Merge "Commit 27.0 compat mapping file to master."
diff --git a/Android.mk b/Android.mk
index f2efb1d..409ffa0 100644
--- a/Android.mk
+++ b/Android.mk
@@ -12,7 +12,7 @@
# is made which breaks compatibility with the previous platform sepolicy version,
# not just on every increase in PLATFORM_SDK_VERSION. The minor version should
# be reset to 0 on every bump of the PLATFORM_SDK_VERSION.
-sepolicy_major_vers := 26
+sepolicy_major_vers := 27
sepolicy_minor_vers := 0
ifneq ($(sepolicy_major_vers), $(PLATFORM_SDK_VERSION))
@@ -204,12 +204,6 @@
secilc \
plat_sepolicy_vers.txt \
-ifneq ($(with_asan),true)
-LOCAL_REQUIRED_MODULES += \
- treble_sepolicy_tests \
-
-endif
-
# Include precompiled policy, unless told otherwise
ifneq ($(PRODUCT_PRECOMPILED_SEPOLICY),false)
LOCAL_REQUIRED_MODULES += precompiled_sepolicy precompiled_sepolicy.plat_and_mapping.sha256
@@ -247,6 +241,7 @@
ifneq ($(with_asan),true)
LOCAL_REQUIRED_MODULES += \
sepolicy_tests \
+ treble_sepolicy_tests \
endif
diff --git a/prebuilts/api/26.0/26.0.cil b/prebuilts/api/26.0/26.0.cil
new file mode 100644
index 0000000..4e35ce8
--- /dev/null
+++ b/prebuilts/api/26.0/26.0.cil
@@ -0,0 +1,693 @@
+(typeattributeset accessibility_service_26_0 (accessibility_service))
+(typeattributeset account_service_26_0 (account_service))
+(typeattributeset activity_service_26_0 (activity_service))
+(typeattributeset adbd_26_0 (adbd))
+(typeattributeset adb_data_file_26_0 (adb_data_file))
+(typeattributeset adbd_socket_26_0 (adbd_socket))
+(typeattributeset adb_keys_file_26_0 (adb_keys_file))
+(typeattributeset alarm_device_26_0 (alarm_device))
+(typeattributeset alarm_service_26_0 (alarm_service))
+(typeattributeset anr_data_file_26_0 (anr_data_file))
+(typeattributeset apk_data_file_26_0 (apk_data_file))
+(typeattributeset apk_private_data_file_26_0 (apk_private_data_file))
+(typeattributeset apk_private_tmp_file_26_0 (apk_private_tmp_file))
+(typeattributeset apk_tmp_file_26_0 (apk_tmp_file))
+(typeattributeset app_data_file_26_0 (app_data_file))
+(typeattributeset app_fuse_file_26_0 (app_fuse_file))
+(typeattributeset app_fusefs_26_0 (app_fusefs))
+(typeattributeset appops_service_26_0 (appops_service))
+(typeattributeset appwidget_service_26_0 (appwidget_service))
+(typeattributeset asan_reboot_prop_26_0 (asan_reboot_prop))
+(typeattributeset asec_apk_file_26_0 (asec_apk_file))
+(typeattributeset asec_image_file_26_0 (asec_image_file))
+(typeattributeset asec_public_file_26_0 (asec_public_file))
+(typeattributeset ashmem_device_26_0 (ashmem_device))
+(typeattributeset assetatlas_service_26_0 (assetatlas_service))
+(typeattributeset audio_data_file_26_0 (audio_data_file))
+(typeattributeset audio_device_26_0 (audio_device))
+(typeattributeset audiohal_data_file_26_0 (audiohal_data_file))
+(typeattributeset audio_prop_26_0 (audio_prop))
+(typeattributeset audio_seq_device_26_0 (audio_seq_device))
+(typeattributeset audioserver_26_0 (audioserver))
+(typeattributeset audioserver_data_file_26_0 (audioserver_data_file))
+(typeattributeset audioserver_service_26_0 (audioserver_service))
+(typeattributeset audio_service_26_0 (audio_service))
+(typeattributeset audio_timer_device_26_0 (audio_timer_device))
+(typeattributeset autofill_service_26_0 (autofill_service))
+(typeattributeset backup_data_file_26_0 (backup_data_file))
+(typeattributeset backup_service_26_0 (backup_service))
+(typeattributeset batteryproperties_service_26_0 (batteryproperties_service))
+(typeattributeset battery_service_26_0 (battery_service))
+(typeattributeset batterystats_service_26_0 (batterystats_service))
+(typeattributeset binder_device_26_0 (binder_device))
+(typeattributeset binfmt_miscfs_26_0 (binfmt_miscfs))
+(typeattributeset blkid_26_0 (blkid))
+(typeattributeset blkid_untrusted_26_0 (blkid_untrusted))
+(typeattributeset block_device_26_0 (block_device))
+(typeattributeset bluetooth_26_0 (bluetooth))
+(typeattributeset bluetooth_data_file_26_0 (bluetooth_data_file))
+(typeattributeset bluetooth_efs_file_26_0 (bluetooth_efs_file))
+(typeattributeset bluetooth_logs_data_file_26_0 (bluetooth_logs_data_file))
+(typeattributeset bluetooth_manager_service_26_0 (bluetooth_manager_service))
+(typeattributeset bluetooth_prop_26_0 (bluetooth_prop))
+(typeattributeset bluetooth_service_26_0 (bluetooth_service))
+(typeattributeset bluetooth_socket_26_0 (bluetooth_socket))
+(typeattributeset bootanim_26_0 (bootanim))
+(typeattributeset bootanim_exec_26_0 (bootanim_exec))
+(typeattributeset boot_block_device_26_0 (boot_block_device))
+(typeattributeset bootchart_data_file_26_0 (bootchart_data_file))
+(typeattributeset bootstat_26_0 (bootstat))
+(typeattributeset bootstat_data_file_26_0 (bootstat_data_file))
+(typeattributeset bootstat_exec_26_0 (bootstat_exec))
+(typeattributeset boottime_prop_26_0 (boottime_prop))
+(typeattributeset boottrace_data_file_26_0 (boottrace_data_file))
+(typeattributeset bufferhubd_26_0 (bufferhubd))
+(typeattributeset bufferhubd_exec_26_0 (bufferhubd_exec))
+(typeattributeset cache_backup_file_26_0 (cache_backup_file))
+(typeattributeset cache_block_device_26_0 (cache_block_device))
+(typeattributeset cache_file_26_0 (cache_file))
+(typeattributeset cache_private_backup_file_26_0 (cache_private_backup_file))
+(typeattributeset cache_recovery_file_26_0 (cache_recovery_file))
+(typeattributeset camera_data_file_26_0 (camera_data_file))
+(typeattributeset camera_device_26_0 (camera_device))
+(typeattributeset cameraproxy_service_26_0 (cameraproxy_service))
+(typeattributeset cameraserver_26_0 (cameraserver))
+(typeattributeset cameraserver_exec_26_0 (cameraserver_exec))
+(typeattributeset cameraserver_service_26_0 (cameraserver_service))
+(typeattributeset cgroup_26_0 (cgroup))
+(typeattributeset charger_26_0 (charger))
+(typeattributeset clatd_26_0 (clatd))
+(typeattributeset clatd_exec_26_0 (clatd_exec))
+(typeattributeset clipboard_service_26_0 (clipboard_service))
+(typeattributeset commontime_management_service_26_0 (commontime_management_service))
+(typeattributeset companion_device_service_26_0 (companion_device_service))
+(typeattributeset configfs_26_0 (configfs))
+(typeattributeset config_prop_26_0 (config_prop))
+(typeattributeset connectivity_service_26_0 (connectivity_service))
+(typeattributeset connmetrics_service_26_0 (connmetrics_service))
+(typeattributeset console_device_26_0 (console_device))
+(typeattributeset consumer_ir_service_26_0 (consumer_ir_service))
+(typeattributeset content_service_26_0 (content_service))
+(typeattributeset contexthub_service_26_0 (contexthub_service))
+(typeattributeset coredump_file_26_0 (coredump_file))
+(typeattributeset country_detector_service_26_0 (country_detector_service))
+(typeattributeset coverage_service_26_0 (coverage_service))
+(typeattributeset cppreopt_prop_26_0 (cppreopt_prop))
+(typeattributeset cppreopts_26_0 (cppreopts))
+(typeattributeset cppreopts_exec_26_0 (cppreopts_exec))
+(typeattributeset cpuctl_device_26_0 (cpuctl_device))
+(typeattributeset cpuinfo_service_26_0 (cpuinfo_service))
+(typeattributeset crash_dump_26_0 (crash_dump))
+(typeattributeset crash_dump_exec_26_0 (crash_dump_exec))
+(typeattributeset ctl_bootanim_prop_26_0 (ctl_bootanim_prop))
+(typeattributeset ctl_bugreport_prop_26_0 (ctl_bugreport_prop))
+(typeattributeset ctl_console_prop_26_0 (ctl_console_prop))
+(typeattributeset ctl_default_prop_26_0 (ctl_default_prop))
+(typeattributeset ctl_dumpstate_prop_26_0 (ctl_dumpstate_prop))
+(typeattributeset ctl_fuse_prop_26_0 (ctl_fuse_prop))
+(typeattributeset ctl_mdnsd_prop_26_0 (ctl_mdnsd_prop))
+(typeattributeset ctl_rildaemon_prop_26_0 (ctl_rildaemon_prop))
+(typeattributeset dalvikcache_data_file_26_0 (dalvikcache_data_file))
+(typeattributeset dalvik_prop_26_0 (dalvik_prop))
+(typeattributeset dbinfo_service_26_0 (dbinfo_service))
+(typeattributeset debugfs_26_0 (debugfs))
+(typeattributeset debugfs_mmc_26_0 (debugfs_mmc))
+(typeattributeset debugfs_trace_marker_26_0 (debugfs_trace_marker))
+(typeattributeset debugfs_tracing_26_0 (debugfs_tracing))
+(typeattributeset debugfs_tracing_instances_26_0 (debugfs_tracing_instances))
+(typeattributeset debugfs_wifi_tracing_26_0 (debugfs_wifi_tracing))
+(typeattributeset debuggerd_prop_26_0 (debuggerd_prop))
+(typeattributeset debug_prop_26_0 (debug_prop))
+(typeattributeset default_android_hwservice_26_0 (default_android_hwservice))
+(typeattributeset default_android_service_26_0 (default_android_service))
+(typeattributeset default_android_vndservice_26_0 (default_android_vndservice))
+(typeattributeset default_prop_26_0 (default_prop))
+(typeattributeset device_26_0 (device))
+(typeattributeset device_identifiers_service_26_0 (device_identifiers_service))
+(typeattributeset deviceidle_service_26_0 (deviceidle_service))
+(typeattributeset device_logging_prop_26_0 (device_logging_prop))
+(typeattributeset device_policy_service_26_0 (device_policy_service))
+(typeattributeset devicestoragemonitor_service_26_0 (devicestoragemonitor_service))
+(typeattributeset devpts_26_0 (devpts))
+(typeattributeset dex2oat_26_0 (dex2oat))
