Merge "selinux: allow everybody to read flags from RO flag storage file" into main
diff --git a/Android.mk b/Android.mk
index 6b30fb2..dc62833 100644
--- a/Android.mk
+++ b/Android.mk
@@ -288,6 +288,7 @@
LOCAL_REQUIRED_MODULES += \
system_ext_file_contexts \
system_ext_file_contexts_test \
+ system_ext_keystore2_key_contexts \
system_ext_hwservice_contexts \
system_ext_hwservice_contexts_test \
system_ext_property_contexts \
@@ -336,6 +337,7 @@
LOCAL_REQUIRED_MODULES += \
product_file_contexts \
product_file_contexts_test \
+ product_keystore2_key_contexts \
product_hwservice_contexts \
product_hwservice_contexts_test \
product_property_contexts \
@@ -384,6 +386,7 @@
LOCAL_REQUIRED_MODULES += \
vendor_file_contexts \
vendor_file_contexts_test \
+ vendor_keystore2_key_contexts \
vendor_mac_permissions.xml \
vendor_property_contexts \
vendor_property_contexts_test \
diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index bb832eb..6ea7679 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go
@@ -151,355 +151,355 @@
"android.frameworks.location.altitude.IAltitudeService/default": EXCEPTION_NO_FUZZER,
"android.frameworks.sensorservice.ISensorManager/default": []string{"libsensorserviceaidl_fuzzer"},
"android.frameworks.stats.IStats/default": EXCEPTION_NO_FUZZER,
- "android.frameworks.vibrator.IVibratorControlService/default": EXCEPTION_NO_FUZZER,
+ "android.frameworks.vibrator.IVibratorControlService/default": EXCEPTION_NO_FUZZER,
"android.se.omapi.ISecureElementService/default": EXCEPTION_NO_FUZZER,
"android.system.keystore2.IKeystoreService/default": EXCEPTION_NO_FUZZER,
"android.system.net.netd.INetd/default": []string{"netd_hw_service_fuzzer"},
"android.system.suspend.ISystemSuspend/default": EXCEPTION_NO_FUZZER,
- "accessibility": EXCEPTION_NO_FUZZER,
- "account": EXCEPTION_NO_FUZZER,
- "activity": EXCEPTION_NO_FUZZER,
- "activity_task": EXCEPTION_NO_FUZZER,
- "adaptive_auth": EXCEPTION_NO_FUZZER,
- "adb": EXCEPTION_NO_FUZZER,
- "adservices_manager": EXCEPTION_NO_FUZZER,
- "aidl_lazy_test_1": EXCEPTION_NO_FUZZER,
- "aidl_lazy_test_2": EXCEPTION_NO_FUZZER,
- "aidl_lazy_test_quit": EXCEPTION_NO_FUZZER,
- "aidl_lazy_cb_test": EXCEPTION_NO_FUZZER,
- "alarm": EXCEPTION_NO_FUZZER,
- "android.hardware.automotive.evs.IEvsEnumerator/default": EXCEPTION_NO_FUZZER,
- "android.os.UpdateEngineService": []string{"update_engine_service_fuzzer"},
- "android.os.UpdateEngineStableService": []string{"update_engine_service_fuzzer"},
- "android.frameworks.automotive.display.ICarDisplayProxy/default": EXCEPTION_NO_FUZZER,
- "android.security.apc": EXCEPTION_NO_FUZZER,
- "android.security.authorization": []string{"authorization_service_fuzzer"},
- "android.security.compat": EXCEPTION_NO_FUZZER,
- "android.security.dice.IDiceMaintenance": EXCEPTION_NO_FUZZER,
- "android.security.dice.IDiceNode": EXCEPTION_NO_FUZZER,
- "android.security.identity": []string{"credstore_service_fuzzer"},
- "android.security.keystore": EXCEPTION_NO_FUZZER,
- "android.security.legacykeystore": EXCEPTION_NO_FUZZER,
- "android.security.maintenance": EXCEPTION_NO_FUZZER,
- "android.security.metrics": EXCEPTION_NO_FUZZER,
- "android.service.gatekeeper.IGateKeeperService": []string{"gatekeeperd_service_fuzzer"},
- "android.system.composd": EXCEPTION_NO_FUZZER,
+ "accessibility": EXCEPTION_NO_FUZZER,
+ "account": EXCEPTION_NO_FUZZER,
+ "activity": EXCEPTION_NO_FUZZER,
+ "activity_task": EXCEPTION_NO_FUZZER,
+ "adaptive_auth": EXCEPTION_NO_FUZZER,
+ "adb": EXCEPTION_NO_FUZZER,
+ "adservices_manager": EXCEPTION_NO_FUZZER,
+ "aidl_lazy_test_1": EXCEPTION_NO_FUZZER,
+ "aidl_lazy_test_2": EXCEPTION_NO_FUZZER,
+ "aidl_lazy_test_quit": EXCEPTION_NO_FUZZER,
+ "aidl_lazy_cb_test": EXCEPTION_NO_FUZZER,
+ "alarm": EXCEPTION_NO_FUZZER,
+ "android.hardware.automotive.evs.IEvsEnumerator/default": EXCEPTION_NO_FUZZER,
+ "android.os.UpdateEngineService": []string{"update_engine_service_fuzzer"},
+ "android.os.UpdateEngineStableService": []string{"update_engine_service_fuzzer"},
+ "android.frameworks.automotive.display.ICarDisplayProxy/default": EXCEPTION_NO_FUZZER,
+ "android.security.apc": EXCEPTION_NO_FUZZER,
+ "android.security.authorization": []string{"authorization_service_fuzzer"},
+ "android.security.compat": EXCEPTION_NO_FUZZER,
+ "android.security.dice.IDiceMaintenance": EXCEPTION_NO_FUZZER,
+ "android.security.dice.IDiceNode": EXCEPTION_NO_FUZZER,
+ "android.security.identity": []string{"credstore_service_fuzzer"},
+ "android.security.keystore": EXCEPTION_NO_FUZZER,
+ "android.security.legacykeystore": EXCEPTION_NO_FUZZER,
+ "android.security.maintenance": EXCEPTION_NO_FUZZER,
+ "android.security.metrics": EXCEPTION_NO_FUZZER,
+ "android.service.gatekeeper.IGateKeeperService": []string{"gatekeeperd_service_fuzzer"},
+ "android.system.composd": EXCEPTION_NO_FUZZER,
// TODO(b/294158658): add fuzzer
"android.hardware.security.keymint.IRemotelyProvisionedComponent/avf": EXCEPTION_NO_FUZZER,
- "android.system.virtualizationservice": EXCEPTION_NO_FUZZER,
- "android.system.virtualizationservice_internal.IVfioHandler": EXCEPTION_NO_FUZZER,
- "android.system.virtualizationservice_internal.IVmnic": EXCEPTION_NO_FUZZER,
