Merge "System wide sepolicy changes for aidl camera hals."
diff --git a/private/bpfloader.te b/private/bpfloader.te
index 650117e..02337a0 100644
--- a/private/bpfloader.te
+++ b/private/bpfloader.te
@@ -3,6 +3,9 @@
type bpfloader_exec, system_file_type, exec_type, file_type;
typeattribute bpfloader coredomain;
+# allow bpfloader to write to the kernel log (starts early)
+allow bpfloader kmsg_device:chr_file w_file_perms;
+
# These permissions are required to pin ebpf maps & programs.
allow bpfloader { fs_bpf fs_bpf_tethering }:dir { add_name create search write };
allow bpfloader { fs_bpf fs_bpf_tethering }:file { create read setattr };
diff --git a/private/property_contexts b/private/property_contexts
index 05e5179..7106a51 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -707,7 +707,7 @@
# shell-only props for ARM memory tagging (MTE).
arm64.memtag. u:object_r:arm64_memtag_prop:s0 prefix string
-persist.arm64.memtag.mode u:object_r:arm64_memtag_prop:s0 exact string
+persist.arm64.memtag.default u:object_r:arm64_memtag_prop:s0 exact string
net.redirect_socket_calls.hooked u:object_r:socket_hook_prop:s0 exact bool
diff --git a/private/system_server.te b/private/system_server.te
index f70744d..79817ef 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -448,6 +448,7 @@
allow system_server adbd_socket:sock_file rw_file_perms;
allow system_server rtc_device:chr_file rw_file_perms;
allow system_server audio_device:dir r_dir_perms;
+allow system_server uhid_device:chr_file rw_file_perms;
# write access to ALSA interfaces (/dev/snd/*) needed for MIDI
allow system_server audio_device:chr_file rw_file_perms;
@@ -787,6 +788,9 @@
# Read the net.464xlat.cellular.enabled property (written by init).
get_prop(system_server, net_464xlat_fromvendor_prop)
+# Read hypervisor capabilities ro.boot.hypervisor.*
+get_prop(system_server, hypervisor_prop)
+
# Create a socket for connections from debuggerd.
allow system_server system_ndebug_socket:sock_file create_file_perms;
diff --git a/public/hal_wifi_hostapd.te b/public/hal_wifi_hostapd.te
index b508aa5..eeb72ba 100644
--- a/public/hal_wifi_hostapd.te
+++ b/public/hal_wifi_hostapd.te
@@ -5,7 +5,7 @@
hal_attribute_hwservice(hal_wifi_hostapd, hal_wifi_hostapd_hwservice)
hal_attribute_service(hal_wifi_hostapd, hal_wifi_hostapd_service)
-binder_call(hal_wifi_hostapd_server, servicemanager)
+binder_use(hal_wifi_hostapd_server)
allow hal_wifi_hostapd_server dumpstate:fifo_file write;
diff --git a/tests/policy.py b/tests/policy.py
index 06157fd..60c6962 100644
--- a/tests/policy.py
+++ b/tests/policy.py
@@ -396,7 +396,8 @@
self.__libsepolwrap = lib
def __GenfsDictAdd(self, Dict, buf):
- fs, path, context = buf.split(" ")
+ fs, buf = buf.split(' ', 1)
+ path, context = buf.rsplit(' ', 1)
Type = context.split(":")[2]
if not fs in Dict:
Dict[fs] = {Type}