Changes for May 2024, syncing up to 20240508
This commit is contained in:
Andy CrossGate Yan
@@ -1,7 +1,7 @@
|
||||
From aa65bb6381fb25d333263a53a304c02fd718521b Mon Sep 17 00:00:00 2001
|
||||
From 6c9e6785e1e4de23d9780b549a53e57bc0c99e0e Mon Sep 17 00:00:00 2001
|
||||
From: Pierre-Hugues Husson <phh@phh.me>
|
||||
Date: Fri, 6 Oct 2023 08:25:11 -0400
|
||||
Subject: [PATCH] Revert "Remove 28.0 compat support"
|
||||
Subject: [PATCH 1/2] Revert "Remove 28.0 compat support"
|
||||
|
||||
This reverts commit d16612cd8aed0de2ca889174f1a7033137260ecd.
|
||||
|
||||
@@ -703,7 +703,7 @@ Change-Id: I2b0c61ced1f9651f74da85d1228d7260cc782c80
|
||||
create mode 100644 private/compat/28.0/28.0.ignore.cil
|
||||
|
||||
diff --git a/compat/Android.bp b/compat/Android.bp
|
||||
index 04a239e02..61acd4069 100644
|
||||
index 2c6239f70..528f0a8d8 100644
|
||||
--- a/compat/Android.bp
|
||||
+++ b/compat/Android.bp
|
||||
@@ -23,6 +23,13 @@ package {
|
||||
@@ -762,8 +762,8 @@ index 04a239e02..61acd4069 100644
|
||||
se_cil_compat_map {
|
||||
name: "plat_29.0.cil",
|
||||
stem: "29.0.cil",
|
||||
@@ -162,6 +190,14 @@ se_cil_compat_map {
|
||||
bottom_half: [":33.0.board.compat.map{.plat_private}"],
|
||||
@@ -168,6 +196,14 @@ se_cil_compat_map {
|
||||
version: "33.0",
|
||||
}
|
||||
|
||||
+se_cil_compat_map {
|
||||
@@ -777,8 +777,8 @@ index 04a239e02..61acd4069 100644
|
||||
se_cil_compat_map {
|
||||
name: "system_ext_29.0.cil",
|
||||
stem: "29.0.cil",
|
||||
@@ -201,6 +237,14 @@ se_cil_compat_map {
|
||||
system_ext_specific: true,
|
||||
@@ -213,6 +249,14 @@ se_cil_compat_map {
|
||||
version: "33.0",
|
||||
}
|
||||
|
||||
+se_cil_compat_map {
|
||||
@@ -792,8 +792,8 @@ index 04a239e02..61acd4069 100644
|
||||
se_cil_compat_map {
|
||||
name: "product_29.0.cil",
|
||||
stem: "29.0.cil",
|
||||
@@ -240,6 +284,12 @@ se_cil_compat_map {
|
||||
product_specific: true,
|
||||
@@ -258,6 +302,12 @@ se_cil_compat_map {
|
||||
version: "33.0",
|
||||
}
|
||||
|
||||
+se_cil_compat_map {
|
||||
@@ -805,8 +805,8 @@ index 04a239e02..61acd4069 100644
|
||||
se_cil_compat_map {
|
||||
name: "29.0.ignore.cil",
|
||||
bottom_half: [":29.0.board.ignore.map{.plat_private}"],
|
||||
@@ -323,6 +373,11 @@ se_cil_compat_map {
|
||||
product_specific: true,
|
||||
@@ -357,6 +407,11 @@ se_cil_compat_map {
|
||||
version: "33.0",
|
||||
}
|
||||
|
||||
+se_compat_cil {
|
||||
@@ -817,8 +817,8 @@ index 04a239e02..61acd4069 100644
|
||||
se_compat_cil {
|
||||
name: "29.0.compat.cil",
|
||||
srcs: [":29.0.board.compat.cil{.plat_private}"],
|
||||
@@ -348,6 +403,13 @@ se_compat_cil {
|
||||
srcs: [":33.0.board.compat.cil{.plat_private}"],
|
||||
@@ -387,6 +442,13 @@ se_compat_cil {
|
||||
version: "33.0",
|
||||
}
|
||||
|
||||
+se_compat_cil {
|
||||
@@ -34425,5 +34425,5 @@ index 000000000..7213f9542
|
||||
+ vrflinger_vsync_service
|
||||
+ watchdogd_tmpfs))
|
||||
--
|
||||
2.25.1
|
||||
2.34.1
|
||||
|
||||
|
||||
@@ -0,0 +1,31 @@
|
||||
From b5ae14d08e62bda486db4c9c3f54fd08d9e11158 Mon Sep 17 00:00:00 2001
|
||||
From: danielzhang130 <37479705+danielzhang130@users.noreply.github.com>
|
||||
Date: Fri, 12 Apr 2024 13:01:08 -0400
|
||||
Subject: [PATCH 2/2] Fix sepolicy for kernel < 5.10 that doesn't support bpf
|
||||
file context (#1)
|
||||
|
||||
Change-Id: I877bd90b1dc74c9d2f7713c70fd9aebd92331085
|
||||
|
||||
Signed-off-by: Daniel Zhang <danielzhang130@gmail.com>
|
||||
---
|
||||
private/network_stack.te | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/private/network_stack.te b/private/network_stack.te
|
||||
index 7587c1f46..9e6bd4b12 100644
|
||||
--- a/private/network_stack.te
|
||||
+++ b/private/network_stack.te
|
||||
@@ -61,8 +61,8 @@ hal_client_domain(network_stack, hal_tetheroffload)
|
||||
allow network_stack self:netlink_netfilter_socket create_socket_perms_no_ioctl;
|
||||
allow network_stack network_stack_service:service_manager find;
|
||||
# allow Tethering(network_stack process) to run/update/read the eBPF maps to offload tethering traffic by eBPF.
|
||||
-allow network_stack { fs_bpf_net_private fs_bpf_net_shared fs_bpf_netd_readonly fs_bpf_netd_shared fs_bpf_tethering }:dir search;
|
||||
-allow network_stack { fs_bpf_net_private fs_bpf_net_shared fs_bpf_netd_readonly fs_bpf_netd_shared fs_bpf_tethering }:file { getattr read write };
|
||||
+allow network_stack { fs_bpf fs_bpf_net_private fs_bpf_net_shared fs_bpf_netd_readonly fs_bpf_netd_shared fs_bpf_tethering }:dir search;
|
||||
+allow network_stack { fs_bpf fs_bpf_net_private fs_bpf_net_shared fs_bpf_netd_readonly fs_bpf_netd_shared fs_bpf_tethering }:file { getattr read write };
|
||||
allow network_stack bpfloader:bpf { map_read map_write prog_run };
|
||||
# allow Tethering(network_stack process) to read flag value in tethering_u_or_later_native namespace
|
||||
get_prop(network_stack, device_config_tethering_u_or_later_native_prop)
|
||||
--
|
||||
2.34.1
|
||||
|
||||
Reference in New Issue
Block a user