summaryrefslogtreecommitdiff
authorjie.yuan <jie.yuan@amlogic.com>2019-04-02 03:14:17 (GMT)
committer jie yuan <jie.yuan@amlogic.com>2019-05-10 01:16:24 (GMT)
commit7f3474215dca36056ba529d449c39f397b010e14 (patch)
treebf94705819f9ac59682b3f862e864f20cd6061fd
parent1d3c62cdf9df632e3e761b1ce4933e8e45a44a06 (diff)
downloadcommon-7f3474215dca36056ba529d449c39f397b010e14.zip
common-7f3474215dca36056ba529d449c39f397b010e14.tar.gz
common-7f3474215dca36056ba529d449c39f397b010e14.tar.bz2
product:enable PRODUCT_SHIPPING_API_LEVEL := 28 [1/8]
PD#SWPL-227 BUG=129695230 Problem: shipping api level is 28, need Tighter access properties Solution: add some selinux policies Verify: verify it on Atom and Beast we must use PartnerPrefixes properties: init.svc.vendor. ro.vendor. persist.vendor. vendor. init.svc.odm. ro.odm. persist.odm. odm. ro.boot. and we don't use hidden apis Change-Id: Ia71c44af056a2df53535732809af491dfd6a37d1 Signed-off-by: jie.yuan <jie.yuan@amlogic.com>
Diffstat
-rw-r--r--factory.mk19
-rw-r--r--[-rwxr-xr-x]flash-all-ab.bat0
-rw-r--r--[-rwxr-xr-x]flash-all-ab.sh0
-rw-r--r--[-rwxr-xr-x]flash-all.bat3
-rw-r--r--[-rwxr-xr-x]flash-all.sh2
-rw-r--r--init.amlogic.media.rc2
-rwxr-xr-xoptimization/config2
-rw-r--r--[-rwxr-xr-x]optimization/liboptimization_32.so128
-rw-r--r--products/mbox/init.amlogic.system.rc7
-rw-r--r--products/mbox/upgrade_4.9/aml_upgrade_package.conf1
-rw-r--r--products/mbox/upgrade_4.9/aml_upgrade_package_AB.conf1
-rw-r--r--products/mbox/upgrade_4.9/aml_upgrade_package_AB_enc.conf1
-rw-r--r--products/mbox/upgrade_4.9/aml_upgrade_package_avb.conf1
-rw-r--r--products/mbox/upgrade_4.9/aml_upgrade_package_enc.conf1
-rwxr-xr-xproducts/tv/init.amlogic.system.rc7
-rw-r--r--products/tv/product_tv.mk11
-rw-r--r--products/tv/ueventd.amlogic.rc4
-rw-r--r--products/tv/upgrade_4.9/aml_upgrade_package.conf1
-rw-r--r--products/tv/upgrade_4.9/aml_upgrade_package_AB.conf1
-rw-r--r--products/tv/upgrade_4.9/aml_upgrade_package_AB_enc.conf1
-rw-r--r--products/tv/upgrade_4.9/aml_upgrade_package_avb.conf1
-rw-r--r--products/tv/upgrade_4.9/aml_upgrade_package_avb_enc.conf2
-rw-r--r--products/tv/upgrade_4.9/aml_upgrade_package_enc.conf1
-rw-r--r--recovery/init.rc2
-rw-r--r--[-rwxr-xr-x]recovery/updater-script2
-rw-r--r--seccomp/mediaextractor.policy1
-rw-r--r--sepolicy/audioserver.te5
-rw-r--r--sepolicy/bluetooth.te3
-rw-r--r--sepolicy/bootanim.te15
-rw-r--r--sepolicy/bootvideo.te5
-rw-r--r--sepolicy/device.te4
-rw-r--r--sepolicy/drmserver.te3
-rw-r--r--sepolicy/e2fs.te1
-rw-r--r--sepolicy/file.te6
-rwxr-xr-x[-rw-r--r--]sepolicy/file_contexts56
-rw-r--r--sepolicy/fsck.te2
-rw-r--r--sepolicy/fsck_untrusted.te23
-rw-r--r--sepolicy/hal_audio_default.te16
-rw-r--r--sepolicy/hal_bluetooth_default.te4
-rw-r--r--sepolicy/hal_bootctl_default.te5
-rw-r--r--sepolicy/hal_graphics_allocator_default.te4
-rw-r--r--sepolicy/hal_graphics_composer_default.te11
-rw-r--r--sepolicy/hal_ir_default.te2
-rw-r--r--sepolicy/hal_memtrack_default.te7
-rw-r--r--sepolicy/hal_power_default.te4
-rw-r--r--sepolicy/hdcp_rp22.te45
-rw-r--r--sepolicy/hdmicecd.te10
-rw-r--r--sepolicy/hwservice.te2
-rwxr-xr-x[-rw-r--r--]sepolicy/hwservice_contexts2
-rw-r--r--sepolicy/hwservicemanager.te5
-rw-r--r--sepolicy/imageserver.te65
-rw-r--r--sepolicy/init.te4
-rw-r--r--sepolicy/mediacodec.te3
-rw-r--r--sepolicy/mediaextractor.te13
-rw-r--r--sepolicy/mediaprovider.te4
-rw-r--r--sepolicy/mediaserver.te6
-rw-r--r--sepolicy/platform_app.te3
-rw-r--r--sepolicy/postinstall.te10
-rw-r--r--sepolicy/priv_app.te9
-rw-r--r--sepolicy/property.te3
-rwxr-xr-x[-rw-r--r--]sepolicy/property_contexts16
-rw-r--r--sepolicy/rc_server.te14
-rw-r--r--sepolicy/recovery.te24
-rw-r--r--sepolicy/sdcardd.te3
-rw-r--r--sepolicy/system_app.te29
-rw-r--r--sepolicy/system_control.te48
-rw-r--r--sepolicy/system_server.te8
-rw-r--r--sepolicy/tee.te1
-rw-r--r--sepolicy/toolbox.te2
-rw-r--r--sepolicy/tvserver.te13
-rw-r--r--sepolicy/uncrypt.te2
-rw-r--r--sepolicy/update_engine.te14
-rw-r--r--sepolicy/vendor_init.te13
-rw-r--r--sepolicy/vold.te4
-rw-r--r--sepolicy/webview_zygote.te3
75 files changed, 596 insertions, 160 deletions
diff --git a/factory.mk b/factory.mk
index b94e625..6b4b255 100644
--- a/factory.mk
+++ b/factory.mk
@@ -16,6 +16,8 @@ BUILT_IMAGES += system.img userdata.img
ifneq ($(AB_OTA_UPDATER),true)
BUILT_IMAGES += cache.img
+ifdef BOARD_PREBUILT_DTBOIMAGE
+BUILT_IMAGES += dtbo.img
endif
BUILT_IMAGES += vendor.img
@@ -35,6 +37,7 @@ endif
ifeq ($(BUILD_WITH_AVB),true)
BUILT_IMAGES += vbmeta.img
endif
+endif
ifeq ($(strip $(HAS_BUILD_NUMBER)),false)
# BUILD_NUMBER has a timestamp in it, which means that
@@ -85,6 +88,9 @@ endif
ifdef KERNEL_DEVICETREE
DTBTOOL := $(BOARD_AML_VENDOR_PATH)/tools/dtbTool
+DTCTOOL := out/host/linux-x86/bin/dtc
+DTIMGTOOL := out/host/linux-x86/bin/mkdtimg
+
ifdef KERNEL_DEVICETREE_CUSTOMER_DIR
KERNEL_DEVICETREE_DIR := $(KERNEL_DEVICETREE_CUSTOMER_DIR)
else
@@ -116,7 +122,7 @@ ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY),true)
INSTALLED_BOARDDTB_TARGET := $(INSTALLED_BOARDDTB_TARGET).encrypt
endif# ifeq ($(PRODUCT_BUILD_SECURE_BOOT_IMAGE_DIRECTLY),true)
-$(INSTALLED_BOARDDTB_TARGET) : $(KERNEL_DEVICETREE_SRC) $(KERNEL_OUT) $(KERNEL_CONFIG)
+$(INSTALLED_BOARDDTB_TARGET) : $(KERNEL_DEVICETREE_SRC) $(DTCTOOL) $(DTIMGTOOL)
$(foreach aDts, $(KERNEL_DEVICETREE), \
sed -i 's/^#include \"partition_.*/#include \"$(TARGET_PARTITION_DTSI)\"/' $(KERNEL_ROOTDIR)/$(KERNEL_DEVICETREE_DIR)/$(strip $(aDts)).dts; \
sed -i 's/^#include \"firmware_.*/#include \"$(TARGET_FIRMWARE_DTSI)\"/' $(KERNEL_ROOTDIR)/$(KERNEL_DEVICETREE_DIR)/$(TARGET_PARTITION_DTSI); \
@@ -140,9 +146,16 @@ ifeq ($(BOARD_AVB_ENABLE),true)
--partition_name dtb
endif
+$(BOARD_PREBUILT_DTBOIMAGE): $(INSTALLED_BOARDDTB_TARGET) | $(DTCTOOL) $(DTIMGTOOL)
+ $(DTCTOOL) -@ -O dtb -o $(PRODUCT_OUT)/$(DTBO_DEVICETREE).dtbo $(KERNEL_ROOTDIR)/$(KERNEL_DEVICETREE_DIR)/$(DTBO_DEVICETREE).dts
+ $(DTIMGTOOL) create $@ $(PRODUCT_OUT)/$(DTBO_DEVICETREE).dtbo
+
.PHONY: dtbimage
dtbimage: $(INSTALLED_BOARDDTB_TARGET)
+.PHONY: dtboimage
+dtboimage: $(PRODUCT_OUT)/dtbo.img
+
endif # ifdef KERNEL_DEVICETREE
# Adds to <product name>-img-<build number>.zip so can be flashed. b/110831381
@@ -369,6 +382,10 @@ ifeq ($(BOARD_USES_PRODUCTIMAGE),true)
FASTBOOT_IMAGES += product.img
endif
+ifdef BOARD_PREBUILT_DTBOIMAGE
+FASTBOOT_IMAGES += dtbo.img
+endif
+
ifeq ($(BUILD_WITH_AVB),true)
FASTBOOT_IMAGES += vbmeta.img
endif
diff --git a/flash-all-ab.bat b/flash-all-ab.bat
index df57ea7..df57ea7 100755..100644
--- a/flash-all-ab.bat
+++ b/flash-all-ab.bat
diff --git a/flash-all-ab.sh b/flash-all-ab.sh
index 60a3bb6..60a3bb6 100755..100644
--- a/flash-all-ab.sh
+++ b/flash-all-ab.sh
diff --git a/flash-all.bat b/flash-all.bat
index dbbeaf5..a52d9d9 100755..100644
