Merge "Add `file_contexts` for Release Runtime APEX module."
diff --git a/apex/apex.test-file_contexts b/apex/apex.test-file_contexts
index bd71a2a..3dffd86 100644
--- a/apex/apex.test-file_contexts
+++ b/apex/apex.test-file_contexts
@@ -1,2 +1,3 @@
/manifest\.json u:object_r:system_file:s0
(/.*)? u:object_r:system_file:s0
+/bin/surfaceflinger u:object_r:surfaceflinger_exec:s0
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 79437bd..7936147 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -51,6 +51,15 @@
-runas_app
} { app_data_file privapp_data_file }:file execute_no_trans;
+# Do not allow untrusted apps to invoke dex2oat. This was historically required
+# by ART for compiling secondary dex files but has been removed in Q.
+# Exempt legacy apps (targetApi<=28) for compatibility.
+neverallow {
+ all_untrusted_apps
+ -untrusted_app_25
+ -untrusted_app_27
+} dex2oat_exec:file no_x_file_perms;
+
# Do not allow untrusted apps to be assigned mlstrustedsubject.
# This would undermine the per-user isolation model being
# enforced via levelFrom=user in seapp_contexts and the mls
@@ -93,7 +102,7 @@
ax25_socket ipx_socket netrom_socket atmpvc_socket x25_socket rose_socket decnet_socket
atmsvc_socket rds_socket irda_socket pppox_socket llc_socket can_socket tipc_socket
bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket
- alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket
+ alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket xdp_socket
} *;
# Do not allow untrusted apps access to /cache
diff --git a/private/atrace.te b/private/atrace.te
index a60370d..9cbe71a 100644
--- a/private/atrace.te
+++ b/private/atrace.te
@@ -13,6 +13,11 @@
allow atrace debugfs_tracing:file rw_file_perms;
allow atrace debugfs_trace_marker:file getattr;
+# Allow atrace to write data when a pipe is used for stdout/stderr
+# This is used by Perfetto to capture the output on error in atrace.
+allow atrace traced_probes:fd use;
+allow atrace traced_probes:fifo_file write;
+
# atrace sets debug.atrace.* properties
set_prop(atrace, debug_prop)
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index ae9241b..5ba2adf 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -37,6 +37,7 @@
ctl_sigstop_prop
device_config_boot_count_prop
device_config_reset_performed_prop
+ device_config_flags_health_check_prop
e2fs
e2fs_exec
exfat
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index f4645ee..38d7d03 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -35,6 +35,7 @@
ctl_sigstop_prop
device_config_boot_count_prop
device_config_reset_performed_prop
+ device_config_flags_health_check_prop
exfat
exported2_config_prop
exported2_default_prop
diff --git a/private/compat/28.0/28.0.cil b/private/compat/28.0/28.0.cil
index 4e653b2..d3019ec 100644
--- a/private/compat/28.0/28.0.cil
+++ b/private/compat/28.0/28.0.cil
@@ -2,7 +2,7 @@
(type audio_seq_device)
(type audio_timer_device)
(type commontime_management_service)
-(type fingerprint_vendor_data_file)
+(type cpuctl_device)
(type full_device)
(type i2c_device)
(type kmem_device)
@@ -1074,7 +1074,7 @@
(typeattributeset fingerprintd_service_28_0 (fingerprintd_service))
(typeattributeset fingerprint_prop_28_0 (fingerprint_prop))
(typeattributeset fingerprint_service_28_0 (fingerprint_service))
-(typeattributeset fingerprint_vendor_data_file_28_0 (biometric_vendor_data_file))
+(typeattributeset fingerprint_vendor_data_file_28_0 (fingerprint_vendor_data_file))
(typeattributeset firstboot_prop_28_0 (firstboot_prop))
(typeattributeset font_service_28_0 (font_service))
(typeattributeset frp_block_device_28_0 (frp_block_device))
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 7548786..cf72e37 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -17,9 +17,11 @@
apexd_prop
apexd_tmpfs
biometric_service
- biometric_vendor_data_file
+ cpu_variant_prop
+ dev_cpu_variant
device_config_boot_count_prop
device_config_reset_performed_prop
+ device_config_flags_health_check_prop
face_service
fastbootd
flags_health_check
@@ -34,6 +36,7 @@
hal_system_suspend_default_tmpfs
heapprofd
heapprofd_exec
+ heapprofd_prop
heapprofd_socket
idmap_service
intelligence_service
diff --git a/private/coredomain.te b/private/coredomain.te
index cf3930b..2fbbbfd 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te
@@ -105,3 +105,14 @@
-init
}{ usbfs binfmt_miscfs }:file no_rw_file_perms;
')
+
+# Audit coredomain access to /dev nodes that might no longer be needed after
+# Treble.
