diff --git a/bootctrl/aidl/BootControl.cpp b/bootctrl/aidl/BootControl.cpp index 83deb72..8655929 100644 --- a/bootctrl/aidl/BootControl.cpp +++ b/bootctrl/aidl/BootControl.cpp @@ -384,7 +384,7 @@ ScopedAStatus BootControl::isSlotMarkedSuccessful(int32_t in_slot, bool* _aidl_r *_aidl_return = true; return ScopedAStatus::ok(); } - if (in_slot >= slots) + if (in_slot < 0 || in_slot >= slots) return ScopedAStatus::fromServiceSpecificErrorWithMessage( INVALID_SLOT, (std::string("Invalid slot ") + std::to_string(in_slot)).c_str()); diff --git a/mediacodec/vpu/sepolicy/mediacodec_google.te b/mediacodec/vpu/sepolicy/mediacodec_google.te index 47c0be8..8022675 100644 --- a/mediacodec/vpu/sepolicy/mediacodec_google.te +++ b/mediacodec/vpu/sepolicy/mediacodec_google.te @@ -22,6 +22,9 @@ neverallow mediacodec_google { file_type fs_type }:file execute_no_trans; neverallow mediacodec_google domain:{ udp_socket rawip_socket } *; neverallow mediacodec_google { domain userdebug_or_eng(`-su') }:tcp_socket *; +# Allow HAL to send trace packets to Perfetto +userdebug_or_eng(`perfetto_producer(mediacodec_google)') + userdebug_or_eng(` allow mediacodec_google vendor_media_data_file:dir rw_dir_perms; allow mediacodec_google vendor_media_data_file:file create_file_perms; diff --git a/modem/radio_ext/sepolicy/grilservice_app.te b/modem/radio_ext/sepolicy/grilservice_app.te new file mode 100644 index 0000000..9bd8c8e --- /dev/null +++ b/modem/radio_ext/sepolicy/grilservice_app.te @@ -0,0 +1,2 @@ +allow grilservice_app hal_radio_ext_service:service_manager find; +binder_call(grilservice_app, hal_radio_ext) diff --git a/storage/sepolicy/e2fs.te b/storage/sepolicy/e2fs.te index c280cb7..464b4ce 100644 --- a/storage/sepolicy/e2fs.te +++ b/storage/sepolicy/e2fs.te @@ -1 +1,9 @@ +# fix mkfs allow e2fs userdata_exp_block_device:blk_file rw_file_perms; +allow e2fs efs_block_device:blk_file rw_file_perms; +allow e2fs modem_userdata_block_device:blk_file rw_file_perms; +allowxperm e2fs { persist_block_device efs_block_device modem_userdata_block_device }:blk_file ioctl { + BLKSECDISCARD BLKDISCARD BLKPBSZGET BLKDISCARDZEROES BLKROGET +}; +allow e2fs sysfs_scsi_devices_0000:dir r_dir_perms; +allow e2fs sysfs_scsi_devices_0000:file r_file_perms; diff --git a/storage/sepolicy/fsck.te b/storage/sepolicy/fsck.te index 2043199..88efb35 100644 --- a/storage/sepolicy/fsck.te +++ b/storage/sepolicy/fsck.te @@ -1 +1,6 @@ +# fix fsck allow fsck userdata_exp_block_device:blk_file rw_file_perms; +allow fsck efs_block_device:blk_file rw_file_perms; +allow fsck modem_userdata_block_device:blk_file rw_file_perms; +allow fsck sysfs_scsi_devices_0000:dir r_dir_perms; +allow fsck sysfs_scsi_devices_0000:file r_file_perms; diff --git a/storage/sepolicy/vold.te b/storage/sepolicy/vold.te index 3d35589..87387a7 100644 --- a/storage/sepolicy/vold.te +++ b/storage/sepolicy/vold.te @@ -1,3 +1,4 @@ +# ufs hagc allow vold sysfs_scsi_devices_0000:file rw_file_perms; # Access userdata_exp block device. @@ -6,3 +7,7 @@ allowxperm vold userdata_exp_block_device:blk_file ioctl BLKSECDISCARD; dontaudit vold dumpstate:fifo_file rw_file_perms; dontaudit vold dumpstate:fd use ; + +# fix idle-maint +allow vold efs_block_device:blk_file { getattr }; +allow vold modem_userdata_block_device:blk_file { getattr }; diff --git a/touch/gti/ical/sepolicy/property.te b/touch/gti/ical/sepolicy/property.te index 2a71d74..94fa3fc 100644 --- a/touch/gti/ical/sepolicy/property.te +++ b/touch/gti/ical/sepolicy/property.te @@ -1 +1,2 @@ system_public_prop(vendor_gti_prop) +typeattribute vendor_gti_prop touch_property_type;