+(typeattributeset dex2oat_exec_26_0 (dex2oat_exec))
+(typeattributeset dhcp_26_0 (dhcp))
+(typeattributeset dhcp_data_file_26_0 (dhcp_data_file))
+(typeattributeset dhcp_exec_26_0 (dhcp_exec))
+(typeattributeset dhcp_prop_26_0 (dhcp_prop))
+(typeattributeset diskstats_service_26_0 (diskstats_service))
+(typeattributeset display_service_26_0 (display_service))
+(typeattributeset dm_device_26_0 (dm_device))
+(typeattributeset dnsmasq_26_0 (dnsmasq))
+(typeattributeset dnsmasq_exec_26_0 (dnsmasq_exec))
+(typeattributeset dnsproxyd_socket_26_0 (dnsproxyd_socket))
+(typeattributeset DockObserver_service_26_0 (DockObserver_service))
+(typeattributeset dreams_service_26_0 (dreams_service))
+(typeattributeset drm_data_file_26_0 (drm_data_file))
+(typeattributeset drmserver_26_0 (drmserver))
+(typeattributeset drmserver_exec_26_0 (drmserver_exec))
+(typeattributeset drmserver_service_26_0 (drmserver_service))
+(typeattributeset drmserver_socket_26_0 (drmserver_socket))
+(typeattributeset dropbox_service_26_0 (dropbox_service))
+(typeattributeset dumpstate_26_0 (dumpstate))
+(typeattributeset dumpstate_exec_26_0 (dumpstate_exec))
+(typeattributeset dumpstate_options_prop_26_0 (dumpstate_options_prop))
+(typeattributeset dumpstate_prop_26_0 (dumpstate_prop))
+(typeattributeset dumpstate_service_26_0 (dumpstate_service))
+(typeattributeset dumpstate_socket_26_0 (dumpstate_socket))
+(typeattributeset efs_file_26_0 (efs_file))
+(typeattributeset ephemeral_app_26_0 (ephemeral_app))
+(typeattributeset ethernet_service_26_0 (ethernet_service))
+(typeattributeset ffs_prop_26_0 (ffs_prop))
+(typeattributeset file_contexts_file_26_0 (file_contexts_file))
+(typeattributeset fingerprintd_26_0 (fingerprintd))
+(typeattributeset fingerprintd_data_file_26_0 (fingerprintd_data_file))
+(typeattributeset fingerprintd_exec_26_0 (fingerprintd_exec))
+(typeattributeset fingerprintd_service_26_0 (fingerprintd_service))
+(typeattributeset fingerprint_prop_26_0 (fingerprint_prop))
+(typeattributeset fingerprint_service_26_0 (fingerprint_service))
+(typeattributeset firstboot_prop_26_0 (firstboot_prop))
+(typeattributeset font_service_26_0 (font_service))
+(typeattributeset frp_block_device_26_0 (frp_block_device))
+(typeattributeset fsck_26_0 (fsck))
+(typeattributeset fsck_exec_26_0 (fsck_exec))
+(typeattributeset fscklogs_26_0 (fscklogs))
+(typeattributeset fsck_untrusted_26_0 (fsck_untrusted))
+(typeattributeset full_device_26_0 (full_device))
+(typeattributeset functionfs_26_0 (functionfs))
+(typeattributeset fuse_26_0 (fuse))
+(typeattributeset fuse_device_26_0 (fuse_device))
+(typeattributeset fwk_display_hwservice_26_0 (fwk_display_hwservice))
+(typeattributeset fwk_scheduler_hwservice_26_0 (fwk_scheduler_hwservice))
+(typeattributeset fwk_sensor_hwservice_26_0 (fwk_sensor_hwservice))
+(typeattributeset fwmarkd_socket_26_0 (fwmarkd_socket))
+(typeattributeset gatekeeperd_26_0 (gatekeeperd))
+(typeattributeset gatekeeper_data_file_26_0 (gatekeeper_data_file))
+(typeattributeset gatekeeperd_exec_26_0 (gatekeeperd_exec))
+(typeattributeset gatekeeper_service_26_0 (gatekeeper_service))
+(typeattributeset gfxinfo_service_26_0 (gfxinfo_service))
+(typeattributeset gps_control_26_0 (gps_control))
+(typeattributeset gpu_device_26_0 (gpu_device))
+(typeattributeset gpu_service_26_0 (gpu_service))
+(typeattributeset graphics_device_26_0 (graphics_device))
+(typeattributeset graphicsstats_service_26_0 (graphicsstats_service))
+(typeattributeset hal_audio_hwservice_26_0 (hal_audio_hwservice))
+(typeattributeset hal_bluetooth_hwservice_26_0 (hal_bluetooth_hwservice))
+(typeattributeset hal_bootctl_hwservice_26_0 (hal_bootctl_hwservice))
+(typeattributeset hal_camera_hwservice_26_0 (hal_camera_hwservice))
+(typeattributeset hal_configstore_ISurfaceFlingerConfigs_26_0 (hal_configstore_ISurfaceFlingerConfigs))
+(typeattributeset hal_contexthub_hwservice_26_0 (hal_contexthub_hwservice))
+(typeattributeset hal_drm_hwservice_26_0 (hal_drm_hwservice))
+(typeattributeset hal_dumpstate_hwservice_26_0 (hal_dumpstate_hwservice))
+(typeattributeset hal_fingerprint_hwservice_26_0 (hal_fingerprint_hwservice))
+(typeattributeset hal_fingerprint_service_26_0 (hal_fingerprint_service))
+(typeattributeset hal_gatekeeper_hwservice_26_0 (hal_gatekeeper_hwservice))
+(typeattributeset hal_gnss_hwservice_26_0 (hal_gnss_hwservice))
+(typeattributeset hal_graphics_allocator_hwservice_26_0 (hal_graphics_allocator_hwservice))
+(typeattributeset hal_graphics_composer_hwservice_26_0 (hal_graphics_composer_hwservice))
+(typeattributeset hal_graphics_mapper_hwservice_26_0 (hal_graphics_mapper_hwservice))
+(typeattributeset hal_health_hwservice_26_0 (hal_health_hwservice))
+(typeattributeset hal_ir_hwservice_26_0 (hal_ir_hwservice))
+(typeattributeset hal_keymaster_hwservice_26_0 (hal_keymaster_hwservice))
+(typeattributeset hal_light_hwservice_26_0 (hal_light_hwservice))
+(typeattributeset hal_memtrack_hwservice_26_0 (hal_memtrack_hwservice))
+(typeattributeset hal_nfc_hwservice_26_0 (hal_nfc_hwservice))
+(typeattributeset hal_oemlock_hwservice_26_0 (hal_oemlock_hwservice))
+(typeattributeset hal_omx_hwservice_26_0 (hal_omx_hwservice))
+(typeattributeset hal_power_hwservice_26_0 (hal_power_hwservice))
+(typeattributeset hal_renderscript_hwservice_26_0 (hal_renderscript_hwservice))
+(typeattributeset hal_sensors_hwservice_26_0 (hal_sensors_hwservice))
+(typeattributeset hal_telephony_hwservice_26_0 (hal_telephony_hwservice))
+(typeattributeset hal_thermal_hwservice_26_0 (hal_thermal_hwservice))
+(typeattributeset hal_tv_cec_hwservice_26_0 (hal_tv_cec_hwservice))
+(typeattributeset hal_tv_input_hwservice_26_0 (hal_tv_input_hwservice))
+(typeattributeset hal_usb_hwservice_26_0 (hal_usb_hwservice))
+(typeattributeset hal_vibrator_hwservice_26_0 (hal_vibrator_hwservice))
+(typeattributeset hal_vr_hwservice_26_0 (hal_vr_hwservice))
+(typeattributeset hal_weaver_hwservice_26_0 (hal_weaver_hwservice))
+(typeattributeset hal_wifi_hwservice_26_0 (hal_wifi_hwservice))
+(typeattributeset hal_wifi_supplicant_hwservice_26_0 (hal_wifi_supplicant_hwservice))
+(typeattributeset hardware_properties_service_26_0 (hardware_properties_service))
+(typeattributeset hardware_service_26_0 (hardware_service))
+(typeattributeset hci_attach_dev_26_0 (hci_attach_dev))
+(typeattributeset hdmi_control_service_26_0 (hdmi_control_service))
+(typeattributeset healthd_26_0 (healthd))
+(typeattributeset healthd_exec_26_0 (healthd_exec))
+(typeattributeset heapdump_data_file_26_0 (heapdump_data_file))
+(typeattributeset hidl_allocator_hwservice_26_0 (hidl_allocator_hwservice))
+(typeattributeset hidl_base_hwservice_26_0 (hidl_base_hwservice))
+(typeattributeset hidl_manager_hwservice_26_0 (hidl_manager_hwservice))
+(typeattributeset hidl_memory_hwservice_26_0 (hidl_memory_hwservice))
+(typeattributeset hidl_token_hwservice_26_0 (hidl_token_hwservice))
+(typeattributeset hwbinder_device_26_0 (hwbinder_device))
+(typeattributeset hw_random_device_26_0 (hw_random_device))
+(typeattributeset hwservice_contexts_file_26_0 (hwservice_contexts_file))
+(typeattributeset hwservicemanager_26_0 (hwservicemanager))
+(typeattributeset hwservicemanager_exec_26_0 (hwservicemanager_exec))
+(typeattributeset hwservicemanager_prop_26_0 (hwservicemanager_prop))
+(typeattributeset i2c_device_26_0 (i2c_device))
+(typeattributeset icon_file_26_0 (icon_file))
+(typeattributeset idmap_26_0 (idmap))
+(typeattributeset idmap_exec_26_0 (idmap_exec))
+(typeattributeset iio_device_26_0 (iio_device))
+(typeattributeset imms_service_26_0 (imms_service))
+(typeattributeset incident_26_0 (incident))
+(typeattributeset incidentd_26_0 (incidentd))
+(typeattributeset incident_data_file_26_0 (incident_data_file))
+(typeattributeset incident_service_26_0 (incident_service))
+(typeattributeset init_26_0 (init))
+(typeattributeset init_exec_26_0 (init_exec))
+(typeattributeset inotify_26_0 (inotify))
+(typeattributeset input_device_26_0 (input_device))
+(typeattributeset inputflinger_26_0 (inputflinger))
+(typeattributeset inputflinger_exec_26_0 (inputflinger_exec))
+(typeattributeset inputflinger_service_26_0 (inputflinger_service))
+(typeattributeset input_method_service_26_0 (input_method_service))
+(typeattributeset input_service_26_0 (input_service))
+(typeattributeset installd_26_0 (installd))
+(typeattributeset install_data_file_26_0 (install_data_file))
+(typeattributeset installd_exec_26_0 (installd_exec))
+(typeattributeset installd_service_26_0 (installd_service))
+(typeattributeset install_recovery_26_0 (install_recovery))
+(typeattributeset install_recovery_exec_26_0 (install_recovery_exec))
+(typeattributeset ion_device_26_0 (ion_device))
+(typeattributeset IProxyService_service_26_0 (IProxyService_service))
+(typeattributeset ipsec_service_26_0 (ipsec_service))
+(typeattributeset isolated_app_26_0 (isolated_app))
+(typeattributeset jobscheduler_service_26_0 (jobscheduler_service))
+(typeattributeset kernel_26_0 (kernel))
+(typeattributeset keychain_data_file_26_0 (keychain_data_file))