+userdebug_or_eng(`
+ auditallow coredomain {
+ audio_device
+ iio_device
+ radio_device
+ tee_device
+ }:chr_file { open read append write ioctl };
+')
diff --git a/private/domain.te b/private/domain.te
index c03da55..6a71a14 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -5,6 +5,12 @@
domain_auto_trans({ domain userdebug_or_eng(`-su') }, crash_dump_exec, crash_dump);
allow domain crash_dump:process sigchld;
+# Allow every process to check the heapprofd.enable properties to determine
+# whether to load the heap profiling library. This does not necessarily enable
+# heap profiling, as initialization will fail if it does not have the
+# necessary SELinux permissions.
+get_prop(domain, heapprofd_prop);
+
# Limit ability to ptrace or read sensitive /proc/pid files of processes
# with other UIDs to these whitelisted domains.
neverallow {
@@ -48,7 +54,6 @@
-adbd
-appdomain
-dexoptanalyzer
- -init
-installd
userdebug_or_eng(`-perfprofd')
-profman
@@ -56,12 +61,11 @@
-system_server
} { privapp_data_file app_data_file }:dir *;
-# Only apps should be modifying app data. init and installd are exempted for
+# Only apps should be modifying app data. installd is exempted for
# restorecon and package install/uninstall.
neverallow {
domain
-appdomain
- -init
-installd
} { privapp_data_file app_data_file }:dir ~r_dir_perms;
@@ -80,7 +84,6 @@
neverallow {
domain
- -init
-installd
} { privapp_data_file app_data_file }:dir_file_class_set { relabelfrom relabelto };
diff --git a/private/file_contexts b/private/file_contexts
index 7127745..acd5df9 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -82,10 +82,8 @@
/dev/block/ram[0-9]* u:object_r:ram_device:s0
/dev/block/zram[0-9]* u:object_r:ram_device:s0
/dev/bus/usb(.*)? u:object_r:usb_device:s0
-/dev/cam u:object_r:camera_device:s0
/dev/console u:object_r:console_device:s0
-/dev/cpuctl(/.*)? u:object_r:cpuctl_device:s0
-/dev/memcg(/.*)? u:object_r:cgroup:s0
+/dev/cpu_variant:.* u:object_r:dev_cpu_variant:s0
/dev/device-mapper u:object_r:dm_device:s0
/dev/eac u:object_r:audio_device:s0
/dev/event-log-tags u:object_r:runtime_event_log_tags_file:s0
@@ -484,13 +482,7 @@
/data/system/users/[0-9]+/fpdata(/.*)? u:object_r:fingerprintd_data_file:s0
# Fingerprint vendor data file
-/data/vendor_de/[0-9]+/fpdata(/.*)? u:object_r:biometric_vendor_data_file:s0
-
-# Face vendor data file
-/data/vendor_de/[0-9]+/facedata(/.*)? u:object_r:biometric_vendor_data_file:s0
-
-# Iris vendor data file
-/data/vendor_de/[0-9]+/irisdata(/.*)? u:object_r:biometric_vendor_data_file:s0
+/data/vendor_de/[0-9]+/fpdata(/.*)? u:object_r:fingerprint_vendor_data_file:s0
# Bootchart data
/data/bootchart(/.*)? u:object_r:bootchart_data_file:s0
diff --git a/private/heapprofd.te b/private/heapprofd.te
index 79249b3..30ad7f1 100644
--- a/private/heapprofd.te
+++ b/private/heapprofd.te
@@ -3,6 +3,8 @@
init_daemon_domain(heapprofd)
+set_prop(heapprofd, heapprofd_prop);
