Snap for 4794708 from d764a91064c27a1df6186641f99399efef24f465 to sdk-releasesdk-release

Change-Id: I006284fdd988129b41346f2326f9d060ce85c263

11 files changed, 21 insertions, 36 deletions

diff --git a/AndroidProducts.mk b/AndroidProducts.mk
index 5faaef4..9a46e07 100644
--- a/AndroidProducts.mk
+++ b/AndroidProducts.mk
@@ -17,3 +17,7 @@
 PRODUCT_MAKEFILES := \
 	$(LOCAL_DIR)/aosp_dragon.mk \
 	$(LOCAL_DIR)/aosp_dragon_car.mk
+
+COMMON_LUNCH_CHOICES := \
+	aosp_dragon-userdebug \
+	aosp_dragon-eng
diff --git a/DragonKeyboard/Android.mk b/DragonKeyboard/Android.mk
index fe48304..2bc5e9f 100644
--- a/DragonKeyboard/Android.mk
+++ b/DragonKeyboard/Android.mk
@@ -20,6 +20,7 @@ LOCAL_MODULE_TAGS := optional
 LOCAL_SRC_FILES := $(call all-subdir-java-files)
 
 LOCAL_PACKAGE_NAME := DragonKeyboard
+LOCAL_SDK_VERSION := current
 LOCAL_CERTIFICATE := platform
 LOCAL_PROGUARD_ENABLED := disabled
 
diff --git a/crash_collector/Android.mk b/crash_collector/Android.mk
index 6a3e0cc..ac4bae7 100644
--- a/crash_collector/Android.mk
+++ b/crash_collector/Android.mk
@@ -76,6 +76,7 @@ include $(BUILD_EXECUTABLE)
 include $(CLEAR_VARS)
 
 LOCAL_MODULE := crash-report-provider
+LOCAL_PRIVATE_PLATFORM_APIS := true
 LOCAL_SRC_FILES := $(call all-java-files-under, src)
 
 include $(BUILD_STATIC_JAVA_LIBRARY)
@@ -86,6 +87,7 @@ include $(CLEAR_VARS)
 LOCAL_MODULE_TAGS := optional
 LOCAL_STATIC_JAVA_LIBRARIES := crash-report-provider
 LOCAL_PACKAGE_NAME := CrashReportProvider
+LOCAL_PRIVATE_PLATFORM_APIS := true
 LOCAL_CERTIFICATE := platform
 
 include $(BUILD_PACKAGE)
diff --git a/sepolicy/crash_collector.te b/sepolicy/crash_collector.te
index 3aa612b..ac89e1c 100644
--- a/sepolicy/crash_collector.te
+++ b/sepolicy/crash_collector.te
@@ -1,6 +1,6 @@
 type crash_collector, domain, device_domain_deprecated;
 type crash_collector_exec, exec_type, file_type;
-type crash_reports_data_file, file_type, data_file_type;
+type crash_reports_data_file, file_type, data_file_type, core_data_file_type;
 
 # To start crash_collector via /proc/sys/core_pattern.
 domain_auto_trans(kernel, crash_collector_exec, crash_collector)
diff --git a/sepolicy/crash_collector_app.te b/sepolicy/crash_collector_app.te
index 68a0b6d..28bdf47 100644
--- a/sepolicy/crash_collector_app.te
+++ b/sepolicy/crash_collector_app.te
@@ -6,14 +6,10 @@ net_domain(crash_collector_app)
 
 allow crash_collector_app crash_reports_data_file:file { read getattr };
 
