update to 1.2 version of USB HAL am: bd70161bc2 am: 60996edc67 am: 267d47f3df
Original change: https://android-review.googlesource.com/c/device/google/bonito-sepolicy/+/1635540
Change-Id: Iedbe5a2a2ea3dceaf39b2daeab4ed10add665194
diff --git a/PREUPLOAD.cfg b/PREUPLOAD.cfg
new file mode 100644
index 0000000..6544d62
--- /dev/null
+++ b/PREUPLOAD.cfg
@@ -0,0 +1,2 @@
+[Hook Scripts]
+aosp_hook = ${REPO_ROOT}/frameworks/base/tools/aosp/aosp_sha.sh ${PREUPLOAD_COMMIT} "."
diff --git a/bonito-sepolicy.mk b/bonito-sepolicy.mk
index 750a32e..6765e0c 100644
--- a/bonito-sepolicy.mk
+++ b/bonito-sepolicy.mk
@@ -9,5 +9,5 @@
BOARD_VENDOR_SEPOLICY_DIRS += device/google/bonito-sepolicy/tracking_denials
# Pixel-wide policy
-BOARD_VENDOR_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/citadel
+BOARD_VENDOR_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/ramdump/common
BOARD_VENDOR_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/powerstats
diff --git a/vendor/google/bug_map b/vendor/google/bug_map
index de4630d..f8911ca 100644
--- a/vendor/google/bug_map
+++ b/vendor/google/bug_map
@@ -3,6 +3,7 @@
dataservice_app vendor_default_prop file b/78460200
drmserver sdcardfs dir b/77869200
e2fs tmpfs lnk_file b/133126350
+google_camera_app selinuxfs file b/175910397
hal_bluetooth_default hal_bluetooth_default socket b/132313059
hal_rcsservice sysfs_soc dir b/78460200
hardware_info_app sysfs_msm_subsys dir b/78460200
diff --git a/vendor/google/file.te b/vendor/google/file.te
index ae65f49..7a7d931 100644
--- a/vendor/google/file.te
+++ b/vendor/google/file.te
@@ -5,6 +5,3 @@
type sysfs_pixelstats, sysfs_type, fs_type;
type persist_battery_file, file_type;
type sysfs_chargelevel, sysfs_type, fs_type;
-
-# RamdumpFS
-allow ramdump_vendor_mnt_file self:filesystem associate;
diff --git a/vendor/google/file_contexts b/vendor/google/file_contexts
index 5080760..d36ee81 100644
--- a/vendor/google/file_contexts
+++ b/vendor/google/file_contexts
@@ -4,7 +4,7 @@
/dev/access-ramoops u:object_r:ramoops_device:s0
/vendor/bin/hw/android\.hardware\.atrace@1\.0-service.pixel u:object_r:hal_atrace_default_exec:s0
-/vendor/bin/hw/android\.hardware\.contexthub@1\.1-service\.generic u:object_r:hal_contexthub_default_exec:s0
+/vendor/bin/hw/android\.hardware\.contexthub@1\.2-service\.generic u:object_r:hal_contexthub_default_exec:s0
/vendor/bin/hw/android\.hardware\.secure_element@1\.1-service-disabled u:object_r:hal_secure_element_default_exec:s0
/vendor/bin/hw/android\.hardware\.power\.stats@1\.0-service\.pixel u:object_r:hal_power_stats_default_exec:s0
/vendor/bin/modem_svc u:object_r:modem_svc_exec:s0
diff --git a/vendor/google/genfs_contexts b/vendor/google/genfs_contexts
index 0e4d6e5..ee834c5 100644
--- a/vendor/google/genfs_contexts
+++ b/vendor/google/genfs_contexts
@@ -1,7 +1,7 @@
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-03/c440000.qcom,spmi:qcom,pm660l@3:analog-codec@f000 u:object_r:sysfs_pixelstats:s0
genfscon sysfs /devices/platform/soc/a88000.i2c/i2c-0/0-0057 u:object_r:sysfs_pixelstats:s0
genfscon sysfs /devices/virtual/misc/msm_cirrus_playback/resistance_left_right u:object_r:sysfs_pixelstats:s0
-genfscon sysfs /devices/platform/soc/a88000.i2c/i2c-0/0-005a u:object_r:sysfs_leds:s0
+genfscon sysfs /devices/platform/soc/a88000.i2c/i2c-0/0-005a u:object_r:sysfs_vibrator:s0