+(typeattributeset keychord_device_26_0 (keychord_device))
+(typeattributeset keystore_26_0 (keystore))
+(typeattributeset keystore_data_file_26_0 (keystore_data_file))
+(typeattributeset keystore_exec_26_0 (keystore_exec))
+(typeattributeset keystore_service_26_0 (keystore_service))
+(typeattributeset kmem_device_26_0 (kmem_device))
+(typeattributeset kmsg_device_26_0 (kmsg_device))
+(typeattributeset labeledfs_26_0 (labeledfs))
+(typeattributeset launcherapps_service_26_0 (launcherapps_service))
+(typeattributeset lmkd_26_0 (lmkd))
+(typeattributeset lmkd_exec_26_0 (lmkd_exec))
+(typeattributeset lmkd_socket_26_0 (lmkd_socket))
+(typeattributeset location_service_26_0 (location_service))
+(typeattributeset lock_settings_service_26_0 (lock_settings_service))
+(typeattributeset logcat_exec_26_0 (logcat_exec))
+(typeattributeset logd_26_0 (logd))
+(typeattributeset log_device_26_0 (log_device))
+(typeattributeset logd_exec_26_0 (logd_exec))
+(typeattributeset logd_prop_26_0 (logd_prop))
+(typeattributeset logdr_socket_26_0 (logdr_socket))
+(typeattributeset logd_socket_26_0 (logd_socket))
+(typeattributeset logdw_socket_26_0 (logdw_socket))
+(typeattributeset logpersist_26_0 (logpersist))
+(typeattributeset logpersistd_logging_prop_26_0 (logpersistd_logging_prop))
+(typeattributeset log_prop_26_0 (log_prop))
+(typeattributeset log_tag_prop_26_0 (log_tag_prop))
+(typeattributeset loop_control_device_26_0 (loop_control_device))
+(typeattributeset loop_device_26_0 (loop_device))
+(typeattributeset mac_perms_file_26_0 (mac_perms_file))
+(typeattributeset mdnsd_26_0 (mdnsd))
+(typeattributeset mdnsd_socket_26_0 (mdnsd_socket))
+(typeattributeset mdns_socket_26_0 (mdns_socket))
+(typeattributeset mediacasserver_service_26_0 (mediacasserver_service))
+(typeattributeset mediacodec_26_0 (mediacodec))
+(typeattributeset mediacodec_exec_26_0 (mediacodec_exec))
+(typeattributeset mediacodec_service_26_0 (mediacodec_service))
+(typeattributeset media_data_file_26_0 (media_data_file))
+(typeattributeset mediadrmserver_26_0 (mediadrmserver))
+(typeattributeset mediadrmserver_exec_26_0 (mediadrmserver_exec))
+(typeattributeset mediadrmserver_service_26_0 (mediadrmserver_service))
+(typeattributeset mediaextractor_26_0 (mediaextractor))
+(typeattributeset mediaextractor_exec_26_0 (mediaextractor_exec))
+(typeattributeset mediaextractor_service_26_0 (mediaextractor_service))
+(typeattributeset mediametrics_26_0 (mediametrics))
+(typeattributeset mediametrics_exec_26_0 (mediametrics_exec))
+(typeattributeset mediametrics_service_26_0 (mediametrics_service))
+(typeattributeset media_projection_service_26_0 (media_projection_service))
+(typeattributeset media_router_service_26_0 (media_router_service))
+(typeattributeset media_rw_data_file_26_0 (media_rw_data_file))
+(typeattributeset mediaserver_26_0 (mediaserver))
+(typeattributeset mediaserver_exec_26_0 (mediaserver_exec))
+(typeattributeset mediaserver_service_26_0 (mediaserver_service))
+(typeattributeset media_session_service_26_0 (media_session_service))
+(typeattributeset meminfo_service_26_0 (meminfo_service))
+(typeattributeset metadata_block_device_26_0 (metadata_block_device))
+(typeattributeset method_trace_data_file_26_0 (method_trace_data_file))
+(typeattributeset midi_service_26_0 (midi_service))
+(typeattributeset misc_block_device_26_0 (misc_block_device))
+(typeattributeset misc_logd_file_26_0 (misc_logd_file))
+(typeattributeset misc_user_data_file_26_0 (misc_user_data_file))
+(typeattributeset mmc_prop_26_0 (mmc_prop))
+(typeattributeset mnt_expand_file_26_0 (mnt_expand_file))
+(typeattributeset mnt_media_rw_file_26_0 (mnt_media_rw_file))
+(typeattributeset mnt_media_rw_stub_file_26_0 (mnt_media_rw_stub_file))
+(typeattributeset mnt_user_file_26_0 (mnt_user_file))
+(typeattributeset modprobe_26_0 (modprobe))
+(typeattributeset mount_service_26_0 (mount_service))
+(typeattributeset mqueue_26_0 (mqueue))
+(typeattributeset mtd_device_26_0 (mtd_device))
+(typeattributeset mtp_26_0 (mtp))
+(typeattributeset mtp_device_26_0 (mtp_device))
+(typeattributeset mtpd_socket_26_0 (mtpd_socket))
+(typeattributeset mtp_exec_26_0 (mtp_exec))
+(typeattributeset nativetest_data_file_26_0 (nativetest_data_file))
+(typeattributeset netd_26_0 (netd))
+(typeattributeset net_data_file_26_0 (net_data_file))
+(typeattributeset netd_exec_26_0 (netd_exec))
+(typeattributeset netd_listener_service_26_0 (netd_listener_service))
+(typeattributeset net_dns_prop_26_0 (net_dns_prop))
+(typeattributeset netd_service_26_0 (netd_service))
+(typeattributeset netd_socket_26_0 (netd_socket))
+(typeattributeset netif_26_0 (netif))
+(typeattributeset netpolicy_service_26_0 (netpolicy_service))
+(typeattributeset net_radio_prop_26_0 (net_radio_prop))
+(typeattributeset netstats_service_26_0 (netstats_service))
+(typeattributeset netutils_wrapper_26_0 (netutils_wrapper))
+(typeattributeset netutils_wrapper_exec_26_0 (netutils_wrapper_exec))
+(typeattributeset network_management_service_26_0 (network_management_service))
+(typeattributeset network_score_service_26_0 (network_score_service))
+(typeattributeset network_time_update_service_26_0 (network_time_update_service))
+(typeattributeset nfc_26_0 (nfc))
+(typeattributeset nfc_data_file_26_0 (nfc_data_file))
+(typeattributeset nfc_device_26_0 (nfc_device))
+(typeattributeset nfc_prop_26_0 (nfc_prop))
+(typeattributeset nfc_service_26_0 (nfc_service))
+(typeattributeset node_26_0 (node))
+(typeattributeset notification_service_26_0 (notification_service))
+(typeattributeset null_device_26_0 (null_device))
+(typeattributeset oemfs_26_0 (oemfs))
+(typeattributeset oem_lock_service_26_0 (oem_lock_service))
+(typeattributeset ota_data_file_26_0 (ota_data_file))
+(typeattributeset otadexopt_service_26_0 (otadexopt_service))
+(typeattributeset ota_package_file_26_0 (ota_package_file))
+(typeattributeset otapreopt_chroot_26_0 (otapreopt_chroot))
+(typeattributeset otapreopt_chroot_exec_26_0 (otapreopt_chroot_exec))
+(typeattributeset otapreopt_slot_26_0 (otapreopt_slot))
+(typeattributeset otapreopt_slot_exec_26_0 (otapreopt_slot_exec))
+(typeattributeset overlay_prop_26_0 (overlay_prop))
+(typeattributeset overlay_service_26_0 (overlay_service))
+(typeattributeset owntty_device_26_0 (owntty_device))
+(typeattributeset package_service_26_0 (package_service))
+(typeattributeset pan_result_prop_26_0 (pan_result_prop))
+(typeattributeset pdx_bufferhub_client_channel_socket_26_0 (pdx_bufferhub_client_channel_socket))
+(typeattributeset pdx_bufferhub_client_endpoint_socket_26_0 (pdx_bufferhub_client_endpoint_socket))
+(typeattributeset pdx_bufferhub_dir_26_0 (pdx_bufferhub_dir))
+(typeattributeset pdx_display_client_channel_socket_26_0 (pdx_display_client_channel_socket))
+(typeattributeset pdx_display_client_endpoint_socket_26_0 (pdx_display_client_endpoint_socket))
+(typeattributeset pdx_display_dir_26_0 (pdx_display_dir))
+(typeattributeset pdx_display_manager_channel_socket_26_0 (pdx_display_manager_channel_socket))
+(typeattributeset pdx_display_manager_endpoint_socket_26_0 (pdx_display_manager_endpoint_socket))
+(typeattributeset pdx_display_screenshot_channel_socket_26_0 (pdx_display_screenshot_channel_socket))
+(typeattributeset pdx_display_screenshot_endpoint_socket_26_0 (pdx_display_screenshot_endpoint_socket))
+(typeattributeset pdx_display_vsync_channel_socket_26_0 (pdx_display_vsync_channel_socket))
+(typeattributeset pdx_display_vsync_endpoint_socket_26_0 (pdx_display_vsync_endpoint_socket))
+(typeattributeset pdx_performance_client_channel_socket_26_0 (pdx_performance_client_channel_socket))
+(typeattributeset pdx_performance_client_endpoint_socket_26_0 (pdx_performance_client_endpoint_socket))
+(typeattributeset pdx_performance_dir_26_0 (pdx_performance_dir))
+(typeattributeset performanced_26_0 (performanced))
+(typeattributeset performanced_exec_26_0 (performanced_exec))
+(typeattributeset perfprofd_26_0 (perfprofd))
+(typeattributeset perfprofd_data_file_26_0 (perfprofd_data_file))
+(typeattributeset perfprofd_exec_26_0 (perfprofd_exec))
+(typeattributeset permission_service_26_0 (permission_service))
+(typeattributeset persist_debug_prop_26_0 (persist_debug_prop))
+(typeattributeset persistent_data_block_service_26_0 (persistent_data_block_service))
+(typeattributeset persistent_properties_ready_prop_26_0 (persistent_properties_ready_prop))
+(typeattributeset pinner_service_26_0 (pinner_service))
+(typeattributeset pipefs_26_0 (pipefs))
+(typeattributeset platform_app_26_0 (platform_app))
+(typeattributeset pmsg_device_26_0 (pmsg_device))
+(typeattributeset port_26_0 (port))
+(typeattributeset port_device_26_0 (port_device))
+(typeattributeset postinstall_26_0 (postinstall))
+(typeattributeset postinstall_dexopt_26_0 (postinstall_dexopt))
+(typeattributeset postinstall_file_26_0 (postinstall_file))
+(typeattributeset postinstall_mnt_dir_26_0 (postinstall_mnt_dir))
+(typeattributeset powerctl_prop_26_0 (powerctl_prop))
+(typeattributeset power_service_26_0 (power_service))
+(typeattributeset ppp_26_0 (ppp))
