Merge "sepolicy: allow vendor_init to write to /proc/sysrq-trigger" into pi-dev am: 0b5d6034de
am: aa5e2e0194
Change-Id: I3c5d1dceb6b579e205caeab2c529d93c8f7a0b6d
diff --git a/device.mk b/device.mk
index e232267..740d1b2 100755
--- a/device.mk
+++ b/device.mk
@@ -236,7 +236,7 @@
persist.radio.data_con_rprt=true \
persist.radio.always_send_plmn=true \
persist.rcs.supported=1 \
- rild.libpath=/vendor/lib64/libril-qc-qmi-1.so
+ vendor.rild.libpath=/vendor/lib64/libril-qc-qmi-1.so
# Disable snapshot timer
PRODUCT_PROPERTY_OVERRIDES += \
diff --git a/sepolicy/vendor/dumpstate.te b/sepolicy/vendor/dumpstate.te
index 05c68ec..ad385db 100644
--- a/sepolicy/vendor/dumpstate.te
+++ b/sepolicy/vendor/dumpstate.te
@@ -12,3 +12,9 @@
allow hal_dumpstate sysfs_batteryinfo:dir search;
allow hal_dumpstate sysfs_batteryinfo:file rw_file_perms;
+
+# For collecting bugreports.
+allow dumpstate sysfs_scsi_devices_0000:file r_file_perms;
+allow dumpstate sysfs_scsi_devices_other:file r_file_perms;
+allow dumpstate sysfs_devices_block_stat:file r_file_perms;
+dontaudit dumpstate kernel:system module_request;
diff --git a/sepolicy/vendor/file.te b/sepolicy/vendor/file.te
index 2d4adeb..9f7faef 100644
--- a/sepolicy/vendor/file.te
+++ b/sepolicy/vendor/file.te
@@ -11,6 +11,8 @@
type sysfs_rmtfs, sysfs_type, fs_type;
type sysfs_soc, sysfs_type, fs_type;
type sysfs_scsi_devices_0000, sysfs_type, fs_type;
+type sysfs_scsi_devices_other, sysfs_type, fs_type;
+type sysfs_devices_block_stat, sysfs_type, fs_type;
type sysfs_timestamp_switch, sysfs_type, fs_type;
type sysfs_touch, sysfs_type, fs_type;
type sysfs_usb_c, sysfs_type, fs_type;
@@ -29,6 +31,7 @@
type debugfs_mdp, debugfs_type, fs_type;
type debugfs_icnss, debugfs_type, fs_type;
type debugfs_ufs, debugfs_type, fs_type;
+type debugfs_dma_bufinfo, debugfs_type, fs_type;
# /proc
type proc_wifi_dbg, fs_type;
diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts
index 1079d07..16a27a6 100644
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@@ -290,3 +290,5 @@
# b/70518189 vDSO experiments
/sys/module/vdso/parameters u:object_r:sysfs_vdso:s0
+
+/sys/devices/virtual/block/.*/stat u:object_r:sysfs_devices_block_stat:s0
diff --git a/sepolicy/vendor/genfs_contexts b/sepolicy/vendor/genfs_contexts
index 6434c9a..7f05483 100644
--- a/sepolicy/vendor/genfs_contexts
+++ b/sepolicy/vendor/genfs_contexts
@@ -12,6 +12,11 @@
genfscon sysfs /android_touch u:object_r:sysfs_touch:s0
genfscon sysfs /devices/soc/1da4000.ufshc/host0/target0:0:0/0:0:0:0 u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/soc/1da4000.ufshc/host0/target0:0:0/0:0:0:1 u:object_r:sysfs_scsi_devices_other:s0
+genfscon sysfs /devices/soc/1da4000.ufshc/host0/target0:0:0/0:0:0:2 u:object_r:sysfs_scsi_devices_other:s0
+genfscon sysfs /devices/soc/1da4000.ufshc/host0/target0:0:0/0:0:0:3 u:object_r:sysfs_scsi_devices_other:s0
+genfscon sysfs /devices/soc/1da4000.ufshc/host0/target0:0:0/0:0:0:4 u:object_r:sysfs_scsi_devices_other:s0
+genfscon sysfs /devices/soc/1da4000.ufshc/host0/target0:0:0/0:0:0:5 u:object_r:sysfs_scsi_devices_other:s0
genfscon sysfs /class/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0
@@ -90,3 +95,5 @@
genfscon debugfs /rmt_storage u:object_r:debugfs_rmt_storage:s0
genfscon debugfs /icnss u:object_r:debugfs_icnss:s0
genfscon debugfs /ufshcd0 u:object_r:debugfs_ufs:s0
+
+genfscon debugfs /dma_buf/bufinfo u:object_r:debugfs_dma_bufinfo:s0
diff --git a/sepolicy/vendor/hal_bootctl.te b/sepolicy/vendor/hal_bootctl.te
index da24b79..e5ebb89 100644
--- a/sepolicy/vendor/hal_bootctl.te
+++ b/sepolicy/vendor/hal_bootctl.te
@@ -29,3 +29,6 @@
# Expose a socket for brokered boot message access for hal_oemlock.
allow hal_bootctl hal_bootctl_socket:sock_file create_file_perms;
+
+allow hal_bootctl sysfs_scsi_devices_other:dir r_dir_perms;
+allow hal_bootctl sysfs_scsi_devices_other:file r_file_perms;
diff --git a/sepolicy/vendor/hal_dumpstate_impl.te b/sepolicy/vendor/hal_dumpstate_impl.te
index 7815f71..bcfc267 100644
--- a/sepolicy/vendor/hal_dumpstate_impl.te
+++ b/sepolicy/vendor/hal_dumpstate_impl.te
@@ -65,3 +65,8 @@
# Access to UFS info
allow hal_dumpstate_impl sysfs_scsi_devices_0000:dir r_dir_perms;
allow hal_dumpstate_impl sysfs_scsi_devices_0000:file r_file_perms;
+
+# For collecting bugreports.
+allow hal_dumpstate_impl shell_data_file:file getattr;
+userdebug_or_eng(`allow hal_dumpstate_impl debugfs_dma_bufinfo:file r_file_perms;')
+dontaudit hal_dumpstate_impl debugfs_dma_bufinfo:file r_file_perms;
diff --git a/sepolicy/vendor/smlog_dump.te b/sepolicy/vendor/smlog_dump.te
index bc8d94b..243a1de 100644
--- a/sepolicy/vendor/smlog_dump.te
+++ b/sepolicy/vendor/smlog_dump.te
@@ -24,4 +24,7 @@
allow smlog_dump dumpstate:fd use;
allow smlog_dump hal_dumpstate_impl:fd use;
allow smlog_dump uio_device:chr_file rw_file_perms;
+
+ # For collecting bugreports.
+ allow smlog_dump shell_data_file:file write;
')
diff --git a/sepolicy/vendor/vold.te b/sepolicy/vendor/vold.te
index 80edf33..be4eff3 100644
--- a/sepolicy/vendor/vold.te
+++ b/sepolicy/vendor/vold.te
@@ -1,6 +1,7 @@
get_prop(vold, tee_listener_prop)
allow vold sysfs_scsi_devices_0000:file write;
+allow vold sysfs_scsi_devices_other:file write;
allow vold persist_file:dir r_dir_perms;
diff --git a/vibrator/OWNERS b/vibrator/OWNERS
new file mode 100644
index 0000000..2c0d70d
--- /dev/null
+++ b/vibrator/OWNERS
@@ -0,0 +1,2 @@
+dtwlin@google.com
+michaelwr@google.com