+# Grant access to the normal services for crash collecting. Suppress attempts
+# to find other services.
 allow crash_collector_app {
-  service_manager_type
-  -dumpstate_service
-  -gatekeeper_service
-  -installd_service
-  -incident_service
-  -netd_service
-  -virtual_touchpad_service
-  -vold_service
-  -vr_hwc_service
+  app_api_service
+  system_api_service
 }:service_manager find;
+dontaudit crash_collector_app service_manager_type:service_manager find;
diff --git a/sepolicy/dump_bq25892.te b/sepolicy/dump_bq25892.te
index 286de95..6f397c7 100644
--- a/sepolicy/dump_bq25892.te
+++ b/sepolicy/dump_bq25892.te
@@ -2,7 +2,7 @@
 # which is used to debug information about the state of the charger chip
 type dump_bq25892, domain, device_domain_deprecated;
 type dump_bq25892_exec, exec_type, file_type;
-type fw_logs_data_file, file_type, data_file_type;
+type fw_logs_data_file, file_type, data_file_type, core_data_file_type;
 
 init_daemon_domain(dump_bq25892)
 
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index aae2af1..4b47ea2 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -62,7 +62,7 @@
 /dev/tlk_device                                 u:object_r:tee_device:s0
 
 # secure os storage
-/data/ss(/.*)?                                  u:object_r:tee_data_file:s0
+/data/ss(/.*)?                                  u:object_r:dragon_tee_data_file:s0
 
 # tlk_daemon
 /vendor/bin/tlk_daemon                          u:object_r:tee_exec:s0
@@ -73,8 +73,5 @@
 # logs for touch firmware update
 /data/misc/touchfwup(/.*)?                      u:object_r:touch_fw_update_log_file:s0
 
-# camera overrides ISP files
-/vendor/firmware/camera(/.*)?                   u:object_r:camera_data_file:s0
-
 #sysfs nodes for cpuinfo for CTS
 /sys/firmware/devicetree/base/cpus(/.*)?        u:object_r:sysfs_socinfo:s0
diff --git a/sepolicy/hal_dumpstate_impl.te b/sepolicy/hal_dumpstate_impl.te
index 61d1407..2c7060e 100644
--- a/sepolicy/hal_dumpstate_impl.te
+++ b/sepolicy/hal_dumpstate_impl.te
@@ -1,7 +1,7 @@
 type hal_dumpstate_impl, domain;
 hal_server_domain(hal_dumpstate_impl, hal_dumpstate)
 
-type hal_dumpstate_impl_exec, exec_type, file_type;
+type hal_dumpstate_impl_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_dumpstate_impl)
 
 # hal_dumstate_impl sets the debug.bq25892 property
diff --git a/sepolicy/tee.te b/sepolicy/tee.te
index 6888483..5788c22 100644
--- a/sepolicy/tee.te
+++ b/sepolicy/tee.te
@@ -1,4 +1,7 @@
-allow tee tee_data_file:dir create_dir_perms;
+type dragon_tee_data_file, file_type, data_file_type, core_data_file_type;
+
+allow tee dragon_tee_data_file:dir create_dir_perms;
+allow tee dragon_tee_data_file:file create_file_perms;
 allow tee self:capability { setuid setgid sys_rawio };
 allow tee block_device:dir search;
 allow tee rpmb_block_device:blk_file rw_file_perms;
diff --git a/sepolicy/touch_fw_update.te b/sepolicy/touch_fw_update.te
index 2f62e04..5f5d775 100644
--- a/sepolicy/touch_fw_update.te
+++ b/sepolicy/touch_fw_update.te
@@ -1,7 +1,7 @@
 # init runs /system/bin/touchfwup.sh
 type touch_fw_update, domain, device_domain_deprecated;
 type touch_fw_update_exec, exec_type, file_type;
-type touch_fw_update_log_file, file_type, data_file_type;
+type touch_fw_update_log_file, file_type, data_file_type, core_data_file_type;
 
 init_daemon_domain(touch_fw_update)
 
diff --git a/vendorsetup.sh b/vendorsetup.sh
deleted file mode 100644
index 81e2bd8..0000000
--- a/vendorsetup.sh
+++ /dev/null
@@ -1,18 +0,0 @@
-#
-# Copyright 2015 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-add_lunch_combo aosp_dragon-userdebug
-add_lunch_combo aosp_dragon-eng