Merge "Allow zygote to create fds and map executable."
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index 8fc3155..ac46969 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -5,6 +5,7 @@
(typeattribute new_objects)
(typeattributeset new_objects
( new_objects
+ camera_calibration_vendor_data_file
ctl_apexd_prop
device_config_sys_traced_prop
runtime_apex_dir
diff --git a/private/file_contexts b/private/file_contexts
index 8150fa6..c1ed338 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -539,6 +539,9 @@
# Face vendor data file
/data/vendor_de/[0-9]+/facedata(/.*)? u:object_r:face_vendor_data_file:s0
+# Directory for (auto)calibration file(s)
+/data/vendor/camera_calibration(/.*)? u:object_r:camera_calibration_vendor_data_file:s0
+
# Iris vendor data file
/data/vendor_de/[0-9]+/irisdata(/.*)? u:object_r:iris_vendor_data_file:s0
diff --git a/public/file.te b/public/file.te
index c78ddd5..9e0101a 100644
--- a/public/file.te
+++ b/public/file.te
@@ -406,6 +406,8 @@
type face_vendor_data_file, file_type, data_file_type;
# Type for iris template file
type iris_vendor_data_file, file_type, data_file_type;
+# Type for calibration template file
+type camera_calibration_vendor_data_file, file_type, data_file_type;
# Socket types
type adbd_socket, file_type, coredomain_socket;
diff --git a/public/hal_face.te b/public/hal_face.te
index b250586..4e3644f 100644
--- a/public/hal_face.te
+++ b/public/hal_face.te
@@ -10,3 +10,7 @@
# Allow read/write access to the face template directory.
allow hal_face face_vendor_data_file:file create_file_perms;
allow hal_face face_vendor_data_file:dir rw_dir_perms;
+
+# Allow writing new camera calibrations
+allow hal_face camera_calibration_vendor_data_file:dir rw_dir_perms;
+allow hal_face camera_calibration_vendor_data_file:file create_file_perms;
diff --git a/public/kernel.te b/public/kernel.te
index 99ad014..46864b8 100644
--- a/public/kernel.te
+++ b/public/kernel.te
@@ -106,6 +106,9 @@
allow kernel rootfs:file execute;
')
+# required by VTS lidbm unit test
+allow kernel appdomain_tmpfs:file read;
+
###
### neverallow rules
###
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 390ec0b..1fa885d 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -66,6 +66,7 @@
# Same process HALs installed by platform into /vendor
#
/(vendor|system/vendor)/lib(64)?/hw/android\.hardware\.graphics\.mapper@2\.0-impl\.so u:object_r:same_process_hal_file:s0
+/(vendor|system/vendor)/lib(64)?/hw/android\.hardware\.graphics\.mapper@2\.0-impl-2\.1\.so u:object_r:same_process_hal_file:s0
/(vendor|system/vendor)/lib(64)?/hw/android\.hardware\.graphics\.mapper@3\.0-impl\.so u:object_r:same_process_hal_file:s0
/(vendor|system/vendor)/lib(64)?/hw/android\.hardware\.renderscript@1\.0-impl\.so u:object_r:same_process_hal_file:s0
/(vendor|system/vendor)/lib(64)?/hw/gralloc\.default\.so u:object_r:same_process_hal_file:s0
diff --git a/vendor/hal_camera_default.te b/vendor/hal_camera_default.te
index 5bc4a61..06c1d9c 100644
--- a/vendor/hal_camera_default.te
+++ b/vendor/hal_camera_default.te
@@ -9,3 +9,7 @@
# For collecting bugreports.
allow hal_camera_default dumpstate:fd use;
allow hal_camera_default dumpstate:fifo_file write;
+
+# Allow reading camera calibrations
+allow hal_camera_default camera_calibration_vendor_data_file:dir search;
+allow hal_camera_default camera_calibration_vendor_data_file:file r_file_perms;