+(typeattributeset ppp_device_26_0 (ppp_device))
+(typeattributeset ppp_exec_26_0 (ppp_exec))
+(typeattributeset preloads_data_file_26_0 (preloads_data_file))
+(typeattributeset preloads_media_file_26_0 (preloads_media_file))
+(typeattributeset preopt2cachename_26_0 (preopt2cachename))
+(typeattributeset preopt2cachename_exec_26_0 (preopt2cachename_exec))
+(typeattributeset print_service_26_0 (print_service))
+(typeattributeset priv_app_26_0 (priv_app))
+(typeattributeset proc_26_0 (proc))
+(typeattributeset proc_bluetooth_writable_26_0 (proc_bluetooth_writable))
+(typeattributeset proc_cpuinfo_26_0 (proc_cpuinfo))
+(typeattributeset proc_drop_caches_26_0 (proc_drop_caches))
+(typeattributeset processinfo_service_26_0 (processinfo_service))
+(typeattributeset proc_interrupts_26_0 (proc_interrupts))
+(typeattributeset proc_iomem_26_0 (proc_iomem))
+(typeattributeset proc_meminfo_26_0 (proc_meminfo))
+(typeattributeset proc_misc_26_0 (proc_misc))
+(typeattributeset proc_modules_26_0 (proc_modules))
+(typeattributeset proc_net_26_0 (proc_net))
+(typeattributeset proc_overcommit_memory_26_0 (proc_overcommit_memory))
+(typeattributeset proc_perf_26_0 (proc_perf))
+(typeattributeset proc_security_26_0 (proc_security))
+(typeattributeset proc_stat_26_0 (proc_stat))
+(typeattributeset procstats_service_26_0 (procstats_service))
+(typeattributeset proc_sysrq_26_0 (proc_sysrq))
+(typeattributeset proc_timer_26_0 (proc_timer))
+(typeattributeset proc_tty_drivers_26_0 (proc_tty_drivers))
+(typeattributeset proc_uid_cputime_removeuid_26_0 (proc_uid_cputime_removeuid))
+(typeattributeset proc_uid_cputime_showstat_26_0 (proc_uid_cputime_showstat))
+(typeattributeset proc_uid_io_stats_26_0 (proc_uid_io_stats))
+(typeattributeset proc_uid_procstat_set_26_0 (proc_uid_procstat_set))
+(typeattributeset proc_zoneinfo_26_0 (proc_zoneinfo))
+(typeattributeset profman_26_0 (profman))
+(typeattributeset profman_dump_data_file_26_0 (profman_dump_data_file))
+(typeattributeset profman_exec_26_0 (profman_exec))
+(typeattributeset properties_device_26_0 (properties_device))
+(typeattributeset properties_serial_26_0 (properties_serial))
+(typeattributeset property_contexts_file_26_0 (property_contexts_file))
+(typeattributeset property_data_file_26_0 (property_data_file))
+(typeattributeset property_socket_26_0 (property_socket))
+(typeattributeset pstorefs_26_0 (pstorefs))
+(typeattributeset ptmx_device_26_0 (ptmx_device))
+(typeattributeset qtaguid_device_26_0 (qtaguid_device))
+(typeattributeset qtaguid_proc_26_0 (qtaguid_proc))
+(typeattributeset racoon_26_0 (racoon))
+(typeattributeset racoon_exec_26_0 (racoon_exec))
+(typeattributeset racoon_socket_26_0 (racoon_socket))
+(typeattributeset radio_26_0 (radio))
+(typeattributeset radio_data_file_26_0 (radio_data_file))
+(typeattributeset radio_device_26_0 (radio_device))
+(typeattributeset radio_prop_26_0 (radio_prop))
+(typeattributeset radio_service_26_0 (radio_service))
+(typeattributeset ram_device_26_0 (ram_device))
+(typeattributeset random_device_26_0 (random_device))
+(typeattributeset reboot_data_file_26_0 (reboot_data_file))
+(typeattributeset recovery_26_0 (recovery))
+(typeattributeset recovery_block_device_26_0 (recovery_block_device))
+(typeattributeset recovery_data_file_26_0 (recovery_data_file))
+(typeattributeset recovery_persist_26_0 (recovery_persist))
+(typeattributeset recovery_persist_exec_26_0 (recovery_persist_exec))
+(typeattributeset recovery_refresh_26_0 (recovery_refresh))
+(typeattributeset recovery_refresh_exec_26_0 (recovery_refresh_exec))
+(typeattributeset recovery_service_26_0 (recovery_service))
+(typeattributeset registry_service_26_0 (registry_service))
+(typeattributeset resourcecache_data_file_26_0 (resourcecache_data_file))
+(typeattributeset restorecon_prop_26_0 (restorecon_prop))
+(typeattributeset restrictions_service_26_0 (restrictions_service))
+(typeattributeset rild_26_0 (rild))
+(typeattributeset rild_debug_socket_26_0 (rild_debug_socket))
+(typeattributeset rild_socket_26_0 (rild_socket))
+(typeattributeset ringtone_file_26_0 (ringtone_file))
+(typeattributeset root_block_device_26_0 (root_block_device))
+(typeattributeset rootfs_26_0 (rootfs))
+(typeattributeset rpmsg_device_26_0 (rpmsg_device))
+(typeattributeset rtc_device_26_0 (rtc_device))
+(typeattributeset rttmanager_service_26_0 (rttmanager_service))
+(typeattributeset runas_26_0 (runas))
+(typeattributeset runas_exec_26_0 (runas_exec))
+(typeattributeset runtime_event_log_tags_file_26_0 (runtime_event_log_tags_file))
+(typeattributeset safemode_prop_26_0 (safemode_prop))
+(typeattributeset same_process_hal_file_26_0 (same_process_hal_file))
+(typeattributeset samplingprofiler_service_26_0 (samplingprofiler_service))
+(typeattributeset scheduling_policy_service_26_0 (scheduling_policy_service))
+(typeattributeset sdcardd_26_0 (sdcardd))
+(typeattributeset sdcardd_exec_26_0 (sdcardd_exec))
+(typeattributeset sdcardfs_26_0 (sdcardfs))
+(typeattributeset seapp_contexts_file_26_0 (seapp_contexts_file))
+(typeattributeset search_service_26_0 (search_service))
+(typeattributeset sec_key_att_app_id_provider_service_26_0 (sec_key_att_app_id_provider_service))
+(typeattributeset selinuxfs_26_0 (selinuxfs))
+(typeattributeset sensors_device_26_0 (sensors_device))
+(typeattributeset sensorservice_service_26_0 (sensorservice_service))
+(typeattributeset sepolicy_file_26_0 (sepolicy_file))
+(typeattributeset serial_device_26_0 (serial_device))
+(typeattributeset serialno_prop_26_0 (serialno_prop))
+(typeattributeset serial_service_26_0 (serial_service))
+(typeattributeset service_contexts_file_26_0 (service_contexts_file))
+(typeattributeset servicediscovery_service_26_0 (servicediscovery_service))
+(typeattributeset servicemanager_26_0 (servicemanager))
+(typeattributeset servicemanager_exec_26_0 (servicemanager_exec))
+(typeattributeset settings_service_26_0 (settings_service))
+(typeattributeset sgdisk_26_0 (sgdisk))
+(typeattributeset sgdisk_exec_26_0 (sgdisk_exec))
+(typeattributeset shared_relro_26_0 (shared_relro))
+(typeattributeset shared_relro_file_26_0 (shared_relro_file))
+(typeattributeset shell_26_0 (shell))
+(typeattributeset shell_data_file_26_0 (shell_data_file))
+(typeattributeset shell_exec_26_0 (shell_exec))
+(typeattributeset shell_prop_26_0 (shell_prop))
+(typeattributeset shm_26_0 (shm))
+(typeattributeset shortcut_manager_icons_26_0 (shortcut_manager_icons))
+(typeattributeset shortcut_service_26_0 (shortcut_service))
+(typeattributeset slideshow_26_0 (slideshow))
+(typeattributeset socket_device_26_0 (socket_device))
+(typeattributeset sockfs_26_0 (sockfs))
+(typeattributeset statusbar_service_26_0 (statusbar_service))
+(typeattributeset storaged_service_26_0 (storaged_service))
+(typeattributeset storage_file_26_0 (storage_file))
+(typeattributeset storagestats_service_26_0 (storagestats_service))
+(typeattributeset storage_stub_file_26_0 (storage_stub_file))
+(typeattributeset su_26_0 (su))
+(typeattributeset su_exec_26_0 (su_exec))
+(typeattributeset surfaceflinger_26_0 (surfaceflinger))
+(typeattributeset surfaceflinger_service_26_0 (surfaceflinger_service))
+(typeattributeset swap_block_device_26_0 (swap_block_device))
+(typeattributeset sysfs_26_0 (sysfs))
+(typeattributeset sysfs_batteryinfo_26_0 (sysfs_batteryinfo))
+(typeattributeset sysfs_bluetooth_writable_26_0 (sysfs_bluetooth_writable))
+(typeattributeset sysfs_devices_system_cpu_26_0 (sysfs_devices_system_cpu))
+(typeattributeset sysfs_hwrandom_26_0 (sysfs_hwrandom))
+(typeattributeset sysfs_leds_26_0 (sysfs_leds))
+(typeattributeset sysfs_lowmemorykiller_26_0 (sysfs_lowmemorykiller))
+(typeattributeset sysfs_mac_address_26_0 (sysfs_mac_address))
+(typeattributeset sysfs_nfc_power_writable_26_0 (sysfs_nfc_power_writable))
+(typeattributeset sysfs_thermal_26_0 (sysfs_thermal))
+(typeattributeset sysfs_uio_26_0 (sysfs_uio))
+(typeattributeset sysfs_usb_26_0 (sysfs_usb))
+(typeattributeset sysfs_vibrator_26_0 (sysfs_vibrator))
+(typeattributeset sysfs_wake_lock_26_0 (sysfs_wake_lock))
+(typeattributeset sysfs_wlan_fwpath_26_0 (sysfs_wlan_fwpath))
+(typeattributeset sysfs_zram_26_0 (sysfs_zram))
+(typeattributeset sysfs_zram_uevent_26_0 (sysfs_zram_uevent))
+(typeattributeset system_app_26_0 (system_app))
+(typeattributeset system_app_data_file_26_0 (system_app_data_file))
+(typeattributeset system_app_service_26_0 (system_app_service))
+(typeattributeset system_block_device_26_0 (system_block_device))
+(typeattributeset system_data_file_26_0 (system_data_file))
+(typeattributeset system_file_26_0 (system_file))
+(typeattributeset systemkeys_data_file_26_0 (systemkeys_data_file))
+(typeattributeset system_ndebug_socket_26_0 (system_ndebug_socket))
+(typeattributeset system_prop_26_0 (system_prop))
+(typeattributeset system_radio_prop_26_0 (system_radio_prop))
+(typeattributeset system_server_26_0 (system_server))
+(typeattributeset system_wifi_keystore_hwservice_26_0 (system_wifi_keystore_hwservice))
+(typeattributeset system_wpa_socket_26_0 (system_wpa_socket))