- "android.system.virtualizationmaintenance": EXCEPTION_NO_FUZZER,
- "ambient_context": EXCEPTION_NO_FUZZER,
- "app_binding": EXCEPTION_NO_FUZZER,
- "app_hibernation": EXCEPTION_NO_FUZZER,
- "app_integrity": EXCEPTION_NO_FUZZER,
- "app_prediction": EXCEPTION_NO_FUZZER,
- "app_search": EXCEPTION_NO_FUZZER,
- "apexservice": EXCEPTION_NO_FUZZER,
- "archive": EXCEPTION_NO_FUZZER,
- "attestation_verification": EXCEPTION_NO_FUZZER,
- "blob_store": EXCEPTION_NO_FUZZER,
- "gsiservice": EXCEPTION_NO_FUZZER,
- "appops": EXCEPTION_NO_FUZZER,
- "appwidget": EXCEPTION_NO_FUZZER,
- "artd": []string{"artd_fuzzer"},
- "artd_pre_reboot": []string{"artd_fuzzer"},
- "assetatlas": EXCEPTION_NO_FUZZER,
- "attention": EXCEPTION_NO_FUZZER,
- "audio": EXCEPTION_NO_FUZZER,
- "auth": EXCEPTION_NO_FUZZER,
- "autofill": EXCEPTION_NO_FUZZER,
- "background_install_control": EXCEPTION_NO_FUZZER,
- "backup": EXCEPTION_NO_FUZZER,
- "batteryproperties": EXCEPTION_NO_FUZZER,
- "batterystats": EXCEPTION_NO_FUZZER,
- "battery": EXCEPTION_NO_FUZZER,
- "binder_calls_stats": EXCEPTION_NO_FUZZER,
- "biometric": EXCEPTION_NO_FUZZER,
- "bluetooth_manager": EXCEPTION_NO_FUZZER,
- "bluetooth": EXCEPTION_NO_FUZZER,
- "broadcastradio": EXCEPTION_NO_FUZZER,
- "bugreport": EXCEPTION_NO_FUZZER,
- "cacheinfo": EXCEPTION_NO_FUZZER,
- "carrier_config": EXCEPTION_NO_FUZZER,
- "clipboard": EXCEPTION_NO_FUZZER,
- "cloudsearch": EXCEPTION_NO_FUZZER,
- "cloudsearch_service": EXCEPTION_NO_FUZZER,
- "com.android.net.IProxyService": EXCEPTION_NO_FUZZER,
- "companiondevice": EXCEPTION_NO_FUZZER,
- "communal": EXCEPTION_NO_FUZZER,
- "platform_compat": EXCEPTION_NO_FUZZER,
- "platform_compat_native": EXCEPTION_NO_FUZZER,
- "connectivity": EXCEPTION_NO_FUZZER,
- "connectivity_native": EXCEPTION_NO_FUZZER,
- "connmetrics": EXCEPTION_NO_FUZZER,
- "consumer_ir": EXCEPTION_NO_FUZZER,
- "content": EXCEPTION_NO_FUZZER,
- "content_capture": EXCEPTION_NO_FUZZER,
- "content_suggestions": EXCEPTION_NO_FUZZER,
- "contexthub": EXCEPTION_NO_FUZZER,
- "contextual_search": EXCEPTION_NO_FUZZER,
- "country_detector": EXCEPTION_NO_FUZZER,
- "coverage": EXCEPTION_NO_FUZZER,
- "cpuinfo": EXCEPTION_NO_FUZZER,
- "cpu_monitor": EXCEPTION_NO_FUZZER,
- "credential": EXCEPTION_NO_FUZZER,
- "crossprofileapps": EXCEPTION_NO_FUZZER,
- "dataloader_manager": EXCEPTION_NO_FUZZER,
- "dbinfo": EXCEPTION_NO_FUZZER,
- "device_config": EXCEPTION_NO_FUZZER,
- "device_config_updatable": EXCEPTION_NO_FUZZER,
- "device_policy": EXCEPTION_NO_FUZZER,
- "device_identifiers": EXCEPTION_NO_FUZZER,
- "deviceidle": EXCEPTION_NO_FUZZER,
- "device_lock": EXCEPTION_NO_FUZZER,
- "device_state": EXCEPTION_NO_FUZZER,
- "devicestoragemonitor": EXCEPTION_NO_FUZZER,
- "dexopt_chroot_setup": []string{"dexopt_chroot_setup_fuzzer"},
- "diskstats": EXCEPTION_NO_FUZZER,
- "display": EXCEPTION_NO_FUZZER,
- "dnsresolver": []string{"resolv_service_fuzzer"},
- "domain_verification": EXCEPTION_NO_FUZZER,
- "color_display": EXCEPTION_NO_FUZZER,
- "netd_listener": EXCEPTION_NO_FUZZER,
- "network_watchlist": EXCEPTION_NO_FUZZER,
- "DockObserver": EXCEPTION_NO_FUZZER,
- "dreams": EXCEPTION_NO_FUZZER,
- "drm.drmManager": []string{"drmserver_fuzzer"},
- "dropbox": EXCEPTION_NO_FUZZER,
- "dumpstate": EXCEPTION_NO_FUZZER,
- "dynamic_system": EXCEPTION_NO_FUZZER,
- "econtroller": EXCEPTION_NO_FUZZER,
- "ecm_enhanced_confirmation": EXCEPTION_NO_FUZZER,
- "emergency_affordance": EXCEPTION_NO_FUZZER,
- "euicc_card_controller": EXCEPTION_NO_FUZZER,
- "external_vibrator_service": EXCEPTION_NO_FUZZER,
- "ethernet": EXCEPTION_NO_FUZZER,
- "face": EXCEPTION_NO_FUZZER,
- "file_integrity": EXCEPTION_NO_FUZZER,
- "fingerprint": EXCEPTION_NO_FUZZER,
- "feature_flags": EXCEPTION_NO_FUZZER,
- "font": EXCEPTION_NO_FUZZER,
+ "android.system.virtualizationservice": []string{"virtualizationmanager_fuzzer"},
+ "android.system.virtualizationservice_internal.IVfioHandler": EXCEPTION_NO_FUZZER,
+ "android.system.virtualizationservice_internal.IVmnic": EXCEPTION_NO_FUZZER,
+ "android.system.virtualizationmaintenance": EXCEPTION_NO_FUZZER,
+ "ambient_context": EXCEPTION_NO_FUZZER,
+ "app_binding": EXCEPTION_NO_FUZZER,
+ "app_hibernation": EXCEPTION_NO_FUZZER,
+ "app_integrity": EXCEPTION_NO_FUZZER,
+ "app_prediction": EXCEPTION_NO_FUZZER,
+ "app_search": EXCEPTION_NO_FUZZER,
+ "apexservice": EXCEPTION_NO_FUZZER,
+ "archive": EXCEPTION_NO_FUZZER,
+ "attestation_verification": EXCEPTION_NO_FUZZER,
+ "blob_store": EXCEPTION_NO_FUZZER,
+ "gsiservice": EXCEPTION_NO_FUZZER,
+ "appops": EXCEPTION_NO_FUZZER,
+ "appwidget": EXCEPTION_NO_FUZZER,
+ "artd": []string{"artd_fuzzer"},
+ "artd_pre_reboot": []string{"artd_fuzzer"},
+ "assetatlas": EXCEPTION_NO_FUZZER,
+ "attention": EXCEPTION_NO_FUZZER,
+ "audio": EXCEPTION_NO_FUZZER,
+ "auth": EXCEPTION_NO_FUZZER,
+ "autofill": EXCEPTION_NO_FUZZER,
+ "background_install_control": EXCEPTION_NO_FUZZER,
+ "backup": EXCEPTION_NO_FUZZER,
+ "batteryproperties": EXCEPTION_NO_FUZZER,
+ "batterystats": EXCEPTION_NO_FUZZER,
+ "battery": EXCEPTION_NO_FUZZER,
+ "binder_calls_stats": EXCEPTION_NO_FUZZER,
+ "biometric": EXCEPTION_NO_FUZZER,
