diff --git a/private/compat/33.0/33.0.ignore.cil b/private/compat/33.0/33.0.ignore.cil index e943a6d45..a03240154 100644 --- a/private/compat/33.0/33.0.ignore.cil +++ b/private/compat/33.0/33.0.ignore.cil @@ -12,6 +12,8 @@ permissive_mte_prop servicemanager_prop system_net_netd_service + tuner_config_prop + tuner_server_ctl_prop virtual_face_hal_prop virtual_fingerprint_hal_prop )) diff --git a/private/mediatuner.te b/private/mediatuner.te index 413d2e545..bfb264eb5 100644 --- a/private/mediatuner.te +++ b/private/mediatuner.te @@ -17,6 +17,9 @@ allow mediatuner tv_tuner_resource_mgr_service:service_manager find; allow mediatuner package_native_service:service_manager find; binder_call(mediatuner, system_server) +# Read ro.tuner.lazyhal +get_prop(mediatuner, tuner_config_prop) + ### ### neverallow rules ### diff --git a/private/property.te b/private/property.te index 871b67330..ddb427d54 100644 --- a/private/property.te +++ b/private/property.te @@ -38,6 +38,7 @@ system_internal_prop(setupwizard_prop) system_internal_prop(snapuserd_prop) system_internal_prop(system_adbd_prop) system_internal_prop(traced_perf_enabled_prop) +system_internal_prop(tuner_server_ctl_prop) system_internal_prop(userspace_reboot_log_prop) system_internal_prop(userspace_reboot_test_prop) system_internal_prop(verity_status_prop) diff --git a/private/property_contexts b/private/property_contexts index 34bd80ee8..5cf27aa00 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -1422,3 +1422,7 @@ vendor.fingerprint.virtual.operation_authenticate_latency u:object_r:virtual_fin vendor.fingerprint.virtual.operation_detect_interaction_latency u:object_r:virtual_fingerprint_hal_prop:s0 exact int vendor.fingerprint.virtual.operation_enroll_latency u:object_r:virtual_fingerprint_hal_prop:s0 exact int vendor.fingerprint.virtual.operation_authenticate_duration u:object_r:virtual_fingerprint_hal_prop:s0 exact int + +# properties for tuner +ro.tuner.lazyhal u:object_r:tuner_config_prop:s0 exact bool +tuner.server.enable u:object_r:tuner_server_ctl_prop:s0 exact bool diff --git a/private/system_server.te b/private/system_server.te index a7be343d5..b783446a7 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -820,6 +820,11 @@ get_prop(system_server, hypervisor_prop) # Read persist.wm.debug. properties get_prop(system_server, persist_wm_debug_prop) +# Read ro.tuner.lazyhal +get_prop(system_server, tuner_config_prop) +# Write tuner.server.enable +set_prop(system_server, tuner_server_ctl_prop) + # Create a socket for connections from debuggerd. allow system_server system_ndebug_socket:sock_file create_file_perms; @@ -1291,6 +1296,13 @@ neverallow { device_config_window_manager_native_boot_prop }:property_service set; +# Only allow system_server and init to set tuner_server_ctl_prop +neverallow { + domain + -system_server + -init +} tuner_server_ctl_prop:property_service set; + # system_server should never be executing dex2oat. This is either # a bug (for example, bug 16317188), or represents an attempt by # system server to dynamically load a dex file, something we do not diff --git a/public/property.te b/public/property.te index b6c365db3..4bdf74f8a 100644 --- a/public/property.te +++ b/public/property.te @@ -181,6 +181,7 @@ system_vendor_config_prop(wifi_config_prop) system_vendor_config_prop(zram_config_prop) system_vendor_config_prop(zygote_config_prop) system_vendor_config_prop(dck_prop) +system_vendor_config_prop(tuner_config_prop) # Properties with no restrictions system_public_prop(adbd_config_prop) diff --git a/vendor/file_contexts b/vendor/file_contexts index 8fd8525a8..1cff8922e 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -93,7 +93,7 @@ /(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.cec@1\.[01]-service u:object_r:hal_tv_cec_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.input@1\.0-service u:object_r:hal_tv_input_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.tuner@1\.[01]-service u:object_r:hal_tv_tuner_default_exec:s0 -/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.tuner-service\.example u:object_r:hal_tv_tuner_default_exec:s0 +/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.tuner-service\.example(-lazy)? u:object_r:hal_tv_tuner_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.0-service u:object_r:hal_usb_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.usb-service\.example u:object_r:hal_usb_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.usb\.gadget@1\.1-service u:object_r:hal_usb_gadget_default_exec:s0 diff --git a/vendor/hal_tv_tuner_default.te b/vendor/hal_tv_tuner_default.te index 639c7bdef..e11d4dd62 100644 --- a/vendor/hal_tv_tuner_default.te +++ b/vendor/hal_tv_tuner_default.te @@ -8,3 +8,6 @@ allow hal_tv_tuner_default ion_device:chr_file r_file_perms; # Access to /dev/dma_heap/system allow hal_tv_tuner_default dmabuf_system_heap_device:chr_file r_file_perms; + +# Allow servicemanager to notify hal_tv_tuner_default clients status +binder_use(hal_tv_tuner_default)