commit 959c81b9e5bd226c7dddf29a93f57919b97cf452
author TreeHugger Robot <treehugger-gerrit@google.com> Fri Sep 25 16:09:36 2020 +0000
committer Android (Google) Code Review <android-gerrit@google.com> Fri Sep 25 16:09:36 2020 +0000
tree ea5172c4df6d1424bcddf1a84282ebcb7fd37cd6
parent dd8ace4f88c01a8f5d8d1473875f1fcb764867b5
parent fec22a384ebc229e92b700be07f9deb244f7efc3

Merge "fastbootd: Add sepolicy rule for fastbootd" into rvc-qpr-dev

vendor/google/genfs_contexts

diff --git a/vendor/google/genfs_contexts b/vendor/google/genfs_contexts
index 9531d61..aad6cc7 100644
--- a/vendor/google/genfs_contexts
+++ b/vendor/google/genfs_contexts
@@ -108,6 +108,7 @@
 genfscon debugfs /logbuffer/ssoc                                                u:object_r:debugfs_batteryinfo:s0
 genfscon debugfs /logbuffer/ttf                                                 u:object_r:debugfs_batteryinfo:s0
 genfscon debugfs /logbuffer/batt_ce                                             u:object_r:debugfs_batteryinfo:s0
+genfscon debugfs /logbuffer/maxfg                                               u:object_r:debugfs_batteryinfo:s0
 genfscon debugfs /logbuffer/wireless                                            u:object_r:debugfs_batteryinfo:s0
 genfscon debugfs /google_charger                                                u:object_r:debugfs_batteryinfo:s0
 genfscon debugfs /google_battery                                                u:object_r:debugfs_batteryinfo:s0

vendor/google/grilservice_app.te

diff --git a/vendor/google/grilservice_app.te b/vendor/google/grilservice_app.te
index a1adeab..68667c4 100644
--- a/vendor/google/grilservice_app.te
+++ b/vendor/google/grilservice_app.te
@@ -4,7 +4,7 @@
 
 allow grilservice_app hal_radioext_hwservice:hwservice_manager find;
 allow grilservice_app hal_wifi_ext_hwservice:hwservice_manager find;
-allow grilservice_app activity_service:service_manager find;
+allow grilservice_app app_api_service:service_manager find;
 
 binder_call(grilservice_app, hal_radioext_default)
 binder_call(grilservice_app, hal_wifi_ext)

vendor/google/hal_dumpstate_impl.te

diff --git a/vendor/google/hal_dumpstate_impl.te b/vendor/google/hal_dumpstate_impl.te
index ef49a6b..5a5bb09 100644
--- a/vendor/google/hal_dumpstate_impl.te
+++ b/vendor/google/hal_dumpstate_impl.te
@@ -65,6 +65,9 @@
   allow hal_dumpstate_impl debugfs_ipa:file r_file_perms;
 ')
 
+#Dumpstats fastrpc buffer
+allow hal_dumpstate_impl sysfs_fastrpc:file r_file_perms;
+
 # USB logs
 allow hal_dumpstate_impl debugfs_usb:file r_file_perms;
 

vendor/google/pixelstats_vendor.te

diff --git a/vendor/google/pixelstats_vendor.te b/vendor/google/pixelstats_vendor.te
index c8b7efa..2e6b3ed 100644
--- a/vendor/google/pixelstats_vendor.te
+++ b/vendor/google/pixelstats_vendor.te
@@ -18,6 +18,7 @@
 
 r_dir_file(pixelstats_vendor, sysfs_pixelstats)
 r_dir_file(pixelstats_vendor, sysfs_batteryinfo)
+allow pixelstats_vendor sysfs_batteryinfo:file rw_file_perms;
 allow pixelstats_vendor self:netlink_kobject_uevent_socket { create getopt setopt bind read };
 
 # wlc

vendor/google/uv_exposure_reporter.te

diff --git a/vendor/google/uv_exposure_reporter.te b/vendor/google/uv_exposure_reporter.te
index 1d9ae56..af7e0d6 100644
--- a/vendor/google/uv_exposure_reporter.te
+++ b/vendor/google/uv_exposure_reporter.te
@@ -1,13 +1,10 @@
 type uv_exposure_reporter, domain;
 
-userdebug_or_eng(`
-  app_domain(uv_exposure_reporter)
+app_domain(uv_exposure_reporter)
 
-  allow uv_exposure_reporter app_api_service:service_manager find;
-  allow uv_exposure_reporter fwk_stats_hwservice:hwservice_manager find;
-  allow uv_exposure_reporter sysfs_msm_subsys:dir search;
-  allow uv_exposure_reporter sysfs_msm_subsys:file r_file_perms;
-  binder_call(uv_exposure_reporter, gpuservice);
-  binder_call(uv_exposure_reporter, stats_service_server);
-')
+allow uv_exposure_reporter app_api_service:service_manager find;
+allow uv_exposure_reporter fwk_stats_hwservice:hwservice_manager find;
+allow uv_exposure_reporter sysfs_msm_subsys:dir search;
+allow uv_exposure_reporter sysfs_msm_subsys:file r_file_perms;
+binder_call(uv_exposure_reporter, stats_service_server);
 

vendor/qcom/common/hal_wifi_ext.te

diff --git a/vendor/qcom/common/hal_wifi_ext.te b/vendor/qcom/common/hal_wifi_ext.te
index e9750ff..3a16e2e 100644
--- a/vendor/qcom/common/hal_wifi_ext.te
+++ b/vendor/qcom/common/hal_wifi_ext.te
@@ -1,4 +1,4 @@
-allow hal_wifi_ext wlan_device:chr_file w_file_perms;
+allow hal_wifi_ext wlan_device:chr_file { w_file_perms read };
 
 # Allow wifi hal access to LOWI
 allow hal_wifi_ext location:unix_stream_socket connectto;

vendor/qcom/common/peripheral_manager.te

diff --git a/vendor/qcom/common/peripheral_manager.te b/vendor/qcom/common/peripheral_manager.te
index 5476827..c5478d1 100644
--- a/vendor/qcom/common/peripheral_manager.te
+++ b/vendor/qcom/common/peripheral_manager.te
@@ -9,6 +9,7 @@
 binder_call(vendor_per_mgr, vendor_per_mgr)
 binder_call(vendor_per_mgr, wcnss_service)
 binder_call(vendor_per_mgr, rild)
+binder_call(vendor_per_mgr, hal_gnss)
 set_prop(vendor_per_mgr, vendor_per_mgr_state_prop)
 
 allow vendor_per_mgr self:qipcrtr_socket create_socket_perms_no_ioctl;