Merge "add shamu to lunch menu" into lp5.0
diff --git a/config/common.mk b/config/common.mk
index 792acff..73383e6 100644
--- a/config/common.mk
+++ b/config/common.mk
@@ -37,7 +37,8 @@
vendor/slim/prebuilt/common/etc/init.local.rc:root/init.slim.rc
# Copy latinime for gesture typing
-
+PRODUCT_COPY_FILES += \
+ vendor/slim/prebuilt/common/lib/libjni_latinimegoogle.so:system/lib/libjni_latinimegoogle.so
# SELinux filesystem labels
PRODUCT_COPY_FILES += \
@@ -144,7 +145,7 @@
# SlimLP first version.
PRODUCT_VERSION_MAJOR = 5.0
PRODUCT_VERSION_MINOR = alpha
-PRODUCT_VERSION_MAINTENANCE = 0.5
+PRODUCT_VERSION_MAINTENANCE = 0.6
ifdef SLIM_BUILD_EXTRA
SLIM_POSTFIX := -$(SLIM_BUILD_EXTRA)
endif
diff --git a/prebuilt/common/lib/libjni_latinimegoogle.so b/prebuilt/common/lib/libjni_latinimegoogle.so
new file mode 100644
index 0000000..5152f2d
--- /dev/null
+++ b/prebuilt/common/lib/libjni_latinimegoogle.so
Binary files differ
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 9e7f998..902831b 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -4,6 +4,11 @@
/system/bin/auditd u:object_r:logd_exec:s0
/data/misc/audit(/.*)? u:object_r:auditd_log:s0
+/system/bin/sysinit u:object_r:sysinit_exec:s0
+
+# For minivold in recovery
+/sbin/minivold u:object_r:vold_exec:s0
+
#############################
# performance-related sysfs files (CM)
/sys/kernel/mm/ksm(/.*)? -- u:object_r:sysfs_writable:s0
@@ -12,3 +17,11 @@
/data/hostapd(/.*)? u:object_r:wifi_data_file:s0
/data/misc/radio(/.*)? u:object_r:radio_data_file:s0
+
+#############
+# Superuser's control sockets
+/dev/com.android.settings.daemon(/.*)? u:object_r:superuser_device:s0
+/dev/com.android.settings(/.*)? u:object_r:superuser_device:s0
+
+# Expansion of these hooks is a bit unconventional
+/cache/com.cyanogenmod.keyhandler.dex u:object_r:dalvikcache_data_file:s0
diff --git a/sepolicy/healthd.te b/sepolicy/healthd.te
new file mode 100644
index 0000000..4711cf5
--- /dev/null
+++ b/sepolicy/healthd.te
@@ -0,0 +1 @@
+allow healthd self:capability { dac_override dac_read_search };
diff --git a/sepolicy/hostapd.te b/sepolicy/hostapd.te
new file mode 100644
index 0000000..8a70f14
--- /dev/null
+++ b/sepolicy/hostapd.te
@@ -0,0 +1 @@
+allow hostapd netd:unix_dgram_socket sendto;
diff --git a/sepolicy/netd.te b/sepolicy/netd.te
index 4ad0b3e..9a0de3f 100644
--- a/sepolicy/netd.te
+++ b/sepolicy/netd.te
@@ -2,3 +2,7 @@
allow netd self:packet_socket create_socket_perms;
allow netd radio_data_file:dir rw_dir_perms;
allow netd radio_data_file:file create_file_perms;
+allow netd wpa_socket:dir rw_dir_perms;
+allow netd wpa_socket:sock_file create_file_perms;
+allow netd system_wpa_socket:sock_file create_file_perms;
+allow netd hostapd:unix_dgram_socket sendto;
diff --git a/sepolicy/property.te b/sepolicy/property.te
new file mode 100644
index 0000000..6892010
--- /dev/null
+++ b/sepolicy/property.te
@@ -0,0 +1 @@
+type adbtcp_prop, property_type;
diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts
new file mode 100644
index 0000000..dc77194
--- /dev/null
+++ b/sepolicy/property_contexts
@@ -0,0 +1 @@
+service.adb.tcp. u:object_r:adbtcp_prop:s0
diff --git a/sepolicy/recovery.te b/sepolicy/recovery.te
new file mode 100644
index 0000000..06bef3f
--- /dev/null
+++ b/sepolicy/recovery.te
@@ -0,0 +1,8 @@
+# Secure adb (setup_adbd)
+allow adbd adb_keys_file:dir search;
+allow recovery adb_keys_file:file r_file_perms;
+allow recovery shell_prop:property_service set;
+
+# Recovery dialogs
+unix_socket_connect(recovery, vold, vold)
+allow recovery tmpfs:sock_file create_file_perms;
diff --git a/sepolicy/sepolicy.mk b/sepolicy/sepolicy.mk
index 408017f..9a35888 100644
--- a/sepolicy/sepolicy.mk
+++ b/sepolicy/sepolicy.mk
@@ -10,10 +10,18 @@
file.te \
file_contexts \
genfs_contexts \
+ property_contexts \
seapp_contexts \
auditd.te \
+ healthd.te \
+ hostapd.te \
installd.te \
netd.te \
+ property.te \
+ recovery.te \
+ shell.te \
+ su.te \
+ sysinit.te \
system.te \
ueventd.te \
vold.te \
diff --git a/sepolicy/shell.te b/sepolicy/shell.te
new file mode 100644
index 0000000..48b4777
--- /dev/null
+++ b/sepolicy/shell.te
@@ -0,0 +1 @@
+allow shell adbtcp_prop:property_service set;
diff --git a/sepolicy/su.te b/sepolicy/su.te
new file mode 100644
index 0000000..76e4176
--- /dev/null
+++ b/sepolicy/su.te
@@ -0,0 +1,61 @@
+type superuser_device, file_type;
+
+## Perms for the daemon
+
+type sudaemon, domain;
+
+userdebug_or_eng(`
+ domain_trans(init, su_exec, sudaemon)
+ # The userspace app uses /dev sockets to control per-app access
+ allow sudaemon superuser_device:dir { create rw_dir_perms setattr unlink };
+ allow sudaemon superuser_device:sock_file { create setattr unlink write };
+
+ # sudaemon is also permissive to permit setenforce.