+(typeattributeset task_service_26_0 (task_service))
+(typeattributeset tee_26_0 (tee))
+(typeattributeset tee_data_file_26_0 (tee_data_file))
+(typeattributeset tee_device_26_0 (tee_device))
+(typeattributeset telecom_service_26_0 (telecom_service))
+(typeattributeset textclassification_service_26_0 (textclassification_service))
+(typeattributeset textclassifier_data_file_26_0 (textclassifier_data_file))
+(typeattributeset textservices_service_26_0 (textservices_service))
+(typeattributeset tmpfs_26_0 (tmpfs))
+(typeattributeset tombstoned_26_0 (tombstoned))
+(typeattributeset tombstone_data_file_26_0 (tombstone_data_file))
+(typeattributeset tombstoned_crash_socket_26_0 (tombstoned_crash_socket))
+(typeattributeset tombstoned_exec_26_0 (tombstoned_exec))
+(typeattributeset tombstoned_intercept_socket_26_0 (tombstoned_intercept_socket))
+(typeattributeset toolbox_26_0 (toolbox))
+(typeattributeset toolbox_exec_26_0 (toolbox_exec))
+(typeattributeset tracing_shell_writable_26_0 (tracing_shell_writable))
+(typeattributeset tracing_shell_writable_debug_26_0 (tracing_shell_writable_debug))
+(typeattributeset trust_service_26_0 (trust_service))
+(typeattributeset tty_device_26_0 (tty_device))
+(typeattributeset tun_device_26_0 (tun_device))
+(typeattributeset tv_input_service_26_0 (tv_input_service))
+(typeattributeset tzdatacheck_26_0 (tzdatacheck))
+(typeattributeset tzdatacheck_exec_26_0 (tzdatacheck_exec))
+(typeattributeset ueventd_26_0 (ueventd))
+(typeattributeset uhid_device_26_0 (uhid_device))
+(typeattributeset uimode_service_26_0 (uimode_service))
+(typeattributeset uio_device_26_0 (uio_device))
+(typeattributeset uncrypt_26_0 (uncrypt))
+(typeattributeset uncrypt_exec_26_0 (uncrypt_exec))
+(typeattributeset uncrypt_socket_26_0 (uncrypt_socket))
+(typeattributeset unencrypted_data_file_26_0 (unencrypted_data_file))
+(typeattributeset unlabeled_26_0 (unlabeled))
+(typeattributeset untrusted_app_25_26_0 (untrusted_app_25))
+(typeattributeset untrusted_app_26_0 (untrusted_app))
+(typeattributeset untrusted_v2_app_26_0 (untrusted_v2_app))
+(typeattributeset update_engine_26_0 (update_engine))
+(typeattributeset update_engine_data_file_26_0 (update_engine_data_file))
+(typeattributeset update_engine_exec_26_0 (update_engine_exec))
+(typeattributeset update_engine_service_26_0 (update_engine_service))
+(typeattributeset updatelock_service_26_0 (updatelock_service))
+(typeattributeset update_verifier_26_0 (update_verifier))
+(typeattributeset update_verifier_exec_26_0 (update_verifier_exec))
+(typeattributeset usagestats_service_26_0 (usagestats_service))
+(typeattributeset usbaccessory_device_26_0 (usbaccessory_device))
+(typeattributeset usb_device_26_0 (usb_device))
+(typeattributeset usbfs_26_0 (usbfs))
+(typeattributeset usb_service_26_0 (usb_service))
+(typeattributeset userdata_block_device_26_0 (userdata_block_device))
+(typeattributeset usermodehelper_26_0 (usermodehelper))
+(typeattributeset user_profile_data_file_26_0 (user_profile_data_file))
+(typeattributeset user_service_26_0 (user_service))
+(typeattributeset vcs_device_26_0 (vcs_device))
+(typeattributeset vdc_26_0 (vdc))
+(typeattributeset vdc_exec_26_0 (vdc_exec))
+(typeattributeset vendor_app_file_26_0 (vendor_app_file))
+(typeattributeset vendor_configs_file_26_0 (vendor_configs_file))
+(typeattributeset vendor_file_26_0 (vendor_file))
+(typeattributeset vendor_framework_file_26_0 (vendor_framework_file))
+(typeattributeset vendor_hal_file_26_0 (vendor_hal_file))
+(typeattributeset vendor_overlay_file_26_0 (vendor_overlay_file))
+(typeattributeset vendor_shell_exec_26_0 (vendor_shell_exec))
+(typeattributeset vendor_toolbox_exec_26_0 (vendor_toolbox_exec))
+(typeattributeset vfat_26_0 (vfat))
+(typeattributeset vibrator_service_26_0 (vibrator_service))
+(typeattributeset video_device_26_0 (video_device))
+(typeattributeset virtual_touchpad_26_0 (virtual_touchpad))
+(typeattributeset virtual_touchpad_exec_26_0 (virtual_touchpad_exec))
+(typeattributeset virtual_touchpad_service_26_0 (virtual_touchpad_service))
+(typeattributeset vndbinder_device_26_0 (vndbinder_device))
+(typeattributeset vndk_sp_file_26_0 (vndk_sp_file))
+(typeattributeset vndservice_contexts_file_26_0 (vndservice_contexts_file))
+(typeattributeset vndservicemanager_26_0 (vndservicemanager))
+(typeattributeset voiceinteraction_service_26_0 (voiceinteraction_service))
+(typeattributeset vold_26_0 (vold))
+(typeattributeset vold_data_file_26_0 (vold_data_file))
+(typeattributeset vold_device_26_0 (vold_device))
+(typeattributeset vold_exec_26_0 (vold_exec))
+(typeattributeset vold_prop_26_0 (vold_prop))
+(typeattributeset vold_socket_26_0 (vold_socket))
+(typeattributeset vpn_data_file_26_0 (vpn_data_file))
+(typeattributeset vr_hwc_26_0 (vr_hwc))
+(typeattributeset vr_hwc_exec_26_0 (vr_hwc_exec))
+(typeattributeset vr_hwc_service_26_0 (vr_hwc_service))
+(typeattributeset vr_manager_service_26_0 (vr_manager_service))
+(typeattributeset wallpaper_file_26_0 (wallpaper_file))
+(typeattributeset wallpaper_service_26_0 (wallpaper_service))
+(typeattributeset watchdogd_26_0 (watchdogd))
+(typeattributeset watchdog_device_26_0 (watchdog_device))
+(typeattributeset webviewupdate_service_26_0 (webviewupdate_service))
+(typeattributeset webview_zygote_26_0 (webview_zygote))
+(typeattributeset webview_zygote_exec_26_0 (webview_zygote_exec))
+(typeattributeset webview_zygote_socket_26_0 (webview_zygote_socket))
+(typeattributeset wifiaware_service_26_0 (wifiaware_service))
+(typeattributeset wificond_26_0 (wificond))
+(typeattributeset wificond_exec_26_0 (wificond_exec))
+(typeattributeset wificond_service_26_0 (wificond_service))
+(typeattributeset wifi_data_file_26_0 (wifi_data_file))
+(typeattributeset wifi_log_prop_26_0 (wifi_log_prop))
+(typeattributeset wifip2p_service_26_0 (wifip2p_service))
+(typeattributeset wifi_prop_26_0 (wifi_prop))
+(typeattributeset wifiscanner_service_26_0 (wifiscanner_service))
+(typeattributeset wifi_service_26_0 (wifi_service))
+(typeattributeset window_service_26_0 (window_service))
+(typeattributeset wpa_socket_26_0 (wpa_socket))
+(typeattributeset zero_device_26_0 (zero_device))
+(typeattributeset zoneinfo_data_file_26_0 (zoneinfo_data_file))
+(typeattributeset zygote_26_0 (zygote))
+(typeattributeset zygote_exec_26_0 (zygote_exec))
+(typeattributeset zygote_socket_26_0 (zygote_socket))
diff --git a/prebuilts/api/26.0/26.0.ignore.cil b/prebuilts/api/26.0/26.0.ignore.cil
new file mode 100644
index 0000000..990c3ff
--- /dev/null
+++ b/prebuilts/api/26.0/26.0.ignore.cil
@@ -0,0 +1,5 @@
+;; new_objects - a collection of types that have been introduced that have no
+;; analogue in older policy. Thus, we do not need to map these types to
+;; previous ones. Add here to pass checkapi tests.
+(typeattribute new_objects)
+(typeattributeset new_objects (kmsg_debug_device))
diff --git a/private/adbd.te b/private/adbd.te
index 47a6cbd..2f6a450 100644
--- a/private/adbd.te
+++ b/private/adbd.te
@@ -17,10 +17,10 @@
allow adbd shell:process { noatsecure signal };
# Set UID and GID to shell. Set supplementary groups.
-allow adbd self:capability { setuid setgid };
+allow adbd self:global_capability_class_set { setuid setgid };
# Drop capabilities from bounding set on user builds.
-allow adbd self:capability setpcap;
+allow adbd self:global_capability_class_set setpcap;
# Create and use network sockets.
net_domain(adbd)
diff --git a/private/app.te b/private/app.te
index 70b42b9..b79f447 100644
--- a/private/app.te
+++ b/private/app.te
@@ -350,8 +350,7 @@
# Superuser capabilities.
# bluetooth requires net_admin and wake_alarm.
-neverallow { appdomain -bluetooth } self:capability *;
-neverallow { appdomain -bluetooth } self:capability2 *;
+neverallow { appdomain -bluetooth } self:capability_class_set *;
# Block device access.
neverallow appdomain dev_type:blk_file { read write };
diff --git a/private/bluetooth.te b/private/bluetooth.te
index 41867ae..86a7a2a 100644
--- a/private/bluetooth.te
+++ b/private/bluetooth.te
@@ -22,12 +22,12 @@
# Socket creation under /data/misc/bluedroid.
allow bluetooth bluetooth_socket:sock_file create_file_perms;
-allow bluetooth self:capability net_admin;
-allow bluetooth self:capability2 wake_alarm;
+allow bluetooth self:global_capability_class_set net_admin;
+allow bluetooth self:global_capability2_class_set wake_alarm;
# tethering
allow bluetooth self:packet_socket create_socket_perms_no_ioctl;
-allow bluetooth self:capability { net_admin net_raw net_bind_service };
+allow bluetooth self:global_capability_class_set { net_admin net_raw net_bind_service };
allow bluetooth self:tun_socket create_socket_perms_no_ioctl;
allow bluetooth tun_device:chr_file rw_file_perms;
allow bluetooth efs_file:dir search;
@@ -56,7 +56,7 @@
allow bluetooth shell_data_file:file read;
# Bluetooth audio needs RT scheduling to meet deadlines, allow sys_nice
-allow bluetooth self:capability sys_nice;
+allow bluetooth self:global_capability_class_set sys_nice;
hal_client_domain(bluetooth, hal_bluetooth)
hal_client_domain(bluetooth, hal_telephony)
