Merge "Give hal_drm_server appdomain fd access."
diff --git a/Android.mk b/Android.mk
index 6ea4d21..b011da3 100644
--- a/Android.mk
+++ b/Android.mk
@@ -1153,7 +1153,7 @@
include $(BUILD_SYSTEM)/base_rules.mk
-bug_files := $(call build_policy, bug_map, $(LOCAL_PATH) $(PLAT_PRIVATE_POLICY) $(PLAT_VENDOR_POLICY) $(BOARD_SEPOLICY_DIRS) $(PLAT_PUBLIC_POLICY))
+bug_files := $(call build_policy, bug_map, $(LOCAL_PATH) $(PLAT_PRIVATE_POLICY) $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(PLAT_PUBLIC_POLICY))
$(LOCAL_BUILT_MODULE) : $(bug_files)
@mkdir -p $(dir $@)
diff --git a/README b/README
index 0cc8e30..43d9bbc 100644
--- a/README
+++ b/README
@@ -18,13 +18,13 @@
points.
These device policy files can be configured through the use of
-the BOARD_SEPOLICY_DIRS variable. This variable should be set
+the BOARD_VENDOR_SEPOLICY_DIRS variable. This variable should be set
in the BoardConfig.mk file in the device or vendor directories.
-BOARD_SEPOLICY_DIRS contains a list of directories to search
+BOARD_VENDOR_SEPOLICY_DIRS contains a list of directories to search
for additional policy files. Order matters in this list.
For example, if you have 2 instances of widget.te files in the
-BOARD_SEPOLICY_DIRS search path, then the first one found (at the
+BOARD_VENDOR_SEPOLICY_DIRS search path, then the first one found (at the
first search dir containing the file) will be concatenated first.
Reviewing out/target/product/<device>/obj/ETC/sepolicy_intermediates/policy.conf
will help sort out ordering issues.
@@ -32,7 +32,7 @@
Example BoardConfig.mk Usage:
From the Tuna device BoardConfig.mk, device/samsung/tuna/BoardConfig.mk
-BOARD_SEPOLICY_DIRS += device/samsung/tuna/sepolicy
+BOARD_VENDOR_SEPOLICY_DIRS += device/samsung/tuna/sepolicy
Additionally, OEMs can specify BOARD_SEPOLICY_M4DEFS to pass arbitrary m4
definitions during the build. A definition consists of a string in the form
diff --git a/private/incidentd.te b/private/incidentd.te
index 6f10955..d077926 100644
--- a/private/incidentd.te
+++ b/private/incidentd.te
@@ -49,6 +49,13 @@
allow incidentd stats_service:service_manager find;
binder_call(incidentd, statsd)
+# section id 3026, allow reading /data/misc/perfetto-traces.
+# TODO(b/134706389): remove when no longer used.
+userdebug_or_eng(`
+ allow incidentd perfetto_traces_data_file:dir r_dir_perms;
+ allow incidentd perfetto_traces_data_file:file r_file_perms;
+');
+
# Create and write into /data/misc/incidents
allow incidentd incident_data_file:dir rw_dir_perms;
allow incidentd incident_data_file:file create_file_perms;
@@ -145,12 +152,14 @@
### neverallow rules
###
-# only dumpstate, system_server, system_app and incident command can find the incident service
+# only specific domains can find the incident service
+# TODO(b/134706389): remove "perfetto" when no longer used.
neverallow {
domain
-dumpstate
-incident
-incidentd
+ userdebug_or_eng(`-perfetto')
-priv_app
-statsd
-system_app
diff --git a/private/perfetto.te b/private/perfetto.te
index 28ea868..d1e2b13 100644
--- a/private/perfetto.te
+++ b/private/perfetto.te
@@ -37,12 +37,19 @@
allow perfetto adbd:fd use;
allow perfetto adbd:unix_stream_socket { read write };
-# allow adbd to reap perfetto
+# Allow adbd to reap perfetto
allow perfetto adbd:process { sigchld };
# Allow to access /dev/pts when launched in an adb shell.
allow perfetto devpts:chr_file rw_file_perms;
+# Allow perfetto to ask incidentd to start a report.
+# TODO(b/134706389): remove when no longer used.
+userdebug_or_eng(`
+ allow perfetto incident_service:service_manager find;
+ binder_call(perfetto, incidentd)
+');
+
###
### Neverallow rules
###
diff --git a/private/perfprofd.te b/private/perfprofd.te
index c65c6f1..94a7c1d 100644
--- a/private/perfprofd.te
+++ b/private/perfprofd.te
@@ -1,5 +1,6 @@
+typeattribute perfprofd coredomain;
+
userdebug_or_eng(`
- typeattribute perfprofd coredomain;
init_daemon_domain(perfprofd)
')
diff --git a/public/domain.te b/public/domain.te
index 0611892..6c23f6c 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -77,6 +77,11 @@
# Allow using fds to /dev/ashmem.
allow domain ashmem_server:fd use;
+# Allow vendor hals to access IAshmem
+# TODO(b/134783601): Change to a whitelist.
+allow { domain -coredomain -appdomain } system_ashmem_hwservice:hwservice_manager find;
+allow { domain -coredomain -appdomain } ashmem_server: binder call;
+
# /dev/binder can be accessed by non-vendor domains and by apps
allow {
coredomain