+
userdebug_or_eng(`
# Allow to send signal to processes.
# This excludes SIGKILL, SIGSTOP and SIGCHLD,
diff --git a/private/isolated_app.te b/private/isolated_app.te
index 1b56c5c..3759488 100644
--- a/private/isolated_app.te
+++ b/private/isolated_app.te
@@ -133,5 +133,5 @@
rds_socket irda_socket pppox_socket llc_socket can_socket tipc_socket
bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket
ieee802154_socket caif_socket alg_socket nfc_socket vsock_socket kcm_socket
- qipcrtr_socket smc_socket
+ qipcrtr_socket smc_socket xdp_socket
} create;
diff --git a/private/property_contexts b/private/property_contexts
index 390c845..adede99 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -143,6 +143,9 @@
lowpan. u:object_r:lowpan_prop:s0
ro.lowpan. u:object_r:lowpan_prop:s0
+# heapprofd properties
+heapprofd. u:object_r:heapprofd_prop:s0
+
# hwservicemanager properties
hwservicemanager. u:object_r:hwservicemanager_prop:s0
@@ -165,5 +168,6 @@
# Properties that relate to server configurable flags
device_config.reset_performed u:object_r:device_config_reset_performed_prop:s0
persist.device_config.attempted_boot_count u:object_r:device_config_boot_count_prop:s0
+persist.device_config.global_settings.native_flags_health_check_enabled u:object_r:device_config_flags_health_check_prop:s0
apexd. u:object_r:apexd_prop:s0
diff --git a/private/service_contexts b/private/service_contexts
index 55c2a35..0089f6f 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -62,7 +62,7 @@
android.hardware.fingerprint.IFingerprintDaemon u:object_r:fingerprintd_service:s0
gfxinfo u:object_r:gfxinfo_service:s0
graphicsstats u:object_r:graphicsstats_service:s0
-gpuservice u:object_r:gpu_service:s0
+gpu u:object_r:gpu_service:s0
hardware u:object_r:hardware_service:s0
hardware_properties u:object_r:hardware_properties_service:s0
hdmi_control u:object_r:hdmi_control_service:s0
diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index 8652ee8..c50faef 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@@ -89,6 +89,7 @@
allow surfaceflinger power_service:service_manager find;
allow surfaceflinger vr_manager_service:service_manager find;
allow surfaceflinger window_service:service_manager find;
+allow surfaceflinger inputflinger_service:service_manager find;
# allow self to set SCHED_FIFO
@@ -98,6 +99,7 @@
r_dir_file(surfaceflinger, system_file)
allow surfaceflinger tmpfs:dir r_dir_perms;
allow surfaceflinger system_server:fd use;
+allow surfaceflinger system_server:unix_stream_socket { read write };
allow surfaceflinger ion_device:chr_file r_file_perms;
# pdx IPC
diff --git a/private/system_server.te b/private/system_server.te
index c2033db..49bba86 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -142,8 +142,6 @@
allow system_server stats_data_file:file unlink;
# Read /sys/kernel/debug/wakeup_sources.
-allow system_server debugfs:file r_file_perms;
-auditallow system_server debugfs:file r_file_perms;
allow system_server debugfs_wakeup_sources:file r_file_perms;
# Delete /data/misc/stats-data/ and /data/misc/stats-service/ directories.
@@ -567,6 +565,11 @@
# cppreopt property
set_prop(system_server, cppreopt_prop)
+# server configurable flags properties
+# STOPSHIP: Remove the ability for system_server to set property
+# device_config_flags_health_check_prop before release. (b/119627143)
+set_prop(system_server, device_config_flags_health_check_prop)
+
# BootReceiver to read ro.boot.bootreason
get_prop(system_server, bootloader_boot_reason_prop)
# PowerManager to read sys.boot.reason
@@ -585,6 +588,10 @@
# such as camera shutter enforcement
get_prop(system_server, exported_audio_prop)
+# system server reads this property to keep track of whether server configurable flags have been
+# reset during current boot.
