Merge "Add policy to allow EmergencyAffordanceService to dump state"
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index 1f3cd25..39d1aee 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -91,6 +91,7 @@
snapshotctl_log_data_file
socket_hook_prop
soundtrigger_middleware_service
+ storage_config_prop
sysfs_dm_verity
system_adbd_prop
system_config_service
diff --git a/private/ephemeral_app.te b/private/ephemeral_app.te
index 56d4747..e004891 100644
--- a/private/ephemeral_app.te
+++ b/private/ephemeral_app.te
@@ -44,10 +44,6 @@
allow ephemeral_app drmserver_service:service_manager find;
allow ephemeral_app radio_service:service_manager find;
allow ephemeral_app ephemeral_app_api_service:service_manager find;
-allow ephemeral_app gpu_service:service_manager find;
-
-# Allow ephemeral apps to interact with gpuservice
-binder_call(ephemeral_app, gpuservice)
# Write app-specific trace data to the Perfetto traced damon. This requires
# connecting to its producer socket and obtaining a (per-process) tmpfs fd.
diff --git a/private/mediaprovider_app.te b/private/mediaprovider_app.te
index 7923649..fea903e 100644
--- a/private/mediaprovider_app.te
+++ b/private/mediaprovider_app.te
@@ -6,7 +6,7 @@
app_domain(mediaprovider_app)
# Access to /mnt/pass_through.
-allow mediaprovider_app mnt_pass_through_file:dir r_dir_perms;
+r_dir_file(mediaprovider_app, mnt_pass_through_file)
# Allow MediaProvider to host a FUSE daemon for external storage
allow mediaprovider_app fuse_device:chr_file { read write ioctl getattr };
diff --git a/private/platform_app.te b/private/platform_app.te
index 3beec38..ba6de5b 100644
--- a/private/platform_app.te
+++ b/private/platform_app.te
@@ -66,12 +66,8 @@
allow platform_app app_api_service:service_manager find;
allow platform_app system_api_service:service_manager find;
allow platform_app vr_manager_service:service_manager find;
-allow platform_app gpu_service:service_manager find;
allow platform_app stats_service:service_manager find;
-# Allow platform apps to interact with gpuservice
-binder_call(platform_app, gpuservice)
-
# Allow platform apps to log via statsd.
binder_call(platform_app, statsd)
diff --git a/private/priv_app.te b/private/priv_app.te
index db28bec..2325716 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -46,10 +46,6 @@
allow priv_app recovery_service:service_manager find;
allow priv_app stats_service:service_manager find;
-# Allow privileged apps to interact with gpuservice
-binder_call(priv_app, gpuservice)
-allow priv_app gpu_service:service_manager find;
-
# Write to /cache.
allow priv_app { cache_file cache_recovery_file }:dir create_dir_perms;
allow priv_app { cache_file cache_recovery_file }:file create_file_perms;
diff --git a/private/property_contexts b/private/property_contexts
index a63ac64..dc4d158 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -407,6 +407,9 @@
ro.dalvik.vm.native.bridge u:object_r:exported_dalvik_prop:s0 exact string
+external_storage.projid.enabled u:object_r:storage_config_prop:s0 exact bool
+external_storage.casefold.enabled u:object_r:storage_config_prop:s0 exact bool
+
ro.enable_boot_charger_mode u:object_r:exported3_default_prop:s0 exact bool
ro.gfx.driver.0 u:object_r:exported3_default_prop:s0 exact string
@@ -757,6 +760,7 @@
ro.vts.coverage u:object_r:exported_default_prop:s0 exact int
wifi.active.interface u:object_r:exported_wifi_prop:s0 exact string
+wifi.aware.interface u:object_r:exported_wifi_prop:s0 exact string
wifi.concurrent.interface u:object_r:exported_default_prop:s0 exact string
wifi.direct.interface u:object_r:exported_default_prop:s0 exact string
wifi.interface u:object_r:exported_default_prop:s0 exact string
diff --git a/private/recovery.te b/private/recovery.te
index eee1698..b522230 100644
--- a/private/recovery.te
+++ b/private/recovery.te
@@ -20,5 +20,8 @@
# Read ro.boot.bootreason
get_prop(recovery, bootloader_boot_reason_prop)
+ # Read storage properties (for correctly formatting filesystems)
+ get_prop(recovery, storage_config_prop)
+
set_prop(recovery, gsid_prop)
')
diff --git a/private/system_app.te b/private/system_app.te
index 0b77bb3..73acb95 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -84,9 +84,6 @@
# Allow system apps to interact with incidentd
binder_call(system_app, incidentd)
-# Allow system apps to interact with gpuservice
-binder_call(system_app, gpuservice)
-
# Allow system app to interact with Dumpstate HAL
hal_client_domain(system_app, hal_dumpstate)
diff --git a/private/traced.te b/private/traced.te
index 7ecfb7f..2410d7e 100644
--- a/private/traced.te
+++ b/private/traced.te
@@ -24,7 +24,10 @@
allow traced perfetto:fd use;
allow traced shell:fd use;
allow traced shell:fifo_file { read write };
-allow traced perfetto_traces_data_file:file { read write };
+
+# Allow the service to create new files within /data/misc/perfetto-traces.