genfscon sysfs /devices/virtual/ramoops/pstore/aes_key u:object_r:sysfs_pstore:s0
genfscon sysfs /devices/virtual/ramoops/pstore/aes_key_iv u:object_r:sysfs_pstore:s0
genfscon sysfs /devices/virtual/ramoops/pstore/aes_key_tag u:object_r:sysfs_pstore:s0
diff --git a/vendor/google/hal_identity_citadel.te b/vendor/google/hal_identity_citadel.te
deleted file mode 100644
index e29310c..0000000
--- a/vendor/google/hal_identity_citadel.te
+++ /dev/null
@@ -1,9 +0,0 @@
-type hal_identity_citadel, domain;
-type hal_identity_citadel_exec, exec_type, vendor_file_type, file_type;
-
-vndbinder_use(hal_identity_citadel)
-binder_call(hal_identity_citadel, citadeld)
-allow hal_identity_citadel citadeld_service:service_manager find;
-
-hal_server_domain(hal_identity_citadel, hal_identity)
-init_daemon_domain(hal_identity_citadel)
diff --git a/vendor/google/property.te b/vendor/google/property.te
index 46c5a80..098fb6f 100644
--- a/vendor/google/property.te
+++ b/vendor/google/property.te
@@ -1,6 +1,5 @@
vendor_internal_prop(vendor_ramoops_prop)
vendor_internal_prop(vendor_shutdown_prop)
-vendor_internal_prop(vendor_vibrator_prop)
# fingerprint
vendor_internal_prop(vendor_fingerprint_prop)
diff --git a/vendor/google/property_contexts b/vendor/google/property_contexts
index 1d900d1..3da57dd 100644
--- a/vendor/google/property_contexts
+++ b/vendor/google/property_contexts
@@ -4,17 +4,6 @@
persist.vendor.radio.no_wait_for_card u:object_r:vendor_radio_prop:s0
persist.vendor.shutdown. u:object_r:vendor_shutdown_prop:s0
-# haptics
-ro.vibrator.hal.closeloop.threshold u:object_r:vendor_vibrator_prop:s0
-ro.vibrator.hal.config.dynamic u:object_r:vendor_vibrator_prop:s0
-ro.vibrator.hal.click.duration u:object_r:vendor_vibrator_prop:s0
-ro.vibrator.hal.tick.duration u:object_r:vendor_vibrator_prop:s0
-ro.vibrator.hal.heavyclick.duration u:object_r:vendor_vibrator_prop:s0
-ro.vibrator.hal.short.voltage u:object_r:vendor_vibrator_prop:s0
-ro.vibrator.hal.long.voltage u:object_r:vendor_vibrator_prop:s0
-ro.vibrator.hal.long.frequency.shift u:object_r:vendor_vibrator_prop:s0
-ro.vibrator.hal.double_click.duration u:object_r:vendor_vibrator_prop:s0
-
# battery
vendor.battery.defender. u:object_r:vendor_battery_defender_prop:s0
diff --git a/vendor/qcom/common/file.te b/vendor/qcom/common/file.te
index 23853c9..5ca58ba 100644
--- a/vendor/qcom/common/file.te
+++ b/vendor/qcom/common/file.te
@@ -77,7 +77,6 @@
type persist_data_file, file_type, vendor_persist_type;
type persist_display_file, file_type;
type persist_drm_file, file_type, vendor_persist_type;
-type persist_haptics_file, file_type;
type persist_rfs_file, file_type;
type persist_sensors_file, file_type;
type persist_time_file, file_type;
@@ -92,8 +91,6 @@
type nfc_vendor_data_file, file_type, data_file_type;
type radio_vendor_data_file, file_type, data_file_type, mlstrustedobject;
type cnss_vendor_data_file, file_type, data_file_type, mlstrustedobject;
-type ramdump_vendor_data_file, file_type, data_file_type, mlstrustedobject;
-type ramdump_vendor_mnt_file, file_type, data_file_type, mlstrustedobject;
type wifidump_vendor_data_file, file_type, data_file_type;
type modem_dump_file, file_type, data_file_type;
type sensors_vendor_data_file, file_type, data_file_type;