+get_prop(system_server, device_config_reset_performed_prop)
+
# Create a socket for connections from debuggerd.
allow system_server system_ndebug_socket:sock_file create_file_perms;
@@ -894,6 +901,16 @@
# Only allow crash_dump to connect to system_ndebug_socket.
neverallow { domain -init -system_server -crash_dump } system_ndebug_socket:sock_file { open write };
+# Only allow init, system_server, flags_health_check to set properties for server configurable flags
+neverallow {
+ domain
+ -init
+ -system_server
+ -flags_health_check
+} {
+ device_config_flags_health_check_prop
+}:property_service set;
+
# system_server should never be executing dex2oat. This is either
# a bug (for example, bug 16317188), or represents an attempt by
# system server to dynamically load a dex file, something we do not
diff --git a/private/traced_probes.te b/private/traced_probes.te
index e173293..f84d698 100644
--- a/private/traced_probes.te
+++ b/private/traced_probes.te
@@ -53,9 +53,8 @@
# their userspace TRACE macros.
domain_auto_trans(traced_probes, atrace_exec, atrace);
-# This is needed for: path="/system/bin/linker64"
-# scontext=u:r:atrace:s0 tcontext=u:r:traced_probes:s0 tclass=fd
-allow atrace traced_probes:fd use;
+# Allow traced_probes to kill atrace on timeout.
+allow traced_probes atrace:process sigkill;
# Allow traced_probes to access /proc files for system stats.
# Note: trace data is NOT exposed to anything other than shell and privileged
diff --git a/private/untrusted_app_25.te b/private/untrusted_app_25.te
index d264aaf..2db9c4b 100644
--- a/private/untrusted_app_25.te
+++ b/private/untrusted_app_25.te
@@ -49,3 +49,9 @@
# for targetApi<=25. This is also allowed for targetAPIs 26, 27,
# and 28 in untrusted_app_27.te.
allow untrusted_app_25 app_data_file:file execute_no_trans;
+
+# The ability to invoke dex2oat. Historically required by ART, now only
+# allowed for targetApi<=28 for compat reasons.
+allow untrusted_app_25 dex2oat_exec:file rx_file_perms;
+auditallow untrusted_app_25 dex2oat_exec:file rx_file_perms;
+
diff --git a/private/untrusted_app_27.te b/private/untrusted_app_27.te
index 7b9060d..c828f64 100644
--- a/private/untrusted_app_27.te
+++ b/private/untrusted_app_27.te
@@ -30,3 +30,9 @@
# The ability to call exec() on files in the apps home directories
# for targetApi 26, 27, and 28.
allow untrusted_app_27 app_data_file:file execute_no_trans;
+
+# The ability to invoke dex2oat. Historically required by ART, now only
+# allowed for targetApi<=28 for compat reasons.
+allow untrusted_app_27 dex2oat_exec:file rx_file_perms;
+auditallow untrusted_app_27 dex2oat_exec:file rx_file_perms;
+
diff --git a/private/vold_prepare_subdirs.te b/private/vold_prepare_subdirs.te
index 8ed8f56..0d062e9 100644
--- a/private/vold_prepare_subdirs.te
+++ b/private/vold_prepare_subdirs.te
@@ -14,12 +14,12 @@
vendor_data_file
}:dir { open read write add_name remove_name rmdir relabelfrom };
allow vold_prepare_subdirs {
- biometric_vendor_data_file
+ fingerprint_vendor_data_file
storaged_data_file
vold_data_file
}:dir { create_dir_perms relabelto };
allow vold_prepare_subdirs {
- biometric_vendor_data_file
+ fingerprint_vendor_data_file
storaged_data_file
system_data_file
vold_data_file
diff --git a/private/webview_zygote.te b/private/webview_zygote.te
index 75f70ac..a3a4c46 100644
--- a/private/webview_zygote.te
+++ b/private/webview_zygote.te
@@ -132,6 +132,7 @@
pppox_socket llc_socket can_socket tipc_socket bluetooth_socket iucv_socket
rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket
alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket
+ xdp_socket
} *;
# Do not allow access to Bluetooth-related system properties.
diff --git a/private/zygote.te b/private/zygote.te
index 491f079..d1e0f55 100644
--- a/private/zygote.te
+++ b/private/zygote.te
@@ -48,6 +48,9 @@
# https://bugs.chromium.org/p/project-zero/issues/detail?id=955 for example.
allow { zygote with_dexpreopt(`-zygote') } dalvikcache_data_file:file execute;
+# Allow zygote to create JIT memory.