+allow traced perfetto_traces_data_file:file create_file_perms;
+allow traced perfetto_traces_data_file:dir rw_dir_perms;
# Allow traceur to pass open file descriptors to traced, so traced can directly
# write into the output file without doing roundtrips over IPC.
@@ -78,6 +81,7 @@
# passed through the socket.
neverallow traced {
data_file_type
+ -perfetto_traces_data_file
-system_data_file
-system_data_root_file
# TODO(b/72998741) Remove vendor_data_file exemption. Further restricted in a
diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index d9fd5a1..4acc0e8 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -98,10 +98,6 @@
allow untrusted_app_all radio_service:service_manager find;
allow untrusted_app_all app_api_service:service_manager find;
allow untrusted_app_all vr_manager_service:service_manager find;
-allow untrusted_app_all gpu_service:service_manager find;
-
-# Allow untrusted apps to interact with gpuservice
-binder_call(untrusted_app_all, gpuservice)
# gdbserver for ndk-gdb ptrace attaches to app process.
allow untrusted_app_all self:process ptrace;
diff --git a/private/vold.te b/private/vold.te
index 3210779..3332d63 100644
--- a/private/vold.te
+++ b/private/vold.te
@@ -20,6 +20,7 @@
# Property Service
get_prop(vold, vold_config_prop)
+get_prop(vold, storage_config_prop);
set_prop(vold, vold_prop)
set_prop(vold, vold_status_prop)
diff --git a/public/app.te b/public/app.te
index e5b9fd6..2c8e335 100644
--- a/public/app.te
+++ b/public/app.te
@@ -219,6 +219,8 @@
binder_call(appdomain, appdomain)
# Perform binder IPC to ephemeral apps.
binder_call(appdomain, ephemeral_app)
+# Perform binder IPC to gpuservice.
+binder_call({ appdomain -isolated_app }, gpuservice)
# Talk with graphics composer fences
allow appdomain hal_graphics_composer:fd use;
@@ -566,6 +568,9 @@
-system_app
} { bluetooth_audio_hal_prop bluetooth_a2dp_offload_prop bluetooth_prop exported_bluetooth_prop }:file create_file_perms;
+# Don't allow apps access to storage configuration properties.
+neverallow appdomain storage_config_prop:file no_rw_file_perms;
+
# Apps cannot access proc_uid_time_in_state
neverallow appdomain proc_uid_time_in_state:file *;
diff --git a/public/domain.te b/public/domain.te
index 8a747ed..e6c6834 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -531,6 +531,7 @@
neverallow { domain -init } exported2_default_prop:property_service set;
neverallow { domain -init -vendor_init } exported3_default_prop:property_service set;
neverallow { domain -init -vendor_init } vendor_default_prop:property_service set;
+ neverallow { domain -init -vendor_init } storage_config_prop:property_service set;
')
compatible_property_only(`
diff --git a/public/hal_drm.te b/public/hal_drm.te
index d86edaf..5987491 100644
--- a/public/hal_drm.te
+++ b/public/hal_drm.te
@@ -24,6 +24,9 @@
allow hal_drm ion_device:chr_file rw_file_perms;
allow hal_drm hal_graphics_allocator:fd use;
+# Allow access to hidl_memory allocation service
+allow hal_drm hal_allocator_server:fd use;
+
# Allow access to fds allocated by mediaserver
allow hal_drm mediaserver:fd use;
diff --git a/public/property.te b/public/property.te
index cbf17bf..932dfab 100644
--- a/public/property.te
+++ b/public/property.te
@@ -107,6 +107,7 @@
system_vendor_config_prop(exported_default_prop)
system_vendor_config_prop(exported3_default_prop)
system_vendor_config_prop(media_variant_prop)
+system_vendor_config_prop(storage_config_prop)
system_vendor_config_prop(surfaceflinger_prop)
system_vendor_config_prop(systemsound_config_prop)
system_vendor_config_prop(userspace_reboot_config_prop)
diff --git a/public/service.te b/public/service.te
index d182dcd..7dc0e15 100644
--- a/public/service.te
+++ b/public/service.te
@@ -11,7 +11,7 @@
type fingerprintd_service, service_manager_type;
type hal_fingerprint_service, service_manager_type;
type gatekeeper_service, app_api_service, service_manager_type;
-type gpu_service, app_api_service, service_manager_type;
+type gpu_service, app_api_service, ephemeral_app_api_service, service_manager_type;
type idmap_service, service_manager_type;
type iorapd_service, service_manager_type;
type incident_service, service_manager_type;
diff --git a/vendor/hal_drm_default.te b/vendor/hal_drm_default.te
index cf8d894..e534762 100644
--- a/vendor/hal_drm_default.te
+++ b/vendor/hal_drm_default.te
@@ -6,5 +6,3 @@
allow hal_drm_default hal_codec2_server:fd use;
allow hal_drm_default hal_omx_server:fd use;
-
-allow hal_drm_default hal_allocator_server:fd use;