diff --git a/vendor/qcom/common/file_contexts b/vendor/qcom/common/file_contexts
index 05e1461..032f8d6 100644
--- a/vendor/qcom/common/file_contexts
+++ b/vendor/qcom/common/file_contexts
@@ -77,12 +77,6 @@
# Block devices for the drive that holds the xbl_a and xbl_b partitions.
/dev/block/sd[bc]1? u:object_r:xbl_block_device:s0
-###################################
-# ramdumpfs files
-#
-/mnt/vendor/ramdump(/.*)? u:object_r:ramdump_vendor_mnt_file:s0
-/ramdump(/.*)? u:object_r:ramdump_vendor_mnt_file:s0
-
# Block device for hal_bootctl
/dev/block/sde u:object_r:boot_block_device:s0
@@ -114,7 +108,6 @@
/vendor/bin/netmgrd u:object_r:netmgrd_exec:s0
/vendor/bin/port-bridge u:object_r:port-bridge_exec:s0
/vendor/bin/qti u:object_r:qti_exec:s0
-/vendor/bin/ramdump u:object_r:ramdump_exec:s0
/vendor/bin/smlog_dump u:object_r:smlog_dump_exec:s0
/vendor/bin/loc_launcher u:object_r:location_exec:s0
/vendor/bin/lowi-server u:object_r:location_exec:s0
@@ -222,7 +215,6 @@
/data/vendor/radio(/.*)? u:object_r:radio_vendor_data_file:s0
/data/vendor/wifi/cnss_diag(/.*)? u:object_r:cnss_vendor_data_file:s0
/data/vendor/wifi/wlan_logs(/.*)? u:object_r:wifi_vendor_log_data_file:s0
-/data/vendor/ramdump(/.*)? u:object_r:ramdump_vendor_data_file:s0
/data/vendor/ssrdump(/.*)? u:object_r:ramdump_vendor_data_file:s0
/data/vendor/wifidump(/.*)? u:object_r:wifidump_vendor_data_file:s0
/data/vendor/modem_dump(/.*)? u:object_r:modem_dump_file:s0
@@ -265,7 +257,6 @@
/mnt/vendor/persist/data(/.*)? u:object_r:persist_data_file:s0
/mnt/vendor/persist/display(/.*)? u:object_r:persist_display_file:s0
/mnt/vendor/persist/drm(/.*)? u:object_r:persist_drm_file:s0
-/mnt/vendor/persist/haptics(/.*)? u:object_r:persist_haptics_file:s0
/mnt/vendor/persist/hlos_rfs(/.*)? u:object_r:persist_rfs_file:s0
/mnt/vendor/persist/rfs(/.*)? u:object_r:persist_rfs_file:s0
/mnt/vendor/persist/sensors(/.*)? u:object_r:persist_sensors_file:s0
diff --git a/vendor/qcom/common/hal_vibrator_default.te b/vendor/qcom/common/hal_vibrator_default.te
deleted file mode 100644
index b6fbc6d..0000000
--- a/vendor/qcom/common/hal_vibrator_default.te
+++ /dev/null
@@ -1,11 +0,0 @@
-r_dir_file(hal_vibrator_default, sysfs_leds)
-allow hal_vibrator_default sysfs_leds:file w_file_perms;
-allow hal_vibrator_default sysfs_msm_subsys:file rw_file_perms;
-allow hal_vibrator_default sysfs_msm_subsys:dir search;
-
-# read-only permission to obtain the calibration data
-r_dir_file(hal_vibrator_default, persist_haptics_file)
-allow hal_vibrator_default mnt_vendor_file:dir search;
-allow hal_vibrator_default persist_file:dir search;
-
-get_prop(hal_vibrator_default, vendor_vibrator_prop);
diff --git a/vendor/qcom/common/logger_app.te b/vendor/qcom/common/logger_app.te
index 1abc3d7..891de3e 100644
--- a/vendor/qcom/common/logger_app.te
+++ b/vendor/qcom/common/logger_app.te
@@ -18,4 +18,5 @@
set_prop(logger_app, vendor_tcpdump_log_prop)
set_prop(logger_app, vendor_wifi_sniffer_prop)
set_prop(logger_app, vendor_usb_config_prop)
+ set_prop(logger_app, vendor_logging_prop)
')
diff --git a/vendor/qcom/common/mediatranscoding.te b/vendor/qcom/common/mediatranscoding.te
new file mode 100644
index 0000000..ab3f09d
--- /dev/null
+++ b/vendor/qcom/common/mediatranscoding.te
@@ -0,0 +1,2 @@
+get_prop(domain, vendor_display_prop)
+
diff --git a/vendor/qcom/common/property.te b/vendor/qcom/common/property.te
index aaf0064..02f3ad1 100644
