diff options
| -rw-r--r-- | BoardConfig.mk | 4 | ||||
| -rw-r--r-- | CleanSpec.mk | 1 | ||||
| -rwxr-xr-x | device.mk | 3 | ||||
| -rw-r--r-- | sepolicy/vendor/hal_drm_clearkey.te | 2 | ||||
| -rw-r--r-- | sepolicy/vendor/hal_drm_widevine.te | 1 | ||||
| -rw-r--r-- | sepolicy/vendor/hal_fingerprint_default.te | 4 | ||||
| -rw-r--r-- | sepolicy/vendor/netmgrd.te | 3 | ||||
| -rw-r--r-- | sepolicy/vendor/ramdump_app.te | 1 |
8 files changed, 10 insertions, 9 deletions
diff --git a/BoardConfig.mk b/BoardConfig.mk index f5ae00e9..c5c66de3 100644 --- a/BoardConfig.mk +++ b/BoardConfig.mk @@ -87,10 +87,10 @@ BOARD_USES_SYSTEM_OTHER_ODEX := true BOARD_ROOT_EXTRA_FOLDERS := persist firmware -BOARD_SEPOLICY_DIRS += device/google/wahoo/sepolicy/vendor +BOARD_VENDOR_SEPOLICY_DIRS += device/google/wahoo/sepolicy/vendor BOARD_PLAT_PUBLIC_SEPOLICY_DIR := device/google/wahoo/sepolicy/public BOARD_PLAT_PRIVATE_SEPOLICY_DIR := device/google/wahoo/sepolicy/private -BOARD_SEPOLICY_DIRS += device/google/wahoo/sepolicy/verizon +BOARD_VENDOR_SEPOLICY_DIRS += device/google/wahoo/sepolicy/verizon TARGET_FS_CONFIG_GEN := device/google/wahoo/config.fs diff --git a/CleanSpec.mk b/CleanSpec.mk index 23dc9ed0..991e4566 100644 --- a/CleanSpec.mk +++ b/CleanSpec.mk @@ -82,6 +82,7 @@ $(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/etc/permissions/android.hard $(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/etc/permissions/android.hardware.nfc.xml) $(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/etc/permissions/android.hardware.nfc.hce.xml) $(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/etc/permissions/android.hardware.nfc.hcef.xml) +$(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/etc/permissions/com.nxp.mifare.xml) $(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/etc/permissions/android.hardware.vr.headtracking.xml) $(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/etc/permissions/android.hardware.vr.high_performance.xml) $(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/etc/permissions/android.hardware.vulkan.level.xml) @@ -40,7 +40,7 @@ PRODUCT_COPY_FILES += \ # Set the SVN for the targeted MR release PRODUCT_PROPERTY_OVERRIDES += \ - ro.vendor.build.svn=26 + ro.vendor.build.svn=27 # Enforce privapp-permissions whitelist PRODUCT_PROPERTY_OVERRIDES += \ @@ -168,6 +168,7 @@ PRODUCT_COPY_FILES += \ frameworks/native/data/etc/android.hardware.nfc.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.nfc.xml \ frameworks/native/data/etc/android.hardware.nfc.hce.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.nfc.hce.xml \ frameworks/native/data/etc/android.hardware.nfc.hcef.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.nfc.hcef.xml \ + frameworks/native/data/etc/com.nxp.mifare.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/com.nxp.mifare.xml \ frameworks/native/data/etc/android.hardware.vr.headtracking-0.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.vr.headtracking.xml \ frameworks/native/data/etc/android.hardware.vr.high_performance.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.vr.high_performance.xml \ frameworks/native/data/etc/android.hardware.vulkan.compute-0.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.vulkan.compute.xml \ diff --git a/sepolicy/vendor/hal_drm_clearkey.te b/sepolicy/vendor/hal_drm_clearkey.te index 976b9fab..5632c3b2 100644 --- a/sepolicy/vendor/hal_drm_clearkey.te +++ b/sepolicy/vendor/hal_drm_clearkey.te @@ -7,5 +7,3 @@ init_daemon_domain(hal_drm_clearkey) hal_server_domain(hal_drm_clearkey, hal_drm) vndbinder_use(hal_drm_clearkey); - -allow hal_drm_clearkey { appdomain -isolated_app }:fd use; diff --git a/sepolicy/vendor/hal_drm_widevine.te b/sepolicy/vendor/hal_drm_widevine.te index f2725022..8e6eca1b 100644 --- a/sepolicy/vendor/hal_drm_widevine.te +++ b/sepolicy/vendor/hal_drm_widevine.te @@ -9,7 +9,6 @@ hal_server_domain(hal_drm_widevine, hal_drm) vndbinder_use(hal_drm_widevine); allow hal_drm_widevine mediacodec:fd use; -allow hal_drm_widevine { appdomain -isolated_app }:fd use; # The Qualcomm DRM-HAL implementation uses a vendor-binder service provided # by the HWC HAL. diff --git a/sepolicy/vendor/hal_fingerprint_default.te b/sepolicy/vendor/hal_fingerprint_default.te index ed638458..3cc920f7 100644 --- a/sepolicy/vendor/hal_fingerprint_default.te +++ b/sepolicy/vendor/hal_fingerprint_default.te @@ -1,3 +1,7 @@ +get_prop(hal_fingerprint_default, hwservicemanager_prop) +allow hal_fingerprint_default fwk_stats_hwservice:hwservice_manager find; +binder_call(hal_fingerprint_default, statsd) + allow hal_fingerprint_default sysfs_fingerprint:dir r_dir_perms; allow hal_fingerprint_default sysfs_fingerprint:file rw_file_perms; allow hal_fingerprint_default sysfs_msm_subsys:dir search; diff --git a/sepolicy/vendor/netmgrd.te b/sepolicy/vendor/netmgrd.te index ebe12bbc..7bbcc592 100644 --- a/sepolicy/vendor/netmgrd.te +++ b/sepolicy/vendor/netmgrd.te @@ -7,9 +7,6 @@ init_daemon_domain(netmgrd) set_prop(netmgrd, vendor_net_radio_prop) set_prop(netmgrd, net_rmnet_prop) -# communicate with netd -unix_socket_connect(netmgrd, netd, netd) - allow netmgrd netmgrd_socket:dir w_dir_perms; allow netmgrd netmgrd_socket:sock_file create_file_perms; allow netmgrd self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_write }; diff --git a/sepolicy/vendor/ramdump_app.te b/sepolicy/vendor/ramdump_app.te index ed9bf33b..af710d68 100644 --- a/sepolicy/vendor/ramdump_app.te +++ b/sepolicy/vendor/ramdump_app.te @@ -11,4 +11,5 @@ userdebug_or_eng(` set_prop(ramdump_app, vendor_ramdump_prop); get_prop(system_app, vendor_ssr_prop) + get_prop(ramdump_app, system_boot_reason_prop) ') |