+ "bluetooth_manager": EXCEPTION_NO_FUZZER,
+ "bluetooth": EXCEPTION_NO_FUZZER,
+ "broadcastradio": EXCEPTION_NO_FUZZER,
+ "bugreport": EXCEPTION_NO_FUZZER,
+ "cacheinfo": EXCEPTION_NO_FUZZER,
+ "carrier_config": EXCEPTION_NO_FUZZER,
+ "clipboard": EXCEPTION_NO_FUZZER,
+ "cloudsearch": EXCEPTION_NO_FUZZER,
+ "cloudsearch_service": EXCEPTION_NO_FUZZER,
+ "com.android.net.IProxyService": EXCEPTION_NO_FUZZER,
+ "companiondevice": EXCEPTION_NO_FUZZER,
+ "communal": EXCEPTION_NO_FUZZER,
+ "platform_compat": EXCEPTION_NO_FUZZER,
+ "platform_compat_native": EXCEPTION_NO_FUZZER,
+ "connectivity": EXCEPTION_NO_FUZZER,
+ "connectivity_native": EXCEPTION_NO_FUZZER,
+ "connmetrics": EXCEPTION_NO_FUZZER,
+ "consumer_ir": EXCEPTION_NO_FUZZER,
+ "content": EXCEPTION_NO_FUZZER,
+ "content_capture": EXCEPTION_NO_FUZZER,
+ "content_suggestions": EXCEPTION_NO_FUZZER,
+ "contexthub": EXCEPTION_NO_FUZZER,
+ "contextual_search": EXCEPTION_NO_FUZZER,
+ "country_detector": EXCEPTION_NO_FUZZER,
+ "coverage": EXCEPTION_NO_FUZZER,
+ "cpuinfo": EXCEPTION_NO_FUZZER,
+ "cpu_monitor": EXCEPTION_NO_FUZZER,
+ "credential": EXCEPTION_NO_FUZZER,
+ "crossprofileapps": EXCEPTION_NO_FUZZER,
+ "dataloader_manager": EXCEPTION_NO_FUZZER,
+ "dbinfo": EXCEPTION_NO_FUZZER,
+ "device_config": EXCEPTION_NO_FUZZER,
+ "device_config_updatable": EXCEPTION_NO_FUZZER,
+ "device_policy": EXCEPTION_NO_FUZZER,
+ "device_identifiers": EXCEPTION_NO_FUZZER,
+ "deviceidle": EXCEPTION_NO_FUZZER,
+ "device_lock": EXCEPTION_NO_FUZZER,
+ "device_state": EXCEPTION_NO_FUZZER,
+ "devicestoragemonitor": EXCEPTION_NO_FUZZER,
+ "dexopt_chroot_setup": []string{"dexopt_chroot_setup_fuzzer"},
+ "diskstats": EXCEPTION_NO_FUZZER,
+ "display": EXCEPTION_NO_FUZZER,
+ "dnsresolver": []string{"resolv_service_fuzzer"},
+ "domain_verification": EXCEPTION_NO_FUZZER,
+ "color_display": EXCEPTION_NO_FUZZER,
+ "netd_listener": EXCEPTION_NO_FUZZER,
+ "network_watchlist": EXCEPTION_NO_FUZZER,
+ "DockObserver": EXCEPTION_NO_FUZZER,
+ "dreams": EXCEPTION_NO_FUZZER,
+ "drm.drmManager": []string{"drmserver_fuzzer"},
+ "dropbox": EXCEPTION_NO_FUZZER,
+ "dumpstate": EXCEPTION_NO_FUZZER,
+ "dynamic_system": EXCEPTION_NO_FUZZER,
+ "econtroller": EXCEPTION_NO_FUZZER,
+ "ecm_enhanced_confirmation": EXCEPTION_NO_FUZZER,
+ "emergency_affordance": EXCEPTION_NO_FUZZER,
+ "euicc_card_controller": EXCEPTION_NO_FUZZER,
+ "external_vibrator_service": EXCEPTION_NO_FUZZER,
+ "ethernet": EXCEPTION_NO_FUZZER,
+ "face": EXCEPTION_NO_FUZZER,
+ "file_integrity": EXCEPTION_NO_FUZZER,
+ "fingerprint": EXCEPTION_NO_FUZZER,
+ "feature_flags": EXCEPTION_NO_FUZZER,
+ "font": EXCEPTION_NO_FUZZER,
"android.hardware.fingerprint.IFingerprintDaemon": EXCEPTION_NO_FUZZER,
- "game": EXCEPTION_NO_FUZZER,
- "gfxinfo": EXCEPTION_NO_FUZZER,
- "gnss_time_update_service": EXCEPTION_NO_FUZZER,
- "grammatical_inflection": EXCEPTION_NO_FUZZER,
- "graphicsstats": EXCEPTION_NO_FUZZER,
- "gpu": []string{"gpu_service_fuzzer"},
- "hardware": EXCEPTION_NO_FUZZER,
- "hardware_properties": EXCEPTION_NO_FUZZER,
- "hdmi_control": EXCEPTION_NO_FUZZER,
- "healthconnect": EXCEPTION_NO_FUZZER,
- "ions": EXCEPTION_NO_FUZZER,
- "idmap": EXCEPTION_NO_FUZZER,
- "incident": []string{"incidentd_service_fuzzer"},
- "incidentcompanion": EXCEPTION_NO_FUZZER,
- "inputflinger": EXCEPTION_NO_FUZZER,
- "input_method": EXCEPTION_NO_FUZZER,
- "input": EXCEPTION_NO_FUZZER,
- "installd": []string{"installd_service_fuzzer"},
- "iphonesubinfo_msim": EXCEPTION_NO_FUZZER,
- "iphonesubinfo2": EXCEPTION_NO_FUZZER,
- "iphonesubinfo": EXCEPTION_NO_FUZZER,
- "ims": EXCEPTION_NO_FUZZER,
- "imms": EXCEPTION_NO_FUZZER,
- "incremental": EXCEPTION_NO_FUZZER,
- "ipsec": EXCEPTION_NO_FUZZER,
- "ircsmessage": EXCEPTION_NO_FUZZER,
- "iris": EXCEPTION_NO_FUZZER,
- "isms_msim": EXCEPTION_NO_FUZZER,
- "isms2": EXCEPTION_NO_FUZZER,
- "isms": EXCEPTION_NO_FUZZER,
- "isub": EXCEPTION_NO_FUZZER,
- "jobscheduler": EXCEPTION_NO_FUZZER,
- "launcherapps": EXCEPTION_NO_FUZZER,
- "legacy_permission": EXCEPTION_NO_FUZZER,
- "lights": EXCEPTION_NO_FUZZER,
- "locale": EXCEPTION_NO_FUZZER,
- "location": EXCEPTION_NO_FUZZER,
- "location_time_zone_manager": EXCEPTION_NO_FUZZER,
- "lock_settings": EXCEPTION_NO_FUZZER,
- "logcat": EXCEPTION_NO_FUZZER,
- "logd": EXCEPTION_NO_FUZZER,
- "looper_stats": EXCEPTION_NO_FUZZER,
- "lpdump_service": EXCEPTION_NO_FUZZER,
- "mdns": EXCEPTION_NO_FUZZER,
- "media.aaudio": EXCEPTION_NO_FUZZER,
- "media.audio_flinger": []string{"audioflinger_aidl_fuzzer"},
- "media.audio_policy": []string{"audiopolicy_aidl_fuzzer"},
- "media.camera": []string{"camera_service_aidl_fuzzer"},
- "media.camera.proxy": EXCEPTION_NO_FUZZER,
- "media.log": EXCEPTION_NO_FUZZER,
- "media.player": []string{"media_player_service_fuzzer"},
- "media.metrics": []string{"mediametrics_aidl_fuzzer"},
- "media.extractor": []string{"mediaextractor_service_fuzzer"},
- "media.transcoding": EXCEPTION_NO_FUZZER,
- "media.resource_manager": []string{"resourcemanager_service_fuzzer", "mediaresourcemanager_fuzzer"},
- "media.resource_observer": EXCEPTION_NO_FUZZER,
- "media.sound_trigger_hw": EXCEPTION_NO_FUZZER,
