Merge "Fix duplicated comments" into main

commit: 4571ddd9440721fec583c906a337de949a77749e [log] [tgz]
author: Inseob Kim <inseob@google.com> Thu Mar 27 02:39:36 2025 -0700
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Thu Mar 27 02:39:36 2025 -0700
tree: 14135d5ed5fbcdd75dafbbdebb9887fe7c4d5d14
parent: e9fae35f6e8548137258b914dadc8ffb5baef71e [diff]
parent: af44776923f92aff0fd1f2bfc7554be83c7fe7cc [diff]
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 0a0c9cb..3d36148 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts

@@ -285,6 +285,7 @@
 genfscon tracefs /events/kmem/rss_stat/                                  u:object_r:debugfs_tracing:s0
 genfscon tracefs /events/kmem/ion_heap_grow/                             u:object_r:debugfs_tracing:s0
 genfscon tracefs /events/kmem/ion_heap_shrink/                           u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/kmem/mm_calculate_totalreserve_pages/           u:object_r:debugfs_tracing:s0
 genfscon tracefs /events/ion/ion_stat/                                   u:object_r:debugfs_tracing:s0
 genfscon tracefs /events/mm_event/mm_event_record/                       u:object_r:debugfs_tracing:s0
 genfscon tracefs /events/oom/oom_score_adj_update/                       u:object_r:debugfs_tracing:s0

diff --git a/private/virtualizationmanager.te b/private/virtualizationmanager.te
index 6e973d6..b743d46 100644
--- a/private/virtualizationmanager.te
+++ b/private/virtualizationmanager.te

@@ -153,3 +153,7 @@
 # virtualizationmanager uses libselinux to check if VM is allowed to access requested
 # tee services.
 selinux_check_access(virtualizationmanager)
+
+# virtualizationmanager needs to talk to IVmCapabilitiesService HAL to allow specific VMs to
+# issue vendor-private smcs.
+hal_client_domain(virtualizationmanager, hal_vm_capabilities);

diff --git a/public/te_macros b/public/te_macros
index 78e75a0..d75be83 100644
--- a/public/te_macros
+++ b/public/te_macros

@@ -611,7 +611,10 @@
 # Userdebug or eng builds
 # SELinux rules which apply only to userdebug or eng builds
 #
-define(`userdebug_or_eng', ifelse(target_build_variant, `eng', $1, ifelse(target_build_variant, `userdebug', $1)))
+define(`userdebug_or_eng', ifelse(target_build_variant, `eng', $1, ifelse(target_build_variant, `userdebug', $1,
+#
+# SUPPRESSED_BY_USERDEBUG_OR_ENG -- this marker is used by CTS -- do not modify
+)))
 
 #####################################
 # asan builds

diff --git a/vendor/file_contexts b/vendor/file_contexts
index dc09d79..a2ae309 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts

@@ -209,3 +209,4 @@
 /(vendor|system/vendor)/lib(64)?/libutilscallstack\.so u:object_r:same_process_hal_file:s0
 /(vendor|system/vendor)/lib(64)?/libz\.so u:object_r:same_process_hal_file:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.virtualization\.capabilities\.capabilities_service-noop       u:object_r:hal_vm_capabilities_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.virtualization\.capabilities\.capabilities_service-default       u:object_r:hal_vm_capabilities_default_exec:s0
commit	4571ddd9440721fec583c906a337de949a77749e	[log] [tgz]
author	Inseob Kim <inseob@google.com>	Thu Mar 27 02:39:36 2025 -0700
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Thu Mar 27 02:39:36 2025 -0700
tree	14135d5ed5fbcdd75dafbbdebb9887fe7c4d5d14
parent	e9fae35f6e8548137258b914dadc8ffb5baef71e [diff]
parent	af44776923f92aff0fd1f2bfc7554be83c7fe7cc [diff]