@@ -71,5 +71,5 @@
# Superuser capabilities.
# Bluetooth requires net_{admin,raw,bind_service} and wake_alarm and block_suspend and sys_nice.
-neverallow bluetooth self:capability ~{ net_admin net_raw net_bind_service sys_nice};
-neverallow bluetooth self:capability2 ~{ wake_alarm block_suspend };
+neverallow bluetooth self:global_capability_class_set ~{ net_admin net_raw net_bind_service sys_nice};
+neverallow bluetooth self:global_capability2_class_set ~{ wake_alarm block_suspend };
diff --git a/private/bug_map b/private/bug_map
index 26d25e7..d493c55 100644
--- a/private/bug_map
+++ b/private/bug_map
@@ -1,5 +1,6 @@
priv_app firstboot_prop file 63801215
-update_engine update_engine capability 69197466
vold system_data_file file 62140539
-system_server proc file 69175449
system_server vendor_framework_file dir 68826235
+crash_dump app_data_file dir 68319037
+crash_dump bluetooth_data_file dir 68319037
+crash_dump vendor_overlay_file dir 68319037
diff --git a/private/compat/26.0/26.0.cil b/private/compat/26.0/26.0.cil
index a1e6b5f..f7338c6 100644
--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@@ -467,6 +467,8 @@
proc_page_cluster
proc_pagetypeinfo
proc_panic
+ proc_pid_max
+ proc_pipe_conf
proc_random
proc_sched
proc_swaps
@@ -596,6 +598,7 @@
sysfs_dm
sysfs_dt_firmware_android
sysfs_ipv4
+ sysfs_kernel_notes
sysfs_net
sysfs_power
sysfs_rtc
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index fdc672a..fea7387 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -16,12 +16,17 @@
hal_wifi_offload_hwservice
kmsg_debug_device
last_boot_reason_prop
+ mediaprovider_tmpfs
+ netd_stable_secret_prop
+ package_native_service
lowpan_device
lowpan_prop
lowpan_service
mediaprovider_tmpfs
netd_stable_secret_prop
+ network_watchlist_service
package_native_service
+ slice_service
statscompanion_service
storaged_data_file
sysfs_fs_ext4_features
@@ -42,7 +47,8 @@
wpantund
wpantund_exec
wpantund_service
- wpantund_tmpfs))
+ wpantund_tmpfs
+ wm_trace_data_file))
;; private_objects - a collection of types that were labeled differently in
;; older policy, but that should not remain accessible to vendor policy.
diff --git a/private/coredomain.te b/private/coredomain.te
new file mode 100644
index 0000000..0ca4913
--- /dev/null
+++ b/private/coredomain.te
@@ -0,0 +1 @@
+get_prop(coredomain, pm_prop)
diff --git a/private/domain.te b/private/domain.te
index 9515074..663c541 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -12,7 +12,7 @@
-storaged
-system_server
userdebug_or_eng(`-perfprofd')
-} self:capability sys_ptrace;
+} self:global_capability_class_set sys_ptrace;
# Limit ability to generate hardware unique device ID attestations to priv_apps
neverallow { domain -priv_app } *:keystore_key gen_unique_id;
@@ -27,7 +27,6 @@
-dumpstate
-platform_app
-priv_app
- -shell
-system_app
-vold
-vendor_init
@@ -40,12 +39,10 @@
-dumpstate
-healthd
-init
- -mediaserver
-priv_app
-storaged
-system_app
-ueventd
- -update_verifier
-vold
-vendor_init
} sysfs:file no_rw_file_perms;
diff --git a/private/dumpstate.te b/private/dumpstate.te
index b8f8152..24a57de 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -18,6 +18,12 @@
allow dumpstate atrace_exec:file rx_file_perms;
allow dumpstate storaged_exec:file rx_file_perms;
+# /data/misc/wmtrace for wm traces
+userdebug_or_eng(`
+ allow dumpstate wm_trace_data_file:dir r_dir_perms;
+ allow dumpstate wm_trace_data_file:file r_file_perms;
+')
+
# Allow dumpstate to make binder calls to storaged service
binder_call(dumpstate, storaged)
diff --git a/private/file.te b/private/file.te
index 6994202..5b4dbc8 100644
--- a/private/file.te
+++ b/private/file.te
@@ -3,3 +3,6 @@
# /data/misc/storaged
type storaged_data_file, file_type, data_file_type, core_data_file_type;
+
+# /data/misc/wmtrace for wm traces
+type wm_trace_data_file, file_type, data_file_type, core_data_file_type;
diff --git a/private/file_contexts b/private/file_contexts
index 05c36c3..5598bf3 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -179,7 +179,7 @@
/system/bin/mke2fs u:object_r:e2fs_exec:s0
/system/bin/e2fsck -- u:object_r:fsck_exec:s0
/system/bin/fsck\.f2fs -- u:object_r:fsck_exec:s0
-/system/bin/make_f2fs -- u:object_r:fsck_exec:s0
+/system/bin/make_f2fs -- u:object_r:e2fs_exec:s0
/system/bin/fsck_msdos -- u:object_r:fsck_exec:s0
/system/bin/tune2fs -- u:object_r:fsck_exec:s0
/system/bin/toolbox -- u:object_r:toolbox_exec:s0
@@ -230,7 +230,7 @@
/system/bin/pppd u:object_r:ppp_exec:s0
/system/bin/racoon u:object_r:racoon_exec:s0
/system/xbin/su u:object_r:su_exec:s0
-/system/xbin/perfprofd u:object_r:perfprofd_exec:s0
+/system/bin/perfprofd u:object_r:perfprofd_exec:s0
/system/bin/dnsmasq u:object_r:dnsmasq_exec:s0
/system/bin/healthd u:object_r:healthd_exec:s0
/system/bin/clatd u:object_r:clatd_exec:s0
@@ -291,6 +291,7 @@
/(vendor|system/vendor)/manifest.xml u:object_r:vendor_configs_file:s0
/(vendor|system/vendor)/compatibility_matrix.xml u:object_r:vendor_configs_file:s0
/(vendor|system/vendor)/app(/.*)? u:object_r:vendor_app_file:s0
+/(vendor|system/vendor)/priv-app(/.*)? u:object_r:vendor_app_file:s0
/(vendor|system/vendor)/overlay(/.*)? u:object_r:vendor_overlay_file:s0
/(vendor|system/vendor)/framework(/.*)? u:object_r:vendor_framework_file:s0
@@ -390,6 +391,7 @@
/data/misc/update_engine_log(/.*)? u:object_r:update_engine_log_data_file:s0
/data/system/heapdump(/.*)? u:object_r:heapdump_data_file:s0
/data/misc/trace(/.*)? u:object_r:method_trace_data_file:s0
+/data/misc/wmtrace(/.*)? u:object_r:wm_trace_data_file:s0
# TODO(calin) label profile reference differently so that only
# profman run as a special user can write to them
/data/misc/profiles/cur(/.*)? u:object_r:user_profile_data_file:s0
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 9c08934..96728bc 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -24,6 +24,7 @@
genfscon proc /swaps u:object_r:proc_swaps:s0
genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
genfscon proc /sys/abi/swp u:object_r:proc_abi:s0
+genfscon proc /sys/fs/pipe-max-size u:object_r:proc_pipe_conf:s0
genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
@@ -41,6 +42,7 @@
genfscon proc /sys/kernel/panic_on_oops u:object_r:proc_panic:s0
genfscon proc /sys/kernel/perf_event_max_sample_rate u:object_r:proc_perf:s0
genfscon proc /sys/kernel/perf_event_paranoid u:object_r:proc_perf:s0
+genfscon proc /sys/kernel/pid_max u:object_r:proc_pid_max:s0
genfscon proc /sys/kernel/poweroff_cmd u:object_r:usermodehelper:s0
genfscon proc /sys/kernel/random u:object_r:proc_random:s0
genfscon proc /sys/kernel/randomize_va_space u:object_r:proc_security:s0
@@ -66,6 +68,7 @@
genfscon proc /timer_list u:object_r:proc_timer:s0
genfscon proc /timer_stats u:object_r:proc_timer:s0
genfscon proc /tty/drivers u:object_r:proc_tty_drivers:s0
+genfscon proc /uid/ u:object_r:proc_uid_time_in_state:s0
genfscon proc /uid_cputime/show_uid_stat u:object_r:proc_uid_cputime_showstat:s0
genfscon proc /uid_cputime/remove_uid_range u:object_r:proc_uid_cputime_removeuid:s0
genfscon proc /uid_io/stats u:object_r:proc_uid_io_stats:s0
@@ -98,11 +101,13 @@
genfscon sysfs /devices/virtual/switch u:object_r:sysfs_switch:s0
genfscon sysfs /firmware/devicetree/base/firmware/android u:object_r:sysfs_dt_firmware_android:s0
genfscon sysfs /fs/ext4/features u:object_r:sysfs_fs_ext4_features:s0
+genfscon sysfs /power/autosleep u:object_r:sysfs_power:s0
genfscon sysfs /power/state u:object_r:sysfs_power:s0
genfscon sysfs /power/wakeup_count u:object_r:sysfs_power:s0
genfscon sysfs /power/wake_lock u:object_r:sysfs_wake_lock:s0
genfscon sysfs /power/wake_unlock u:object_r:sysfs_wake_lock:s0
genfscon sysfs /kernel/ipv4 u:object_r:sysfs_ipv4:s0
+genfscon sysfs /kernel/notes u:object_r:sysfs_kernel_notes:s0
genfscon sysfs /kernel/uevent_helper u:object_r:sysfs_usermodehelper:s0
genfscon sysfs /kernel/wakeup_reasons u:object_r:sysfs_wakeup_reasons:s0
genfscon sysfs /module/lowmemorykiller u:object_r:sysfs_lowmemorykiller:s0
diff --git a/private/incidentd.te b/private/incidentd.te
index efd23bd..5810d9a 100644
--- a/private/incidentd.te
+++ b/private/incidentd.te
@@ -7,12 +7,12 @@
# Allow setting process priority, protect from OOM killer, and dropping
# privileges by switching UID / GID
-# TODO allow incidentd self:capability { setuid setgid sys_resource };
+# TODO allow incidentd self:global_capability_class_set { setuid setgid sys_resource };
# Allow incidentd to scan through /proc/pid for all processes
r_dir_file(incidentd, domain)
-allow incidentd self:capability {
+allow incidentd self:global_capability_class_set {
# Send signals to processes
kill
};
@@ -56,7 +56,7 @@
binder_call(incidentd, appdomain)
# Reading /proc/PID/maps of other processes
-# TODO allow incidentd self:capability sys_ptrace;
+# TODO allow incidentd self:global_capability_class_set sys_ptrace;