+ permissive sudaemon;
+
+ # Add sudaemon to various domains
+ net_domain(sudaemon)
+ app_domain(sudaemon)
+
+ dontaudit sudaemon self:capability_class_set *;
+ dontaudit sudaemon kernel:security *;
+ dontaudit sudaemon kernel:system *;
+ dontaudit sudaemon self:memprotect *;
+ dontaudit sudaemon domain:process *;
+ dontaudit sudaemon domain:fd *;
+ dontaudit sudaemon domain:dir *;
+ dontaudit sudaemon domain:lnk_file *;
+ dontaudit sudaemon domain:{ fifo_file file } *;
+ dontaudit sudaemon domain:socket_class_set *;
+ dontaudit sudaemon domain:ipc_class_set *;
+ dontaudit sudaemon domain:key *;
+ dontaudit sudaemon fs_type:filesystem *;
+ dontaudit sudaemon {fs_type dev_type file_type}:dir_file_class_set *;
+ dontaudit sudaemon node_type:node *;
+ dontaudit sudaemon node_type:{ tcp_socket udp_socket rawip_socket } *;
+ dontaudit sudaemon netif_type:netif *;
+ dontaudit sudaemon port_type:socket_class_set *;
+ dontaudit sudaemon port_type:{ tcp_socket dccp_socket } *;
+ dontaudit sudaemon domain:peer *;
+ dontaudit sudaemon domain:binder *;
+ dontaudit sudaemon property_type:property_service *;
+')
+
+## Perms for the app
+
+userdebug_or_eng(`
+ typealias shell alias suclient;
+
+ # Translate user apps to the shell domain when using su
+ domain_auto_trans(untrusted_app, su_exec, suclient)
+
+ allow suclient sudaemon:unix_stream_socket { connectto read write setopt ioctl };
+
+ allow suclient superuser_device:dir { create rw_dir_perms setattr unlink };
+ allow suclient superuser_device:sock_file { create setattr unlink write };
+ allow suclient untrusted_app_devpts:chr_file { read write ioctl };
+ # For Settings control of access
+ allow system_app superuser_device:sock_file { read write create setattr unlink getattr };
+ allow system_app sudaemon:unix_stream_socket { connectto read write setopt ioctl };
+ allow system_app superuser_device:dir { create rw_dir_perms setattr unlink };
+')
diff --git a/sepolicy/sysinit.te b/sepolicy/sysinit.te
new file mode 100644
index 0000000..dea539e
--- /dev/null
+++ b/sepolicy/sysinit.te
@@ -0,0 +1,11 @@
+type sysinit, domain;
+type sysinit_exec, exec_type, file_type;
+
+init_daemon_domain(sysinit)
+
+#============= sysinit ==============
+allow sysinit devpts:chr_file { rw_file_perms };
+allow sysinit shell_exec:file { rx_file_perms };
+allow sysinit system_file:file { rx_file_perms };
+allow sysinit self:process setcurrent;
+
diff --git a/sepolicy/system.te b/sepolicy/system.te
index 4c6de38..ca07e6f 100644
--- a/sepolicy/system.te
+++ b/sepolicy/system.te
@@ -1 +1,8 @@
allow system_server wallpaper_file:file relabelto;
+allow system_server dalvikcache_data_file:file write;
+
+# allow adb related properties to be set
+allow system_server adbtcp_prop:property_service set;
+
+allow system_server dhcp_data_file:dir r_dir_perms;
+allow system_server dhcp_data_file:file r_file_perms;
diff --git a/sepolicy/vold.te b/sepolicy/vold.te
index ae52a5f..241f191 100644
--- a/sepolicy/vold.te
+++ b/sepolicy/vold.te
@@ -1,3 +1,5 @@
+domain_trans(init, rootfs, vold)
+
# Allow vold to manage ASEC
allow vold sdcard_external:file create_file_perms;
diff --git a/vendorsetup.sh b/vendorsetup.sh
index 2ec0271..d293f58 100644
--- a/vendorsetup.sh
+++ b/vendorsetup.sh
@@ -28,7 +28,13 @@
add_lunch_combo slim_i925-userdebug
add_lunch_combo slim_i9300-userdebug
add_lunch_combo slim_i9500-userdebug
-add_lunch_combo slim_jflte-userdebug
+add_lunch_combo slim_jflteatt-userdebug
+add_lunch_combo slim_jfltecan-userdebug
+add_lunch_combo slim_jfltespr-userdebug
+add_lunch_combo slim_jfltetmo-userdebug
+add_lunch_combo slim_jflteusc-userdebug
+add_lunch_combo slim_jfltevzw-userdebug
+add_lunch_combo slim_jfltexx-userdebug
add_lunch_combo slim_ls980-userdebug
add_lunch_combo slim_m7-userdebug
add_lunch_combo slim_m7spr-userdebug