- "media.drm": EXCEPTION_NO_FUZZER,
- "media.tuner": EXCEPTION_NO_FUZZER,
- "media_communication": EXCEPTION_NO_FUZZER,
- "media_metrics": EXCEPTION_NO_FUZZER,
- "media_projection": EXCEPTION_NO_FUZZER,
- "media_resource_monitor": EXCEPTION_NO_FUZZER,
- "media_router": EXCEPTION_NO_FUZZER,
- "media_session": EXCEPTION_NO_FUZZER,
- "meminfo": EXCEPTION_NO_FUZZER,
- "memtrack.proxy": EXCEPTION_NO_FUZZER,
- "midi": EXCEPTION_NO_FUZZER,
- "mount": EXCEPTION_NO_FUZZER,
- "music_recognition": EXCEPTION_NO_FUZZER,
- "nearby": EXCEPTION_NO_FUZZER,
- "netd": []string{"netd_native_service_fuzzer"},
- "netpolicy": EXCEPTION_NO_FUZZER,
- "netstats": EXCEPTION_NO_FUZZER,
- "network_stack": EXCEPTION_NO_FUZZER,
- "network_management": EXCEPTION_NO_FUZZER,
- "network_score": EXCEPTION_NO_FUZZER,
- "network_time_update_service": EXCEPTION_NO_FUZZER,
- "nfc": EXCEPTION_NO_FUZZER,
- "notification": EXCEPTION_NO_FUZZER,
- "oem_lock": EXCEPTION_NO_FUZZER,
+ "game": EXCEPTION_NO_FUZZER,
+ "gfxinfo": EXCEPTION_NO_FUZZER,
+ "gnss_time_update_service": EXCEPTION_NO_FUZZER,
+ "grammatical_inflection": EXCEPTION_NO_FUZZER,
+ "graphicsstats": EXCEPTION_NO_FUZZER,
+ "gpu": []string{"gpu_service_fuzzer"},
+ "hardware": EXCEPTION_NO_FUZZER,
+ "hardware_properties": EXCEPTION_NO_FUZZER,
+ "hdmi_control": EXCEPTION_NO_FUZZER,
+ "healthconnect": EXCEPTION_NO_FUZZER,
+ "ions": EXCEPTION_NO_FUZZER,
+ "idmap": EXCEPTION_NO_FUZZER,
+ "incident": []string{"incidentd_service_fuzzer"},
+ "incidentcompanion": EXCEPTION_NO_FUZZER,
+ "inputflinger": EXCEPTION_NO_FUZZER,
+ "input_method": EXCEPTION_NO_FUZZER,
+ "input": EXCEPTION_NO_FUZZER,
+ "installd": []string{"installd_service_fuzzer"},
+ "iphonesubinfo_msim": EXCEPTION_NO_FUZZER,
+ "iphonesubinfo2": EXCEPTION_NO_FUZZER,
+ "iphonesubinfo": EXCEPTION_NO_FUZZER,
+ "ims": EXCEPTION_NO_FUZZER,
+ "imms": EXCEPTION_NO_FUZZER,
+ "incremental": EXCEPTION_NO_FUZZER,
+ "ipsec": EXCEPTION_NO_FUZZER,
+ "ircsmessage": EXCEPTION_NO_FUZZER,
+ "iris": EXCEPTION_NO_FUZZER,
+ "isms_msim": EXCEPTION_NO_FUZZER,
+ "isms2": EXCEPTION_NO_FUZZER,
+ "isms": EXCEPTION_NO_FUZZER,
+ "isub": EXCEPTION_NO_FUZZER,
+ "jobscheduler": EXCEPTION_NO_FUZZER,
+ "launcherapps": EXCEPTION_NO_FUZZER,
+ "legacy_permission": EXCEPTION_NO_FUZZER,
+ "lights": EXCEPTION_NO_FUZZER,
+ "locale": EXCEPTION_NO_FUZZER,
+ "location": EXCEPTION_NO_FUZZER,
+ "location_time_zone_manager": EXCEPTION_NO_FUZZER,
+ "lock_settings": EXCEPTION_NO_FUZZER,
+ "logcat": EXCEPTION_NO_FUZZER,
+ "logd": EXCEPTION_NO_FUZZER,
+ "looper_stats": EXCEPTION_NO_FUZZER,
+ "lpdump_service": EXCEPTION_NO_FUZZER,
+ "mdns": EXCEPTION_NO_FUZZER,
+ "media.aaudio": EXCEPTION_NO_FUZZER,
+ "media.audio_flinger": []string{"audioflinger_aidl_fuzzer"},
+ "media.audio_policy": []string{"audiopolicy_aidl_fuzzer"},
+ "media.camera": []string{"camera_service_aidl_fuzzer"},
+ "media.camera.proxy": EXCEPTION_NO_FUZZER,
+ "media.log": EXCEPTION_NO_FUZZER,
+ "media.player": []string{"media_player_service_fuzzer"},
+ "media.metrics": []string{"mediametrics_aidl_fuzzer"},
+ "media.extractor": []string{"mediaextractor_service_fuzzer"},
+ "media.transcoding": EXCEPTION_NO_FUZZER,
+ "media.resource_manager": []string{"resourcemanager_service_fuzzer", "mediaresourcemanager_fuzzer"},
+ "media.resource_observer": EXCEPTION_NO_FUZZER,
+ "media.sound_trigger_hw": EXCEPTION_NO_FUZZER,
+ "media.drm": EXCEPTION_NO_FUZZER,
+ "media.tuner": EXCEPTION_NO_FUZZER,
+ "media_communication": EXCEPTION_NO_FUZZER,
+ "media_metrics": EXCEPTION_NO_FUZZER,
+ "media_projection": EXCEPTION_NO_FUZZER,
+ "media_resource_monitor": EXCEPTION_NO_FUZZER,
+ "media_router": EXCEPTION_NO_FUZZER,
+ "media_session": EXCEPTION_NO_FUZZER,
+ "meminfo": EXCEPTION_NO_FUZZER,
+ "memtrack.proxy": EXCEPTION_NO_FUZZER,
+ "midi": EXCEPTION_NO_FUZZER,
+ "mount": EXCEPTION_NO_FUZZER,
+ "music_recognition": EXCEPTION_NO_FUZZER,
+ "nearby": EXCEPTION_NO_FUZZER,
+ "netd": []string{"netd_native_service_fuzzer"},
+ "netpolicy": EXCEPTION_NO_FUZZER,
+ "netstats": EXCEPTION_NO_FUZZER,
+ "network_stack": EXCEPTION_NO_FUZZER,
+ "network_management": EXCEPTION_NO_FUZZER,
+ "network_score": EXCEPTION_NO_FUZZER,
+ "network_time_update_service": EXCEPTION_NO_FUZZER,
+ "nfc": EXCEPTION_NO_FUZZER,
+ "notification": EXCEPTION_NO_FUZZER,
+ "oem_lock": EXCEPTION_NO_FUZZER,
"ondevicepersonalization_system_service": EXCEPTION_NO_FUZZER,
- "on_device_intelligence": EXCEPTION_NO_FUZZER,
- "otadexopt": EXCEPTION_NO_FUZZER,
- "ot_daemon": []string{"ot_daemon_service_fuzzer"},
- "overlay": EXCEPTION_NO_FUZZER,
- "pac_proxy": EXCEPTION_NO_FUZZER,
- "package": EXCEPTION_NO_FUZZER,
- "package_native": EXCEPTION_NO_FUZZER,
- "people": EXCEPTION_NO_FUZZER,
- "performance_hint": EXCEPTION_NO_FUZZER,
- "permission": EXCEPTION_NO_FUZZER,
- "permissionmgr": EXCEPTION_NO_FUZZER,
- "permission_checker": EXCEPTION_NO_FUZZER,
- "persistent_data_block": EXCEPTION_NO_FUZZER,
- "phone_msim": EXCEPTION_NO_FUZZER,
- "phone1": EXCEPTION_NO_FUZZER,
- "phone2": EXCEPTION_NO_FUZZER,
- "phone": EXCEPTION_NO_FUZZER,
- "pinner": EXCEPTION_NO_FUZZER,
- "powerstats": EXCEPTION_NO_FUZZER,
- "power": EXCEPTION_NO_FUZZER,
