Snap for 12327203 from 19ab72a3de to 24Q4-release

Change-Id: Ie125c53bf36bd3d072c70df97977659c1b8883fa
2024-09-05 23:01:48 +00:00 · 2024-09-05 23:01:48 +00:00 · c06c9d88d2
commit c06c9d88d2
parent fa12e08e98 19ab72a3de
16 changed files with 44 additions and 2 deletions
--- a/battery_mitigation/sepolicy/vendor/dumpstate.te
+++ b/battery_mitigation/sepolicy/vendor/dumpstate.te
@ -8,6 +8,7 @@ allow hal_dumpstate_default sysfs_cpu:file { read open getattr };
 allow hal_dumpstate_default sysfs_batteryinfo:dir { read open search };
 allow hal_dumpstate_default sysfs_batteryinfo:file { read open getattr };
 allow hal_dumpstate_default logbuffer_device:chr_file { read open getattr };
+allow hal_dumpstate_default mitigation_vendor_data_file:file { read open getattr };
 allow hal_dumpstate_default mitigation_vendor_data_file:dir { search };
 allow hal_dumpstate_default sysfs_bcl:dir { read open search };
 allow hal_dumpstate_default sysfs_bcl:file { read open getattr };
--- a/modem/shared_modem_platform/compatibility_matrix.xml
+++ b/modem/shared_modem_platform/compatibility_matrix.xml
@ -2,7 +2,7 @@
    <!-- Optional since older devices will not register any services. -->
    <hal format="aidl" optional="true">
        <name>com.google.pixel.shared_modem_platform</name>
-        <version>1</version>
+        <version>2</version>
        <interface>
            <name>ISharedModemPlatform</name>
            <instance>default</instance>
--- a/storage/sepolicy/charger_vendor.te
+++ b/storage/sepolicy/charger_vendor.te
@ -0,0 +1,3 @@
+# fork from dcb05d13
+allow charger_vendor sysfs_scsi_devices_0000:file r_file_perms;
+
--- a/storage/sepolicy/dump_storage.te
+++ b/storage/sepolicy/dump_storage.te
@ -1,8 +1,11 @@
+# adb bugreport
 pixel_bugreport(dump_storage)

+# adb bugreport
 allow dump_storage sysfs_scsi_devices_0000:dir r_dir_perms;
 allow dump_storage sysfs_scsi_devices_0000:file r_file_perms;

+# adb bugreport
 userdebug_or_eng(`
  allow dump_storage debugfs_f2fs:dir r_dir_perms;
  allow dump_storage debugfs_f2fs:file r_file_perms;
@ -17,7 +20,10 @@ userdebug_or_eng(`
  allow dump_storage dump_storage_data_file:file create_file_perms;
 ')

+# adb bugreport
 get_prop(dump_storage, boottime_public_prop)

+# adb bugreport
 dontaudit dump_storage debugfs_f2fs:dir r_dir_perms;
 dontaudit dump_storage debugfs_f2fs:file r_file_perms;
+
--- a/storage/sepolicy/dumpstate.te
+++ b/storage/sepolicy/dumpstate.te
@ -1 +1,7 @@
+# adb bugreport
 allow dumpstate sysfs_scsi_devices_0000:file r_file_perms;
+allow dumpstate persist_file:dir { getattr };
+allow dumpstate modem_efs_file:dir { getattr };
+allow dumpstate modem_userdata_file:dir { getattr };
+allow dumpstate vold:binder { call };
+
--- a/storage/sepolicy/e2fs.te
+++ b/storage/sepolicy/e2fs.te
@ -7,3 +7,4 @@ allowxperm e2fs { persist_block_device efs_block_device modem_userdata_block_dev
 };
 allow e2fs sysfs_scsi_devices_0000:dir r_dir_perms;
 allow e2fs sysfs_scsi_devices_0000:file r_file_perms;
+
--- a/storage/sepolicy/fastbootd.te
+++ b/storage/sepolicy/fastbootd.te
@ -1 +1,3 @@
+# fastbootd
 allow fastbootd devpts:chr_file rw_file_perms;
+
--- a/storage/sepolicy/file.te
+++ b/storage/sepolicy/file.te
@ -1,4 +1,6 @@
+# file.te
 type debugfs_f2fs, debugfs_type, fs_type;
 type dump_storage_data_file, file_type, data_file_type;
 type sg_device, dev_type;
 type sg_util_exec, exec_type, vendor_file_type, file_type;
+
--- a/storage/sepolicy/fsck.te
+++ b/storage/sepolicy/fsck.te
@ -4,3 +4,4 @@ allow fsck efs_block_device:blk_file rw_file_perms;
 allow fsck modem_userdata_block_device:blk_file rw_file_perms;
 allow fsck sysfs_scsi_devices_0000:dir r_dir_perms;
 allow fsck sysfs_scsi_devices_0000:file r_file_perms;
+
--- a/storage/sepolicy/genfs_contexts
+++ b/storage/sepolicy/genfs_contexts
@ -1 +1,3 @@
+# f2fs
 genfscon debugfs /f2fs     u:object_r:debugfs_f2fs:s0
+
--- a/storage/sepolicy/hal_health_default.te
+++ b/storage/sepolicy/hal_health_default.te
@ -0,0 +1,3 @@
+# dumpsys android.hardware.power.stats.IPowerStats/default
+r_dir_file(hal_health_default, sysfs_scsi_devices_0000)
+
--- a/storage/sepolicy/hal_health_storage_default.te
+++ b/storage/sepolicy/hal_health_storage_default.te
@ -1,3 +1,4 @@
 # Access to /sys/devices/platform/*ufs/*
 allow hal_health_storage_default sysfs_scsi_devices_0000:dir r_dir_perms;
 allow hal_health_storage_default sysfs_scsi_devices_0000:file rw_file_perms;
+
--- a/storage/sepolicy/hal_power_stats_default.te
+++ b/storage/sepolicy/hal_power_stats_default.te
@ -0,0 +1,3 @@
+# dumpsys android.hardware.power.stats.IPowerStats/default
+r_dir_file(hal_power_stats_default, sysfs_scsi_devices_0000)
+
--- a/storage/sepolicy/init.te
+++ b/storage/sepolicy/init.te
@ -1 +1,3 @@
+# init
 allow init sysfs_scsi_devices_0000:file w_file_perms;
+
--- a/storage/sepolicy/vendor_init.te
+++ b/storage/sepolicy/vendor_init.te
@ -1 +1,6 @@
+# vendor_init
 allow vendor_init sg_device:chr_file r_file_perms;
+
+# dirty swappiness
+allow vendor_init proc_dirty:file w_file_perms;
+
--- a/storage/sepolicy/vold.te
+++ b/storage/sepolicy/vold.te
@ -5,9 +5,13 @@ allow vold sysfs_scsi_devices_0000:file rw_file_perms;
 allow vold userdata_exp_block_device:blk_file rw_file_perms;
 allowxperm vold userdata_exp_block_device:blk_file ioctl BLKSECDISCARD;

+# adb bugreport
 dontaudit vold dumpstate:fifo_file rw_file_perms;
 dontaudit vold dumpstate:fd use ;

 # fix idle-maint
 allow vold efs_block_device:blk_file { getattr };
 allow vold modem_userdata_block_device:blk_file { getattr };
+allow vold modem_efs_file:dir { read open ioctl };
+allow vold modem_userdata_file:dir { read open ioctl };
+