--- a/flash-all.bat
+++ b/flash-all.bat
@@ -26,7 +26,10 @@ ping -n 5 127.0.0.1 >nul
fastboot flashing unlock_critical
fastboot flashing unlock
fastboot flash dts dt.img
+fastboot flash dtbo dtbo.img
fastboot -w
+fastboot erase param
+fastboot erase tee
fastboot flash vbmeta vbmeta.img
fastboot flash odm odm.img
fastboot flash logo logo.img
diff --git a/flash-all.sh b/flash-all.sh
index 96397a9..7ba15f4 100755..100644
--- a/flash-all.sh
+++ b/flash-all.sh
@@ -61,7 +61,9 @@ sleep 5
fastboot $sern flashing unlock_critical
fastboot $sern flashing unlock
fastboot $sern flash dts dt.img
+fastboot $sern flash dtbo dtbo.img
fastboot $sern erase param
+fastboot $sern erase tee
fastboot $sern -w
flash_with_retry vbmeta vbmeta.img
diff --git a/init.amlogic.media.rc b/init.amlogic.media.rc
index 5ab1885..008fde8 100644
--- a/init.amlogic.media.rc
+++ b/init.amlogic.media.rc
@@ -14,11 +14,13 @@ on fs
insmod /vendor/lib/modules/amvdec_mjpeg.ko
insmod /vendor/lib/modules/amvdec_mmjpeg.ko
insmod /vendor/lib/modules/amvdec_mpeg12.ko
+ insmod /vendor/lib/modules/amvdec_mmpeg12.ko
insmod /vendor/lib/modules/amvdec_mpeg4.ko
insmod /vendor/lib/modules/amvdec_mmpeg4.ko
insmod /vendor/lib/modules/amvdec_real.ko
insmod /vendor/lib/modules/amvdec_vc1.ko
insmod /vendor/lib/modules/amvdec_vp9.ko
+ insmod /vendor/lib/modules/amvdec_avs2.ko
insmod /vendor/lib/modules/encoder.ko
insmod /vendor/lib/modules/vpu.ko
diff --git a/optimization/config b/optimization/config
index ec564fc..597a2ec 100755
--- a/optimization/config
+++ b/optimization/config
@@ -1 +1 @@
-NPEF;IjhiQspgjmf EBUB; 0tzt0dmbtt0uifsnbm0uifsnbm`{pof10npef;ejtbcmfe 0tzt0dmbtt0uifsnbm0uifsnbm`{pof20npef;ejtbcmfe 0tzt0efwjdft0tztufn0dqv0dqv10dqvgsfr0tdbmjoh`nby`gsfr;0tzt0efwjdft0tztufn0dqv0dqv10dqvgsfr0dqvjogp`nby`gsfr 0tzt0efwjdft0tztufn0dqv0dqv10dqvgsfr0inq`cpptu;2 0tzt0dmbtt0nqhqv0tdbmf`npef;4 0tzt0efwjdft0tztufn0dmpdltpvsdf0dmpdltpvsdf10dvssfou`dmpdltpvsdf;Ujnfs.L tzt/pqujnj{bujpo/vj/ix;usvf tzt/ibsexbsf/wtzod;usvf QLH; dpn/bouvuv dpn/sjhiuxbsf/uenn3w21kojgsff tpguxfh/ix/qfsgpsnbodf dpn/hmcfodinbsl db/qsjnbufmbct/hfflcfodi3 dpn/fmmjtnbslpw/hqvcfodi qfsgpsnbodf/uftu dpn/hsffofdpnqvujoh/mjoqbdl dpn/espmf{/ocfodi tf/ofob dpn/rvbmdpnn/ry/ofpdpsf dpn/bvspsbtpguxpslt/rvbesbou dpn/tnbsucfodi/fmfwfo dpn/qbttnbsl/qu`npcjmf dpn/fecvsofuuf/gqt3e dpn/Cgjfme/DqvJefoujgjfs fv/dibjogjsf/dgcfodi dpn/gvuvsfnbsl/enboespje/bqqmjdbujpo dpn/rvjdjod/wfmmbnp dpn/IPUJDF/NpcjmfUftu dpn/qduwuw/boespje/uuty dpn/ffncd/dpsfnbsl dpn/boespje/dn4 dpn/qsjnbufmbct dpn/bsn/of21/efnp dpn/boespje/dut/pqfohm0/qsjnjujwf/HMQsjnjujwfBdujwjuz dpn/ubdufm/fmfdupqjb dpn/rrgsjfoet dpn/topxdpme/cfodinbsl  NPEF;DqvMjnjufsGsfr EBUB; 0tzt0dmbtt0uifsnbm0uifsnbm`{pof10npef;ejtbcmfe 0tzt0dmbtt0uifsnbm0uifsnbm`{pof20npef;ejtbcmfe 0tzt0efwjdft0tztufn0dqv0dqv10dqvgsfr0tdbmjoh`nby`gsfr;711111 QLH; dpn/bouvuv/uftufs  NPEF;HqvGpsdfSfoefs EBUB; tzt/pqujnj{bujpo/vj/ix;usvf QLH; dpn/ufodfou/hbnf/sizuinnbtufs  NPEF;DUT EBUB; tzt/wtzod/uzqf;ibsexbsf tzt/nfejb/pny/ws;usvf QLH; boespje/nfejb/dut0/EfdpefBddvsbdzUftuBdujwjuz boespje/wjfx/dut0/QjyfmDpqzWjefpTpvsdfBdujwjuz boespje/wjfx/dut0/tvsgbdfwbmjebups/DbquvsfeBdujwjuz dpn/hpphmf/boespje/fypqmbzfs/hut0/vujm/IptuBdujwjuz dpn/boespje/dut/wfsjgjfs  NPEF;HqvIjhiQspgjmf EBUB; 0tzt0dmbtt0nqhqv0tdbmf`npef;4 QLH; dpn/esbxfmfnfout/efrq boespje/mfbocbdlkbol/dut boespje/mfbocbdlkbol/bqq dpn/boespje/tfswfs/dut/efwjdf/hsbqijdttubut boespje/wjfx/dut0/EjtqmbzSfgsftiSbufDutBdujwjuz boespje/pqfohmqfsg/dut0/HmQmbofutBdujwjuz dpn/ofugmjy/ojokb0/NbjoBdujwjuz  NPEF;FodpefsHutUftu EBUB; ix/fodpefs/cjusbuf/uftu;2 nfejb/pny/ejtqmbz`npef;2 0tzt0npevmf0ej0qbsbnfufst0czqbtt`bmm;2 QLH; dpn/hpphmf/boespje/nfejb/hut \ No newline at end of file
+NPEF;IjhiQspgjmf EBUB; 0tzt0dmbtt0uifsnbm0uifsnbm`{pof10npef;ejtbcmfe 0tzt0dmbtt0uifsnbm0uifsnbm`{pof20npef;ejtbcmfe 0tzt0efwjdft0tztufn0dqv0dqv10dqvgsfr0tdbmjoh`nby`gsfr;0tzt0efwjdft0tztufn0dqv0dqv10dqvgsfr0dqvjogp`nby`gsfr 0tzt0efwjdft0tztufn0dqv0dqv10dqvgsfr0inq`cpptu;2 0tzt0dmbtt0nqhqv0tdbmf`npef;4 0tzt0efwjdft0tztufn0dmpdltpvsdf0dmpdltpvsdf10dvssfou`dmpdltpvsdf;Ujnfs.L tzt/pqujnj{bujpo/vj/ix;usvf tzt/ibsexbsf/wtzod;usvf QLH; dpn/bouvuv dpn/sjhiuxbsf/uenn3w21kojgsff tpguxfh/ix/qfsgpsnbodf dpn/hmcfodinbsl db/qsjnbufmbct/hfflcfodi3 dpn/fmmjtnbslpw/hqvcfodi qfsgpsnbodf/uftu dpn/hsffofdpnqvujoh/mjoqbdl dpn/espmf{/ocfodi tf/ofob dpn/rvbmdpnn/ry/ofpdpsf dpn/bvspsbtpguxpslt/rvbesbou dpn/tnbsucfodi/fmfwfo dpn/qbttnbsl/qu`npcjmf dpn/fecvsofuuf/gqt3e dpn/Cgjfme/DqvJefoujgjfs fv/dibjogjsf/dgcfodi dpn/gvuvsfnbsl/enboespje/bqqmjdbujpo dpn/rvjdjod/wfmmbnp dpn/IPUJDF/NpcjmfUftu dpn/qduwuw/boespje/uuty dpn/ffncd/dpsfnbsl dpn/boespje/dn4 dpn/qsjnbufmbct dpn/bsn/of21/efnp dpn/boespje/dut/pqfohm0/qsjnjujwf/HMQsjnjujwfBdujwjuz dpn/ubdufm/fmfdupqjb dpn/rrgsjfoet dpn/topxdpme/cfodinbsl  NPEF;DqvMjnjufsGsfr EBUB; 0tzt0dmbtt0uifsnbm0uifsnbm`{pof10npef;ejtbcmfe 0tzt0dmbtt0uifsnbm0uifsnbm`{pof20npef;ejtbcmfe 0tzt0efwjdft0tztufn0dqv0dqv10dqvgsfr0tdbmjoh`nby`gsfr;711111 QLH; dpn/bouvuv/uftufs  NPEF;HqvGpsdfSfoefs EBUB; tzt/pqujnj{bujpo/vj/ix;usvf QLH; dpn/ufodfou/hbnf/sizuinnbtufs  NPEF;DUT EBUB; tzt/wtzod/uzqf;ibsexbsf nfejb/pny/ws;usvf QLH; boespje/nfejb/dut0/EfdpefBddvsbdzUftuBdujwjuz boespje/wjfx/dut0/QjyfmDpqzWjefpTpvsdfBdujwjuz boespje/wjfx/dut0/tvsgbdfwbmjebups/DbquvsfeBdujwjuz dpn/hpphmf/boespje/fypqmbzfs/hut0/vujm/IptuBdujwjuz dpn/boespje/dut/wfsjgjfs  NPEF;HqvIjhiQspgjmf EBUB; 0tzt0dmbtt0nqhqv0tdbmf`npef;4 QLH; dpn/esbxfmfnfout/efrq boespje/mfbocbdlkbol/dut boespje/mfbocbdlkbol/bqq dpn/boespje/tfswfs/dut/efwjdf/hsbqijdttubut boespje/wjfx/dut0/EjtqmbzSfgsftiSbufDutBdujwjuz boespje/pqfohmqfsg/dut0/HmQmbofutBdujwjuz dpn/ofugmjy/ojokb0/NbjoBdujwjuz  NPEF;FodpefsHutUftu EBUB; nfejb/fodpefs/cjusbuf/uftu;2 nfejb/pny/ejtqmbz`npef;2 0tzt0npevmf0ej0qbsbnfufst0czqbtt`bmm;2 QLH; dpn/hpphmf/boespje/nfejb/hut \ No newline at end of file
diff --git a/optimization/liboptimization_32.so b/optimization/liboptimization_32.so
index 90bf96a..991f8b8 100755..100644
--- a/optimization/liboptimization_32.so
+++ b/optimization/liboptimization_32.so
@@ -1,19 +1,19 @@
-ELF
-
-@
-HAxD
-(F!FOrB(F@U-OF
+ELF
+
+HAxD
+(F!FOr6(F@𯸰-OF
-!F, HFpy x/(%1HDhxD
-
-
-
+!F, HFpy x/(%1HDhxD
+
+
+
+O
+PF1F"PF9F"0PF9F" F1F 
+
+9
C
-$8F
-
-O
-PF1F"PF9F"\PF9F" F1F 
-
+b$8F
+,
HF*F
p
@@ -23,18 +23,19 @@ p
hHF1F
1DF
-
-) -أ0F)F"F
-1 ,أ2h(F!F
-F
+
+) -أ0F)F"F
+1 ,أ2h(F!F
+
+F
-nFcH 
-"F
- FoBF
-KzD
+nFcH 
+"F
+ FoBF
+KzD
Fb

-8
+8
p@
p@
p@
@@ -44,48 +45,55 @@ Fb

p@
hA
-
+
I}D
J
-KzD
- FoG%HxD
+KzD
+ FoG%HxD
`J
-
-
-
-
-
-
+
+
+
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
+
-
-
-
+
+
+
+
+
A 
- "&7zXZ
- l5^<`.sd<GePPcFT-R? $Xg\L[~I8H
-ŷd<
- ^wcK뭗AkSO6i0~!3]X-擩mR }ךd&YP,J|N6ܒ{/BKO$J-v`ʽ$ӻE=ᷕ,SbdN
-!%}(-3e2-/i,"ezl-^2**Aaz#\Dh#.