- "print": EXCEPTION_NO_FUZZER,
- "processinfo": EXCEPTION_NO_FUZZER,
- "procstats": EXCEPTION_NO_FUZZER,
- "profcollectd": EXCEPTION_NO_FUZZER,
- "profiling_service": EXCEPTION_NO_FUZZER,
- "radio.phonesubinfo": EXCEPTION_NO_FUZZER,
- "radio.phone": EXCEPTION_NO_FUZZER,
- "radio.sms": EXCEPTION_NO_FUZZER,
- "rcs": EXCEPTION_NO_FUZZER,
- "reboot_readiness": EXCEPTION_NO_FUZZER,
- "recovery": EXCEPTION_NO_FUZZER,
- "remote_auth": EXCEPTION_NO_FUZZER,
- "remote_provisioning": EXCEPTION_NO_FUZZER,
- "resolver": EXCEPTION_NO_FUZZER,
- "resources": EXCEPTION_NO_FUZZER,
- "restrictions": EXCEPTION_NO_FUZZER,
- "rkpd.registrar": EXCEPTION_NO_FUZZER,
- "rkpd.refresh": EXCEPTION_NO_FUZZER,
- "role": EXCEPTION_NO_FUZZER,
- "rollback": EXCEPTION_NO_FUZZER,
- "rttmanager": EXCEPTION_NO_FUZZER,
- "runtime": EXCEPTION_NO_FUZZER,
- "safety_center": EXCEPTION_NO_FUZZER,
- "samplingprofiler": EXCEPTION_NO_FUZZER,
- "scheduling_policy": EXCEPTION_NO_FUZZER,
- "search": EXCEPTION_NO_FUZZER,
- "search_ui": EXCEPTION_NO_FUZZER,
- "secure_element": EXCEPTION_NO_FUZZER,
- "security_state": EXCEPTION_NO_FUZZER,
- "sec_key_att_app_id_provider": EXCEPTION_NO_FUZZER,
- "selection_toolbar": EXCEPTION_NO_FUZZER,
- "sensitive_content_protection_service": EXCEPTION_NO_FUZZER,
- "sensorservice": EXCEPTION_NO_FUZZER,
- "sensor_privacy": EXCEPTION_NO_FUZZER,
- "serial": EXCEPTION_NO_FUZZER,
- "servicediscovery": EXCEPTION_NO_FUZZER,
- "manager": []string{"servicemanager_fuzzer"},
- "settings": EXCEPTION_NO_FUZZER,
- "shortcut": EXCEPTION_NO_FUZZER,
- "simphonebook_msim": EXCEPTION_NO_FUZZER,
- "simphonebook2": EXCEPTION_NO_FUZZER,
- "simphonebook": EXCEPTION_NO_FUZZER,
- "sip": EXCEPTION_NO_FUZZER,
- "slice": EXCEPTION_NO_FUZZER,
- "smartspace": EXCEPTION_NO_FUZZER,
- "speech_recognition": EXCEPTION_NO_FUZZER,
- "stats": []string{"statsd_service_fuzzer"},
- "statsbootstrap": EXCEPTION_NO_FUZZER,
- "statscompanion": EXCEPTION_NO_FUZZER,
- "statsmanager": EXCEPTION_NO_FUZZER,
- "soundtrigger": EXCEPTION_NO_FUZZER,
- "soundtrigger_middleware": EXCEPTION_NO_FUZZER,
- "statusbar": EXCEPTION_NO_FUZZER,
- "storaged": []string{"storaged_service_fuzzer"},
- "storaged_pri": []string{"storaged_private_service_fuzzer"},
- "storagestats": EXCEPTION_NO_FUZZER,
- "sdk_sandbox": EXCEPTION_NO_FUZZER,
- "SurfaceFlinger": EXCEPTION_NO_FUZZER,
- "SurfaceFlingerAIDL": EXCEPTION_NO_FUZZER,
- "suspend_control": []string{"suspend_service_fuzzer"},
- "suspend_control_internal": []string{"suspend_service_internal_fuzzer"},
- "system_config": EXCEPTION_NO_FUZZER,
- "system_server_dumper": EXCEPTION_NO_FUZZER,
- "system_update": EXCEPTION_NO_FUZZER,
- "tare": EXCEPTION_NO_FUZZER,
- "task": EXCEPTION_NO_FUZZER,
- "telecom": EXCEPTION_NO_FUZZER,
- "telephony.registry": EXCEPTION_NO_FUZZER,
- "telephony_ims": EXCEPTION_NO_FUZZER,
- "testharness": EXCEPTION_NO_FUZZER,
- "tethering": EXCEPTION_NO_FUZZER,
- "textclassification": EXCEPTION_NO_FUZZER,
- "textservices": EXCEPTION_NO_FUZZER,
- "texttospeech": EXCEPTION_NO_FUZZER,
- "thread_network": EXCEPTION_NO_FUZZER,
- "time_detector": EXCEPTION_NO_FUZZER,
- "time_zone_detector": EXCEPTION_NO_FUZZER,
- "thermalservice": EXCEPTION_NO_FUZZER,
- "tracing.proxy": EXCEPTION_NO_FUZZER,
- "translation": EXCEPTION_NO_FUZZER,
- "transparency": EXCEPTION_NO_FUZZER,
- "trust": EXCEPTION_NO_FUZZER,
- "tv_ad": EXCEPTION_NO_FUZZER,
- "tv_interactive_app": EXCEPTION_NO_FUZZER,
- "tv_input": EXCEPTION_NO_FUZZER,
- "tv_tuner_resource_mgr": EXCEPTION_NO_FUZZER,
- "uce": EXCEPTION_NO_FUZZER,
- "uimode": EXCEPTION_NO_FUZZER,
- "updatelock": EXCEPTION_NO_FUZZER,
- "uri_grants": EXCEPTION_NO_FUZZER,
- "usagestats": EXCEPTION_NO_FUZZER,
- "usb": EXCEPTION_NO_FUZZER,
- "user": EXCEPTION_NO_FUZZER,
- "uwb": EXCEPTION_NO_FUZZER,
- "vcn_management": EXCEPTION_NO_FUZZER,
- "vibrator": EXCEPTION_NO_FUZZER,
- "vibrator_manager": EXCEPTION_NO_FUZZER,
- "virtualdevice": EXCEPTION_NO_FUZZER,
- "virtualdevice_native": EXCEPTION_NO_FUZZER,
- "virtual_camera": []string{"virtual_camera_fuzzer"},
- "virtual_touchpad": EXCEPTION_NO_FUZZER,
- "voiceinteraction": EXCEPTION_NO_FUZZER,
- "vold": []string{"vold_native_service_fuzzer"},
- "vpn_management": EXCEPTION_NO_FUZZER,
- "vrmanager": EXCEPTION_NO_FUZZER,
- "wallpaper": EXCEPTION_NO_FUZZER,
- "wallpaper_effects_generation": EXCEPTION_NO_FUZZER,
- "wearable_sensing": EXCEPTION_NO_FUZZER,
- "webviewupdate": EXCEPTION_NO_FUZZER,
- "wifip2p": EXCEPTION_NO_FUZZER,
- "wifiscanner": EXCEPTION_NO_FUZZER,
- "wifi": EXCEPTION_NO_FUZZER,
- "wifinl80211": []string{"wificond_service_fuzzer"},
- "wifiaware": EXCEPTION_NO_FUZZER,
- "wifirtt": EXCEPTION_NO_FUZZER,
- "window": EXCEPTION_NO_FUZZER,
- "*": EXCEPTION_NO_FUZZER,
+ "on_device_intelligence": EXCEPTION_NO_FUZZER,
+ "otadexopt": EXCEPTION_NO_FUZZER,
+ "ot_daemon": []string{"ot_daemon_service_fuzzer"},
+ "overlay": EXCEPTION_NO_FUZZER,
+ "pac_proxy": EXCEPTION_NO_FUZZER,
+ "package": EXCEPTION_NO_FUZZER,
+ "package_native": EXCEPTION_NO_FUZZER,
+ "people": EXCEPTION_NO_FUZZER,
+ "performance_hint": EXCEPTION_NO_FUZZER,
+ "permission": EXCEPTION_NO_FUZZER,
+ "permissionmgr": EXCEPTION_NO_FUZZER,
