commit 73ff3cd86d9f178a87d2557baf1ffd2aab503782
author Android Build Coastguard Worker <android-build-coastguard-worker@google.com> Thu Feb 15 00:24:29 2024 +0000
committer Android Build Coastguard Worker <android-build-coastguard-worker@google.com> Thu Feb 15 00:24:29 2024 +0000
tree 50ef9938f1b9545216a1d878df550a6819846070
parent d10a7faea7807ce623c67a52cd8d5088a3e5f80b
parent 609971f58cd5301f902d29fbebb6e38711140e41

Snap for 11449429 from 609971f58cd5301f902d29fbebb6e38711140e41 to 24Q2-release

Change-Id: I969805c179d4b14ff9832c9da039508a3f214bee

private/app.te

diff --git a/private/app.te b/private/app.te
index b5bb474..1ef6ceb 100644
--- a/private/app.te
+++ b/private/app.te
@@ -146,6 +146,9 @@
 r_dir_file({ appdomain -ephemeral_app -sdk_sandbox_all }, vendor_app_file)
 allow { appdomain -ephemeral_app -sdk_sandbox_all } vendor_app_file:file execute;
 
+# Allow apps to read microdroid related files in vendor partition for CTS purpose.
+r_dir_file({ appdomain -isolated_app_all -ephemeral_app -sdk_sandbox_all }, vendor_microdroid_file)
+
 # Perform binder IPC to sdk sandbox.
 binder_call(appdomain, sdk_sandbox_all)
 

private/app_zygote.te

diff --git a/private/app_zygote.te b/private/app_zygote.te
index e3869cd..b51f633 100644
--- a/private/app_zygote.te
+++ b/private/app_zygote.te
@@ -93,6 +93,10 @@
 # Allow app_zygote to access odsign verification status
 get_prop(app_zygote, odsign_prop)
 
+# /data/resource-cache
+allow app_zygote resourcecache_data_file:file r_file_perms;
+allow app_zygote resourcecache_data_file:dir r_dir_perms;
+
 #####
 ##### Neverallow
 #####

private/audioserver.te

diff --git a/private/audioserver.te b/private/audioserver.te
index 7a5e8bc..74d5e88 100644
--- a/private/audioserver.te
+++ b/private/audioserver.te
@@ -105,3 +105,4 @@
 
 # Allow reading audio config props, e.g. af.fast_track_multiplier
 get_prop(audioserver, audio_config_prop)
+get_prop(audioserver, system_audio_config_prop)

private/property.te

diff --git a/private/property.te b/private/property.te
index 38e69bb..d21df55 100644
--- a/private/property.te
+++ b/private/property.te
@@ -44,6 +44,7 @@
 system_internal_prop(setupwizard_prop)
 system_internal_prop(snapuserd_prop)
 system_internal_prop(system_adbd_prop)
+system_internal_prop(system_audio_config_prop)
 system_internal_prop(timezone_metadata_prop)
 system_internal_prop(traced_perf_enabled_prop)
 system_internal_prop(uprobestats_start_with_config_prop)

private/property_contexts

diff --git a/private/property_contexts b/private/property_contexts
index c5f679e..568bdc1 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -418,6 +418,11 @@
 # USB devices can be connected to audio system at a certain time
 ro.audio.multi_usb_mode u:object_r:audio_config_prop:s0 exact bool
 
+# Boolean property used in libaudiohal@aidl to check if the SoC vendor
+# provides an implementation of IHalAdapterVendorExtension interface.
+# See b/323989070 for the discussion why this approach was chosen.
+ro.audio.ihaladaptervendorextension_enabled u:object_r:system_audio_config_prop:s0 exact bool
+
 persist.config.calibration_fac u:object_r:camera_calibration_prop:s0 exact string
 
 config.disable_cameraservice u:object_r:camera_config_prop:s0 exact bool

private/webview_zygote.te

diff --git a/private/webview_zygote.te b/private/webview_zygote.te
index 0556950..1e32c1f 100644
--- a/private/webview_zygote.te
+++ b/private/webview_zygote.te
@@ -93,6 +93,10 @@
 # Allow webview_zygote to access odsign verification status
 get_prop(zygote, odsign_prop)
 
+# /data/resource-cache
+allow webview_zygote resourcecache_data_file:file r_file_perms;
+allow webview_zygote resourcecache_data_file:dir r_dir_perms;
+
 #####
 ##### Neverallow
 #####