-Nc鑵wHi ,&(l25U\f֬% 1_gq[Q-3xGoKQ1ֳTfT'_q" c W%nXokER&xmWcC\źLUmcd dͦZr>kVmQMnmm~^X}# g&g1*5Є vӯ;G0_/3OepMLřWՇu3
-箱
-Zb#3t
-\EaJ9fJbeqorzH&ȵZX=35eD;hC_sǂ֎
-=2
-g
-
-
+ "&7zXZ
+[B⥐jyv଴ƷxV^ SW9
+e.2QϺ2CP9YF'3
+x ̬= H7^T89%\.[Bo'qudJbNJ(PIh&܅٦: (hE=)uW=VS O$6/Ƨgf-󭲻VKY
+D ۛ<$Uf_' T$ܐ;5.ΌgΏIs.,21Z^/ ~I 3TMG}ZI r |#FUr; Z(Е[>¿iOK2?73k6׺/ 8'2rD0JW+ 2،##> 5ఆ7z0`"__C@8q*eF#* Y[AfhgVk%-yR[kTݜi5P VI!@^X6_ kp_W`EY#v=0ƞe+ܨ'WgK6as_j&A;XcʗQ㶙v~^a!ZV֡wxaM'egVҏAGn;e'?L*p!YcP*xA+$Pџ4zGC>)^?V
+$qҦK(Ȟ b?샑8P}{'g {{6kM9> 2+wՕ.a#
+*YTH״
+
+REj)GAűy'qGܯ)BA9FE䈆-
+Cq:&
+\
+BƔgGvݑdaxCo Kx>B RZ.rapw.b
+
+
+
+
+
+
diff --git a/products/mbox/init.amlogic.system.rc b/products/mbox/init.amlogic.system.rc
index 10b9ee9..b7a460a 100644
--- a/products/mbox/init.amlogic.system.rc
+++ b/products/mbox/init.amlogic.system.rc
@@ -239,6 +239,11 @@ on boot
chown media system /sys/module/amvdec_h265/parameters/double_write_mode
chmod 666 /sys/module/amvdec_h265/parameters/double_write_mode
+ chown media system /sys/module/amdolby_vision/parameters/dolby_vision_profile
+ chown media system /sys/module/amdolby_vision/parameters/dolby_vision_level
+ chmod 666 /sys/module/amdolby_vision/parameters/dolby_vision_profile
+ chmod 666 /sys/module/amdolby_vision/parameters/dolby_vision_level
+
chown media system /sys/module/deinterlace/parameters/deinterlace_mode
chown media system /sys/class/graphics/fb0/block_mode
@@ -269,7 +274,7 @@ on boot
chown system system /sys/class/amhdmitx/amhdmitx0/cec_lang_config
chown system system /sys/class/amhdmitx/amhdmitx0/config
chown system system /sys/class/amhdmitx/amhdmitx0/avmute
- chmod 0664 /sys/class/amhdmitx/amhdmitx0/avmute
+ chmod 0666 /sys/class/amhdmitx/amhdmitx0/avmute
chown mediadrm audio /sys/class/amhdmitx/amhdmitx0/aud_output_chs
chown media system /sys/class/switch/hdmi/state
chmod 0660 /sys/class/switch/hdmi/state
diff --git a/products/mbox/upgrade_4.9/aml_upgrade_package.conf b/products/mbox/upgrade_4.9/aml_upgrade_package.conf
index 6b1e222..e64aed8 100644
--- a/products/mbox/upgrade_4.9/aml_upgrade_package.conf
+++ b/products/mbox/upgrade_4.9/aml_upgrade_package.conf
@@ -24,4 +24,5 @@ file="product.img" main_type="PARTITION" sub_type="product"
file="recovery.img" main_type="PARTITION" sub_type="recovery"
file="bootloader.img" main_type="PARTITION" sub_type="bootloader"
file="dt.img" main_type="PARTITION" sub_type="_aml_dtb"
+file="dtbo.img" main_type="PARTITION" sub_type="dtbo"
diff --git a/products/mbox/upgrade_4.9/aml_upgrade_package_AB.conf b/products/mbox/upgrade_4.9/aml_upgrade_package_AB.conf
index e78eb2a..ad38dda 100644
--- a/products/mbox/upgrade_4.9/aml_upgrade_package_AB.conf
+++ b/products/mbox/upgrade_4.9/aml_upgrade_package_AB.conf
@@ -23,4 +23,5 @@ file="odm.img" main_type="PARTITION" sub_type="odm_a"
file="odm.img" main_type="PARTITION" sub_type="odm_b"
file="bootloader.img" main_type="PARTITION" sub_type="bootloader"
file="dt.img" main_type="PARTITION" sub_type="_aml_dtb"
+file="dtbo.img" main_type="PARTITION" sub_type="dtbo"
diff --git a/products/mbox/upgrade_4.9/aml_upgrade_package_AB_enc.conf b/products/mbox/upgrade_4.9/aml_upgrade_package_AB_enc.conf
index 4d76632..c65dee0 100644
--- a/products/mbox/upgrade_4.9/aml_upgrade_package_AB_enc.conf
+++ b/products/mbox/upgrade_4.9/aml_upgrade_package_AB_enc.conf
@@ -27,4 +27,5 @@ file="odm.img" main_type="PARTITION" sub_type="odm_a"
file="odm.img" main_type="PARTITION" sub_type="odm_b"
file="bootloader.img.encrypt" main_type="PARTITION" sub_type="bootloader"
file="dt.img.encrypt" main_type="PARTITION" sub_type="_aml_dtb"
+file="dtbo.img" main_type="PARTITION" sub_type="dtbo"
diff --git a/products/mbox/upgrade_4.9/aml_upgrade_package_avb.conf b/products/mbox/upgrade_4.9/aml_upgrade_package_avb.conf
index 5985f54..c35249c 100644
--- a/products/mbox/upgrade_4.9/aml_upgrade_package_avb.conf
+++ b/products/mbox/upgrade_4.9/aml_upgrade_package_avb.conf
@@ -25,4 +25,5 @@ file="product.img" main_type="PARTITION" sub_type="product"
file="recovery.img" main_type="PARTITION" sub_type="recovery"
file="bootloader.img" main_type="PARTITION" sub_type="bootloader"
file="dt.img" main_type="PARTITION" sub_type="_aml_dtb"
+file="dtbo.img" main_type="PARTITION" sub_type="dtbo"
diff --git a/products/mbox/upgrade_4.9/aml_upgrade_package_enc.conf b/products/mbox/upgrade_4.9/aml_upgrade_package_enc.conf
index 1fe859b..714ef45 100644
--- a/products/mbox/upgrade_4.9/aml_upgrade_package_enc.conf
+++ b/products/mbox/upgrade_4.9/aml_upgrade_package_enc.conf
@@ -28,4 +28,5 @@ file="product.img" main_type="PARTITION" sub_type="product"
file="recovery.img.encrypt" main_type="PARTITION" sub_type="recovery"
file="bootloader.img.encrypt" main_type="PARTITION" sub_type="bootloader"
file="dt.img.encrypt" main_type="PARTITION" sub_type="_aml_dtb"
+file="dtbo.img" main_type="PARTITION" sub_type="dtbo"
diff --git a/products/tv/init.amlogic.system.rc b/products/tv/init.amlogic.system.rc
index a20c565..5de777d 100755
--- a/products/tv/init.amlogic.system.rc
+++ b/products/tv/init.amlogic.system.rc
@@ -253,6 +253,11 @@ on boot
chown media system /sys/module/amvdec_h265/parameters/double_write_mode
chmod 666 /sys/module/amvdec_h265/parameters/double_write_mode
+ chown media system /sys/module/amdolby_vision/parameters/dolby_vision_profile
+ chown media system /sys/module/amdolby_vision/parameters/dolby_vision_level
+ chmod 666 /sys/module/amdolby_vision/parameters/dolby_vision_profile
+ chmod 666 /sys/module/amdolby_vision/parameters/dolby_vision_level
+
chown media system /sys/module/deinterlace/parameters/deinterlace_mode
chown media system /sys/class/graphics/fb0/block_mode
@@ -283,7 +288,7 @@ on boot
chown system system /sys/class/amhdmitx/amhdmitx0/cec_lang_config
chown system system /sys/class/amhdmitx/amhdmitx0/config
chown system system /sys/class/amhdmitx/amhdmitx0/avmute
- chmod 644 /sys/class/amhdmitx/amhdmitx0/avmute
+ chmod 0666 /sys/class/amhdmitx/amhdmitx0/avmute
chown system mediadrm /sys/class/amhdmitx/amhdmitx0/aud_output_chs
chown media system /sys/class/switch/hdmi/state
chmod 0660 /sys/class/switch/hdmi/state
diff --git a/products/tv/product_tv.mk b/products/tv/product_tv.mk
index 974a778..9bad47f 100644
--- a/products/tv/product_tv.mk
+++ b/products/tv/product_tv.mk
@@ -96,8 +96,13 @@ endif
# USB
PRODUCT_COPY_FILES += \
- frameworks/native/data/etc/android.hardware.usb.host.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.usb.host.xml \
+ frameworks/native/data/etc/android.hardware.usb.host.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.usb.host.xml
+
+#usb accessory donnot need in atv
+ifneq ($(TARGET_BUILD_GOOGLE_ATV), true)
+PRODUCT_COPY_FILES += \
frameworks/native/data/etc/android.hardware.usb.accessory.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.usb.accessory.xml
+endif
custom_keylayouts := $(wildcard device/amlogic/common/keyboards/*.kl)
PRODUCT_COPY_FILES += $(foreach file,$(custom_keylayouts),\
@@ -136,3 +141,7 @@ PRODUCT_PROPERTY_OVERRIDES += \
#TV project,set omx to video layer,or PQ hasn't effect
PRODUCT_PROPERTY_OVERRIDES += \
media.omx.display_mode=1
+
+#TV project, need use 8 ch 32 bit output.
+TARGET_WITH_TV_AUDIO_MODE := true
+
diff --git a/products/tv/ueventd.amlogic.rc b/products/tv/ueventd.amlogic.rc
index 8851eb2..38434bb 100644
--- a/products/tv/ueventd.amlogic.rc
+++ b/products/tv/ueventd.amlogic.rc
@@ -39,7 +39,7 @@
/dev/HevcEnc 0660 mediacodec system
/dev/amsubtitle 0660 media system
/dev/jpegenc 0660 media system
-/dev/display 0660 media graphics
+/dev/display 0660 media graphics
#audio data
/dev/audio_data_debug 0660 mediacodec audio
@@ -80,6 +80,7 @@
/sys/devices/bt-dev.*/rfkill/rfkill0 state 0660 bluetooth bluetooth
/sys/devices/bt-dev.*/rfkill/rfkill0 type 0660 bluetooth bluetooth
/dev/rtk_btusb 0660 bluetooth bluetooth
+/dev/rtkbt_dev 0660 bluetooth bluetooth
/dev/hidraw* 0660 system audio
#hdmi cec
/sys/class/amhdmitx/amhdmitx0 phy_addr 0664 system system
@@ -92,6 +93,7 @@
#
/dev/graphics/* 0660 root graphics
+/dev/display 0660 root graphics
# For USB Joysticks
/dev/input/js* 0664 system system
diff --git a/products/tv/upgrade_4.9/aml_upgrade_package.conf b/products/tv/upgrade_4.9/aml_upgrade_package.conf
index 6b1e222..e64aed8 100644
--- a/products/tv/upgrade_4.9/aml_upgrade_package.conf
+++ b/products/tv/upgrade_4.9/aml_upgrade_package.conf
@@ -24,4 +24,5 @@ file="product.img" main_type="PARTITION" sub_type="product"
file="recovery.img" main_type="PARTITION" sub_type="recovery"
file="bootloader.img" main_type="PARTITION" sub_type="bootloader"
file="dt.img" main_type="PARTITION" sub_type="_aml_dtb"
+file="dtbo.img" main_type="PARTITION" sub_type="dtbo"
diff --git a/products/tv/upgrade_4.9/aml_upgrade_package_AB.conf b/products/tv/upgrade_4.9/aml_upgrade_package_AB.conf
index 96bfb61..2491323 100644
--- a/products/tv/upgrade_4.9/aml_upgrade_package_AB.conf
+++ b/products/tv/upgrade_4.9/aml_upgrade_package_AB.conf
@@ -22,4 +22,5 @@ file="vendor.img" main_type="PARTITION" sub_type="vendor_a"
file="odm.img" main_type="PARTITION" sub_type="odm_a"
file="bootloader.img" main_type="PARTITION" sub_type="bootloader"
file="dt.img" main_type="PARTITION" sub_type="_aml_dtb"
+file="dtbo.img" main_type="PARTITION" sub_type="dtbo"
diff --git a/products/tv/upgrade_4.9/aml_upgrade_package_AB_enc.conf b/products/tv/upgrade_4.9/aml_upgrade_package_AB_enc.conf
index b2af592..bc0bb43 100644
--- a/products/tv/upgrade_4.9/aml_upgrade_package_AB_enc.conf
+++ b/products/tv/upgrade_4.9/aml_upgrade_package_AB_enc.conf
@@ -27,4 +27,5 @@ file="system.img" main_type="PARTITION" sub_type="system_a"
#file="system.img" main_type="PARTITION" sub_type="system_b"
file="bootloader.img.encrypt" main_type="PARTITION" sub_type="bootloader"
file="dt.img.encrypt" main_type="PARTITION" sub_type="_aml_dtb"
+file="dtbo.img" main_type="PARTITION" sub_type="dtbo"
diff --git a/products/tv/upgrade_4.9/aml_upgrade_package_avb.conf b/products/tv/upgrade_4.9/aml_upgrade_package_avb.conf
index 1e17a97..ddc66fc 100644
--- a/products/tv/upgrade_4.9/aml_upgrade_package_avb.conf
+++ b/products/tv/upgrade_4.9/aml_upgrade_package_avb.conf
@@ -26,4 +26,5 @@ file="product.img" main_type="PARTITION" sub_type="product"
file="recovery.img" main_type="PARTITION" sub_type="recovery"
file="bootloader.img" main_type="PARTITION" sub_type="bootloader"
file="dt.img" main_type="PARTITION" sub_type="_aml_dtb"
+file="dtbo.img" main_type="PARTITION" sub_type="dtbo"
diff --git a/products/tv/upgrade_4.9/aml_upgrade_package_avb_enc.conf b/products/tv/upgrade_4.9/aml_upgrade_package_avb_enc.conf
index 0c9574c..7fd2f8b 100644
--- a/products/tv/upgrade_4.9/aml_upgrade_package_avb_enc.conf
+++ b/products/tv/upgrade_4.9/aml_upgrade_package_avb_enc.conf
@@ -30,4 +30,4 @@ file="product.img" main_type="PARTITION" sub_type="product"
file="recovery.img.encrypt" main_type="PARTITION" sub_type="recovery"
file="bootloader.img.encrypt" main_type="PARTITION" sub_type="bootloader"
file="dt.img" main_type="PARTITION" sub_type="_aml_dtb"
-
+file="dtbo.img" main_type="PARTITION" sub_type="dtbo"
diff --git a/products/tv/upgrade_4.9/aml_upgrade_package_enc.conf b/products/tv/upgrade_4.9/aml_upgrade_package_enc.conf
index 0413369..dec7053 100644
--- a/products/tv/upgrade_4.9/aml_upgrade_package_enc.conf
+++ b/products/tv/upgrade_4.9/aml_upgrade_package_enc.conf
@@ -28,4 +28,5 @@ file="product.img" main_type="PARTITION" sub_type="product"
file="recovery.img.encrypt" main_type="PARTITION" sub_type="recovery"
file="bootloader.img.encrypt" main_type="PARTITION" sub_type="bootloader"
file="dt.img.encrypt" main_type="PARTITION" sub_type="_aml_dtb"
+file="dtbo.img" main_type="PARTITION" sub_type="dtbo"
diff --git a/recovery/init.rc b/recovery/init.rc
index dc28a52..6e564e9 100644
--- a/recovery/init.rc
+++ b/recovery/init.rc
@@ -29,6 +29,8 @@ on init
write /proc/sys/kernel/panic_on_oops 1
write /proc/sys/vm/max_map_count 1000000
+ write /proc/sys/vm/watermark_scale_factor 30