--- a/vendor/qcom/common/property.te
+++ b/vendor/qcom/common/property.te
@@ -1,7 +1,6 @@
vendor_restricted_prop(vendor_camera_prop)
vendor_restricted_prop(cnd_prop)
vendor_restricted_prop(ims_prop)
-vendor_internal_prop(vendor_ramdump_prop)
vendor_restricted_prop(public_vendor_default_prop)
vendor_internal_prop(public_vendor_system_prop)
vendor_restricted_prop(vendor_ssr_prop)
diff --git a/vendor/qcom/common/property_contexts b/vendor/qcom/common/property_contexts
index 33a878a..50f61f0 100644
--- a/vendor/qcom/common/property_contexts
+++ b/vendor/qcom/common/property_contexts
@@ -6,9 +6,7 @@
vendor.ims. u:object_r:ims_prop:s0
persist.vendor.ims. u:object_r:ims_prop:s0
persist.net.doxlat u:object_r:vendor_net_radio_prop:s0
-vendor.debug.ramdump. u:object_r:vendor_ramdump_prop:s0
persist.vendor.sys.crash_rcu u:object_r:vendor_ramdump_prop:s0
-ro.boot.ramdump u:object_r:vendor_ramdump_prop:s0
vendor.debug.ssrdump u:object_r:vendor_ssr_prop:s0
persist.vendor.sys.cnss. u:object_r:vendor_cnss_diag_prop:s0
vendor.sys.listeners.registered u:object_r:vendor_tee_listener_prop:s0
diff --git a/vendor/qcom/common/ramdump.te b/vendor/qcom/common/ramdump.te
deleted file mode 100644
index 7b2e786..0000000
--- a/vendor/qcom/common/ramdump.te
+++ /dev/null
@@ -1,44 +0,0 @@
-type ramdump_exec, exec_type, vendor_file_type, file_type;
-
-userdebug_or_eng(`
- type ramdump, domain;
- init_daemon_domain(ramdump)
-
- set_prop(ramdump, vendor_ramdump_prop)
-
- # f2fs set pin file requires sys_admin
- allow ramdump self:capability sys_admin;
-
- allow ramdump self:capability sys_rawio;
-
- allow ramdump ramdump_vendor_data_file:dir create_dir_perms;
- allow ramdump ramdump_vendor_data_file:file create_file_perms;
- allow ramdump {
- proc
- proc_cmdline
- }:file r_file_perms;
-
- allow ramdump block_device:dir search;
- allow ramdump misc_block_device:blk_file rw_file_perms;
- allow ramdump userdata_block_device:blk_file rw_file_perms;
-
- dontaudit ramdump metadata_file:dir search;
-
- # read from /fstab.sdm845
- allow ramdump rootfs:file r_file_perms;
-
- r_dir_file(ramdump, sysfs_type)
-
- # To access statsd.
- hwbinder_use(ramdump)
- get_prop(ramdump, hwservicemanager_prop)
- allow ramdump fwk_stats_hwservice:hwservice_manager find;
- binder_call(ramdump, stats_service_server)
-
- # To implement fusefs (ramdumpfs) under /mnt/vendor/ramdump.
- allow ramdump fuse:filesystem relabelfrom;
- allow ramdump fuse_device:chr_file rw_file_perms;
- allow ramdump mnt_vendor_file:dir r_dir_perms;
- allow ramdump ramdump_vendor_mnt_file:dir { getattr mounton };
- allow ramdump ramdump_vendor_mnt_file:filesystem { mount unmount relabelfrom relabelto };
-')
diff --git a/vendor/qcom/common/seapp_contexts b/vendor/qcom/common/seapp_contexts
index 5f7cdbf..d2fd37e 100644
--- a/vendor/qcom/common/seapp_contexts
+++ b/vendor/qcom/common/seapp_contexts
@@ -15,7 +15,7 @@
user=_app seinfo=tango name=com.google.tango:app domain=untrusted_app type=app_data_file levelFrom=user
# Hardware Info Collection
-user=_app seinfo=platform name=com.google.android.hardwareinfo domain=hardware_info_app type=app_data_file levelFrom=user
+user=_app isPrivApp=true name=com.google.android.hardwareinfo domain=hardware_info_app type=app_data_file levelFrom=user
# Use a custom domain for GoogleCamera, to allow for Hexagon DSP access
user=_app seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=user