DO NOT MERGE - Merge PPRL.190205.001 into master

Bug: 124234733 Change-Id: I51d316749e1236c906879b8f431c09f4c3feb259
2026-02-01 07:50:47 +00:00 · 2019-02-20 08:20:37 -08:00
parent 6751b23bd2 f73e96a8a9
commit 743e5bb8da
10 changed files with 34 additions and 3 deletions
--- a/device.mk
+++ b/device.mk
@@ -40,7 +40,7 @@ PRODUCT_COPY_FILES += \

 # Set the SVN for the targeted MR release
 PRODUCT_PROPERTY_OVERRIDES += \
-    ro.vendor.build.svn=22
+    ro.vendor.build.svn=23

 # Enforce privapp-permissions whitelist
 PRODUCT_PROPERTY_OVERRIDES += \
--- a/sepolicy/vendor/certs/pulse-release.x509.pem
+++ b/sepolicy/vendor/certs/pulse-release.x509.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICUjCCAbsCBEk0mH4wDQYJKoZIhvcNAQEEBQAwcDELMAkGA1UEBhMCVVMxCzAJ
+BgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtHb29n
+bGUsIEluYzEUMBIGA1UECxMLR29vZ2xlLCBJbmMxEDAOBgNVBAMTB1Vua25vd24w
+HhcNMDgxMjAyMDIwNzU4WhcNMzYwNDE5MDIwNzU4WjBwMQswCQYDVQQGEwJVUzEL
+MAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC0dv
+b2dsZSwgSW5jMRQwEgYDVQQLEwtHb29nbGUsIEluYzEQMA4GA1UEAxMHVW5rbm93
+bjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAn0gDGZD5sUcmOE4EU9GPjAu/
+jcd7JQSksSB8TGxEurwArcZhD6a2qy2oDjPy7vFrJqP2uFua+sqQn/u+s/TJT36B
+IqeY4OunXO090in6c2X0FRZBWqnBYX3Vg84Zuuigu9iF/BeptL0mQIBRIarbk3fe
+tAATOBQYiC7FIoL8WA0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQBAhmae1jHaQ4Td
+0GHSJuBzuYzEuZ34teS+njy+l1Aeg98cb6lZwM5gXE/SrG0chM7eIEdsurGb6PIg
+Ov93F61lLY/MiQcI0SFtqERXWSZJ4OnTxLtM9Y2hnbHU/EG8uVhPZOZfQQ0FKf1b
+aIOMFB0Km9HbEZHLKg33kOoMsS2zpA==
+-----END CERTIFICATE-----
--- a/sepolicy/vendor/hal_camera_default.te
+++ b/sepolicy/vendor/hal_camera_default.te
@@ -19,3 +19,5 @@ userdebug_or_eng(`
  allow hal_camera_default camera_vendor_data_file:dir create_dir_perms;
  allow hal_camera_default camera_vendor_data_file:file create_file_perms;
 ')
+
+get_prop(hal_camera_default, vendor_radio_prop);
--- a/sepolicy/vendor/keys.conf
+++ b/sepolicy/vendor/keys.conf
@@ -9,6 +9,9 @@ USER        : device/google/wahoo/sepolicy/vendor/certs/tango_userdev.x509.pem
 [@GOOGLE]
 ALL : device/google/wahoo/sepolicy/vendor/certs/app.x509.pem

+[@GOOGLEPULSE]
+ALL : device/google/wahoo/sepolicy/vendor/certs/pulse-release.x509.pem
+
 [@EASEL]
 ALL : device/google/wahoo/sepolicy/vendor/certs/easel.x509.pem

--- a/sepolicy/vendor/mac_permissions.xml
+++ b/sepolicy/vendor/mac_permissions.xml
@@ -24,6 +24,9 @@
    <signer signature="@GOOGLE" >
      <seinfo value="google" />
    </signer>
+    <signer signature="@GOOGLEPULSE" >
+      <seinfo value="googlepulse" />
+    </signer>
    <signer signature="@TANGO" >
      <seinfo value="tango" />
    </signer>
--- a/sepolicy/vendor/property_contexts
+++ b/sepolicy/vendor/property_contexts
@@ -50,6 +50,7 @@ ro.vendor.graphics.memory  u:object_r:public_vendor_default_prop:s0
 vendor.debug.egl.changepixelformat  u:object_r:public_vendor_default_prop:s0
 vendor.debug.prerotation.disable  u:object_r:public_vendor_default_prop:s0
 vendor.debug.rs.           u:object_r:public_vendor_default_prop:s0
+vendor.debug.egl.swapinterval      u:object_r:public_vendor_default_prop:s0

 # public_vendor_system_prop
 # They are public_vendor_system_props for vendor-specific extension.
@@ -193,6 +194,7 @@ persist.radio.snapshot_timer  u:object_r:vendor_radio_prop:s0
 persist.radio.videopause.mode  u:object_r:vendor_radio_prop:s0
 persist.radio.VT_ENABLE    u:object_r:vendor_radio_prop:s0
 persist.radio.VT_HYBRID_ENABLE  u:object_r:vendor_radio_prop:s0
+vendor.radio.pwr.curb_backoff  u:object_r:vendor_radio_prop:s0

 # vendor_bluetooth_prop
 persist.vendor.bluetooth.a4wp           u:object_r:vendor_bluetooth_prop:s0
--- a/sepolicy/vendor/rild.te
+++ b/sepolicy/vendor/rild.te
@@ -28,7 +28,7 @@ dontaudit rild diag_device:chr_file rw_file_perms;
 allow rild radio_vendor_data_file:dir rw_dir_perms;
 allow rild radio_vendor_data_file:file create_file_perms;

-get_prop(rild, vendor_radio_prop)
+set_prop(rild, vendor_radio_prop)

 # Allow vendor native process to read the proc file of xt_qtaguid
 allow rild proc_qtaguid_stat:file r_file_perms;
--- a/sepolicy/vendor/seapp_contexts
+++ b/sepolicy/vendor/seapp_contexts
@@ -17,7 +17,10 @@ user=_app seinfo=tango name=com.google.tango:app domain=untrusted_app type=app_d
 user=_app seinfo=platform name=com.google.android.hardwareinfo domain=hardware_info_app type=app_data_file levelFrom=user

 # Use a custom domain for GoogleCamera, to allow for Hexagon DSP access
-user=_app seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=user
+user=_app seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=all
+
+# Also allow GoogleCameraNext, the dogfood beta version, the same access as GoogleCamera
+user=_app seinfo=googlepulse name=com.google.android.apps.googlecamera.fishfood domain=google_camera_app type=app_data_file levelFrom=all

 #Needed for time service apk
 user=_app seinfo=platform name=com.qualcomm.timeservice domain=timeservice_app type=app_data_file
--- a/sepolicy/vendor/system_server.te
+++ b/sepolicy/vendor/system_server.te
@@ -23,3 +23,5 @@ typeattribute system_server system_writes_vendor_properties_violators;
 set_prop(system_server, public_vendor_system_prop)

 dontaudit system_server self:capability sys_module;
+
+allow system_server thermal_service:service_manager find;
--- a/sepolicy/vendor/thermalserviced.te
+++ b/sepolicy/vendor/thermalserviced.te
@@ -0,0 +1 @@
+binder_call(thermalserviced, system_server)
				`@@ -0,0 +1 @@`
				`binder_call(thermalserviced, system_server)`