+ write /proc/sys/vm/min_free_kbytes 12288
# Mount configfs for ffs
mount configfs configfs /sys/kernel/config
diff --git a/recovery/updater-script b/recovery/updater-script
index 4bf0ce8..ed9688a 100755..100644
--- a/recovery/updater-script
+++ b/recovery/updater-script
@@ -1,5 +1,7 @@
ui_print("update logo.img...");
package_extract_file("logo.img", "/dev/block/logo");
+ui_print("update dtbo.img...");
+package_extract_file("dtbo.img", "/dev/block/dtbo");
ui_print("update dtb.img...");
backup_data_cache(dtb, /cache/recovery/);
write_dtb_image(package_extract_file("dt.img"));
diff --git a/seccomp/mediaextractor.policy b/seccomp/mediaextractor.policy
index 0ec4dd8..6ebcd51 100644
--- a/seccomp/mediaextractor.policy
+++ b/seccomp/mediaextractor.policy
@@ -5,3 +5,4 @@ getuid: 1
newfstatat: 1
getrlimit: 1
sched_setscheduler: 1
+recvfrom: 1
diff --git a/sepolicy/audioserver.te b/sepolicy/audioserver.te
index bb6d881..246a01f 100644
--- a/sepolicy/audioserver.te
+++ b/sepolicy/audioserver.te
@@ -12,6 +12,11 @@ allow audioserver self:netlink_kobject_uevent_socket create_socket_perms_no_ioct
# operation hidraw device
allow audioserver hidraw_audio_device:chr_file rw_file_perms;
+#bootanim
+allow audioserver bootanim:binder call;
+
#operation property;
set_prop(audioserver, audio_prop)
+
+get_prop(audioserver, vendor_platform_prop)
diff --git a/sepolicy/bluetooth.te b/sepolicy/bluetooth.te
new file mode 100644
index 0000000..eb54089
--- a/dev/null
+++ b/sepolicy/bluetooth.te
@@ -0,0 +1,3 @@
+type device_stpbt, dev_type,fs_type;
+allow bluetooth system_control_service:service_manager find;
+allow bluetooth device_stpbt:chr_file { open read write };
diff --git a/sepolicy/bootanim.te b/sepolicy/bootanim.te
index 5d1577a..49a56ef 100644
--- a/sepolicy/bootanim.te
+++ b/sepolicy/bootanim.te
@@ -1 +1,14 @@
-#allow bootanim vendor_file:file { open read getattr execute };
+allow bootanim sysfs_video:dir { search };
+allow bootanim sysfs_video:file { open read write getattr };
+allow bootanim input_device:dir {open read write search };
+allow bootanim input_device:chr_file {open read write ioctl };
+allow bootanim sysfs_display:file {open read write ioctl };
+allow bootanim video_device:chr_file {open read write getattr ioctl };
+allow bootanim sysfs_audio:file {open read write getattr };
+allow bootanim system_data_file:file { open read };
+allow bootanim system_data_file:dir { open read };
+allow bootanim mediaserver_service:service_manager { find };
+allow bootanim mediaserver:binder { call transfer };
+set_prop(bootanim, system_prop)
+get_prop(bootanim, media_prop)
+
diff --git a/sepolicy/bootvideo.te b/sepolicy/bootvideo.te
index 6f1ca89..356394e 100644
--- a/sepolicy/bootvideo.te
+++ b/sepolicy/bootvideo.te
@@ -23,4 +23,7 @@ allow bootvideo property_socket:sock_file write;
allow bootvideo sysfs_xbmc:file { open read write getattr };
-set_prop(bootvideo, system_prop)
+#--------------------------------------------------------------------#
+# product_shipping_api_level=28 vendor/system cannot share prop
+#--------------------------------------------------------------------#
+#set_prop(bootvideo, system_prop)
diff --git a/sepolicy/device.te b/sepolicy/device.te
index b97236f..f8f8cb8 100644
--- a/sepolicy/device.te
+++ b/sepolicy/device.te
@@ -4,6 +4,7 @@ type env_device, dev_type;
type bootloader_device, dev_type;
type defendkey_device, dev_type;
type dtb_device, dev_type;
+type frontend_device, dev_type;
type dvb_device, dev_type, mlstrustedobject;
type cec_device, dev_type;
@@ -21,6 +22,7 @@ type amvideo_device, dev_type;
type codec_device, dev_type;
type product_block_device, dev_type;
+type dtbo_block_device, dev_type;
type param_block_device, dev_type;
type cri_block_device, dev_type;
@@ -30,10 +32,12 @@ type drm_block_device, dev_type;
type tee_block_device, dev_type;
type odm_block_device, dev_type;
type vendor_block_device, dev_type;
+type vbmeta_block_device, dev_type;
type system_block_fsck_device, dev_type;
type subtitle_device, dev_type;
type sw_sync_device, dev_type;
type ge2d_device, dev_type;
+type display_device, dev_type;
type amvecm_device, dev_type;
type di0_device, dev_type;
type hidraw_device, dev_type;
diff --git a/sepolicy/drmserver.te b/sepolicy/drmserver.te
index 9351c5d..2e64607 100644
--- a/sepolicy/drmserver.te
+++ b/sepolicy/drmserver.te
@@ -9,3 +9,6 @@ allow drmserver kernel:system module_request;
allow drmserver unlabeled:file { read };
+allow drmserver bootanim:fd { use };
+allow drmserver system_data_file:file { read };
+
diff --git a/sepolicy/e2fs.te b/sepolicy/e2fs.te
index 8ed0e16..a1babaf 100644
--- a/sepolicy/e2fs.te
+++ b/sepolicy/e2fs.te
@@ -5,6 +5,7 @@ allow e2fs product_block_device:blk_file { read getattr open ioctl write };
allow e2fs devpts:chr_file { read write getattr ioctl };
allow e2fs odm_block_device:blk_file getattr;
+allow e2fs dtbo_block_device:blk_file getattr;
allow e2fs system_block_fsck_device:blk_file getattr;
allow e2fs tee_block_device:blk_file { getattr ioctl open read write };
allow e2fs vendor_block_device:blk_file getattr;
diff --git a/sepolicy/file.te b/sepolicy/file.te
index 1be0154..96e0bdf 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -66,6 +66,9 @@ type sysfs_remote, fs_type, sysfs_type;
type sysfs_clock, fs_type, sysfs_type;
type sysfs_hdmi, fs_type, sysfs_type;
+type sysfs_ir, fs_type, sysfs_type;
+type sysfs_pm, fs_type, sysfs_type;
+
type reco_file, file_type;
type sysfs_unifykey, fs_type, sysfs_type;
@@ -76,3 +79,6 @@ type hdcp_file, file_type, data_file_type, core_data_file_type;
#for app jni lib
type app_jni_lib_file, vendor_file_type, file_type;
+
+# /data/btmic/
+type btmic_data_file, file_type, data_file_type;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 0c05a2d..d975235 100644..100755
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -4,6 +4,7 @@
/data/media_rw/sdcard1 u:object_r:media_rw_data_file:s0
/data/tee(/.*)? u:object_r:tee_droid_data_file:s0
/data/droidota(/.*)? u:object_r:update_data_file:s0
+/data/vendor/btmic(/.*)? u:object_r:btmic_data_file:s0
/data/misc/wifi/sockets u:object_r:wifi_socket:s0
/data/misc/hdcp u:object_r:hdcp_file:s0
@@ -29,6 +30,8 @@
/dev/block/data u:object_r:userdata_block_device:s0
/dev/block/cache u:object_r:cache_block_device:s0
/dev/block/metadata u:object_r:metadata_block_device:s0
+/dev/block/metadata_a u:object_r:metadata_block_device:s0
+/dev/block/metadata_b u:object_r:metadata_block_device:s0
/dev/block/zram0 u:object_r:swap_block_device:s0
/dev/block/param u:object_r:param_block_device:s0
/dev/block/cri_data u:object_r:cri_block_device:s0
@@ -46,6 +49,11 @@
/dev/block/vendor_b u:object_r:vendor_block_device:s0
/dev/block/vendor u:object_r:vendor_block_device:s0
/dev/block/product u:object_r:product_block_device:s0
+/dev/block/product_a u:object_r:product_block_device:s0
+/dev/block/product_b u:object_r:product_block_device:s0
+/dev/block/dtbo u:object_r:dtbo_block_device:s0
+/dev/block/dtbo_a u:object_r:dtbo_block_device:s0
+/dev/block/dtbo_b u:object_r:dtbo_block_device:s0
/dev/block/misc u:object_r:misc_block_device:s0
/dev/block/tee u:object_r:tee_block_device:s0
/dev/block/odm u:object_r:odm_block_device:s0
@@ -56,17 +64,24 @@
/dev/block/mmcblk[0-9]rpmb u:object_r:sda_block_device:s0
/sys/block/mmcblk0/queue/read_ahead_kb u:object_r:sysfs_block_ahead:s0
+/dev/block/vbmeta_a u:object_r:vbmeta_block_device:s0
+/dev/block/vbmeta_b u:object_r:vbmeta_block_device:s0
+/dev/block/vbmeta u:object_r:vbmeta_block_device:s0
+
/dev/block/mmcblk0boot0 u:object_r:bootloader_device:s0
/dev/block/mmcblk0boot1 u:object_r:bootloader_device:s0
/dev/block/bootloader u:object_r:bootloader_device:s0
/dev/bootloader u:object_r:bootloader_device:s0
/dev/btusb0 u:object_r:hci_attach_dev:s0
+/dev/stpbt u:object_r:device_stpbt:s0
/dev/cec u:object_r:cec_device:s0
/dev/defendkey u:object_r:defendkey_device:s0
+/dev/display u:object_r:display_device:s0
/dev/dtb u:object_r:dtb_device:s0
/dev/dvb0.* u:object_r:dvb_device:s0
/dev/dvb.* u:object_r:video_device:s0
+/dev/v4l2_frontend u:object_r:frontend_device:s0
/dev/esm u:object_r:hdcptx_device:s0
/dev/esm_rx u:object_r:hdcprx_device:s0
/dev/ge2d u:object_r:ge2d_device:s0
@@ -79,6 +94,7 @@
/dev/otz_client u:object_r:tee_device:s0
/dev/picdec u:object_r:picture_device:s0
/dev/rtk_btusb u:object_r:hci_attach_dev:s0
+/dev/rtkbt_dev u:object_r:hci_attach_dev:s0
/dev/socket/dig u:object_r:dig_socket:s0
/dev/socket/pppoe_wrapper u:object_r:pppoe_wrapper_socket:s0
/dev/sw_sync u:object_r:sw_sync_device:s0
@@ -89,8 +105,7 @@
/dev/tvafe0 u:object_r:video_device:s0
/dev/vdin0 u:object_r:video_device:s0
/dev/wifi_power u:object_r:radio_device:s0
-/dev/hidraw[0-3] u:object_r:hidraw_device:s0
-/dev/display u:object_r:graphics_device:s0
+/dev/hidraw[0-3] u:object_r:hidraw_device:s0
#############################
# boot files
@@ -110,9 +125,11 @@
/sys/class/video/axis u:object_r:sysfs_video:s0
/sys/class/tsync/enable u:object_r:sysfs_video:s0
/sys/class/audiodsp/digital_raw u:object_r:sysfs_audio:s0
+/sys/class/amaudio/debug u:object_r:sysfs_audio:s0
/sys/class/hidraw(/.*)? u:object_r:sysfs_audio:s0
/sys/class/tsync/firstapts u:object_r:sysfs_xbmc:s0
/sys/class/tsync/pts_audio u:object_r:sysfs_xbmc:s0
+/sys/class/tsync/pts_video u:object_r:sysfs_xbmc:s0
/sys/class/tsync/event u:object_r:sysfs_xbmc:s0
/sys/class/tsync/pts_pcrscr u:object_r:sysfs_xbmc:s0
@@ -145,10 +162,13 @@
/sys/devices/platform/meson-fb/graphics/fb[0-3](/.*) u:object_r:sysfs_display:s0
/sys/class/lcd/enable u:object_r:sysfs_lcd:s0
/sys/class/video/video_scaler_path_sel u:object_r:sysfs_video:s0
+/sys/module/amdolby_vision/parameters(/.*)? u:object_r:sysfs_video:s0
/sys/class/unifykeys(/.*)? u:object_r:sysfs_unifykey:s0
/sys/devices/platform/ffd26000.hdmirx/hdmirx/hdmirx0/key u:object_r:sysfs_unifykey:s0
+/sys/devices/virtual/meson-irblaster/irblaster1(/.*)? u:object_r:sysfs_ir:s0
+
/sys/class/aml_store/store_device u:object_r:sysfs_store:s0
/sys/class/defendkey/decrypt_dtb u:object_r:sysfs_defendkey:s0
/sys/class/aml_store/bl_off_bytes u:object_r:sysfs_store:s0
@@ -159,7 +179,9 @@
/sys/class/amhdmitx/amhdmitx0/sink_type u:object_r:sysfs_amhdmitx:s0
/sys/class/amhdmitx/amhdmitx0/edid_parsing u:object_r:sysfs_amhdmitx:s0
/sys/class/amhdmitx/amhdmitx0/hdcp_mode u:object_r:sysfs_amhdmitx:s0
+/sys/class/amhdmitx/amhdmitx0/avmute u:object_r:sysfs_amhdmitx:s0
/sys/class/amhdmitx/amhdmitx0/disp_cap u:object_r:sysfs_amhdmitx:s0
+/sys/class/amhdmitx/amhdmitx0/hdr_cap u:object_r:sysfs_amhdmitx:s0
/sys/module/amvdec_h265/parameters/double_write_mode u:object_r:sysfs_amvdec:s0
/sys/devices/virtual/remote/amremote(/.*)? u:object_r:sysfs_remote:s0
@@ -167,6 +189,7 @@
/sys/devices/virtual/amhdmitx/amhdmitx0/hdmi_audio/state u:object_r:sysfs_hdmi:s0
/sys/devices/virtual/amhdmitx/amhdmitx0/hdmi/state u:object_r:sysfs_hdmi:s0
/sys/devices/virtual/thermal/thermal_zone0/mode u:object_r:sysfs_display:s0
+/sys/devices/platform/aml_pm/suspend_reason u:object_r:sysfs_pm:s0
/acct/uid/cgroup.procs u:object_r:reco_file:s0
/acct/cgroup.procs u:object_r:reco_file:s0
@@ -195,6 +218,7 @@
/sys/class/amvecm(/.*)? u:object_r:sysfs_video:s0
/sys/class/video(/.*)? u:object_r:sysfs_video:s0
+/dev/vbi u:object_r:vbi_device:s0
/dev/vbi[0-3] u:object_r:vbi_device:s0
/sys/class/mpgpu/scale_mode u:object_r:sysfs_mpgpu_scale:s0
@@ -204,6 +228,7 @@
/tee(/.*)? u:object_r:tee_data_file:s0
/mnt/vendor/tee(/.*)? u:object_r:tee_data_file:s0
/mnt/vendor/param(/.*)? u:object_r:param_tv_file:s0
+/mnt/vendor u:object_r:param_tv_file:s0
#/vendor/bin/bootplayer u:object_r:bootvideo_exec:s0
#/vendor/bin/dv_config u:object_r:dv_config_exec:s0
@@ -216,11 +241,12 @@
/vendor/bin/hdcp_rx22 u:object_r:hdcp_rx22_exec:s0
/vendor/bin/hdcp_tx22 u:object_r:hdcp_tx22_exec:s0
+/vendor/bin/hdcp_rp22 u:object_r:hdcp_rp22_exec:s0
/vendor/bin/remotecfg u:object_r:remotecfg_exec:s0
/vendor/bin/systemcontrol u:object_r:system_control_exec:s0
/vendor/bin/hdmicecd u:object_r:hdmicecd_exec:s0