+allow zygote self:process execmem;
+
# Execute idmap and dex2oat within zygote's own domain.
# TODO: Should either of these be transitioned to the same domain
# used by installd or stay in-domain for zygote?
diff --git a/public/app.te b/public/app.te
index 8b62967..40dee5d 100644
--- a/public/app.te
+++ b/public/app.te
@@ -119,9 +119,6 @@
allow appdomain vendor_public_lib_file:dir r_dir_perms;
allow appdomain vendor_public_lib_file:file { execute read open getattr map };
-# Execute dex2oat when apps call dexclassloader
-allow appdomain dex2oat_exec:file rx_file_perms;
-
# Read/write wallpaper file (opened by system).
allow appdomain wallpaper_file:file { getattr read write map };
diff --git a/public/device.te b/public/device.te
index a4f7f01..e55c86d 100644
--- a/public/device.te
+++ b/public/device.te
@@ -18,7 +18,6 @@
type rtc_device, dev_type;
type vold_device, dev_type;
type console_device, dev_type;
-type cpuctl_device, dev_type;
type fscklogs, dev_type;
# GPU (used by most UI apps)
type gpu_device, dev_type, mlstrustedobject;
diff --git a/public/domain.te b/public/domain.te
index 13f52dc..09eb3e6 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -236,6 +236,9 @@
# /proc/cpuinfo
allow domain proc_cpuinfo:file r_file_perms;
+# /dev/cpu_variant:.*
+allow domain dev_cpu_variant:file r_file_perms;
+
# jemalloc needs to read /proc/sys/vm/overcommit_memory
allow domain proc_overcommit_memory:file r_file_perms;
@@ -328,7 +331,7 @@
with_asan(`allow domain system_asan_options_file:file r_file_perms;')
# read APEX dir and stat any symlink pointing to APEXs.
-allow domain apex_mnt_dir:dir search;
+allow domain apex_mnt_dir:dir { getattr search };
allow domain apex_mnt_dir:lnk_file r_file_perms;
###
@@ -1387,8 +1390,8 @@
# Do not allow access to the generic debugfs label. This is too broad.
# Instead, if access to part of debugfs is desired, it should have a
# more specific label.
-# TODO: fix system_server and dumpstate
-neverallow { domain -init -vendor_init -system_server -dumpstate } debugfs:file no_rw_file_perms;
+# TODO: fix dumpstate
+neverallow { domain -init -vendor_init -dumpstate } debugfs:file no_rw_file_perms;
# Profiles contain untrusted data and profman parses that. We should only run
# in from installd forked processes.
diff --git a/public/file.te b/public/file.te
index 9cdd5f4..3d09537 100644
--- a/public/file.te
+++ b/public/file.te
@@ -183,6 +183,8 @@
# Vold files within /metadata
type vold_metadata_file, file_type;
+# Type for /dev/cpu_variant:.*.
+type dev_cpu_variant, file_type;
# Speedup access for trusted applications to the runtime event tags
type runtime_event_log_tags_file, file_type;
