diff options
| -rw-r--r-- | Android.mk | 6 | ||||
| -rw-r--r-- | prebuilts/api/31.0/private/mediatranscoding.te | 1 | ||||
| -rw-r--r-- | private/gmscore_app.te | 4 | ||||
| -rw-r--r-- | private/mediatranscoding.te | 1 | ||||
| -rw-r--r-- | private/platform_app.te | 1 |
5 files changed, 8 insertions, 5 deletions
diff --git a/Android.mk b/Android.mk index 4f595f54e..4652bb665 100644 --- a/Android.mk +++ b/Android.mk @@ -412,9 +412,11 @@ endif # SELINUX_IGNORE_NEVERALLOWS endif # with_asan ifneq ($(PLATFORM_SEPOLICY_VERSION),$(TOT_SEPOLICY_VERSION)) +ifeq ($(PLATFORM_SEPOLICY_VERSION_TEST),true) LOCAL_REQUIRED_MODULES += \ - sepolicy_freeze_test \ + sepolicy_freeze_test +endif # ($(PLATFORM_SEPOLICY_VERSION_TEST),true) else ifneq (,$(FREEZE_TEST_EXTRA_DIRS)$(FREEZE_TEST_EXTRA_PREBUILT_DIRS)) $(error SEPOLICY_FREEZE_TEST_EXTRA_DIRS or SEPOLICY_FREEZE_TEST_EXTRA_PREBUILT_DIRS\ @@ -1574,12 +1576,14 @@ $(LOCAL_BUILT_MODULE): PRIVATE_EXTRA := $(sort $(FREEZE_TEST_EXTRA_DIRS)) $(LOCAL_BUILT_MODULE): PRIVATE_EXTRA_PREBUILT := $(sort $(FREEZE_TEST_EXTRA_PREBUILT_DIRS)) $(LOCAL_BUILT_MODULE): $(all_frozen_files) ifneq ($(PLATFORM_SEPOLICY_VERSION),$(TOT_SEPOLICY_VERSION)) +ifeq ($(PLATFORM_SEPOLICY_VERSION_TEST),true) @diff -rq -x bug_map $(PRIVATE_BASE_PLAT_PUBLIC_PREBUILT) $(PRIVATE_BASE_PLAT_PUBLIC) @diff -rq -x bug_map $(PRIVATE_BASE_PLAT_PRIVATE_PREBUILT) $(PRIVATE_BASE_PLAT_PRIVATE) ifneq (,$(FREEZE_TEST_EXTRA_DIRS)$(FREEZE_TEST_EXTRA_PREBUILT_DIRS)) @for pair in $(call ziplist, $(PRIVATE_EXTRA_PREBUILT), $(PRIVATE_EXTRA)); \ do diff -rq -x bug_map $$pair; done endif # (,$(FREEZE_TEST_EXTRA_DIRS)$(FREEZE_TEST_EXTRA_PREBUILT_DIRS)) +endif # ($(PLATFORM_SEPOLICY_VERSION_TEST),true) endif # ($(PLATFORM_SEPOLICY_VERSION),$(TOT_SEPOLICY_VERSION)) $(hide) touch $@ diff --git a/prebuilts/api/31.0/private/mediatranscoding.te b/prebuilts/api/31.0/private/mediatranscoding.te index 2a43cf9b5..073e81d78 100644 --- a/prebuilts/api/31.0/private/mediatranscoding.te +++ b/prebuilts/api/31.0/private/mediatranscoding.te @@ -19,6 +19,7 @@ hal_client_domain(mediatranscoding, hal_graphics_allocator) hal_client_domain(mediatranscoding, hal_configstore) hal_client_domain(mediatranscoding, hal_omx) hal_client_domain(mediatranscoding, hal_codec2) +hal_client_domain(mediatranscoding, hal_allocator) allow mediatranscoding mediaserver_service:service_manager find; allow mediatranscoding mediametrics_service:service_manager find; diff --git a/private/gmscore_app.te b/private/gmscore_app.te index 571d155cd..16324edfe 100644 --- a/private/gmscore_app.te +++ b/private/gmscore_app.te @@ -117,10 +117,6 @@ allow gmscore_app { cache_file cache_recovery_file }:file create_file_perms; # /cache is a symlink to /data/cache on some devices. Allow reading the link. allow gmscore_app cache_file:lnk_file r_file_perms; -# Write to /data/ota_package for OTA packages. -allow gmscore_app ota_package_file:dir rw_dir_perms; -allow gmscore_app ota_package_file:file create_file_perms; - # Used by Finsky / Android "Verify Apps" functionality when # running "adb install foo.apk". allow gmscore_app shell_data_file:file r_file_perms; diff --git a/private/mediatranscoding.te b/private/mediatranscoding.te index 2a43cf9b5..073e81d78 100644 --- a/private/mediatranscoding.te +++ b/private/mediatranscoding.te @@ -19,6 +19,7 @@ hal_client_domain(mediatranscoding, hal_graphics_allocator) hal_client_domain(mediatranscoding, hal_configstore) hal_client_domain(mediatranscoding, hal_omx) hal_client_domain(mediatranscoding, hal_codec2) +hal_client_domain(mediatranscoding, hal_allocator) allow mediatranscoding mediaserver_service:service_manager find; allow mediatranscoding mediametrics_service:service_manager find; diff --git a/private/platform_app.te b/private/platform_app.te index f746f1cc4..8bff85d77 100644 --- a/private/platform_app.te +++ b/private/platform_app.te @@ -59,6 +59,7 @@ allow platform_app mediaserver_service:service_manager find; allow platform_app mediametrics_service:service_manager find; allow platform_app mediaextractor_service:service_manager find; allow platform_app mediadrmserver_service:service_manager find; +allow platform_app nfc_service:service_manager find; allow platform_app persistent_data_block_service:service_manager find; allow platform_app radio_service:service_manager find; allow platform_app thermal_service:service_manager find; |