/vendor/bin/droidvold u:object_r:droidvold_exec:s0
-/vendor/bin/ntfs-3g u:object_r:ntfs_3g_exec:s0
+/vendor/bin/rc_server u:object_r:rc_server_exec:s0
/vendor/bin/tee-supplicant u:object_r:tee_exec:s0
/vendor/bin/tee_preload_fw u:object_r:firmload_exec:s0
@@ -238,16 +264,23 @@
/data/vendor/mediadrm(/.*)? u:object_r:hal_drm_data:s0
/vendor/lib(64)?/hw/gralloc\.amlogic\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/hw/android\.hardware\.graphics\.mapper@2\.0-impl-2.1\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libfbcnf\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/extractors u:object_r:same_process_hal_file:s0
+/vendor/lib(64)? u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/extractors/libamextractor\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libamffmpegadapter\.so u:object_r:same_process_hal_file:s0
+/vendor/lib(64)?/libamffmpeg\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libjni_remoteime\.so u:object_r:vendor_app_file:s0
/vendor/lib(64)?/libtunertvinput_jni\.so u:object_r:vendor_app_file:s0
/vendor/lib(64)?/libjnifont\.so u:object_r:vendor_app_file:s0
/vendor/lib(64)?/jnidtvepgscanner\.so u:object_r:vendor_app_file:s0
-/vendor/lib(64)?/am_adp\.so u:object_r:vendor_app_file:s0
-/vendor/lib(64)?/am_mw\.so u:object_r:vendor_app_file:s0
-/vendor/lib(64)?/zvbi\.so u:object_r:vendor_app_file:s0
-/vendor/lib(64)?/jnidtvsubtitle\.so u:object_r:vendor_app_file:s0
+/vendor/lib(64)?/libam_adp\.so u:object_r:vendor_app_file:s0
+/vendor/lib(64)?/libam_mw\.so u:object_r:vendor_app_file:s0
+/vendor/lib(64)?/libicuuc_vendor\.so u:object_r:vendor_app_file:s0
+/vendor/lib(64)?/libzvbi\.so u:object_r:vendor_app_file:s0
+/vendor/lib(64)?/libjnidtvsubtitle\.so u:object_r:vendor_app_file:s0
/vendor/lib(64)?/libvendorfont\.so u:object_r:vendor_app_file:s0
/vendor/lib(64)?/libtvbinder\.so u:object_r:vendor_app_file:s0
/vendor/lib(64)?/libtv_jni\.so u:object_r:vendor_app_file:s0
@@ -262,7 +295,16 @@
/vendor/lib(64)?/vendor\.amlogic\.hardware\.remotecontrol@1\.0\.so u:object_r:vendor_app_file:s0
/vendor/lib(64)?/vendor\.amlogic\.hardware\.hdmicec@1\.0\.so u:object_r:vendor_app_file:s0
/vendor/lib(64)?/vendor\.amlogic\.hardware\.droidvold@1\.0\.so u:object_r:vendor_app_file:s0
+/vendor/lib(64)?/libjnidtvepgscanner\.so u:object_r:vendor_app_file:s0
+/vendor/lib(64)?/libjniuevent\.so u:object_r:vendor_app_file:s0
+/vendor/lib(64)?/libsubjni\.so u:object_r:vendor_app_file:s0
+/vendor/lib(64)?/libtvsubtitle_tv\.so u:object_r:vendor_app_file:s0
+/vendor/lib(64)?/libjnifont_tv\.so u:object_r:vendor_app_file:s0
/dev/hidraw[0-9]* u:object_r:hidraw_audio_device:s0
#The final space is necessary. Please don't delete it.
+/vendor/lib/vendor\.amlogic\.hardware\.remotecontrol@1\.0\.so u:object_r:vendor_app_file:s0
+/system/bin/ntfs-3g u:object_r:fsck_exec:s0
+/system/bin/fsck.exfat u:object_r:fsck_exec:s0
+
diff --git a/sepolicy/fsck.te b/sepolicy/fsck.te
index 00e1580..ea2aea6 100644
--- a/sepolicy/fsck.te
+++ b/sepolicy/fsck.te
@@ -3,7 +3,7 @@ allow fsck tmpfs:blk_file { getattr read write open ioctl };
allow fsck { vold_block_device param_block_device drm_block_device tee_block_device }:blk_file { getattr read write open ioctl };
-allow fsck { vendor_block_device odm_block_device userdata_block_device cache_block_device metadata_block_device product_block_device }:blk_file { getattr read write open ioctl };
+allow fsck { vendor_block_device odm_block_device userdata_block_device cache_block_device metadata_block_device product_block_device dtbo_block_device }:blk_file { getattr read write open ioctl };
allow fsck { system_block_fsck_device }:blk_file { getattr read write open ioctl };
diff --git a/sepolicy/fsck_untrusted.te b/sepolicy/fsck_untrusted.te
index 3eda53a..2ee816f 100644
--- a/sepolicy/fsck_untrusted.te
+++ b/sepolicy/fsck_untrusted.te
@@ -1,3 +1,26 @@
allow fsck_untrusted vold_block_device:blk_file { getattr read write open ioctl };
allow fsck_untrusted sda_block_device:blk_file { create getattr read write open ioctl };
allow fsck_untrusted vold:unix_stream_socket { read write };
+
+allow fsck_untrusted fsck_exec:file entrypoint;
+allow fsck_untrusted block_device:dir getattr;
+allow fsck_untrusted vold_block_device:blk_file lock;
+allow fsck_untrusted self:capability sys_admin;
+
+allow fsck_untrusted fuseblk:filesystem { mount unmount };
+allow fsck_untrusted devpts:chr_file rw_file_perms;
+allow fsck_untrusted self:capability { setgid setuid sys_admin };
+
+allow fsck_untrusted block_device:dir { open read search getattr };
+allow fsck_untrusted sda_block_device:dir search;
+allow fsck_untrusted sda_block_device:blk_file rw_file_perms;
+allow fsck_untrusted fuse_device:chr_file rw_file_perms;
+
+allow fsck_untrusted tmpfs:dir {open read search getattr };
+allow fsck_untrusted mnt_media_rw_file:dir { create_dir_perms mounton };
+allow fsck_untrusted mnt_media_rw_file:file create_file_perms;
+
+allow fsck_untrusted mnt_media_rw_stub_file:dir { getattr mounton };
+allow fsck_untrusted proc:file { getattr };
+allow fsck_untrusted proc_filesystems:file { open read getattr };
+
diff --git a/sepolicy/hal_audio_default.te b/sepolicy/hal_audio_default.te
index 30e1d48..4f48e23 100644
--- a/sepolicy/hal_audio_default.te
+++ b/sepolicy/hal_audio_default.te
@@ -6,19 +6,29 @@ allow hal_audio_default sysfs_digital_codec:file { write read open };
allow hal_audio_default sysfs_amhdmitx:dir search;
allow hal_audio_default kernel:system { module_request };
allow hal_audio_default media_prop:file { read open getattr };
+allow hal_audio_default media_prop:property_service { set };
allow hal_audio_default shell_data_file:file { read write };
allow hal_audio_default sysfs_xbmc:file { read open write };
allow hal_audio_default hidraw_device:chr_file { create read write open ioctl};
allow hal_audio_default property_socket:sock_file { write };
allow hal_audio_default init:unix_stream_socket { connectto };
-allow hal_audio_default bluetooth_prop:property_service { set };
-allow hal_audio_default bluetooth_prop:file { read getattr open };
+
+#--------------------------------------------------------------------#
+# product_shipping_api_level=28
+#--------------------------------------------------------------------#
+get_prop(hal_audio_default, vendor_platform_prop)
+
allow hal_audio_default sysfs_aud_output_chs:file { open read write };
allow hal_audio_default sysfs_aud_output_chs:file { read write open };
allow hal_audio_default remotecontrol_hwservice:hwservice_manager find;
-allow hal_audio_default sysfs:file open;
+allow hal_audio_default sysfs:file { open read write };
allow hal_audio_default device:dir read;
+allow hal_audio_default uio_device:chr_file { open read write };
allow hal_audio_default system_app:binder call;
+allow hal_audio_default tv_prop:file { read getattr open };
allow hal_audio_default hidraw_audio_device:chr_file { create read write open ioctl};
allow hal_audio_default sysfs_audio:file rw_file_perms;
allow hal_audio_default sysfs_audio:dir r_dir_perms;
+allow hal_audio_default device:dir {read open};
+allow hal_audio_default btmic_data_file:dir {write read open add_name search};
+allow hal_audio_default btmic_data_file:file {write open create};
diff --git a/sepolicy/hal_bluetooth_default.te b/sepolicy/hal_bluetooth_default.te
new file mode 100644
index 0000000..15f3c0d
--- a/dev/null
+++ b/sepolicy/hal_bluetooth_default.te
@@ -0,0 +1,4 @@
+allow hal_bluetooth_default device_stpbt:chr_file { read open write };
+allow hal_bluetooth_default vendor_platform_prop:property_service { set };
+allow hal_bluetooth_default vendor_platform_prop:file { read open getattr };
+get_prop(hal_bluetooth_default, bluetooth_prop);
diff --git a/sepolicy/hal_bootctl_default.te b/sepolicy/hal_bootctl_default.te
index ba88f5b..df017f9 100644
--- a/sepolicy/hal_bootctl_default.te
+++ b/sepolicy/hal_bootctl_default.te
@@ -3,5 +3,10 @@ allow hal_bootctl_default proc:file { open read getattr};
allow hal_bootctl_default block_device:dir search;
allow hal_bootctl_default misc_block_device:blk_file {read open write};
+allow hal_bootctl_default sysfs_dt_firmware_android:dir { open read search };
+allow hal_bootctl_default sysfs_dt_firmware_android:file { getattr open read };
+
+allow hal_bootctl_default proc_cmdline:file read;
+
allow hal_bootctl_default sysfs:dir { open read };
#allow hal_bootctl_default sysfs:file { getattr open read };
diff --git a/sepolicy/hal_graphics_allocator_default.te b/sepolicy/hal_graphics_allocator_default.te
index dbc938c..4b3d1fd 100644
--- a/sepolicy/hal_graphics_allocator_default.te
+++ b/sepolicy/hal_graphics_allocator_default.te
@@ -2,4 +2,6 @@ allow hal_graphics_allocator_default graphics_device:dir {search};
allow hal_graphics_allocator_default graphics_device:chr_file {open read write ioctl};
allow hal_graphics_allocator_default sysfs_display:lnk_file { read open write ioctl };
allow hal_graphics_allocator_default sysfs_display:dir search;
-allow hal_graphics_allocator_default sysfs_fb0_afbcd:file rw_file_perms; \ No newline at end of file
+allow hal_graphics_allocator_default sysfs_fb0_afbcd:file rw_file_perms;
+allow hal_graphics_allocator_default media_prop:file { getattr open read };
+get_prop(hal_graphics_allocator_default, media_prop)
diff --git a/sepolicy/hal_graphics_composer_default.te b/sepolicy/hal_graphics_composer_default.te
index 699e79b..05660f8 100644
--- a/sepolicy/hal_graphics_composer_default.te
+++ b/sepolicy/hal_graphics_composer_default.te
@@ -7,8 +7,6 @@ allow hal_graphics_composer_default vndservicemanager:binder { call transfer };
allow hal_graphics_composer_default systemcontrol_hwservice:hwservice_manager { find };
allow hal_graphics_composer_default system_control:binder { call };
-allow hal_graphics_composer_default tv_prop:file { getattr open read };
-
allow hal_graphics_composer_default video_device:chr_file rw_file_perms;
allow hal_graphics_composer_default graphics_device:chr_file {open read write ioctl};
allow hal_graphics_composer_default sysfs_video:file rw_file_perms;
@@ -18,9 +16,18 @@ allow hal_graphics_composer_default sysfs_display:dir search;
allow hal_graphics_composer_default sysfs_display:lnk_file { open read write ioctl };
allow hal_graphics_composer_default sysfs_display:file { read write open getattr };
allow hal_graphics_composer_default sysfs_display:chr_file { ioctl read write open };
+allow hal_graphics_composer_default display_device:chr_file r_file_perms;
allow hal_graphics_composer_default sysfs_amhdmitx:file { read write open getattr };
allow hal_graphics_composer_default sysfs_amhdmitx:dir search;
+allow hal_graphics_composer_default tv_prop:file { getattr open read };
get_prop(hal_graphics_composer_default, tv_prop)
+
+allow hal_graphics_composer_default media_prop:file { getattr open read };
+get_prop(hal_graphics_composer_default, media_prop)
+
allow hal_graphics_composer_default sysfs_video:dir { search };
allow hal_graphics_composer_default sysfs_display:file { read write open getattr };
+
+allow hal_graphics_composer_default vendor_platform_prop:file {getattr open read};
+get_prop(hal_graphics_composer_default, vendor_platform_prop)
diff --git a/sepolicy/hal_ir_default.te b/sepolicy/hal_ir_default.te
new file mode 100644
index 0000000..1c44714
--- a/dev/null
+++ b/sepolicy/hal_ir_default.te
@@ -0,0 +1,2 @@
+allow hal_ir_default sysfs_ir:dir { search };
+allow hal_ir_default sysfs_ir:file rw_file_perms;
diff --git a/sepolicy/hal_memtrack_default.te b/sepolicy/hal_memtrack_default.te
index 9940dd7..4b2815e 100644
--- a/sepolicy/hal_memtrack_default.te
+++ b/sepolicy/hal_memtrack_default.te
@@ -24,6 +24,7 @@ allow hal_memtrack_default hal_thermal_default:dir search;
allow hal_memtrack_default hal_thermal_default:file { r_file_perms };
allow hal_memtrack_default thermalserviced:dir search;
allow hal_memtrack_default thermalserviced:file { r_file_perms };