# Type for /system/bin/logcat.
@@ -352,8 +354,8 @@
type bluetooth_efs_file, file_type;
# Type for fingerprint template file
type fingerprintd_data_file, file_type, data_file_type, core_data_file_type;
-# Type for biometric template file
-type biometric_vendor_data_file, file_type, data_file_type;
+# Type for _new_ fingerprint template file
+type fingerprint_vendor_data_file, file_type, data_file_type;
# Type for appfuse file.
type app_fuse_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
diff --git a/public/flags_heatlh_check.te b/public/flags_heatlh_check.te
index 9a5ceeb..c17ce9f 100644
--- a/public/flags_heatlh_check.te
+++ b/public/flags_heatlh_check.te
@@ -5,6 +5,10 @@
set_prop(flags_health_check, device_config_boot_count_prop)
set_prop(flags_health_check, device_config_reset_performed_prop)
+# STOPSHIP: Remove the ability for flags_health_check to set property
+# device_config_flags_health_check_prop before release. (b/119627143)
+set_prop(flags_health_check, device_config_flags_health_check_prop)
+
allow flags_health_check server_configurable_flags_data_file:file create_file_perms;
# system property device_config_boot_count_prop is used for deciding when to perform server
diff --git a/public/global_macros b/public/global_macros
index 00f9fb3..962bca9 100644
--- a/public/global_macros
+++ b/public/global_macros
@@ -10,7 +10,7 @@
define(`file_class_set', `{ devfile_class_set notdevfile_class_set }')
define(`dir_file_class_set', `{ dir file_class_set }')
-define(`socket_class_set', `{ socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket key_socket unix_stream_socket unix_dgram_socket appletalk_socket netlink_route_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket netlink_iscsi_socket netlink_fib_lookup_socket netlink_connector_socket netlink_netfilter_socket netlink_generic_socket netlink_scsitransport_socket netlink_rdma_socket netlink_crypto_socket sctp_socket icmp_socket ax25_socket ipx_socket netrom_socket atmpvc_socket x25_socket rose_socket decnet_socket atmsvc_socket rds_socket irda_socket pppox_socket llc_socket can_socket tipc_socket bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket }')
+define(`socket_class_set', `{ socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket key_socket unix_stream_socket unix_dgram_socket appletalk_socket netlink_route_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket netlink_iscsi_socket netlink_fib_lookup_socket netlink_connector_socket netlink_netfilter_socket netlink_generic_socket netlink_scsitransport_socket netlink_rdma_socket netlink_crypto_socket sctp_socket icmp_socket ax25_socket ipx_socket netrom_socket atmpvc_socket x25_socket rose_socket decnet_socket atmsvc_socket rds_socket irda_socket pppox_socket llc_socket can_socket tipc_socket bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket xdp_socket }')
define(`dgram_socket_class_set', `{ udp_socket unix_dgram_socket }')
define(`stream_socket_class_set', `{ tcp_socket unix_stream_socket sctp_socket }')
define(`unpriv_socket_class_set', `{ tcp_socket udp_socket unix_stream_socket unix_dgram_socket sctp_socket }')
diff --git a/public/hal_fingerprint.te b/public/hal_fingerprint.te
index a0222e9..b673e29 100644
--- a/public/hal_fingerprint.te
+++ b/public/hal_fingerprint.te
@@ -7,8 +7,8 @@
# For memory allocation
allow hal_fingerprint ion_device:chr_file r_file_perms;
-allow hal_fingerprint biometric_vendor_data_file:file { create_file_perms };
-allow hal_fingerprint biometric_vendor_data_file:dir rw_dir_perms;
+allow hal_fingerprint fingerprint_vendor_data_file:file { create_file_perms };
+allow hal_fingerprint fingerprint_vendor_data_file:dir rw_dir_perms;
r_dir_file(hal_fingerprint, cgroup)
r_dir_file(hal_fingerprint, sysfs)
diff --git a/public/init.te b/public/init.te
index c06e538..2a8036a 100644
--- a/public/init.te
+++ b/public/init.te
@@ -94,7 +94,6 @@
allow init tmpfs:dir mounton;
allow init cgroup:dir create_dir_perms;
allow init cgroup:file rw_file_perms;
-allow init cpuctl_device:dir { create mounton };
# /config
allow init configfs:dir mounton;
@@ -223,9 +222,15 @@
allow init cache_file:lnk_file r_file_perms;
-allow init { file_type -system_file_type -vendor_file_type -exec_type }:dir_file_class_set relabelto;
-# does init really need to relabel app data?
