commit 10425c1466d06863ce59cebe1e71a15df560806a
author Jenny Ho <hsiufangho@google.com> Fri Dec 04 04:12:12 2020 +0000
committer Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Fri Dec 04 04:12:12 2020 +0000
tree 35599bad3b62b4263ecd43c8464b7c811c6b7417
parent 9f2addbff45472895c1f9996494a99bc231ff845
parent 27dc93bbfc1f3f008d9a831b0379ce9b7dfa2e4e

Add sepolicy read permissions to hal_dumpstate_impl for bd_* am: 27dc93bbfc

Original change: https://android-review.googlesource.com/c/device/google/coral-sepolicy/+/1516275

Change-Id: Ie74c5db851e42e7d8eaf54c5e0784374a7ff7219

vendor/google/fastbootd.te

diff --git a/vendor/google/fastbootd.te b/vendor/google/fastbootd.te
index 6206e31..876d957 100644
--- a/vendor/google/fastbootd.te
+++ b/vendor/google/fastbootd.te
@@ -11,5 +11,6 @@
   # Allow to read /sys/class/power_supply directory.
   allow fastbootd sysfs:dir r_dir_perms;
   allow fastbootd sysfs_batteryinfo:dir search;
+  allow fastbootd citadel_device:chr_file rw_file_perms;
 ')
 

vendor/google/genfs_contexts

diff --git a/vendor/google/genfs_contexts b/vendor/google/genfs_contexts
index 41e56ef..9fca815 100644
--- a/vendor/google/genfs_contexts
+++ b/vendor/google/genfs_contexts
@@ -108,6 +108,7 @@
 genfscon debugfs /logbuffer/ssoc                                                u:object_r:debugfs_batteryinfo:s0
 genfscon debugfs /logbuffer/ttf                                                 u:object_r:debugfs_batteryinfo:s0
 genfscon debugfs /logbuffer/batt_ce                                             u:object_r:debugfs_batteryinfo:s0
+genfscon debugfs /logbuffer/maxfg                                               u:object_r:debugfs_batteryinfo:s0
 genfscon debugfs /logbuffer/wireless                                            u:object_r:debugfs_batteryinfo:s0
 genfscon debugfs /google_charger                                                u:object_r:debugfs_batteryinfo:s0
 genfscon debugfs /google_battery                                                u:object_r:debugfs_batteryinfo:s0

vendor/google/uv_exposure_reporter.te

diff --git a/vendor/google/uv_exposure_reporter.te b/vendor/google/uv_exposure_reporter.te
index 1d9ae56..af7e0d6 100644
--- a/vendor/google/uv_exposure_reporter.te
+++ b/vendor/google/uv_exposure_reporter.te
@@ -1,13 +1,10 @@
 type uv_exposure_reporter, domain;
 
-userdebug_or_eng(`
-  app_domain(uv_exposure_reporter)
+app_domain(uv_exposure_reporter)
 
-  allow uv_exposure_reporter app_api_service:service_manager find;
-  allow uv_exposure_reporter fwk_stats_hwservice:hwservice_manager find;
-  allow uv_exposure_reporter sysfs_msm_subsys:dir search;
-  allow uv_exposure_reporter sysfs_msm_subsys:file r_file_perms;
-  binder_call(uv_exposure_reporter, gpuservice);
-  binder_call(uv_exposure_reporter, stats_service_server);
-')
+allow uv_exposure_reporter app_api_service:service_manager find;
+allow uv_exposure_reporter fwk_stats_hwservice:hwservice_manager find;
+allow uv_exposure_reporter sysfs_msm_subsys:dir search;
+allow uv_exposure_reporter sysfs_msm_subsys:file r_file_perms;
+binder_call(uv_exposure_reporter, stats_service_server);
 

vendor/qcom/common/hal_wifi_ext.te

diff --git a/vendor/qcom/common/hal_wifi_ext.te b/vendor/qcom/common/hal_wifi_ext.te
index e9750ff..3a16e2e 100644
--- a/vendor/qcom/common/hal_wifi_ext.te
+++ b/vendor/qcom/common/hal_wifi_ext.te
@@ -1,4 +1,4 @@
-allow hal_wifi_ext wlan_device:chr_file w_file_perms;
+allow hal_wifi_ext wlan_device:chr_file { w_file_perms read };
 
 # Allow wifi hal access to LOWI
 allow hal_wifi_ext location:unix_stream_socket connectto;