+allow hal_memtrack_default debugfs:dir { read open };
allow hal_memtrack_default incidentd:dir search;
allow hal_memtrack_default incidentd:file { getattr open read };
@@ -37,8 +38,8 @@ allow hal_memtrack_default perfprofd:file { getattr open read };
allow hal_memtrack_default secure_element:dir search;
allow hal_memtrack_default secure_element:file { getattr open read };
-allow hal_memtrack_default { priv_app platform_app untrusted_app su drmserver installd keystore mdnsd isolated_app }:dir { search };
-allow hal_memtrack_default { priv_app platform_app untrusted_app su drmserver installd keystore mdnsd isolated_app }:file { r_file_perms };
+allow hal_memtrack_default { priv_app platform_app untrusted_app su drmserver hal_memtrack_default hal_bluetooth_default bluetooth installd keystore mdnsd isolated_app }:dir { search };
+allow hal_memtrack_default { priv_app platform_app untrusted_app su drmserver hal_bluetooth_default bluetooth installd keystore mdnsd isolated_app }:file { r_file_perms };
allow hal_memtrack_default { gatekeeperd tombstoned webview_zygote zygote netd wificond sdcardd hal_camera_default hal_tv_cec_default }:dir { search };
allow hal_memtrack_default { gatekeeperd tombstoned webview_zygote zygote netd wificond sdcardd hal_camera_default hal_tv_cec_default }:file { r_file_perms };
@@ -82,3 +83,5 @@ allow hal_memtrack_default tvserver:file r_file_perms;
allow hal_memtrack_default hal_drm_clearkey:dir search;
allow hal_memtrack_default hdcp_tx22:dir search;
+allow hal_memtrack_default hdcp_rx22:dir { search read };
+allow hal_memtrack_default hdcp_rx22:file { read open getattr };
diff --git a/sepolicy/hal_power_default.te b/sepolicy/hal_power_default.te
index 57d73c7..b59adcf 100644
--- a/sepolicy/hal_power_default.te
+++ b/sepolicy/hal_power_default.te
@@ -1,2 +1,6 @@
allow hal_power_default sysfs_mpgpu_cmd:file { read write open };
allow hal_power_default sysfs_power_trigger:file { read write open };
+allow hal_power_default hdmicecd_hwservice:hwservice_manager { find };
+allow hal_power_default hdmicecd:binder { call transfer };
+allow hal_power_default vendor_platform_prop:file { open read getattr };
+allow hal_power_default vendor_platform_prop:file { open read getattr };
diff --git a/sepolicy/hdcp_rp22.te b/sepolicy/hdcp_rp22.te
new file mode 100644
index 0000000..f6b7c26
--- a/dev/null
+++ b/sepolicy/hdcp_rp22.te
@@ -0,0 +1,45 @@
+type hdcp_rp22, domain;
+type hdcp_rp22_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hdcp_rp22)
+type hdcprp_device, dev_type;
+
+allow hdcp_rp22 hdcprp_device:chr_file { open read write getattr ioctl };
+
+allow hdcp_rp22 system_file:file execute_no_trans;
+allow hdcp_rp22 hdcp_rp22_exec:file {entrypoint read};
+
+#allow hdcp_rp22 shell_exec:file rx_file_perms;
+
+allow hdcp_rp22 sysfs:file rw_file_perms;
+
+allow hdcp_rp22 param_tv_file:dir { search create read write open add_name remove_name rmdir };
+allow hdcp_rp22 param_tv_file:file { create open read write setattr getattr lock unlink };
+allow hdcp_rp22 kmsg_device:chr_file {write};
+allow hdcp_rp22 device:dir {write};
+allow hdcp_rp22 kmsg_device:chr_file {open};
+allow hdcp_rp22 hdcptx_device:chr_file {open read write ioctl};
+
+allow hdcp_rp22 mnt_media_rw_file:file { create read write open };
+allow hdcp_rp22 mnt_media_rw_file:dir { write add_name };
+allow hdcp_rp22 rootfs:lnk_file {getattr};
+allow hdcp_rp22 storage_file:dir {read write search};
+allow hdcp_rp22 storage_file:file {open read write getattr};
+allow hdcp_rp22 storage_file:lnk_file {open read write getattr};
+allow hdcp_rp22 tmpfs:dir {search getattr};
+allow hdcp_rp22 tmpfs:file create_file_perms;
+allow hdcp_rp22 mnt_user_file:dir {read write search};
+allow hdcp_rp22 mnt_user_file:file {open read write getattr};
+allow hdcp_rp22 mnt_user_file:lnk_file {open read write getattr};
+allow hdcp_rp22 fuse:dir {create open read write search add_name getattr};
+allow hdcp_rp22 fuse:file {open create read write getattr};
+allow hdcp_rp22 fuse:file rw_file_perms;
+#allow hdcp_rp22 app_data_file:file rw_file_perms;
+#allow hdcp_rp22 app_data_file:dir search;
+allow hdcp_rp22 fuse:lnk_file {open read write getattr};
+allow hdcp_rp22 { mnt_user_file storage_file }:dir { create open read write search add_name getattr };
+allow hdcp_rp22 { mnt_user_file storage_file }:lnk_file { open read write getattr };
+allow hdcp_rp22 sysfs_cec:dir { search open };
+allow hdcp_rp22 sysfs_cec:file { read open write getattr };
+allow hdcp_rp22 sysfs_amhdmitx:dir search;
+allow hdcp_rp22 sysfs_amhdmitx:file { getattr open read write ioctl };
+allow hdcp_rp22 mnt_vendor_file:dir {search};
diff --git a/sepolicy/hdmicecd.te b/sepolicy/hdmicecd.te
index 697cf50..617577a 100644
--- a/sepolicy/hdmicecd.te
+++ b/sepolicy/hdmicecd.te
@@ -12,7 +12,13 @@ allow hdmicecd { hdmicecd_hwservice hidl_base_hwservice }:hwservice_manager { a
allow hdmicecd cec_device:chr_file { open read write ioctl };
allow hdmicecd hwservicemanager_prop:file { open read getattr };
+allow hdmicecd system_control:binder { call transfer };
+allow hdmicecd systemcontrol_hwservice:hwservice_manager { find };
+
+allow hdmicecd tvserver_hwservice:hwservice_manager { find };
+allow hdmicecd tvserver:binder { transfer call };
+
allow hdmicecd { hal_tv_cec_default system_app }:binder { call transfer };
-allow hdmicecd systemcontrol_hwservice:hwservice_manager find;
-allow hdmicecd system_control:binder { call transfer };
+allow hdmicecd vendor_platform_prop:file { open read getattr };
+
diff --git a/sepolicy/hwservice.te b/sepolicy/hwservice.te
index a37e6fb..27188b0 100644
--- a/sepolicy/hwservice.te
+++ b/sepolicy/hwservice.te
@@ -3,4 +3,4 @@ type hdmicecd_hwservice, hwservice_manager_type;
type droidvold_hwservice, hwservice_manager_type;
type tvserver_hwservice, hwservice_manager_type;
type remotecontrol_hwservice, hwservice_manager_type;
-
+type imageserver_hwservice, hwservice_manager_type;
diff --git a/sepolicy/hwservice_contexts b/sepolicy/hwservice_contexts
index 2f4e22f..9daa08b 100644..100755
--- a/sepolicy/hwservice_contexts
+++ b/sepolicy/hwservice_contexts
@@ -3,4 +3,4 @@ vendor.amlogic.hardware.hdmicec::IDroidHdmiCEC u:object_r:hd
vendor.amlogic.hardware.droidvold::IDroidVold u:object_r:droidvold_hwservice:s0
vendor.amlogic.hardware.tvserver::ITvServer u:object_r:tvserver_hwservice:s0
vendor.amlogic.hardware.remotecontrol::IRemoteControl u:object_r:remotecontrol_hwservice:s0
-
+vendor.amlogic.hardware.imageserver::IImageService u:object_r:imageserver_hwservice:s0
diff --git a/sepolicy/hwservicemanager.te b/sepolicy/hwservicemanager.te
index 697b434..65bc9f8 100644
--- a/sepolicy/hwservicemanager.te
+++ b/sepolicy/hwservicemanager.te
@@ -17,3 +17,8 @@ allow hwservicemanager tvserver:binder { call transfer };
allow hwservicemanager tvserver:dir { search };
allow hwservicemanager tvserver:file { read open };
allow hwservicemanager tvserver:process { getattr };
+
+allow hwservicemanager imageserver:binder { call transfer };
+allow hwservicemanager imageserver:dir { search };
+allow hwservicemanager imageserver:file { read open };
+allow hwservicemanager imageserver:process { getattr };
diff --git a/sepolicy/imageserver.te b/sepolicy/imageserver.te
index 4f68d0e..924e47f 100644
--- a/sepolicy/imageserver.te
+++ b/sepolicy/imageserver.te
@@ -1,44 +1,31 @@
-type imageserver, domain;
-type imageserver_exec, exec_type, vendor_file_type, file_type;
+type imageserver, domain, coredomain;
+type imageserver_exec, exec_type, file_type;
typeattribute imageserver mlstrustedsubject;
init_daemon_domain(imageserver)
-allow imageserver vendor_file:file { execute };
-
-#allow imageserver shell_exec:file rx_file_perms;
-#allow imageserver system_file:file execute_no_trans;
-
-#allow imageserver imageserver_service:service_manager add;
-
-#allow imageserver imageserver_exec:file { entrypoint read };
-
-#allow imageserver self:process execmem;
-
-#binder_use(imageserver);
-#binder_call(imageserver, binderservicedomain)
-#binder_call(imageserver, appdomain)
-#binder_service(imageserver)
-
-#allow imageserver self:capability dac_override;
-#allow imageserver self:capability dac_read_search;
-
-#allow imageserver appdomain:file { r_file_perms };
-#allow imageserver fuse:dir r_dir_perms;
-#allow imageserver fuse:file r_file_perms;
-#allow imageserver app_data_file:file rw_file_perms;
-#allow imageserver system_file:file execmod;
-
-#allow imageserver app_data_file:dir search;
-
-#allow imageserver system_control_service:service_manager find;
-
-#allow imageserver { mnt_user_file storage_file }:dir { getattr search };
-#allow imageserver { mnt_user_file storage_file }:lnk_file { getattr read };
-#allow imageserver permission_service:service_manager find;
-
-#allow imageserver picture_device:chr_file { read write open ioctl };
-#allow imageserver kernel:system module_request;
-
-#allow imageserver tmpfs:dir { getattr search };
+allow imageserver hwservicemanager:binder { call transfer };
+allow imageserver { imageserver_hwservice hidl_base_hwservice }:hwservice_manager { add };
+r_dir_file(system_control, domain)
+r_dir_file(system_control, binderservicedomain)
+r_dir_file(system_control, appdomain)
+r_dir_file(system_control, platform_app)
+allow imageserver sdcardfs:dir {search};
+allow imageserver sdcardfs:file {read open getattr};
+allow imageserver media_rw_data_file:file {read open getattr};
+allow imageserver appdomain:file { r_file_perms };
+allow imageserver fuse:dir r_dir_perms;
+allow imageserver fuse:file r_file_perms;
+allow imageserver vfat:file { read open getattr};
+allow imageserver { mnt_user_file storage_file }:dir { getattr search };
+allow imageserver { mnt_user_file storage_file }:lnk_file { getattr read };
+
+allow imageserver picture_device:chr_file { read write open ioctl };
+allow imageserver kernel:system module_request;
+allow imageserver tmpfs:dir { getattr search };
+allow imageserver sysfs_video:file rw_file_perms;
+allow imageserver { sysfs_video sysfs_cec sysfs_am_vecm }:dir { search };
+allow imageserver fuseblk:file { read open getattr };
+set_prop(imageserver, hwservicemanager_prop)
+get_prop(imageserver, hwservicemanager_prop)
diff --git a/sepolicy/init.te b/sepolicy/init.te
index 6fbc19e..62b360f 100644
--- a/sepolicy/init.te
+++ b/sepolicy/init.te
@@ -13,8 +13,8 @@ allow init { system_file vendor_file rootfs}:system { module_load };
allow init vendor_file:file { execute };
-allow init { tee_block_device userdata_block_device cache_block_device block_device metadata_block_device }:blk_file { relabelto write read };
-allow init { vendor_block_device system_block_fsck_device odm_block_device param_block_device product_block_device }:blk_file { relabelto write read };
+allow init { tee_block_device userdata_block_device cache_block_device block_device metadata_block_device vbmeta_block_device }:blk_file { relabelto write read };
+allow init { vendor_block_device system_block_fsck_device odm_block_device param_block_device product_block_device dtbo_block_device }:blk_file { relabelto write read };
allow init boot_block_device:blk_file relabelto;
diff --git a/sepolicy/mediacodec.te b/sepolicy/mediacodec.te
index d053773..3fe52ef 100644
--- a/sepolicy/mediacodec.te
+++ b/sepolicy/mediacodec.te
@@ -21,3 +21,6 @@ allow mediacodec sysfs_am_vecm:file { read write open getattr };
allow mediacodec uio_device:chr_file rw_file_perms;
allow mediacodec audio_device:chr_file { setattr open read write };
allow mediacodec sysfs_audio:file { open read write };
+allow mediacodec vendor_platform_prop:file { open read getattr };
+allow mediacodec sysfs_amhdmitx:file rw_file_perms;
+allow mediacodec sysfs_amhdmitx:dir search;
diff --git a/sepolicy/mediaextractor.te b/sepolicy/mediaextractor.te
index 76c843f..83fb9b0 100644
--- a/sepolicy/mediaextractor.te
+++ b/sepolicy/mediaextractor.te
@@ -1,10 +1,21 @@
+allow mediaextractor init:unix_stream_socket { connectto };
get_prop(mediaextractor, media_prop)