+ "permission_checker": EXCEPTION_NO_FUZZER,
+ "persistent_data_block": EXCEPTION_NO_FUZZER,
+ "phone_msim": EXCEPTION_NO_FUZZER,
+ "phone1": EXCEPTION_NO_FUZZER,
+ "phone2": EXCEPTION_NO_FUZZER,
+ "phone": EXCEPTION_NO_FUZZER,
+ "pinner": EXCEPTION_NO_FUZZER,
+ "powerstats": EXCEPTION_NO_FUZZER,
+ "power": EXCEPTION_NO_FUZZER,
+ "print": EXCEPTION_NO_FUZZER,
+ "processinfo": EXCEPTION_NO_FUZZER,
+ "procstats": EXCEPTION_NO_FUZZER,
+ "profcollectd": EXCEPTION_NO_FUZZER,
+ "profiling_service": EXCEPTION_NO_FUZZER,
+ "radio.phonesubinfo": EXCEPTION_NO_FUZZER,
+ "radio.phone": EXCEPTION_NO_FUZZER,
+ "radio.sms": EXCEPTION_NO_FUZZER,
+ "rcs": EXCEPTION_NO_FUZZER,
+ "reboot_readiness": EXCEPTION_NO_FUZZER,
+ "recovery": EXCEPTION_NO_FUZZER,
+ "remote_auth": EXCEPTION_NO_FUZZER,
+ "remote_provisioning": EXCEPTION_NO_FUZZER,
+ "resolver": EXCEPTION_NO_FUZZER,
+ "resources": EXCEPTION_NO_FUZZER,
+ "restrictions": EXCEPTION_NO_FUZZER,
+ "rkpd.registrar": EXCEPTION_NO_FUZZER,
+ "rkpd.refresh": EXCEPTION_NO_FUZZER,
+ "role": EXCEPTION_NO_FUZZER,
+ "rollback": EXCEPTION_NO_FUZZER,
+ "rttmanager": EXCEPTION_NO_FUZZER,
+ "runtime": EXCEPTION_NO_FUZZER,
+ "safety_center": EXCEPTION_NO_FUZZER,
+ "samplingprofiler": EXCEPTION_NO_FUZZER,
+ "scheduling_policy": EXCEPTION_NO_FUZZER,
+ "search": EXCEPTION_NO_FUZZER,
+ "search_ui": EXCEPTION_NO_FUZZER,
+ "secure_element": EXCEPTION_NO_FUZZER,
+ "security_state": EXCEPTION_NO_FUZZER,
+ "sec_key_att_app_id_provider": EXCEPTION_NO_FUZZER,
+ "selection_toolbar": EXCEPTION_NO_FUZZER,
+ "sensitive_content_protection_service": EXCEPTION_NO_FUZZER,
+ "sensorservice": EXCEPTION_NO_FUZZER,
+ "sensor_privacy": EXCEPTION_NO_FUZZER,
+ "serial": EXCEPTION_NO_FUZZER,
+ "servicediscovery": EXCEPTION_NO_FUZZER,
+ "manager": []string{"servicemanager_fuzzer"},
+ "settings": EXCEPTION_NO_FUZZER,
+ "shortcut": EXCEPTION_NO_FUZZER,
+ "simphonebook_msim": EXCEPTION_NO_FUZZER,
+ "simphonebook2": EXCEPTION_NO_FUZZER,
+ "simphonebook": EXCEPTION_NO_FUZZER,
+ "sip": EXCEPTION_NO_FUZZER,
+ "slice": EXCEPTION_NO_FUZZER,
+ "smartspace": EXCEPTION_NO_FUZZER,
+ "speech_recognition": EXCEPTION_NO_FUZZER,
+ "stats": []string{"statsd_service_fuzzer"},
+ "statsbootstrap": EXCEPTION_NO_FUZZER,
+ "statscompanion": EXCEPTION_NO_FUZZER,
+ "statsmanager": EXCEPTION_NO_FUZZER,
+ "soundtrigger": EXCEPTION_NO_FUZZER,
+ "soundtrigger_middleware": EXCEPTION_NO_FUZZER,
+ "statusbar": EXCEPTION_NO_FUZZER,
+ "storaged": []string{"storaged_service_fuzzer"},
+ "storaged_pri": []string{"storaged_private_service_fuzzer"},
+ "storagestats": EXCEPTION_NO_FUZZER,
+ "sdk_sandbox": EXCEPTION_NO_FUZZER,
+ "SurfaceFlinger": EXCEPTION_NO_FUZZER,
+ "SurfaceFlingerAIDL": EXCEPTION_NO_FUZZER,
+ "suspend_control": []string{"suspend_service_fuzzer"},
+ "suspend_control_internal": []string{"suspend_service_internal_fuzzer"},
+ "system_config": EXCEPTION_NO_FUZZER,
+ "system_server_dumper": EXCEPTION_NO_FUZZER,
+ "system_update": EXCEPTION_NO_FUZZER,
+ "tare": EXCEPTION_NO_FUZZER,
+ "task": EXCEPTION_NO_FUZZER,
+ "telecom": EXCEPTION_NO_FUZZER,
+ "telephony.registry": EXCEPTION_NO_FUZZER,
+ "telephony_ims": EXCEPTION_NO_FUZZER,
+ "testharness": EXCEPTION_NO_FUZZER,
+ "tethering": EXCEPTION_NO_FUZZER,
+ "textclassification": EXCEPTION_NO_FUZZER,
+ "textservices": EXCEPTION_NO_FUZZER,
+ "texttospeech": EXCEPTION_NO_FUZZER,
+ "thread_network": EXCEPTION_NO_FUZZER,
+ "time_detector": EXCEPTION_NO_FUZZER,
+ "time_zone_detector": EXCEPTION_NO_FUZZER,
+ "thermalservice": EXCEPTION_NO_FUZZER,
+ "tracing.proxy": EXCEPTION_NO_FUZZER,
+ "translation": EXCEPTION_NO_FUZZER,
+ "transparency": EXCEPTION_NO_FUZZER,
+ "trust": EXCEPTION_NO_FUZZER,
+ "tv_ad": EXCEPTION_NO_FUZZER,
+ "tv_interactive_app": EXCEPTION_NO_FUZZER,
+ "tv_input": EXCEPTION_NO_FUZZER,
+ "tv_tuner_resource_mgr": EXCEPTION_NO_FUZZER,
+ "uce": EXCEPTION_NO_FUZZER,
+ "uimode": EXCEPTION_NO_FUZZER,
+ "updatelock": EXCEPTION_NO_FUZZER,
+ "uri_grants": EXCEPTION_NO_FUZZER,
+ "usagestats": EXCEPTION_NO_FUZZER,
+ "usb": EXCEPTION_NO_FUZZER,
+ "user": EXCEPTION_NO_FUZZER,
+ "uwb": EXCEPTION_NO_FUZZER,
+ "vcn_management": EXCEPTION_NO_FUZZER,
+ "vibrator": EXCEPTION_NO_FUZZER,
+ "vibrator_manager": EXCEPTION_NO_FUZZER,
+ "virtualdevice": EXCEPTION_NO_FUZZER,
+ "virtualdevice_native": EXCEPTION_NO_FUZZER,
+ "virtual_camera": []string{"virtual_camera_fuzzer"},
+ "virtual_touchpad": EXCEPTION_NO_FUZZER,
+ "voiceinteraction": EXCEPTION_NO_FUZZER,
+ "vold": []string{"vold_native_service_fuzzer"},
+ "vpn_management": EXCEPTION_NO_FUZZER,
+ "vrmanager": EXCEPTION_NO_FUZZER,
+ "wallpaper": EXCEPTION_NO_FUZZER,
+ "wallpaper_effects_generation": EXCEPTION_NO_FUZZER,
+ "wearable_sensing": EXCEPTION_NO_FUZZER,
+ "webviewupdate": EXCEPTION_NO_FUZZER,
+ "wifip2p": EXCEPTION_NO_FUZZER,
+ "wifiscanner": EXCEPTION_NO_FUZZER,
+ "wifi": EXCEPTION_NO_FUZZER,
+ "wifinl80211": []string{"wificond_service_fuzzer"},
+ "wifiaware": EXCEPTION_NO_FUZZER,
+ "wifirtt": EXCEPTION_NO_FUZZER,
+ "window": EXCEPTION_NO_FUZZER,
+ "*": EXCEPTION_NO_FUZZER,
}
)
diff --git a/contexts/Android.bp b/contexts/Android.bp
index 464c772..ca3cf57 100644
