Snap for 8564071 from ec9d8ae7f683c4564ecb8089ab4dedf9b191c38e to mainline-adbd-releaseaml_adb_331610000aml_adb_331314020aml_adb_331113120aml_adb_331011050aml_adb_331011040android13-mainline-adbd-release

Change-Id: I97e4156fed04a63fee07883277d88e16f0e98820

7 files changed, 38 insertions, 13 deletions

diff --git a/OWNERS b/OWNERS
index c133e99..791abb4 100644
--- a/OWNERS
+++ b/OWNERS
@@ -1,13 +1,3 @@
-adamshih@google.com
-alanstokes@google.com
-bowgotsai@google.com
-jbires@google.com
-jeffv@google.com
-jgalenson@google.com
-jiyong@google.com
-nnk@google.com
+include platform/system/sepolicy:/OWNERS
+
 rurumihong@google.com
-smoreland@google.com
-sspatil@google.com
-tomcherry@google.com
-trong@google.com
diff --git a/PREUPLOAD.cfg b/PREUPLOAD.cfg
new file mode 100644
index 0000000..3591c7f
--- /dev/null
+++ b/PREUPLOAD.cfg
@@ -0,0 +1,3 @@
+[Hook Scripts]
+aosp_hook = ${REPO_ROOT}/frameworks/base/tools/aosp/aosp_sha.sh ${PREUPLOAD_COMMIT} "."
+
diff --git a/bramble-sepolicy.mk b/bramble-sepolicy.mk
index 14a1116..6031219 100644
--- a/bramble-sepolicy.mk
+++ b/bramble-sepolicy.mk
@@ -1,2 +1,3 @@
 # vendors
 BOARD_SEPOLICY_DIRS += device/google/bramble-sepolicy/vendor/google
+BOARD_SEPOLICY_DIRS += device/google/bramble-sepolicy/tracking_denials
diff --git a/vendor/google/file_contexts b/vendor/google/file_contexts
index 493e4e4..490a163 100644
--- a/vendor/google/file_contexts
+++ b/vendor/google/file_contexts
@@ -1,4 +1,5 @@
 # vendor binaries
-/vendor/bin/hw/android\.hardware\.usb@1\.2-service\.bramble                             u:object_r:hal_usb_impl_exec:s0
+/vendor/bin/hw/android\.hardware\.usb-service\.bramble                                  u:object_r:hal_usb_impl_exec:s0
+/vendor/bin/hw/android\.hardware\.usb\.gadget-service\.bramble                          u:object_r:hal_usb_gadget_impl_exec:s0
 /vendor/bin/hw/android\.hardware\.vibrator-service\.bramble                             u:object_r:hal_vibrator_default_exec:s0
 /vendor/bin/hw/android\.hardware\.dumpstate@1\.1-service\.bramble                       u:object_r:hal_dumpstate_impl_exec:s0
diff --git a/vendor/google/hal_usb_gadget_impl.te b/vendor/google/hal_usb_gadget_impl.te
new file mode 100644
index 0000000..ddd90c2
--- /dev/null
+++ b/vendor/google/hal_usb_gadget_impl.te
@@ -0,0 +1,14 @@
+type hal_usb_gadget_impl, domain;
+hal_server_domain(hal_usb_gadget_impl, hal_usb)
+hal_server_domain(hal_usb_gadget_impl, hal_usb_gadget)
+
+type hal_usb_gadget_impl_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(hal_usb_gadget_impl)
+
+allow hal_usb_gadget_impl configfs:dir { create rmdir };
+allow hal_usb_gadget_impl functionfs:dir { watch watch_reads };
+set_prop(hal_usb_gadget_impl, vendor_usb_prop)
+
+allow hal_usb_gadget_impl sysfs_batteryinfo:dir r_dir_perms;
+allow hal_usb_gadget_impl sysfs_batteryinfo:file rw_file_perms;
+allow hal_usb_gadget_impl sysfs_extcon:dir search;
diff --git a/vendor/google/pixelstats_vendor.te b/vendor/google/pixelstats_vendor.te
new file mode 100644
index 0000000..011c148
--- /dev/null
+++ b/vendor/google/pixelstats_vendor.te
@@ -0,0 +1,15 @@
+r_dir_file(pixelstats_vendor, sysfs_pixelstats)
+
+unix_socket_connect(pixelstats_vendor, chre, chre)
+
+get_prop(pixelstats_vendor, hwservicemanager_prop)
+hwbinder_use(pixelstats_vendor)
+allow pixelstats_vendor hal_pixelstats_hwservice:hwservice_manager find;
+
+allow pixelstats_vendor fwk_stats_hwservice:hwservice_manager find;
+binder_call(pixelstats_vendor, statsd)
+
+binder_use(pixelstats_vendor)
+allow pixelstats_vendor fwk_stats_service:service_manager find;
+
+allow pixelstats_vendor sysfs_scsi_devices_0000:file rw_file_perms;
diff --git a/vendor/google/vendor_init.te b/vendor/google/vendor_init.te
new file mode 100644
index 0000000..c0f39fd
--- /dev/null
+++ b/vendor/google/vendor_init.te
@@ -0,0 +1 @@
+set_prop(vendor_init, vendor_thermal_prop)