Snap for 7483611 from 0a8e9b1e0c469d86861f1e1a3baa838d24e94661 to mainline-documentsui-release
Change-Id: I144e8e9aceb63d0c1200263ef628199610c41602
diff --git a/prebuilts/api/31.0/private/automotive_display_service.te b/prebuilts/api/31.0/private/automotive_display_service.te
index fa11ca4..da933a9 100644
--- a/prebuilts/api/31.0/private/automotive_display_service.te
+++ b/prebuilts/api/31.0/private/automotive_display_service.te
@@ -16,6 +16,7 @@
# Allow to use HwBinder IPC for HAL implementations.
hwbinder_use(automotive_display_service)
hal_client_domain(automotive_display_service, hal_graphics_composer)
+hal_client_domain(automotive_display_service, hal_graphics_allocator)
# Allow to read the target property.
get_prop(automotive_display_service, hwservicemanager_prop)
diff --git a/prebuilts/api/31.0/private/compat/30.0/30.0.ignore.cil b/prebuilts/api/31.0/private/compat/30.0/30.0.ignore.cil
index 313acc7..1db4408 100644
--- a/prebuilts/api/31.0/private/compat/30.0/30.0.ignore.cil
+++ b/prebuilts/api/31.0/private/compat/30.0/30.0.ignore.cil
@@ -20,6 +20,7 @@
arm64_memtag_prop
authorization_service
bootanim_config_prop
+ camera2_extensions_prop
camerax_extensions_prop
cgroup_desc_api_file
cgroup_v2
diff --git a/prebuilts/api/31.0/private/dexoptanalyzer.te b/prebuilts/api/31.0/private/dexoptanalyzer.te
index d194acb..b99349e 100644
--- a/prebuilts/api/31.0/private/dexoptanalyzer.te
+++ b/prebuilts/api/31.0/private/dexoptanalyzer.te
@@ -51,3 +51,6 @@
# Allow query ART device config properties
get_prop(dexoptanalyzer, device_config_runtime_native_prop)
get_prop(dexoptanalyzer, device_config_runtime_native_boot_prop)
+
+# Allow dexoptanalyzer to read /apex/apex-info-list.xml
+allow dex2oat apex_info_file:file r_file_perms;
diff --git a/prebuilts/api/31.0/private/property_contexts b/prebuilts/api/31.0/private/property_contexts
index a8356c7..0993138 100644
--- a/prebuilts/api/31.0/private/property_contexts
+++ b/prebuilts/api/31.0/private/property_contexts
@@ -331,6 +331,9 @@
ro.camerax.extensions.enabled u:object_r:camerax_extensions_prop:s0 exact bool
+ro.vendor.camera.extensions.package u:object_r:camera2_extensions_prop:s0 exact string
+ro.vendor.camera.extensions.service u:object_r:camera2_extensions_prop:s0 exact string
+
# ART properties
dalvik.vm. u:object_r:dalvik_config_prop:s0
ro.dalvik.vm. u:object_r:dalvik_config_prop:s0
diff --git a/prebuilts/api/31.0/private/zygote.te b/prebuilts/api/31.0/private/zygote.te
index 9038c4f..dd42a81 100644
--- a/prebuilts/api/31.0/private/zygote.te
+++ b/prebuilts/api/31.0/private/zygote.te
@@ -69,8 +69,8 @@
# Zygote opens /mnt/expand to mount CE DE storage on each vol
allow zygote mnt_expand_file:dir { open read search relabelto };
-# Bind mount subdirectories on /data/misc/profiles/cur
-allow zygote user_profile_root_file:dir { mounton search };
+# Bind mount subdirectories on /data/misc/profiles/cur and /data/misc/profiles/ref
+allow zygote { user_profile_root_file user_profile_data_file }:dir { mounton search };
# Create and bind dirs on /data/data
allow zygote tmpfs:dir { create_dir_perms mounton };
diff --git a/prebuilts/api/31.0/public/app.te b/prebuilts/api/31.0/public/app.te
index a49faaf..e4b293f 100644
--- a/prebuilts/api/31.0/public/app.te
+++ b/prebuilts/api/31.0/public/app.te
@@ -593,5 +593,8 @@
neverallow appdomain system_bootstrap_lib_file:dir
{ open read getattr search };
+# Allow to read ro.vendor.camera.extensions.enabled
+get_prop(appdomain, camera2_extensions_prop)
+
# Allow to ro.camerax.extensions.enabled
get_prop(appdomain, camerax_extensions_prop)
diff --git a/prebuilts/api/31.0/public/property.te b/prebuilts/api/31.0/public/property.te
index 57146a4..1d3f358 100644
--- a/prebuilts/api/31.0/public/property.te
+++ b/prebuilts/api/31.0/public/property.te
@@ -123,6 +123,7 @@
system_vendor_config_prop(build_vendor_prop)
system_vendor_config_prop(camera_calibration_prop)
system_vendor_config_prop(camera_config_prop)
+system_vendor_config_prop(camera2_extensions_prop)
system_vendor_config_prop(camerax_extensions_prop)
system_vendor_config_prop(charger_config_prop)
system_vendor_config_prop(codec2_config_prop)
diff --git a/prebuilts/api/31.0/public/vendor_init.te b/prebuilts/api/31.0/public/vendor_init.te
index b0e1da5..0999f48 100644
--- a/prebuilts/api/31.0/public/vendor_init.te
+++ b/prebuilts/api/31.0/public/vendor_init.te
@@ -218,6 +218,7 @@
set_prop(vendor_init, apk_verity_prop)
set_prop(vendor_init, bluetooth_a2dp_offload_prop)
set_prop(vendor_init, bluetooth_audio_hal_prop)
+set_prop(vendor_init, camera2_extensions_prop)
set_prop(vendor_init, camerax_extensions_prop)
set_prop(vendor_init, cpu_variant_prop)
set_prop(vendor_init, dalvik_runtime_prop)
diff --git a/private/automotive_display_service.te b/private/automotive_display_service.te