--- a/contexts/Android.bp
+++ b/contexts/Android.bp
@@ -315,7 +315,7 @@
}
keystore2_key_contexts {
- name: "system_keystore2_key_contexts",
+ name: "system_ext_keystore2_key_contexts",
defaults: ["contexts_flags_defaults"],
srcs: [":keystore2_key_contexts_files{.system_ext_private}"],
system_ext_specific: true,
diff --git a/contexts/plat_file_contexts_test b/contexts/plat_file_contexts_test
index 4607f9d..a0933b4 100644
--- a/contexts/plat_file_contexts_test
+++ b/contexts/plat_file_contexts_test
@@ -936,8 +936,10 @@
/data/misc/apexdata/com.android.tethering/test apex_tethering_data_file
/data/misc/apexdata/com.android.tethering/threadnetwork apex_tethering_data_file
/data/misc/apexdata/com.android.tethering/threadnetwork/test apex_tethering_data_file
-/data/misc/apexdata/com.android.uwb apex_system_server_data_file
-/data/misc/apexdata/com.android.uwb/test apex_system_server_data_file
+/data/misc/apexdata/com.android.uwb apex_uwb_data_file
+/data/misc/apexdata/com.android.uwb/test apex_uwb_data_file
+/data/misc/apexdata/com.android.uwb/log apex_uwb_data_file
+/data/misc/apexdata/com.android.uwb/log/test apex_uwb_data_file
/data/misc/apexdata/com.android.wifi apex_system_server_data_file
/data/misc/apexdata/com.android.wifi/test apex_system_server_data_file
/data/misc/apexrollback apex_rollback_data_file
diff --git a/private/compat/202404/202404.cil b/private/compat/202404/202404.cil
index ca0f459..869deb6 100644
--- a/private/compat/202404/202404.cil
+++ b/private/compat/202404/202404.cil
@@ -1,3 +1,8 @@
+;; This type may or may not already exist in vendor policy. Re-define it here (duplicate
+;; definitions in CIL will be ignored) - so we can reference it in 202404.cil.
+(type vendor_hidraw_device)
+(typeattributeset dev_type (vendor_hidraw_device))
+
;; mapping information from ToT policy's types to 202404 policy's types.
(expandtypeattribute (DockObserver_service_202404) true)
(expandtypeattribute (IProxyService_service_202404) true)
@@ -1952,7 +1957,7 @@
(typeattributeset hidl_manager_hwservice_202404 (hidl_manager_hwservice))
(typeattributeset hidl_memory_hwservice_202404 (hidl_memory_hwservice))
(typeattributeset hidl_token_hwservice_202404 (hidl_token_hwservice))
-(typeattributeset hidraw_device_202404 (hidraw_device))
+(typeattributeset hidraw_device_202404 (hidraw_device vendor_hidraw_device))
(typeattributeset hint_service_202404 (hint_service))
(typeattributeset hw_random_device_202404 (hw_random_device))
(typeattributeset hw_timeout_multiplier_prop_202404 (hw_timeout_multiplier_prop))
diff --git a/private/crosvm.te b/private/crosvm.te
index ac62b66..cddab36 100644
--- a/private/crosvm.te
+++ b/private/crosvm.te
@@ -97,6 +97,10 @@
allow crosvm servicemanager:binder { call transfer };
allow crosvm virtualization_service:service_manager find;
allow crosvm virtualizationservice:binder { call transfer };
+
+ # Allow crosvm to play sound.
+ binder_call(crosvm, audioserver)
+ allow crosvm audioserver_service:service_manager find;
')
# crosvm tries to use netlink sockets as part its APCI implementation, but we don't need it for AVF (b/228077254)
@@ -128,6 +132,15 @@
allow crosvm virtualizationmanager:fd use;
allow crosvm virtualizationservice_data_file:file read;
+is_flag_enabled(RELEASE_AVF_ENABLE_NETWORK, `
+ # Allow crosvm to deal with file descriptors of TAP interfaces.
+ allow crosvm tun_device:chr_file rw_file_perms;
+ allowxperm crosvm tun_device:chr_file ioctl { TUNGETIFF TUNSETVNETHDRSZ };
+ allow crosvm self:udp_socket create_socket_perms;
+ allowxperm crosvm self:udp_socket ioctl SIOCGIFMTU;
+ allow crosvm vmnic:fd use;
+')
+
# Don't allow crosvm to open files that it doesn't own.
# This is important because a malicious application could try to start a VM with a composite disk
# image referring by name to files which it doesn't have permission to open, trying to get crosvm to
diff --git a/private/dexopt_chroot_setup.te b/private/dexopt_chroot_setup.te
index 5dd0e5d..4267d09 100644
--- a/private/dexopt_chroot_setup.te
+++ b/private/dexopt_chroot_setup.te
@@ -41,11 +41,20 @@
allow dexopt_chroot_setup block_device:dir { getattr search };
# Allow mounting file systems, to create a chroot environment.
+# We recursively bind-mount directories under /data, /mnt/expand, /proc, /sys,
+# and /dev. We need some of them (e.g., incremental-fs directories for
+# incremental apps in /data; /dev/cpuctl and /dev/blkio for task profiles), but
+# not necessarily all of them. However, to avoid random crashes and silent
+# fallbacks, we bind-mount all of them. Therefore, we need access to many of the
+# fstypes.
+
allow dexopt_chroot_setup {
apex_mnt_dir
+ apk_data_file
binderfs
cgroup
cgroup_v2
+ userdebug_or_eng(debugfs)
debugfs_tracing_debug
device
devpts
@@ -74,6 +83,7 @@
binderfs
cgroup
cgroup_v2
+ userdebug_or_eng(debugfs)
debugfs_tracing_debug
devpts
fs_bpf
@@ -119,6 +129,9 @@
# Allow running snapshotctl through init, to map and unmap block devices.
set_prop(dexopt_chroot_setup, snapshotctl_prop)
+# Allow accessing /data/app/..., to bind-mount dirs for incremental apps.
+allow dexopt_chroot_setup apk_data_file:dir { getattr search };