+get_prop(mediaextractor, vendor_default_prop)
+get_prop(mediaextractor, vendor_platform_prop)
allow mediaextractor vfat:file { read getattr };
allow mediaextractor fuseblk:file { read getattr };
allow mediaextractor fuse:file { read getattr };
allow mediaextractor sdcardfs:file { read getattr };
allow mediaextractor system_server:fifo_file { write getattr append };
-#allow mediaextractor vendor_file:file { read open getattr execute };
+allow mediaextractor same_process_hal_file:dir { read open };
+allow mediaextractor same_process_hal_file:file { read open getattr execute};
allow platform_app iso9660:dir { search open read getattr };
allow platform_app iso9660:file { open read getattr };
+
+allow mediaextractor exfat:file { read getattr };
+allow mediaextractor property_socket:sock_file write;
+
+allow mediaextractor bootanim:fd { use };
+allow mediaextractor system_data_file:file { read getattr };
+
diff --git a/sepolicy/mediaprovider.te b/sepolicy/mediaprovider.te
index 85882e5..c6b1a83 100644
--- a/sepolicy/mediaprovider.te
+++ b/sepolicy/mediaprovider.te
@@ -1 +1,5 @@
allow mediaprovider media_prop:file { getattr open read };
+
+allow mediaprovider fuseblk:dir { open read search };
+allow mediaprovider fuseblk:file { getattr open read };
+
diff --git a/sepolicy/mediaserver.te b/sepolicy/mediaserver.te
index 0152b22..63b44f2 100644
--- a/sepolicy/mediaserver.te
+++ b/sepolicy/mediaserver.te
@@ -9,3 +9,9 @@ allow mediaserver sysfs_video:file rw_file_perms;
allow mediaserver sysfs_audio:file rw_file_perms;
get_prop(mediaserver, media_prop)
+get_prop(mediaserver, vendor_platform_prop)
+
+allow mediaserver bootanim:binder { call transfer };
+allow mediaserver bootanim:fd use;
+allow mediaserver system_data_file:file { read getattr };
+
diff --git a/sepolicy/platform_app.te b/sepolicy/platform_app.te
index 44c7e5a..7a112d8 100644
--- a/sepolicy/platform_app.te
+++ b/sepolicy/platform_app.te
@@ -15,3 +15,6 @@ allow platform_app droidvold:binder { call transfer };
allow platform_app tvserver_hwservice:hwservice_manager { find };
allow platform_app tvserver:binder { call transfer };
+
+allow platform_app imageserver_hwservice:hwservice_manager { find };
+allow platform_app imageserver:binder { call transfer };
diff --git a/sepolicy/postinstall.te b/sepolicy/postinstall.te
new file mode 100644
index 0000000..ae01860
--- a/dev/null
+++ b/sepolicy/postinstall.te
@@ -0,0 +1,10 @@
+allow postinstall ota_data_file:file { create getattr lock open read setattr unlink write };
+allow postinstall self:capability { chown setgid setuid fowner };
+#allow postinstall vendor_app_file:dir search;
+#allow postinstall vendor_app_file:file { getattr open read };
+allow postinstall ota_data_file:dir { add_name getattr read remove_name write create open search };
+allow postinstall postinstall_file:filesystem getattr;
+allow postinstall proc_filesystems:file { getattr open read };
+allow postinstall tmpfs:file read;
+allow postinstall ota_data_file:lnk_file { create read };
+allow postinstall user_profile_data_file:dir search; \ No newline at end of file
diff --git a/sepolicy/priv_app.te b/sepolicy/priv_app.te
index 5889379..5758d64 100644
--- a/sepolicy/priv_app.te
+++ b/sepolicy/priv_app.te
@@ -16,4 +16,11 @@ allow priv_app device:dir { read search open };
allow priv_app proc_stat:file { getattr open };
allow priv_app { su_exec bootanim_exec bootstat_exec }:file { getattr };
-allow priv_app proc_uptime:file read; \ No newline at end of file
+allow priv_app proc_uptime:file read;
+
+allow priv_app tvserver_hwservice:hwservice_manager { find };
+allow priv_app systemcontrol_hwservice:hwservice_manager { find };
+allow priv_app system_control:binder call;
+allow priv_app tvserver:binder { call transfer };
+allow priv_app param_tv_file:file { create open read write setattr getattr lock unlink };
+allow priv_app param_tv_file:dir { search read open write add_name remove_name getattr };
diff --git a/sepolicy/property.te b/sepolicy/property.te
index a3e38fb..697638b 100644
--- a/sepolicy/property.te
+++ b/sepolicy/property.te
@@ -6,3 +6,6 @@ type tv_prop, property_type;
type bcmdl_prop, property_type;
type ctl_dhcp_pan_prop, property_type;
type netflix_prop, property_type;
+type vendor_platform_prop, property_type;
+type vendor_persist_prop, property_type;
+type vendor_app_prop, property_type;
diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts
index 81cf3d1..eba261c 100644..100755
--- a/sepolicy/property_contexts
+++ b/sepolicy/property_contexts
@@ -1,11 +1,27 @@
media. u:object_r:media_prop:s0
+ro.media. u:object_r:media_prop:s0
+sys.media. u:object_r:media_prop:s0
+sys.subtitle. u:object_r:media_prop:s0
+ro.audio. u:object_r:media_prop:s0
+ro.af. u:object_r:media_prop:s0
+persist.vendor.audio. u:object_r:media_prop:s0
+persist.vendor.media. u:object_r:media_prop:s0
+drm. u:object_r:media_prop:s0
ubootenv. u:object_r:uboot_prop:s0
ro.ubootenv. u:object_r:uboot_prop:s0
const.filesystem. u:object_r:aml_display_prop:s0
snd. u:object_r:tv_config_prop:s0
tv. u:object_r:tv_prop:s0
+persist.tv. u:object_r:tv_prop:s0
bcmdl_status u:object_r:bcmdl_prop:s0
wc_transport u:object_r:bluetooth_prop:s0
rc_hidraw_fd u:object_r:bluetooth_prop:s0
+ro.rfkilldisabled u:object_r:bluetooth_prop:s0
vendor.display-size u:object_r:netflix_prop:s0
+ro.vendor.nrdp.modelgroup u:object_r:netflix_prop:s0
ro.vendor.nrdp. u:object_r:netflix_prop:s0
+ro.vendor.platform u:object_r:vendor_platform_prop:s0
+persist.vendor.sys u:object_r:vendor_persist_prop:s0
+vendor.sys u:object_r:vendor_platform_prop:s0
+ro.vendor.app u:object_r:vendor_app_prop:s0
+
diff --git a/sepolicy/rc_server.te b/sepolicy/rc_server.te
new file mode 100644
index 0000000..ed0c33c
--- a/dev/null
+++ b/sepolicy/rc_server.te
@@ -0,0 +1,14 @@
+type rc_server, domain;
+type rc_server_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(rc_server)
+
+allow rc_server vndbinder_device:chr_file rw_file_perms;
+
+vndbinder_use(rc_server);
+hwbinder_use(rc_server);
+
+allow rc_server remotecontrol_hwservice:hwservice_manager add;
+allow rc_server hidl_base_hwservice:hwservice_manager add;
+
+get_prop(rc_server, hwservicemanager_prop);
diff --git a/sepolicy/recovery.te b/sepolicy/recovery.te
index e2f49eb..4fe6388 100644
--- a/sepolicy/recovery.te
+++ b/sepolicy/recovery.te
@@ -1,4 +1,4 @@
-allow recovery aml_display_prop:property_service set;
+#allow recovery aml_display_prop:property_service set;
allow recovery input_device:chr_file write;
allow recovery kmsg_device:chr_file { write open read };
allow recovery self:netlink_kobject_uevent_socket { create setopt bind read };
@@ -6,7 +6,7 @@ allow recovery sysfs_xbmc:file { read write open };
allow recovery system_prop:property_service set;
allow recovery self:capability net_admin;
-allow recovery uboot_prop:property_service set;
+#allow recovery uboot_prop:property_service set;
allow recovery rootfs:dir create_dir_perms;
allow recovery sysfs:dir mounton;
@@ -20,7 +20,7 @@ allow recovery device:dir rw_dir_perms;
allow recovery bootloader_device:chr_file rw_file_perms;
allow recovery defendkey_device:chr_file rw_file_perms;
allow recovery dtb_device:chr_file { open read write };
-allow recovery aml_display_prop:property_service set;
+#allow recovery aml_display_prop:property_service set;
allow recovery recovery:capability { net_admin };
allow recovery sysfs_unifykey:dir search;
@@ -32,9 +32,13 @@ allow recovery sysfs_am_vecm:file { open read write };
allow recovery sysfs_audio_cap:file r_file_perms;
allow recovery sysfs_cec:file rw_file_perms;
-set_prop(recovery, aml_display_prop)
-set_prop(recovery, uboot_prop)
-set_prop(recovery, bluetooth_prop)
+#--------------------------------------------------------------------#
+# product_shipping_api_level=28 vendor/system cannot share prop
+#--------------------------------------------------------------------#
+#get_prop(recovery, aml_display_prop)
+get_prop(recovery, uboot_prop)
+get_prop(recovery, bluetooth_prop)
+get_prop(recovery, vendor_platform_prop)
set_prop(recovery, boottime_prop)
set_prop(recovery, ctl_bootanim_prop)
@@ -62,7 +66,7 @@ allow recovery cache_file:dir mounton;
allow recovery tmpfs:blk_file write;
allow recovery sysfs:dir { open read };
-allow recovery sysfs_display:file read;
+allow recovery sysfs_display:file { open read write };
allow recovery sysfs_video:dir search;
allow recovery sysfs_store:file { open read write getattr };
@@ -129,7 +133,11 @@ allow recovery sysfs_display:lnk_file { open read write getattr };
allow init reco_file:file { open read create write };
-get_prop(recovery, aml_display_prop)
+allow recovery aml_display_prop:file { getattr open read };
+allow recovery bluetooth_a2dp_offload_prop:file { getattr open };
+allow recovery exported_bluetooth_prop:file { getattr open };
+allow recovery exported_overlay_prop:file { getattr open };
+allow recovery exported_wifi_prop:file { getattr open };
allow shell tmpfs:file {open read getattr};
allow shell rootfs:file {execute_no_trans};
diff --git a/sepolicy/sdcardd.te b/sepolicy/sdcardd.te
index 88c5b2e..16f72cf 100644
--- a/sepolicy/sdcardd.te
+++ b/sepolicy/sdcardd.te
@@ -6,3 +6,6 @@ allow sdcardd vold:unix_stream_socket { read write };
# for exfat
allow sdcardd unlabeled:dir { open read write getattr search };
allow sdcardd unlabeled:file { open read write getattr };
+
+allow sdcardd storage_file:dir mounton;
+
diff --git a/sepolicy/system_app.te b/sepolicy/system_app.te
index 474383d..8f7f98f 100644
--- a/sepolicy/system_app.te
+++ b/sepolicy/system_app.te
@@ -1,7 +1,8 @@
allow system_app sysfs_mpgpu_scale:file { read write open };
allow system_app cache_recovery_file:dir { search read open write add_name remove_name };
-allow system_app cache_recovery_file:file { create getattr open read write unlink };
-
+allow system_app cache_recovery_file:file { create getattr setattr open read write unlink };
+allow system_app cache_file:dir {search open read write unlink add_name remove_name};
+allow system_app cache_file:file {create getattr write open unlink read};
allow system_app update_engine:binder {call transfer};
allow system_app rootfs:dir { getattr };
@@ -42,15 +43,33 @@ allow system_app sysfs_clock:file { getattr open read };
allow sysfs_display tmpfs:filesystem associate;
allow system_app sysfs_display:dir search;
+allow system_app sysfs_display:dir search;
allow system_app sysfs_display:file { read write open getattr };
+#--------------------------------------------------------------------#
+# product_shipping_api_level=28 vendor/system cannot share prop
+#--------------------------------------------------------------------#
get_prop(system_app, tv_prop)
-set_prop(system_app, media_prop)
-set_prop(system_app, netflix_prop)
+#set_prop(system_app, media_prop)
+get_prop(system_app, media_prop)
+#set_prop(system_app, netflix_prop)
+get_prop(system_app, netflix_prop)
+get_prop(system_app, vendor_platform_prop)
+get_prop(system_app, vendor_app_prop)
+
allow system_app vbi_device:chr_file { read write open ioctl };
allow system_app vendor_file:file r_file_perms;
allow system_app sysfs_video:dir { search };
allow system_app sysfs_video:file r_file_perms;
allow system_app sysfs_amhdmitx:dir search;
allow system_app sysfs_amhdmitx:file { getattr open read };
-allow system_app vendor_app_file:file execute;
+allow system_app sysfs_pm:file r_file_perms;
+allow system_app vendor_app_file:file { read open getattr execute };
+allow system_app dvb_device:chr_file { open read write ioctl };
+allow system_app codec_device:chr_file { open read write ioctl getattr};
+allow system_app param_tv_file:file { create open read write setattr getattr lock unlink };
+allow system_app param_tv_file:dir { search read open write add_name remove_name getattr };
+
+allow system_app sysfs_xbmc:file rw_file_perms;
+
+allow system_app subtitle_device:chr_file rw_file_perms;
diff --git a/sepolicy/system_control.te b/sepolicy/system_control.te