# Run a shell.
allow incidentd shell_exec:file rx_file_perms;
diff --git a/private/logpersist.te b/private/logpersist.te
index 70e3198..8cdbd2d 100644
--- a/private/logpersist.te
+++ b/private/logpersist.te
@@ -8,7 +8,7 @@
allow logpersist misc_logd_file:file create_file_perms;
allow logpersist misc_logd_file:dir rw_dir_perms;
- allow logpersist self:capability sys_nice;
+ allow logpersist self:global_capability_class_set sys_nice;
allow logpersist pstorefs:dir search;
allow logpersist pstorefs:file r_file_perms;
diff --git a/private/netutils_wrapper.te b/private/netutils_wrapper.te
index f7fe32a..9a5697e 100644
--- a/private/netutils_wrapper.te
+++ b/private/netutils_wrapper.te
@@ -3,13 +3,13 @@
r_dir_file(netutils_wrapper, system_file);
# For netutils (ip, iptables, tc)
-allow netutils_wrapper self:capability net_raw;
+allow netutils_wrapper self:global_capability_class_set net_raw;
allow netutils_wrapper system_file:file { execute execute_no_trans };
allow netutils_wrapper proc_net:file { open read getattr };
allow netutils_wrapper self:rawip_socket create_socket_perms;
allow netutils_wrapper self:udp_socket create_socket_perms;
-allow netutils_wrapper self:capability net_admin;
+allow netutils_wrapper self:global_capability_class_set net_admin;
# ip utils need everything but ioctl
allow netutils_wrapper self:netlink_route_socket ~ioctl;
allow netutils_wrapper self:netlink_xfrm_socket ~ioctl;
diff --git a/private/priv_app.te b/private/priv_app.te
index fce2c90..9f8ef79 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -29,6 +29,7 @@
allow priv_app mediadrmserver_service:service_manager find;
allow priv_app mediaextractor_service:service_manager find;
allow priv_app mediaserver_service:service_manager find;
+allow priv_app network_watchlist_service:service_manager find;
allow priv_app nfc_service:service_manager find;
allow priv_app oem_lock_service:service_manager find;
allow priv_app radio_service:service_manager find;
diff --git a/private/service_contexts b/private/service_contexts
index ac7fb8e..6451ffc 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -40,6 +40,7 @@
diskstats u:object_r:diskstats_service:s0
display u:object_r:display_service:s0
netd_listener u:object_r:netd_listener_service:s0
+network_watchlist u:object_r:network_watchlist_service:s0
DockObserver u:object_r:DockObserver_service:s0
dreams u:object_r:dreams_service:s0
drm.drmManager u:object_r:drmserver_service:s0
@@ -140,6 +141,7 @@
simphonebook2 u:object_r:radio_service:s0
simphonebook u:object_r:radio_service:s0
sip u:object_r:radio_service:s0
+slice u:object_r:slice_service:s0
statscompanion u:object_r:statscompanion_service:s0
soundtrigger u:object_r:voiceinteraction_service:s0
statusbar u:object_r:statusbar_service:s0
diff --git a/private/storaged.te b/private/storaged.te
index 8da1f26..c8cc02d 100644
--- a/private/storaged.te
+++ b/private/storaged.te
@@ -52,7 +52,7 @@
# Kernel does extra check on CAP_DAC_OVERRIDE for libbinder when storaged is
# running as root. See b/35323867 #3.
-dontaudit storaged self:capability dac_override;
+dontaudit storaged self:global_capability_class_set dac_override;
###
### neverallow
diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index ed67597..f28e3fe 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@@ -52,6 +52,12 @@
allow surfaceflinger appdomain:fd use;
allow surfaceflinger app_data_file:file { read write };
+# Allow writing surface traces to /data/misc/wmtrace.
+userdebug_or_eng(`
+ allow surfaceflinger wm_trace_data_file:dir rw_dir_perms;
+ allow surfaceflinger wm_trace_data_file:file { getattr setattr create w_file_perms };
+')
+
# Use socket supplied by adbd, for cmd gpu vkjson etc.
allow surfaceflinger adbd:unix_stream_socket { read write getattr };
@@ -81,7 +87,7 @@
# allow self to set SCHED_FIFO
-allow surfaceflinger self:capability sys_nice;
+allow surfaceflinger self:global_capability_class_set sys_nice;
allow surfaceflinger proc_meminfo:file r_file_perms;
r_dir_file(surfaceflinger, cgroup)
r_dir_file(surfaceflinger, system_file)
diff --git a/private/system_server.te b/private/system_server.te
index 93c6a57..2102391 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -52,7 +52,7 @@
# These are the capabilities assigned by the zygote to the
# system server.
-allow system_server self:capability {
+allow system_server self:global_capability_class_set {
ipc_lock
kill
net_admin
@@ -72,7 +72,7 @@
allow system_server kernel:system module_request;
# Allow alarmtimers to be set
-allow system_server self:capability2 wake_alarm;
+allow system_server self:global_capability2_class_set wake_alarm;
# Create and share netlink_netfilter_sockets for tetheroffload.
allow system_server self:netlink_netfilter_socket create_socket_perms_no_ioctl;
@@ -124,24 +124,15 @@
allow system_server qtaguid_proc:file rw_file_perms;
allow system_server qtaguid_device:chr_file rw_file_perms;
-# Read /proc/uid_cputime/show_uid_stat.
-allow system_server proc_uid_cputime_showstat:file r_file_perms;
-
# Write /proc/uid_cputime/remove_uid_range.
allow system_server proc_uid_cputime_removeuid:file { w_file_perms getattr };
# Write /proc/uid_procstat/set.
allow system_server proc_uid_procstat_set:file { w_file_perms getattr };
-# Read /proc/uid_time_in_state.
-allow system_server proc_uid_time_in_state:file r_file_perms;
-
# Write to /proc/sysrq-trigger.
allow system_server proc_sysrq:file rw_file_perms;
-# Read /proc/stat for CPU usage statistics
-allow system_server proc_stat:file r_file_perms;
-
# Read /sys/kernel/debug/wakeup_sources.
allow system_server debugfs:file r_file_perms;
@@ -650,6 +641,10 @@
# Allow system server to read dmesg
allow system_server kernel:system syslog_read;
+
+ # Allow writing and removing window traces in /data/misc/wmtrace.
+ allow system_server wm_trace_data_file:dir rw_dir_perms;
+ allow system_server wm_trace_data_file:file { getattr setattr create unlink w_file_perms };
')
# For AppFuse.
@@ -690,12 +685,21 @@
allow system_server ion_device:chr_file r_file_perms;
r_dir_file(system_server, proc_asound)
-r_dir_file(system_server, proc_loadavg)
-r_dir_file(system_server, proc_meminfo)
r_dir_file(system_server, proc_net)
-r_dir_file(system_server, proc_pagetypeinfo)
-r_dir_file(system_server, proc_version)
-r_dir_file(system_server, proc_vmallocinfo)
+allow system_server {
+ proc_loadavg
+ proc_meminfo
+ proc_pagetypeinfo
+ proc_pipe_conf
+ proc_stat
+ proc_uid_cputime_showstat
+ proc_uid_time_in_state
+ proc_version
+ proc_vmallocinfo
+}:file r_file_perms;
+
+allow system_server proc_uid_time_in_state:dir r_dir_perms;
+
r_dir_file(system_server, rootfs)
### Rules needed when Light HAL runs inside system_server process.
@@ -718,6 +722,13 @@
allow system_server zygote_exec:file rx_file_perms;
')
+# ART Profiles.
+# Allow system_server to open profile snapshots for read.
+# System server never reads the actual content. It passes the descriptor to
+# to privileged apps which acquire the permissions to inspect the profiles.
+allow system_server user_profile_data_file:dir { search };
+allow system_server user_profile_data_file:file { getattr open read };
+
###
### Neverallow rules
###
@@ -785,8 +796,7 @@
# CAP_SYS_RESOURCE was traditionally needed for sensitive /proc/PID
# file read access. However, that is now unnecessary (b/34951864)
-# This neverallow can be removed after b/34951864 is fixed.
-neverallow system_server system_server:capability sys_resource;
+neverallow system_server system_server:global_capability_class_set sys_resource;
# TODO(b/67468181): Remove following lines upon resolution of this bug
dontaudit system_server statscompanion_service:service_manager { add find };
diff --git a/private/vendor_init.te b/private/vendor_init.te
index c99d96f..5d97f72 100644
--- a/private/vendor_init.te
+++ b/private/vendor_init.te
@@ -1,2 +1,6 @@
typeattribute vendor_init coredomain;
+# Creating files on sysfs is impossible so this isn't a threat
+# Sometimes we have to write to non-existent files to avoid conditional
+# init behavior. See b/35303861 for an example.
+dontaudit vendor_init sysfs:dir write;
diff --git a/private/vold_prepare_subdirs.te b/private/vold_prepare_subdirs.te
index 3f17ce5..7bdcd84 100644
--- a/private/vold_prepare_subdirs.te
+++ b/private/vold_prepare_subdirs.te
@@ -7,7 +7,7 @@
allow vold_prepare_subdirs vold:fd use;
allow vold_prepare_subdirs vold:fifo_file { read write };
allow vold_prepare_subdirs file_contexts_file:file r_file_perms;
-allow vold_prepare_subdirs self:capability dac_override;
+allow vold_prepare_subdirs self:global_capability_class_set dac_override;
allow vold_prepare_subdirs self:process setfscreate;
allow vold_prepare_subdirs system_data_file:dir { open read write add_name remove_name };
allow vold_prepare_subdirs vold_data_file:dir { create open read write search getattr setattr remove_name rmdir };
diff --git a/private/webview_zygote.te b/private/webview_zygote.te
index 3c5403b..f85d40c 100644
--- a/private/webview_zygote.te
+++ b/private/webview_zygote.te
@@ -20,9 +20,9 @@
allow webview_zygote shared_relro_file:file r_file_perms;
# Set the UID/GID of the process.
-allow webview_zygote self:capability { setgid setuid };
+allow webview_zygote self:global_capability_class_set { setgid setuid };
# Drop capabilities from bounding set.
-allow webview_zygote self:capability setpcap;
+allow webview_zygote self:global_capability_class_set setpcap;
# Switch SELinux context to app domains.
allow webview_zygote self:process setcurrent;
allow webview_zygote isolated_app:process dyntransition;
diff --git a/private/zygote.te b/private/zygote.te
index 7fe79ef..9ec0e4a 100644
--- a/private/zygote.te
+++ b/private/zygote.te
@@ -7,10 +7,10 @@
read_runtime_log_tags(zygote)
# Override DAC on files and switch uid/gid.
-allow zygote self:capability { dac_override setgid setuid fowner chown };
+allow zygote self:global_capability_class_set { dac_override setgid setuid fowner chown };
