Snap for 6383292 from 6fd6e714 to q-keystone-qcom-release

Change-Id: I9952118ad35080dfd83230368c563a430a85ef82

prebuilts/api/29.0/private/adbd.te

@@ -23,6 +23,10 @@ recovery_only(`
   unix_socket_connect(adbd, recovery, recovery)
 ')
 
+# Control Perfetto traced and obtain traces from it.
+# Needed to allow port forwarding directly to traced.
+unix_socket_connect(adbd, traced_consumer, traced)
+
 # Do not sanitize the environment or open fds of the shell. Allow signaling
 # created processes.
 allow adbd shell:process { noatsecure signal };

prebuilts/api/29.0/private/gpuservice.te

@@ -31,6 +31,10 @@ allow gpuservice adbd:unix_stream_socket { read write getattr };
 # Needed for interactive shell
 allow gpuservice devpts:chr_file { read write getattr };
 
+# Needed for dumpstate to dumpsys gpu.
+allow gpuservice dumpstate:fd use;
+allow gpuservice dumpstate:fifo_file write;
+
 add_service(gpuservice, gpu_service)
 
 # Only uncomment below line when in development

prebuilts/api/29.0/private/shell.te

@@ -52,7 +52,7 @@ binder_call(shell, statsd);
 
 # Allow shell to read and unlink traces stored in /data/misc/perfetto-traces.
 allow shell perfetto_traces_data_file:dir rw_dir_perms;
-allow shell perfetto_traces_data_file:file r_file_perms;
+allow shell perfetto_traces_data_file:file { r_file_perms unlink };
 
 # Allow shell to run adb shell cmd gpu commands.
 binder_call(shell, gpuservice);

prebuilts/api/29.0/public/property_contexts

@@ -89,6 +89,7 @@ persist.sys.sf.native_mode u:object_r:exported2_system_prop:s0 exact int
 pm.dexopt.ab-ota u:object_r:exported_pm_prop:s0 exact string
 pm.dexopt.bg-dexopt u:object_r:exported_pm_prop:s0 exact string
 pm.dexopt.boot u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.disable_bg_dexopt u:object_r:exported_pm_prop:s0 exact bool
 pm.dexopt.downgrade_after_inactive_days u:object_r:exported_pm_prop:s0 exact int
 pm.dexopt.first-boot u:object_r:exported_pm_prop:s0 exact string
 pm.dexopt.inactive u:object_r:exported_pm_prop:s0 exact string

private/adbd.te

@@ -23,6 +23,10 @@ recovery_only(`
   unix_socket_connect(adbd, recovery, recovery)
 ')
 
+# Control Perfetto traced and obtain traces from it.
+# Needed to allow port forwarding directly to traced.
+unix_socket_connect(adbd, traced_consumer, traced)
+
 # Do not sanitize the environment or open fds of the shell. Allow signaling
 # created processes.
 allow adbd shell:process { noatsecure signal };

private/gpuservice.te

@@ -31,6 +31,10 @@ allow gpuservice adbd:unix_stream_socket { read write getattr };
 # Needed for interactive shell
 allow gpuservice devpts:chr_file { read write getattr };
 
+# Needed for dumpstate to dumpsys gpu.
+allow gpuservice dumpstate:fd use;
+allow gpuservice dumpstate:fifo_file write;
+
 add_service(gpuservice, gpu_service)
 
 # Only uncomment below line when in development

private/shell.te

@@ -52,7 +52,7 @@ binder_call(shell, statsd);
 
 # Allow shell to read and unlink traces stored in /data/misc/perfetto-traces.
 allow shell perfetto_traces_data_file:dir rw_dir_perms;
-allow shell perfetto_traces_data_file:file r_file_perms;
+allow shell perfetto_traces_data_file:file { r_file_perms unlink };
 
 # Allow shell to run adb shell cmd gpu commands.
 binder_call(shell, gpuservice);

public/property_contexts

@@ -89,6 +89,7 @@ persist.sys.sf.native_mode u:object_r:exported2_system_prop:s0 exact int
 pm.dexopt.ab-ota u:object_r:exported_pm_prop:s0 exact string
 pm.dexopt.bg-dexopt u:object_r:exported_pm_prop:s0 exact string
 pm.dexopt.boot u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.disable_bg_dexopt u:object_r:exported_pm_prop:s0 exact bool
 pm.dexopt.downgrade_after_inactive_days u:object_r:exported_pm_prop:s0 exact int
 pm.dexopt.first-boot u:object_r:exported_pm_prop:s0 exact string
 pm.dexopt.inactive u:object_r:exported_pm_prop:s0 exact string