+
# Neverallow rules.
# Never allow running other binaries without a domain transition.
diff --git a/private/dumpstate.te b/private/dumpstate.te
index a64f7c7..6d5f0b3 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -132,6 +132,7 @@
userdebug_or_eng(`
allow dumpstate binderfs_logs_transactions:file r_file_perms;
')
+dontaudit dumpstate binderfs_logs_transactions:file r_file_perms;
allow dumpstate binderfs_logs_transaction_history:file r_file_perms;
r_dir_file(dumpstate, ota_metadata_file)
@@ -368,6 +369,12 @@
allow dumpstate nfc_logs_data_file:dir r_dir_perms;
allow dumpstate nfc_logs_data_file:file r_file_perms;
+# For uwb
+allow dumpstate apex_module_data_file:dir search;
+allow dumpstate apex_system_server_data_file:dir search;
+allow dumpstate apex_uwb_data_file:dir r_dir_perms;
+allow dumpstate apex_uwb_data_file:file r_file_perms;
+
# Dumpstate calls screencap, which grabs a screenshot. Needs gpu access
allow dumpstate gpu_device:chr_file rw_file_perms;
allow dumpstate gpu_device:dir r_dir_perms;
@@ -561,3 +568,21 @@
-traceur_app
-dumpstate
} dumpstate_service:service_manager find;
+
+# only dumpstate, system_server and related others to access apex_uwb_data_file
+neverallow {
+ domain
+ -dumpstate
+ -system_server
+ -apexd
+ -init
+ -vold_prepare_subdirs
+} apex_uwb_data_file:dir no_rw_file_perms;
+neverallow {
+ domain
+ -dumpstate
+ -system_server
+ -apexd
+ -init
+ -vold_prepare_subdirs
+} apex_uwb_data_file:file no_rw_file_perms;
diff --git a/private/file.te b/private/file.te
index 54016aa..f8a48cd 100644
--- a/private/file.te
+++ b/private/file.te
@@ -86,6 +86,9 @@
# /data/misc/apexdata/com.android.tethering
type apex_tethering_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
+# /data/misc/apexdata/com.android.uwb
+type apex_uwb_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
+
# legacy labels for various /data/misc[_ce|_de]/*/apexdata directories - retained
# for backward compatibility b/217581286
type apex_appsearch_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
@@ -205,4 +208,4 @@
type storage_area_content_file, file_type, data_file_type, core_data_file_type, app_data_file_type;
# /data/misc_ce/userId/storage_area_keys
-type storage_area_key_file, file_type, data_file_type, core_data_file_type;
\ No newline at end of file
+type storage_area_key_file, file_type, data_file_type, core_data_file_type;
diff --git a/private/file_contexts b/private/file_contexts
index b82b4f0..ffc06f2 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -638,7 +638,7 @@
/data/misc/apexdata/com\.android\.permission(/.*)? u:object_r:apex_system_server_data_file:s0
/data/misc/apexdata/com\.android\.scheduling(/.*)? u:object_r:apex_system_server_data_file:s0
/data/misc/apexdata/com\.android\.tethering(/.*)? u:object_r:apex_tethering_data_file:s0
-/data/misc/apexdata/com\.android\.uwb(/.*)? u:object_r:apex_system_server_data_file:s0
+/data/misc/apexdata/com\.android\.uwb(/.*)? u:object_r:apex_uwb_data_file:s0
/data/misc/apexdata/com\.android\.wifi(/.*)? u:object_r:apex_system_server_data_file:s0
/data/misc/apexrollback(/.*)? u:object_r:apex_rollback_data_file:s0
/data/misc/apns(/.*)? u:object_r:radio_data_file:s0
diff --git a/private/installd.te b/private/installd.te
index 438746d..742c897 100644
--- a/private/installd.te
+++ b/private/installd.te
@@ -42,7 +42,7 @@
# Allow installd to delete files in /data/staging
allow installd staging_data_file:file unlink;
-allow installd staging_data_file:dir { open read remove_name rmdir search write getattr };
+allow installd staging_data_file:dir { open read add_name remove_name rename rmdir search write getattr };
allow installd { dex2oat dexoptanalyzer }:process signal;
diff --git a/private/lmkd.te b/private/lmkd.te
index 8d22552..5369c79 100644
--- a/private/lmkd.te
+++ b/private/lmkd.te
@@ -86,6 +86,9 @@
# Allow lmkd to write to statsd.
unix_socket_send(lmkd, statsdw, statsd)
+# Allow lmkd to create io_uring
+allow lmkd self:anon_inode { create map read write };
+
### neverallow rules
# never honor LD_PRELOAD
diff --git a/private/property.te b/private/property.te
index 3b7fad3..a55bfb2 100644
--- a/private/property.te
+++ b/private/property.te
@@ -69,6 +69,7 @@
# Properties which can't be written outside system
system_restricted_prop(device_config_virtualization_framework_native_prop)
+system_restricted_prop(fstype_prop)
system_restricted_prop(log_file_logger_prop)
system_restricted_prop(persist_sysui_builder_extras_prop)
system_restricted_prop(persist_sysui_ranking_update_prop)
diff --git a/private/property_contexts b/private/property_contexts
index d22ee7d..f2cd2d6 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -351,6 +351,19 @@
ro.virtual_ab.io_uring.enabled u:object_r:virtual_ab_prop:s0 exact bool
ro.virtual_ab.compression.threads u:object_r:virtual_ab_prop:s0 exact bool
ro.virtual_ab.batch_writes u:object_r:virtual_ab_prop:s0 exact bool
+
+# Virtual A/B device configurations
+ro.virtual_ab.read_ahead_size u:object_r:virtual_ab_prop:s0 exact int
+ro.virtual_ab.o_direct.enabled u:object_r:virtual_ab_prop:s0 exact bool
+ro.virtual_ab.merge_thread_priority u:object_r:virtual_ab_prop:s0 exact int
+ro.virtual_ab.worker_thread_priority u:object_r:virtual_ab_prop:s0 exact int
+ro.virtual_ab.num_worker_threads u:object_r:virtual_ab_prop:s0 exact int
+ro.virtual_ab.num_merge_threads u:object_r:virtual_ab_prop:s0 exact int
+ro.virtual_ab.num_verify_threads u:object_r:virtual_ab_prop:s0 exact int
+ro.virtual_ab.cow_op_merge_size u:object_r:virtual_ab_prop:s0 exact int
+ro.virtual_ab.verify_threshold_block_size u:object_r:virtual_ab_prop:s0 exact int
+ro.virtual_ab.verify_block_size u:object_r:virtual_ab_prop:s0 exact int
+
# OEMs can set this prop at build time to configure how many seconds to delay
# merge after installing a Virtual AB OTA. The default behavior is to start
# merge immediately.
diff --git a/private/system_server.te b/private/system_server.te
index ba49367..e7ae9fc 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -1465,6 +1465,8 @@
allow system_server apex_system_server_data_file:file create_file_perms;
allow system_server apex_tethering_data_file:dir create_dir_perms;
allow system_server apex_tethering_data_file:file create_file_perms;
+allow system_server apex_uwb_data_file:dir create_dir_perms;
+allow system_server apex_uwb_data_file:file create_file_perms;
# Legacy labels that we still need to support (b/217581286)
allow system_server {
apex_appsearch_data_file
@@ -1650,6 +1652,20 @@
# /proc/self/fd/<fd> with a classloader.
allow system_server system_server_tmpfs:file open;
+# Allow system_server to read from postinstall scripts through STDIN, to check if the
+# otapreopt_script is still alive.
+allow system_server postinstall:fifo_file read;
+
+# Allow system_server to kill artd and its subprocesses, to make sure that no process is accessing
+# files in chroot when we teardown chroot.
+allow system_server {
+ artd
+ derive_classpath
+ dex2oat
+ odrefresh
+ profman
+}:process sigkill;
+
# Do not allow any domain other than init or system server to get or set the property
neverallow { domain -init -system_server } crashrecovery_prop:property_service set;
neverallow { domain -init -dumpstate -system_server } crashrecovery_prop:file no_rw_file_perms;
diff --git a/public/property.te b/public/property.te
index f6f9f9b..47a1bde 100644
--- a/public/property.te
+++ b/public/property.te
@@ -77,7 +77,6 @@
system_restricted_prop(device_config_vendor_system_native_boot_prop)
system_restricted_prop(drm_forcel3_prop)
system_restricted_prop(fingerprint_prop)
-system_restricted_prop(fstype_prop)
system_restricted_prop(gwp_asan_prop)
system_restricted_prop(hal_instrumentation_prop)
system_restricted_prop(userdebug_or_eng_prop)
diff --git a/tests/mini_parser.py b/tests/mini_parser.py
index 25018a7..88a1998 100644
--- a/tests/mini_parser.py
+++ b/tests/mini_parser.py
@@ -71,7 +71,13 @@
s = ""
c = infile.read(1)
# get to first statement
- while c and c != "(":
+ while c:
+ if c == ';':
+ # comment, get rid of rest of the line
+ while c != '\n':
+ c = infile.read(1)
+ elif c == '(':
+ break
c = infile.read(1)
parens += 1