-userdebug_or_eng(`auditallow init { app_data_file privapp_data_file }:dir_file_class_set relabelto;')
+allow init {
+ file_type
+ -system_file_type
+ -vendor_file_type
+ -exec_type
+ -app_data_file
+ -privapp_data_file
+}:dir_file_class_set relabelto;
+
allow init { sysfs debugfs debugfs_tracing debugfs_tracing_debug }:{ dir file lnk_file } { getattr relabelfrom };
allow init { sysfs_type debugfs_type }:{ dir file lnk_file } { relabelto getattr };
allow init dev_type:dir create_dir_perms;
diff --git a/public/inputflinger.te b/public/inputflinger.te
index f206c05..c3f4da8 100644
--- a/public/inputflinger.te
+++ b/public/inputflinger.te
@@ -9,7 +9,6 @@
wakelock_use(inputflinger)
-add_service(inputflinger, inputflinger_service)
allow inputflinger input_device:dir r_dir_perms;
allow inputflinger input_device:chr_file rw_file_perms;
diff --git a/public/mediaextractor.te b/public/mediaextractor.te
index 8f58868..e86becf 100644
--- a/public/mediaextractor.te
+++ b/public/mediaextractor.te
@@ -23,7 +23,7 @@
crash_dump_fallback(mediaextractor)
# allow mediaextractor read permissions for file sources
-allow mediaextractor sdcardfs:file { getattr read };
+allow mediaextractor sdcard_type:file { getattr read };
allow mediaextractor media_rw_data_file:file { getattr read };
allow mediaextractor { app_data_file privapp_data_file }:file { getattr read };
diff --git a/public/postinstall_dexopt.te b/public/postinstall_dexopt.te
index 8b6d6cc..0ccd168 100644
--- a/public/postinstall_dexopt.te
+++ b/public/postinstall_dexopt.te
@@ -55,5 +55,3 @@
# Allow otapreopt to use file descriptors from otapreopt_chroot.
# TODO: Probably we can actually close file descriptors...
allow postinstall_dexopt otapreopt_chroot:fd use;
-
-allow postinstall_dexopt cpuctl_device:dir search;
diff --git a/public/property.te b/public/property.te
index bdd57d6..fcbf365 100644
--- a/public/property.te
+++ b/public/property.te
@@ -6,6 +6,7 @@
type bootloader_boot_reason_prop, property_type;
type config_prop, property_type, core_property_type;
type cppreopt_prop, property_type, core_property_type;
+type cpu_variant_prop, property_type;
type ctl_adbd_prop, property_type;
type ctl_bootanim_prop, property_type;
type ctl_bugreport_prop, property_type;
@@ -28,6 +29,7 @@
type default_prop, property_type, core_property_type;
type device_config_boot_count_prop, property_type;
type device_config_reset_performed_prop, property_type;
+type device_config_flags_health_check_prop, property_type;
type device_logging_prop, property_type;
type dhcp_prop, property_type, core_property_type;
type dumpstate_options_prop, property_type;
@@ -36,6 +38,7 @@
type ffs_prop, property_type, core_property_type;
type fingerprint_prop, property_type, core_property_type;
type firstboot_prop, property_type;
+type heapprofd_prop, property_type;
type hwservicemanager_prop, property_type;
type last_boot_reason_prop, property_type;
type system_lmk_prop, property_type;
@@ -393,6 +396,8 @@
-firstboot_prop
-device_config_reset_performed_prop
-device_config_boot_count_prop
+ -device_config_flags_health_check_prop
+ -heapprofd_prop
-hwservicemanager_prop
-last_boot_reason_prop
-system_lmk_prop
diff --git a/public/property_contexts b/public/property_contexts
index 36357b7..f2362d5 100644
--- a/public/property_contexts
+++ b/public/property_contexts
@@ -255,6 +255,10 @@
media.mediadrmservice.enable u:object_r:exported_default_prop:s0 exact bool
persist.rcs.supported u:object_r:exported_default_prop:s0 exact int
rcs.publish.status u:object_r:exported_radio_prop:s0 exact string
+ro.bionic.2nd_arch u:object_r:cpu_variant_prop:s0 exact string
