/hal_vibrator_default.te b/vendor/qcom/common/hal_vibrator_default.te
deleted file mode 100644
index b6fbc6d3..00000000
--- a/vendor/qcom/common/hal_vibrator_default.te
+++ /dev/null
@@ -1,11 +0,0 @@
-r_dir_file(hal_vibrator_default, sysfs_leds)
-allow hal_vibrator_default sysfs_leds:file w_file_perms;
-allow hal_vibrator_default sysfs_msm_subsys:file rw_file_perms;
-allow hal_vibrator_default sysfs_msm_subsys:dir search;
-
-# read-only permission to obtain the calibration data
-r_dir_file(hal_vibrator_default, persist_haptics_file)
-allow hal_vibrator_default mnt_vendor_file:dir search;
-allow hal_vibrator_default persist_file:dir search;
-
-get_prop(hal_vibrator_default, vendor_vibrator_prop);
diff --git a/vendor/qcom/common/logger_app.te b/vendor/qcom/common/logger_app.te
index 600deef9..06b412db 100644
--- a/vendor/qcom/common/logger_app.te
+++ b/vendor/qcom/common/logger_app.te
@@ -23,4 +23,5 @@ userdebug_or_eng(`
   set_prop(logger_app, vendor_tcpdump_log_prop)
   set_prop(logger_app, vendor_wifi_sniffer_prop)
   set_prop(logger_app, vendor_usb_config_prop)
+  set_prop(logger_app, vendor_logging_prop)
 ')
diff --git a/vendor/qcom/common/mediatranscoding.te b/vendor/qcom/common/mediatranscoding.te
new file mode 100644
index 00000000..ab3f09dc
--- /dev/null
+++ b/vendor/qcom/common/mediatranscoding.te
@@ -0,0 +1,2 @@
+get_prop(domain, vendor_display_prop)
+
diff --git a/vendor/qcom/common/property.te b/vendor/qcom/common/property.te
index aaf00644..02f3ad14 100644
--- a/vendor/qcom/common/property.te
+++ b/vendor/qcom/common/property.te
@@ -1,7 +1,6 @@
 vendor_restricted_prop(vendor_camera_prop)
 vendor_restricted_prop(cnd_prop)
 vendor_restricted_prop(ims_prop)
-vendor_internal_prop(vendor_ramdump_prop)
 vendor_restricted_prop(public_vendor_default_prop)
 vendor_internal_prop(public_vendor_system_prop)
 vendor_restricted_prop(vendor_ssr_prop)
diff --git a/vendor/qcom/common/property_contexts b/vendor/qcom/common/property_contexts
index 33a878a7..50f61f00 100644
--- a/vendor/qcom/common/property_contexts
+++ b/vendor/qcom/common/property_contexts
@@ -6,9 +6,7 @@ persist.vendor.cne.logging.qxdm  u:object_r:cnd_prop:s0
 vendor.ims.                u:object_r:ims_prop:s0
 persist.vendor.ims.        u:object_r:ims_prop:s0
 persist.net.doxlat         u:object_r:vendor_net_radio_prop:s0
-vendor.debug.ramdump.      u:object_r:vendor_ramdump_prop:s0
 persist.vendor.sys.crash_rcu  u:object_r:vendor_ramdump_prop:s0
-ro.boot.ramdump            u:object_r:vendor_ramdump_prop:s0
 vendor.debug.ssrdump       u:object_r:vendor_ssr_prop:s0
 persist.vendor.sys.cnss.   u:object_r:vendor_cnss_diag_prop:s0
 vendor.sys.listeners.registered   u:object_r:vendor_tee_listener_prop:s0
diff --git a/vendor/qcom/common/ramdump.te b/vendor/qcom/common/ramdump.te
deleted file mode 100644
index 7b2e786c..00000000
--- a/vendor/qcom/common/ramdump.te
+++ /dev/null
@@ -1,44 +0,0 @@
-type ramdump_exec, exec_type, vendor_file_type, file_type;
-
-userdebug_or_eng(`
-  type ramdump, domain;
-  init_daemon_domain(ramdump)
-
-  set_prop(ramdump, vendor_ramdump_prop)
-
-  # f2fs set pin file requires sys_admin
-  allow ramdump self:capability sys_admin;
-
-  allow ramdump self:capability sys_rawio;
-
-  allow ramdump ramdump_vendor_data_file:dir create_dir_perms;
-  allow ramdump ramdump_vendor_data_file:file create_file_perms;
-  allow ramdump {
-    proc
-    proc_cmdline
-  }:file r_file_perms;
-
-  allow ramdump block_device:dir search;
-  allow ramdump misc_block_device:blk_file rw_file_perms;
-  allow ramdump userdata_block_device:blk_file rw_file_perms;
-
-  dontaudit ramdump metadata_file:dir search;
-
-  # read from /fstab.sdm845
-  allow ramdump rootfs:file r_file_perms;
-
-  r_dir_file(ramdump, sysfs_type)
-
-  # To access statsd.
-  hwbinder_use(ramdump)
-  get_prop(ramdump, hwservicemanager_prop)
-  allow ramdump fwk_stats_hwservice:hwservice_manager find;
-  binder_call(ramdump, stats_service_server)
-
-  # To implement fusefs (ramdumpfs) under /mnt/vendor/ramdump.
-  allow ramdump fuse:filesystem relabelfrom;
-  allow ramdump fuse_device:chr_file rw_file_perms;
-  allow ramdump mnt_vendor_file:dir r_dir_perms;
-  allow ramdump ramdump_vendor_mnt_file:dir { getattr mounton };
-  allow ramdump ramdump_vendor_mnt_file:filesystem { mount unmount relabelfrom relabelto };
-')
author	Xin Li <delphij@google.com>	2021-10-06 22:52:14 +0000
committer	Xin Li <delphij@google.com>	2021-10-06 22:52:14 +0000
commit	ef32dde3c047f27294d1960be81b0eabf2ed57d1 (patch)
tree	a31b9fe97fe43e08244a691337f67568807c7952
parent	b9f4bfb397722a388c12aff6bc14751889969204 (diff)
parent	0a3cb85552fec87178a01223442a4440192e52a7 (diff)
download	bonito-sepolicy-ef32dde3c047f27294d1960be81b0eabf2ed57d1.tar.gz