index fa11ca4..da933a9 100644
--- a/private/automotive_display_service.te
+++ b/private/automotive_display_service.te
@@ -16,6 +16,7 @@
# Allow to use HwBinder IPC for HAL implementations.
hwbinder_use(automotive_display_service)
hal_client_domain(automotive_display_service, hal_graphics_composer)
+hal_client_domain(automotive_display_service, hal_graphics_allocator)
# Allow to read the target property.
get_prop(automotive_display_service, hwservicemanager_prop)
diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index 313acc7..1db4408 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -20,6 +20,7 @@
arm64_memtag_prop
authorization_service
bootanim_config_prop
+ camera2_extensions_prop
camerax_extensions_prop
cgroup_desc_api_file
cgroup_v2
diff --git a/private/dexoptanalyzer.te b/private/dexoptanalyzer.te
index d194acb..b99349e 100644
--- a/private/dexoptanalyzer.te
+++ b/private/dexoptanalyzer.te
@@ -51,3 +51,6 @@
# Allow query ART device config properties
get_prop(dexoptanalyzer, device_config_runtime_native_prop)
get_prop(dexoptanalyzer, device_config_runtime_native_boot_prop)
+
+# Allow dexoptanalyzer to read /apex/apex-info-list.xml
+allow dex2oat apex_info_file:file r_file_perms;
diff --git a/private/property_contexts b/private/property_contexts
index a8356c7..0993138 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -331,6 +331,9 @@
ro.camerax.extensions.enabled u:object_r:camerax_extensions_prop:s0 exact bool
+ro.vendor.camera.extensions.package u:object_r:camera2_extensions_prop:s0 exact string
+ro.vendor.camera.extensions.service u:object_r:camera2_extensions_prop:s0 exact string
+
# ART properties
dalvik.vm. u:object_r:dalvik_config_prop:s0
ro.dalvik.vm. u:object_r:dalvik_config_prop:s0
diff --git a/private/zygote.te b/private/zygote.te
index 9038c4f..dd42a81 100644
--- a/private/zygote.te
+++ b/private/zygote.te
@@ -69,8 +69,8 @@
# Zygote opens /mnt/expand to mount CE DE storage on each vol
allow zygote mnt_expand_file:dir { open read search relabelto };
-# Bind mount subdirectories on /data/misc/profiles/cur
-allow zygote user_profile_root_file:dir { mounton search };
+# Bind mount subdirectories on /data/misc/profiles/cur and /data/misc/profiles/ref
+allow zygote { user_profile_root_file user_profile_data_file }:dir { mounton search };
# Create and bind dirs on /data/data
allow zygote tmpfs:dir { create_dir_perms mounton };
diff --git a/public/app.te b/public/app.te
index a49faaf..e4b293f 100644
--- a/public/app.te
+++ b/public/app.te
@@ -593,5 +593,8 @@
neverallow appdomain system_bootstrap_lib_file:dir
{ open read getattr search };
+# Allow to read ro.vendor.camera.extensions.enabled
+get_prop(appdomain, camera2_extensions_prop)
+
# Allow to ro.camerax.extensions.enabled
get_prop(appdomain, camerax_extensions_prop)
diff --git a/public/property.te b/public/property.te
index 57146a4..1d3f358 100644
--- a/public/property.te
+++ b/public/property.te
@@ -123,6 +123,7 @@
system_vendor_config_prop(build_vendor_prop)
system_vendor_config_prop(camera_calibration_prop)
system_vendor_config_prop(camera_config_prop)
+system_vendor_config_prop(camera2_extensions_prop)
system_vendor_config_prop(camerax_extensions_prop)
system_vendor_config_prop(charger_config_prop)
system_vendor_config_prop(codec2_config_prop)
diff --git a/public/vendor_init.te b/public/vendor_init.te
index b0e1da5..0999f48 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -218,6 +218,7 @@
set_prop(vendor_init, apk_verity_prop)
set_prop(vendor_init, bluetooth_a2dp_offload_prop)
set_prop(vendor_init, bluetooth_audio_hal_prop)
+set_prop(vendor_init, camera2_extensions_prop)
set_prop(vendor_init, camerax_extensions_prop)
set_prop(vendor_init, cpu_variant_prop)
set_prop(vendor_init, dalvik_runtime_prop)
