Merge stage-dr1-aosp-master into stage-aosp-master

Bug: 112535855 Change-Id: Ib687f6cd68735c953dc1d575517c30a07639a451
2018-08-13 13:01:25 -07:00 · 2018-08-13 13:01:25 -07:00 · 3dc2139f1e
commit 3dc2139f1e
parent 6237ad2f79 5a33163678
7 changed files with 18 additions and 10 deletions
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@ -231,6 +231,7 @@ neverallow all_untrusted_apps {
  hal_wifi_supplicant_hwservice
  hidl_base_hwservice
  system_net_netd_hwservice
+  thermalcallback_hwservice
 }:hwservice_manager find;
 # HwBinder services offered by core components (as opposed to vendor components)
 # are considered somewhat safer due to point #2 above.
--- a/private/compat/27.0/27.0.cil
+++ b/private/compat/27.0/27.0.cil
@ -4,11 +4,10 @@
 (type mediacodec_exec)
 (type qtaguid_proc)
 (type reboot_data_file)
+(type vold_socket)
 (type rild)
 (type untrusted_v2_app)
 (type webview_zygote_socket)
-(type vold_socket)
-(type thermalcallback_hwservice)

 (expandtypeattribute (accessibility_service_27_0) true)
 (expandtypeattribute (account_service_27_0) true)
--- a/private/crash_dump.te
+++ b/private/crash_dump.te
@ -1 +1,14 @@
 typeattribute crash_dump coredomain;
+
+allow crash_dump {
+  domain
+  -bpfloader
+  -crash_dump
+  -init
+  -kernel
+  -keystore
+  -logd
+  -ueventd
+  -vendor_init
+  -vold
+}:process { ptrace signal sigchld sigstop sigkill };
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts
@ -50,6 +50,7 @@ android.hardware.soundtrigger::ISoundTriggerHw                  u:object_r:hal_a
 android.hardware.tetheroffload.config::IOffloadConfig           u:object_r:hal_tetheroffload_hwservice:s0
 android.hardware.tetheroffload.control::IOffloadControl         u:object_r:hal_tetheroffload_hwservice:s0
 android.hardware.thermal::IThermal                              u:object_r:hal_thermal_hwservice:s0
+android.hardware.thermal::IThermalCallback                      u:object_r:thermalcallback_hwservice:s0
 android.hardware.tv.cec::IHdmiCec                               u:object_r:hal_tv_cec_hwservice:s0
 android.hardware.tv.input::ITvInput                             u:object_r:hal_tv_input_hwservice:s0
 android.hardware.usb::IUsb                                      u:object_r:hal_usb_hwservice:s0
--- a/public/crash_dump.te
+++ b/public/crash_dump.te
@ -1,14 +1,6 @@
 type crash_dump, domain;
 type crash_dump_exec, exec_type, file_type;

-allow crash_dump {
-  domain
-  -init
-  -crash_dump
-  -keystore
-  -logd
-}:process { ptrace signal sigchld sigstop sigkill };
-
 # crash_dump might inherit CAP_SYS_PTRACE from a privileged process,
 # which will result in an audit log even when it's allowed to trace.
 dontaudit crash_dump self:global_capability_class_set { sys_ptrace };
--- a/public/hwservice.te
+++ b/public/hwservice.te
@ -60,3 +60,4 @@ type hidl_memory_hwservice, hwservice_manager_type, coredomain_hwservice;
 type hidl_token_hwservice, hwservice_manager_type, coredomain_hwservice;
 type system_net_netd_hwservice, hwservice_manager_type, coredomain_hwservice;
 type system_wifi_keystore_hwservice, hwservice_manager_type, coredomain_hwservice;
+type thermalcallback_hwservice, hwservice_manager_type;
--- a/public/thermalserviced.te
+++ b/public/thermalserviced.te
@ -8,5 +8,6 @@ add_service(thermalserviced, thermal_service)

 hwbinder_use(thermalserviced)
 hal_client_domain(thermalserviced, hal_thermal)
+add_hwservice(thermalserviced, thermalcallback_hwservice)

 binder_call(thermalserviced, platform_app)