diff options
author | android-build-prod (mdb) <android-build-team-robot@google.com> | 2018-05-21 19:59:41 +0000 |
---|---|---|
committer | android-build-prod (mdb) <android-build-team-robot@google.com> | 2018-05-21 19:59:41 +0000 |
commit | 42796a07501426d79a56d6002869c953f8d65e74 (patch) | |
tree | 55d20802e2ce94ec64c3a9621e75f595ad1d362a | |
parent | 6306d574582f3d8dc7e11c1d8cc054fcd29aea79 (diff) | |
parent | d764a91064c27a1df6186641f99399efef24f465 (diff) | |
download | dragon-sdk-release.tar.gz |
Snap for 4794708 from d764a91064c27a1df6186641f99399efef24f465 to sdk-releasesdk-release
Change-Id: I006284fdd988129b41346f2326f9d060ce85c263
-rw-r--r-- | AndroidProducts.mk | 4 | ||||
-rw-r--r-- | DragonKeyboard/Android.mk | 1 | ||||
-rw-r--r-- | crash_collector/Android.mk | 2 | ||||
-rw-r--r-- | sepolicy/crash_collector.te | 2 | ||||
-rw-r--r-- | sepolicy/crash_collector_app.te | 14 | ||||
-rw-r--r-- | sepolicy/dump_bq25892.te | 2 | ||||
-rw-r--r-- | sepolicy/file_contexts | 5 | ||||
-rw-r--r-- | sepolicy/hal_dumpstate_impl.te | 2 | ||||
-rw-r--r-- | sepolicy/tee.te | 5 | ||||
-rw-r--r-- | sepolicy/touch_fw_update.te | 2 | ||||
-rw-r--r-- | vendorsetup.sh | 18 |
11 files changed, 21 insertions, 36 deletions
diff --git a/AndroidProducts.mk b/AndroidProducts.mk index 5faaef4..9a46e07 100644 --- a/AndroidProducts.mk +++ b/AndroidProducts.mk @@ -17,3 +17,7 @@ PRODUCT_MAKEFILES := \ $(LOCAL_DIR)/aosp_dragon.mk \ $(LOCAL_DIR)/aosp_dragon_car.mk + +COMMON_LUNCH_CHOICES := \ + aosp_dragon-userdebug \ + aosp_dragon-eng diff --git a/DragonKeyboard/Android.mk b/DragonKeyboard/Android.mk index fe48304..2bc5e9f 100644 --- a/DragonKeyboard/Android.mk +++ b/DragonKeyboard/Android.mk @@ -20,6 +20,7 @@ LOCAL_MODULE_TAGS := optional LOCAL_SRC_FILES := $(call all-subdir-java-files) LOCAL_PACKAGE_NAME := DragonKeyboard +LOCAL_SDK_VERSION := current LOCAL_CERTIFICATE := platform LOCAL_PROGUARD_ENABLED := disabled diff --git a/crash_collector/Android.mk b/crash_collector/Android.mk index 6a3e0cc..ac4bae7 100644 --- a/crash_collector/Android.mk +++ b/crash_collector/Android.mk @@ -76,6 +76,7 @@ include $(BUILD_EXECUTABLE) include $(CLEAR_VARS) LOCAL_MODULE := crash-report-provider +LOCAL_PRIVATE_PLATFORM_APIS := true LOCAL_SRC_FILES := $(call all-java-files-under, src) include $(BUILD_STATIC_JAVA_LIBRARY) @@ -86,6 +87,7 @@ include $(CLEAR_VARS) LOCAL_MODULE_TAGS := optional LOCAL_STATIC_JAVA_LIBRARIES := crash-report-provider LOCAL_PACKAGE_NAME := CrashReportProvider +LOCAL_PRIVATE_PLATFORM_APIS := true LOCAL_CERTIFICATE := platform include $(BUILD_PACKAGE) diff --git a/sepolicy/crash_collector.te b/sepolicy/crash_collector.te index 3aa612b..ac89e1c 100644 --- a/sepolicy/crash_collector.te +++ b/sepolicy/crash_collector.te @@ -1,6 +1,6 @@ type crash_collector, domain, device_domain_deprecated; type crash_collector_exec, exec_type, file_type; -type crash_reports_data_file, file_type, data_file_type; +type crash_reports_data_file, file_type, data_file_type, core_data_file_type; # To start crash_collector via /proc/sys/core_pattern. domain_auto_trans(kernel, crash_collector_exec, crash_collector) diff --git a/sepolicy/crash_collector_app.te b/sepolicy/crash_collector_app.te index 68a0b6d..28bdf47 100644 --- a/sepolicy/crash_collector_app.te +++ b/sepolicy/crash_collector_app.te @@ -6,14 +6,10 @@ net_domain(crash_collector_app) allow crash_collector_app crash_reports_data_file:file { read getattr }; +# Grant