+ro.bionic.2nd_cpu_variant u:object_r:cpu_variant_prop:s0 exact string
+ro.bionic.arch u:object_r:cpu_variant_prop:s0 exact string
+ro.bionic.cpu_variant u:object_r:cpu_variant_prop:s0 exact string
ro.board.platform u:object_r:exported_default_prop:s0 exact string
ro.boot.fake_battery u:object_r:exported_default_prop:s0 exact int
ro.boot.hardware.revision u:object_r:exported_default_prop:s0 exact string
diff --git a/public/service.te b/public/service.te
index f674180..55f8d75 100644
--- a/public/service.te
+++ b/public/service.te
@@ -12,7 +12,6 @@
type gpu_service, service_manager_type;
type idmap_service, service_manager_type;
type iorapd_service, service_manager_type;
-type inputflinger_service, service_manager_type;
type incident_service, service_manager_type;
type installd_service, service_manager_type;
type keystore_service, service_manager_type;
@@ -174,4 +173,5 @@
type wificond_service, service_manager_type;
type wifiaware_service, app_api_service, system_server_service, service_manager_type;
type window_service, system_api_service, system_server_service, service_manager_type;
+type inputflinger_service, system_api_service, system_server_service, service_manager_type;
type wpantund_service, system_api_service, service_manager_type;
diff --git a/public/su.te b/public/su.te
index dad9c49..4a401b8 100644
--- a/public/su.te
+++ b/public/su.te
@@ -21,7 +21,7 @@
dontaudit su kernel:security *;
dontaudit su { kernel file_type }:system *;
dontaudit su self:memprotect *;
- dontaudit su domain:process *;
+ dontaudit su domain:{ process process2 } *;
dontaudit su domain:fd *;
dontaudit su domain:dir *;
dontaudit su domain:lnk_file *;
diff --git a/public/tee.te b/public/tee.te
index dffe06f..0f9b32d 100644
--- a/public/tee.te
+++ b/public/tee.te
@@ -6,6 +6,6 @@
# Device(s) for communicating with the TEE
type tee_device, dev_type;
-allow tee biometric_vendor_data_file:dir rw_dir_perms;
-allow tee biometric_vendor_data_file:file create_file_perms;
+allow tee fingerprint_vendor_data_file:dir rw_dir_perms;
+allow tee fingerprint_vendor_data_file:file create_file_perms;
diff --git a/public/vendor_init.te b/public/vendor_init.te
index 5ecd2a1..9aa1194 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -55,6 +55,8 @@
-vold_metadata_file
}:dir { create search getattr open read setattr ioctl write add_name remove_name rmdir relabelfrom };
+allow vendor_init unlabeled:{ dir notdevfile_class_set } { getattr relabelfrom };
+
allow vendor_init {
file_type
-core_data_file_type
@@ -174,6 +176,7 @@
property_type
-device_config_boot_count_prop
-device_config_reset_performed_prop
+ -device_config_flags_health_check_prop
-restorecon_prop
-netd_stable_secret_prop
-firstboot_prop
@@ -189,6 +192,7 @@
allow vendor_init file_contexts_file:file r_file_perms;
set_prop(vendor_init, bluetooth_a2dp_offload_prop)
+set_prop(vendor_init, cpu_variant_prop)
set_prop(vendor_init, debug_prop)
set_prop(vendor_init, exported_audio_prop)
set_prop(vendor_init, exported_bluetooth_prop)
diff --git a/public/vold.te b/public/vold.te
index 3848c35..d26c836 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -7,12 +7,6 @@
allow vold cache_file:file { getattr read };
allow vold cache_file:lnk_file r_file_perms;
-# Read access to pseudo filesystems.
-r_dir_file(vold, proc_net_type)
-userdebug_or_eng(`
- auditallow vold proc_net_type:{ dir file lnk_file } { getattr open read };
-')
-
r_dir_file(vold, { sysfs_type -sysfs_batteryinfo })
# XXX Label sysfs files with a specific type?
allow vold sysfs:file w_file_perms; # writing to /sys/*/uevent during coldboot.