index d7d3df3..6994c01 100644
--- a/sepolicy/system_control.te
+++ b/sepolicy/system_control.te
@@ -22,7 +22,7 @@ allow system_control vendor_shell_exec:file execute_no_trans;
allow system_control vendor_file:file execute_no_trans;
allow system_control sysfs_display:dir search;
-
+allow system_control sysfs_di:dir search;
#unix_socket_connect(system_control, vold, vold);
#unix_socket_connect(system_control, property, init);
@@ -34,38 +34,52 @@ allow system_control mnt_vendor_file:dir { search read open remove_name rmdir };
allow system_control mnt_vendor_file:file { setattr getattr lock unlink };
# Property Service write
-set_prop(system_control, system_prop)
-set_prop(system_control, dhcp_prop)
-set_prop(system_control, net_radio_prop)
-set_prop(system_control, system_radio_prop)
-set_prop(system_control, debug_prop)
-set_prop(system_control, powerctl_prop)
-
+#--------------------------------------------------------------------#
+# product_shipping_api_level=28 vendor/system cannot share prop
+#--------------------------------------------------------------------#
get_prop(system_control, tv_config_prop)
get_prop(system_control, bcmdl_prop)
get_prop(system_control, safemode_prop)
get_prop(system_control, mmc_prop)
get_prop(system_control, device_logging_prop)
+get_prop(system_control, vendor_platform_prop)
+set_prop(system_control, vendor_platform_prop)
+get_prop(system_control, vendor_default_prop)
set_prop(system_control, media_prop)
+get_prop(system_control, media_prop)
get_prop(system_control, aml_display_prop)
set_prop(system_control, uboot_prop)
+get_prop(system_control, uboot_prop)
set_prop(system_control, tv_prop)
+get_prop(system_control, tv_prop)
+
+set_prop(system_control, vendor_persist_prop)
+get_prop(system_control, vendor_persist_prop)
+
set_prop(system_control, netflix_prop)
+get_prop(system_control, netflix_prop)
-get_prop(system_control, wifi_prop)
+#get_prop(system_control, wifi_prop)
set_prop(system_control, boottime_prop)
+get_prop(system_control, boottime_prop)
#get_prop(system_control, firstboot_prop)
#get_prop(system_control, serialno_prop)
set_prop(system_control, overlay_prop)
+get_prop(system_control, overlay_prop)
set_prop(system_control, net_dns_prop)
+get_prop(system_control, net_dns_prop)
set_prop(system_control, logpersistd_logging_prop)
+get_prop(system_control, logpersistd_logging_prop)
set_prop(system_control, hwservicemanager_prop)
+get_prop(system_control, hwservicemanager_prop)
set_prop(system_control, dumpstate_options_prop)
-set_prop(system_control, bluetooth_prop)
+#set_prop(system_control, bluetooth_prop)
+#get_prop(system_control, bluetooth_prop)
set_prop(system_control, persistent_properties_ready_prop)
+get_prop(system_control, persistent_properties_ready_prop)
get_prop(system_control, system_boot_reason_prop)
@@ -77,6 +91,7 @@ set_prop(system_control, ctl_bugreport_prop)
allow system_control block_device:dir r_dir_perms;
allow system_control sysfs_audio_cap:file {open getattr read};
+allow system_control sysfs_audio:file {open getattr read};
allow system_control sysfs_video:file rw_file_perms;
allow system_control { sysfs_video sysfs_cec sysfs_am_vecm }:dir { search };
allow system_control sysfs_cec:file rw_file_perms;
@@ -93,7 +108,7 @@ allow system_control appdomain:dir { getattr search };
allow system_control appdomain:file { r_file_perms };
allow system_control platform_app:dir { search };
-allow system_control param_tv_file:dir { search read write open add_name remove_name rmdir };
+allow system_control param_tv_file:dir { search read write open add_name remove_name rmdir create };
allow system_control param_tv_file:file { create open read write setattr getattr lock unlink };
#allow system_control shell_exec:file { execute_no_trans execute open read getattr };
@@ -111,9 +126,10 @@ allow system_control droidvold:binder { call };
allow system_control { video_device amvecm_device }:chr_file { read write open ioctl getattr };
allow system_control di0_device:chr_file { read write open ioctl };
allow system_control param_tv_file:dir { write search add_name create };
-allow system_control param_tv_file:file { create read write open getattr };
+allow system_control param_tv_file:file { create read write open getattr ioctl};
allow system_control sysfs_amhdmitx:dir search;
allow system_control sysfs_amvdec:file { create open read write getattr};
+allow system_control sysfs_xbmc:file { read open };
allow system_control vendor_configs_file:file { ioctl lock };
allow system_control sysfs_display:lnk_file { read write open getattr };
@@ -122,3 +138,11 @@ allow system_control { sysfs_display sysfs_am_vecm sysfs_display sysfs_amhdmitx
allow system_control sysfs_unifykey:dir { search };
allow system_control sysfs_unifykey:file { read write open };
allow system_control unlabeled:dir search;
+allow system_control sysfs_mpgpu_scale:file { read write open } ;
+allow system_control hdmirx0_device:chr_file { read write open ioctl getattr };
+
+allow system_control exported_system_prop:file { read } ;
+get_prop(system_control, exported_system_prop);
+
+allow system_control tvserver:binder { call transfer };
+allow system_control tvserver_hwservice:hwservice_manager find; \ No newline at end of file
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
index ef5133b..2396525 100644
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@@ -3,6 +3,7 @@ typeattribute system_server mlstrustedsubject;
#allow system_server vendor_file:file { getattr read open execute };
allow system_server vendor_framework_file:dir { search getattr };
allow system_server vendor_framework_file:file { read getattr open };
+allow system_server bluetooth:file { open read write };
get_prop(system_server, media_prop)
@@ -29,13 +30,16 @@ allow system_server sysfs:file { getattr };
allow system_server sysfs:dir r_dir_perms;
allow system_server sysfs_rtc:file { read write open getattr };
-
r_dir_file(system_server, sysfs_hdmi)
-allow system_server sysfs_hdmi:file write;
+allow system_server sysfs_hdmi:file { read write open getattr };
allow system_server sysfs_display:lnk_file { read write open getattr };
allow system_server sysfs_display:file { read write open getattr };
allow system_server hal_audio_default:file write;
+allow system_server update_engine:binder call;
+
allow system_server mediaprovider:file { write open };
+
+allow system_server dvb_device:chr_file rw_file_perms;
diff --git a/sepolicy/tee.te b/sepolicy/tee.te
index 137d092..1a6775e 100644
--- a/sepolicy/tee.te
+++ b/sepolicy/tee.te
@@ -17,3 +17,4 @@ allow tee unlabeled:file { open read rename write };
allow tee hidraw_device:chr_file { create read open write ioctl };
allow tee vendor_file:file { read open getattr execute };
+allow tee param_tv_file:dir { search };
diff --git a/sepolicy/toolbox.te b/sepolicy/toolbox.te
index aeae6ba..85f9a26 100644
--- a/sepolicy/toolbox.te
+++ b/sepolicy/toolbox.te
@@ -1 +1,3 @@
allow toolbox unlabeled:dir getattr;
+allow toolbox vendor_file:system module_load;
+allow toolbox toolbox:capability sys_module;
diff --git a/sepolicy/tvserver.te b/sepolicy/tvserver.te
index c10e154..cfa32f8 100644
--- a/sepolicy/tvserver.te
+++ b/sepolicy/tvserver.te
@@ -24,6 +24,7 @@ get_prop(tvserver, media_prop)
get_prop(tvserver, tv_prop)
set_prop(tvserver, tv_prop)
set_prop(tvserver, tv_config_prop)
+get_prop(tvserver, vendor_default_prop)
allow tvserver tv_prop:file { read open getattr };
allow tvserver proc:file { read write open ioctl getattr };
@@ -60,5 +61,17 @@ allow tvserver mnt_vendor_file:file { create open write setattr getattr lock rea
allow tvserver platform_app:binder { call };
allow tvserver sysfs:file { read write open };
+#add for search channel
+allow tvserver dvb_device:chr_file { open read write ioctl };
+allow tvserver frontend_device:chr_file { open read write ioctl };
+allow tvserver priv_app:binder { call };
+allow tvserver codec_device:chr_file { read write open ioctl };
+
+#add for timeshift
+allow tvserver vendor_data_file:dir { search remove_name write add_name create };
+allow tvserver vendor_data_file:file { unlink write create open read getattr };
+
allow tvserver sysfs_amhdmitx:dir search;
allow tvserver sysfs_amhdmitx:file { write open read getattr };
+
+allow tvserver hdmicecd:binder { call transfer };
diff --git a/sepolicy/uncrypt.te b/sepolicy/uncrypt.te
new file mode 100644
index 0000000..69210b6
--- a/dev/null
+++ b/sepolicy/uncrypt.te
@@ -0,0 +1,2 @@
+allow uncrypt cache_file:dir {getattr};
+allow uncrypt cache_file:file {open read getattr};
diff --git a/sepolicy/update_engine.te b/sepolicy/update_engine.te
index f3330aa..ec53610 100644
--- a/sepolicy/update_engine.te
+++ b/sepolicy/update_engine.te
@@ -1,8 +1,22 @@
# Allow read/write on system and boot partitions.
allow update_engine misc_block_device:blk_file rw_file_perms;
allow update_engine vendor_block_device:blk_file rw_file_perms;
+allow update_engine vbmeta_block_device:blk_file rw_file_perms;
allow update_engine odm_block_device:blk_file rw_file_perms;
+allow update_engine product_block_device:blk_file rw_file_perms;
+allow update_engine dtbo_block_device:blk_file rw_file_perms;
allow update_engine system_app:binder { call };
+
+allow update_engine system_file:file execute_no_trans;
+allow update_engine labeledfs:filesystem mount;
+allow update_engine otadexopt_service:service_manager find;
+allow update_engine otapreopt_chroot_exec:file { execute execute_no_trans getattr open read };
+allow update_engine postinstall_file:dir mounton;
+allow update_engine self:capability sys_chroot;
+allow update_engine system_server:binder call;
+allow update_engine toolbox_exec:file { execute execute_no_trans getattr open read };
+allow update_engine system_server:binder transfer;
+
#allow update_engine sysfs:file {read open getattr};
allow update_engine sysfs:blk_file {read write getattr};
allow update_engine rootfs:dir {getattr};
diff --git a/sepolicy/vendor_init.te b/sepolicy/vendor_init.te
index 90d4bea..08ca710 100644
--- a/sepolicy/vendor_init.te
+++ b/sepolicy/vendor_init.te
@@ -7,6 +7,7 @@ allow vendor_init rootfs:dir { create_dir_perms relabelfrom };
allow vendor_init sysfs_devices_system_cpu:file { create };
allow vendor_init debugfs:dir { mounton };
+allow vendor_init debugfs:file { read write };
allow vendor_init update_data_file:file { read };
@@ -19,8 +20,20 @@ allow vendor_init self:capability sys_module;
allow vendor_init proc:file write;
allow vendor_init unlabeled:dir search;
+allow vendor_init ffs_prop:property_service set;
# optee
allow vendor_init drm_device:chr_file setattr;
# allow init mount a new filesystem and set its selinux contexts
allow vendor_init unlabeled:dir { getattr read relabelfrom setattr };
+
+set_prop(vendor_init, vendor_platform_prop)
+set_prop(vendor_init, shell_prop)
+set_prop(vendor_init, vendor_app_prop)
+set_prop(vendor_init, media_prop)
+set_prop(vendor_init, aml_display_prop)
+set_prop(vendor_init, tv_config_prop)
+set_prop(vendor_init, tv_prop)
+set_prop(vendor_init, netflix_prop)
+set_prop(vendor_init, vold_prop)
+set_prop(vendor_init, config_prop)
diff --git a/sepolicy/vold.te b/sepolicy/vold.te
index dffc5bf..3a5d396 100644
--- a/sepolicy/vold.te
+++ b/sepolicy/vold.te
@@ -6,3 +6,7 @@ allow vold param_tv_file:dir { ioctl open read };
#for hw keymaster
allow vold drm_device:chr_file {open read write ioctl};
+
+allow vold fsck_exec:file {execute read open };
+allow vold kernel:system module_request;
+
diff --git a/sepolicy/webview_zygote.te b/sepolicy/webview_zygote.te
index dacd374..3412078 100644
--- a/sepolicy/webview_zygote.te
+++ b/sepolicy/webview_zygote.te
@@ -1,2 +1,3 @@
allow webview_zygote mnt_expand_file:dir { getattr };
-allow webview_zygote zygote:unix_dgram_socket write; \ No newline at end of file
+allow webview_zygote zygote:unix_dgram_socket write;
+allow webview_zygote vendor_file:file { read };
generated by cgit at 2024-05-19 11:15:34 (GMT)