access to the normal services for crash collecting. Suppress attempts +# to find other services. allow crash_collector_app { - service_manager_type - -dumpstate_service - -gatekeeper_service - -installd_service - -incident_service - -netd_service - -virtual_touchpad_service - -vold_service - -vr_hwc_service + app_api_service + system_api_service }:service_manager find; +dontaudit crash_collector_app service_manager_type:service_manager find; diff --git a/sepolicy/dump_bq25892.te b/sepolicy/dump_bq25892.te index 286de95..6f397c7 100644 --- a/sepolicy/dump_bq25892.te +++ b/sepolicy/dump_bq25892.te @@ -2,7 +2,7 @@ # which is used to debug information about the state of the charger chip type dump_bq25892, domain, device_domain_deprecated; type dump_bq25892_exec, exec_type, file_type; -type fw_logs_data_file, file_type, data_file_type; +type fw_logs_data_file, file_type, data_file_type, core_data_file_type; init_daemon_domain(dump_bq25892) diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index aae2af1..4b47ea2 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -62,7 +62,7 @@ /dev/tlk_device u:object_r:tee_device:s0 # secure os storage -/data/ss(/.*)? u:object_r:tee_data_file:s0 +/data/ss(/.*)? u:object_r:dragon_tee_data_file:s0 # tlk_daemon /vendor/bin/tlk_daemon u:object_r:tee_exec:s0 @@ -73,8 +73,5 @@ # logs for touch firmware update /data/misc/touchfwup(/.*)? u:object_r:touch_fw_update_log_file:s0 -# camera overrides ISP files -/vendor/firmware/camera(/.*)? u:object_r:camera_data_file:s0 - #sysfs nodes for cpuinfo for CTS /sys/firmware/devicetree/base/cpus(/.*)? u:object_r:sysfs_socinfo:s0 diff --git a/sepolicy/hal_dumpstate_impl.te b/sepolicy/hal_dumpstate_impl.te index 61d1407..2c7060e 100644 --- a/sepolicy/hal_dumpstate_impl.te +++ b/sepolicy/hal_dumpstate_impl.te @@ -1,7 +1,7 @@ type hal_dumpstate_impl, domain; hal_server_domain(hal_dumpstate_impl, hal_dumpstate) -type hal_dumpstate_impl_exec, exec_type, file_type; +type hal_dumpstate_impl_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(hal_dumpstate_impl) # hal_dumstate_impl sets the debug.bq25892 property diff --git a/sepolicy/tee.te b/sepolicy/tee.te index 6888483..5788c22 100644 --- a/sepolicy/tee.te +++ b/sepolicy/tee.te @@ -1,4 +1,7 @@ -allow tee tee_data_file:dir create_dir_perms; +type dragon_tee_data_file, file_type, data_file_type, core_data_file_type; + +allow tee dragon_tee_data_file:dir create_dir_perms; +allow tee dragon_tee_data_file:file create_file_perms; allow tee self:capability { setuid setgid sys_rawio }; allow tee block_device:dir search; allow tee rpmb_block_device:blk_file rw_file_perms; diff --git a/sepolicy/touch_fw_update.te b/sepolicy/touch_fw_update.te index 2f62e04..5f5d775 100644 --- a/sepolicy/touch_fw_update.te +++ b/sepolicy/touch_fw_update.te @@ -1,7 +1,7 @@ # init runs /system/bin/touchfwup.sh type touch_fw_update, domain, device_domain_deprecated; type touch_fw_update_exec, exec_type, file_type; -type touch_fw_update_log_file, file_type, data_file_type; +type touch_fw_update_log_file, file_type, data_file_type, core_data_file_type; init_daemon_domain(touch_fw_update) diff --git a/vendorsetup.sh b/vendorsetup.sh deleted file mode 100644 index 81e2bd8..0000000 --- a/vendorsetup.sh +++ /dev/null @@ -1,18 +0,0 @@ -# -# Copyright 2015 The Android Open Source Project -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -add_lunch_combo aosp_dragon-userdebug -add_lunch_combo aosp_dragon-eng |