# Drop capabilities from bounding set.
-allow zygote self:capability setpcap;
+allow zygote self:global_capability_class_set setpcap;
# Switch SELinux context to app domains.
allow zygote self:process setcurrent;
@@ -56,7 +56,7 @@
# Control cgroups.
allow zygote cgroup:dir create_dir_perms;
allow zygote cgroup:{ file lnk_file } r_file_perms;
-allow zygote self:capability sys_admin;
+allow zygote self:global_capability_class_set sys_admin;
# Allow zygote to stat the files that it opens. The zygote must
# be able to inspect them so that it can reopen them on fork
diff --git a/public/charger.te b/public/charger.te
index 5a5b653..4577cbc 100644
--- a/public/charger.te
+++ b/public/charger.te
@@ -10,15 +10,15 @@
r_dir_file(charger, rootfs)
r_dir_file(charger, cgroup)
-allow charger self:capability { sys_tty_config };
-allow charger self:capability sys_boot;
+allow charger self:global_capability_class_set { sys_tty_config };
+allow charger self:global_capability_class_set sys_boot;
wakelock_use(charger)
allow charger self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
-# Write to /sys/power/state
-allow charger sysfs_power:file write;
+# Read/write to /sys/power/state
+allow charger sysfs_power:file rw_file_perms;
allow charger sysfs_batteryinfo:file r_file_perms;
diff --git a/public/clatd.te b/public/clatd.te
index 212b76e..ee44abf 100644
--- a/public/clatd.te
+++ b/public/clatd.te
@@ -17,7 +17,7 @@
allow clatd netd:unix_stream_socket { read write };
allow clatd netd:unix_dgram_socket { read write };
-allow clatd self:capability { net_admin net_raw setuid setgid };
+allow clatd self:global_capability_class_set { net_admin net_raw setuid setgid };
# clatd calls mmap(MAP_LOCKED) with a 1M buffer. MAP_LOCKED first checks
# capable(CAP_IPC_LOCK), and then checks to see the requested amount is
@@ -26,7 +26,7 @@
# so we permit any requests we see from clatd asking for this capability.
# See https://android-review.googlesource.com/127940 and
# https://b.corp.google.com/issues/21736319
-allow clatd self:capability ipc_lock;
+allow clatd self:global_capability_class_set ipc_lock;
allow clatd self:netlink_route_socket nlmsg_write;
allow clatd self:{ packet_socket rawip_socket tun_socket } create_socket_perms_no_ioctl;
diff --git a/public/crash_dump.te b/public/crash_dump.te
index c101b34..74bff80 100644
--- a/public/crash_dump.te
+++ b/public/crash_dump.te
@@ -11,7 +11,7 @@
# crash_dump might inherit CAP_SYS_PTRACE from a privileged process,
# which will result in an audit log even when it's allowed to trace.
-dontaudit crash_dump self:capability { sys_ptrace };
+dontaudit crash_dump self:global_capability_class_set { sys_ptrace };
userdebug_or_eng(`
allow crash_dump logd:process { ptrace signal sigchld sigstop sigkill };
@@ -23,9 +23,11 @@
# Use inherited file descriptors
allow crash_dump domain:fd use;
-# Write to the IPC pipe inherited from crashing processes.
+# Read/write IPC pipes inherited from crashing processes.
+allow crash_dump domain:fifo_file { read write };
+
# Append to pipes given to us by processes requesting dumps (e.g. dumpstate)
-allow crash_dump domain:fifo_file { write append };
+allow crash_dump domain:fifo_file { append };
r_dir_file(crash_dump, domain)
allow crash_dump exec_type:file r_file_perms;
diff --git a/public/dhcp.te b/public/dhcp.te
index 2b54b7f..1f1ef2b 100644
--- a/public/dhcp.te
+++ b/public/dhcp.te
@@ -4,7 +4,7 @@
net_domain(dhcp)
allow dhcp cgroup:dir { create write add_name };
-allow dhcp self:capability { setgid setuid net_admin net_raw net_bind_service };
+allow dhcp self:global_capability_class_set { setgid setuid net_admin net_raw net_bind_service };
allow dhcp self:packet_socket create_socket_perms_no_ioctl;
allow dhcp self:netlink_route_socket nlmsg_write;
allow dhcp shell_exec:file rx_file_perms;
diff --git a/public/dnsmasq.te b/public/dnsmasq.te
index ccac69a..3aaefd3 100644
--- a/public/dnsmasq.te
+++ b/public/dnsmasq.te
@@ -6,9 +6,9 @@
allowxperm dnsmasq self:udp_socket ioctl priv_sock_ioctls;
# TODO: Run with dhcp group to avoid need for dac_override.
-allow dnsmasq self:capability dac_override;
+allow dnsmasq self:global_capability_class_set dac_override;
-allow dnsmasq self:capability { net_admin net_raw net_bind_service setgid setuid };
+allow dnsmasq self:global_capability_class_set { net_admin net_raw net_bind_service setgid setuid };
allow dnsmasq dhcp_data_file:dir w_dir_perms;
allow dnsmasq dhcp_data_file:file create_file_perms;
diff --git a/public/domain.te b/public/domain.te
index d283006..0d50c38 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -77,6 +77,8 @@
allow domain ptmx_device:chr_file rw_file_perms;
allow domain alarm_device:chr_file r_file_perms;
allow domain random_device:chr_file rw_file_perms;
+allow domain proc_random:dir r_dir_perms;
+allow domain proc_random:file r_file_perms;
allow domain properties_device:dir { search getattr };
allow domain properties_serial:file r_file_perms;
@@ -236,8 +238,8 @@
# http://www.openwall.com/lists/oss-security/2016/09/26/14
neverallowxperm * devpts:chr_file ioctl TIOCSTI;
-# Do not allow any domain other than init or recovery to create unlabeled files.
-neverallow { domain -init -recovery } unlabeled:dir_file_class_set create;
+# Do not allow any domain other than init to create unlabeled files.
+neverallow { domain -init } unlabeled:dir_file_class_set create;
# Limit device node creation to these whitelisted domains.
neverallow {
@@ -246,7 +248,7 @@
-init
-ueventd
-vold
-} self:capability mknod;
+} self:global_capability_class_set mknod;
# Limit raw I/O to these whitelisted domains. Do not apply to debug builds.
neverallow {
@@ -259,16 +261,18 @@
-healthd
-uncrypt
-tee
-} self:capability sys_rawio;
+} self:global_capability_class_set sys_rawio;
# No process can map low memory (< CONFIG_LSM_MMAP_MIN_ADDR).
neverallow * self:memprotect mmap_zero;
# No domain needs mac_override as it is unused by SELinux.
-neverallow * self:capability2 mac_override;
+neverallow * self:global_capability2_class_set mac_override;
-# Only recovery needs mac_admin to set contexts not defined in current policy.
-neverallow { domain -recovery } self:capability2 mac_admin;
+# Disallow attempts to set contexts not defined in current policy
+# This helps guarantee that unknown or dangerous contents will not ever
+# be set.
+neverallow * self:global_capability2_class_set mac_admin;
# Once the policy has been loaded there shall be none to modify the policy.
# It is sealed.
@@ -374,6 +378,7 @@
-bootanim # for oemfs
-recovery # for /tmp/update_binary in tmpfs
} { fs_type -rootfs }:file execute;
+
# Files from cache should never be executed
neverallow domain { cache_file cache_backup_file cache_private_backup_file cache_recovery_file }:file execute;
@@ -397,10 +402,12 @@
neverallow { domain -init } properties_device:file { no_w_file_perms no_x_file_perms };
neverallow { domain -init } properties_serial:file { no_w_file_perms no_x_file_perms };
-# Only recovery should be doing writes to /system & /vendor
+# Nobody should be doing writes to /system & /vendor
+# These partitions are intended to be read-only and must never be
+# modified. Doing so would violate important Android security guarantees
+# and invalidate dm-verity signatures.
neverallow {
domain
- -recovery
with_asan(`-asan_extract')
} {
system_file
@@ -408,7 +415,7 @@
exec_type
}:dir_file_class_set { create write setattr relabelfrom append unlink link rename };
-neverallow { domain -recovery -kernel with_asan(`-asan_extract') } { system_file vendor_file_type exec_type }:dir_file_class_set relabelto;
+neverallow { domain -kernel with_asan(`-asan_extract') } { system_file vendor_file_type exec_type }:dir_file_class_set relabelto;
# Don't allow mounting on top of /system files or directories
neverallow * exec_type:dir_file_class_set mounton;
@@ -424,7 +431,7 @@
# Ensure that context mount types are not writable, to ensure that
# the write to /system restriction above is not bypassed via context=
# mount to another type.
-neverallow { domain -recovery } contextmount_type:dir_file_class_set
+neverallow * contextmount_type:dir_file_class_set
{ create write setattr relabelfrom relabelto append unlink link rename };
# Do not allow service_manager add for default service labels.
@@ -450,14 +457,18 @@
neverallow { domain -init } default_prop:property_service set;
neverallow { domain -init } mmc_prop:property_service set;
+# Only core domains are allowed to access package_manager properties
+neverallow { domain -init -system_server } pm_prop:property_service set;
+neverallow { domain -coredomain } pm_prop:file no_rw_file_perms;
+
# Do not allow reading device's serial number from system properties except form
# a few whitelisted domains.
neverallow {
domain
-adbd
-dumpstate
- -hal_drm
- -hal_cas
+ -hal_drm_server
+ -hal_cas_server
-init
-mediadrmserver
-recovery
@@ -497,7 +508,7 @@
neverallow {
domain
userdebug_or_eng(`-domain') # exclude debuggable builds
- -hal_bootctl
+ -hal_bootctl_server
-init
-uncrypt
-update_engine
@@ -667,6 +678,79 @@
}:sock_file ~{ append getattr ioctl read write };
')
+# On TREBLE devices, vendor and system components are only allowed to share
+# files by passing open FDs over hwbinder. Ban all directory access and all file
+# accesses other than what can be applied to an open FD such as
+# ioctl/stat/read/write/append. This is enforced by segregating /data.
+# Vendor domains may directly access file in /data/vendor by path, but may only
+# access files outside of /data/vendor via an open FD passed over hwbinder.
+# Likewise, core domains may only directly access files outside /data/vendor by
+# path and files in /data/vendor by open FD.
+full_treble_only(`
+ # only coredomains may only access core_data_file_type, particularly not
+ # /data/vendor
+ neverallow {
+ coredomain
+ -appdomain # TODO(b/34980020) remove exemption for appdomain
+ -data_between_core_and_vendor_violators
+ -init
+ -vendor_init
+ } {
+ data_file_type
+ -core_data_file_type
+ }:file_class_set ~{ append getattr ioctl read write };
+ neverallow {
+ coredomain
+ -appdomain # TODO(b/34980020) remove exemption for appdomain
+ -data_between_core_and_vendor_violators
+ -init
+ -vendor_init
+ } {
+ data_file_type
+ -core_data_file_type
+ }:dir *;
+
+')
+full_treble_only(`
+ # vendor domains may only access files in /data/vendor, never core_data_file_types
+ neverallow {
+ domain
+ -appdomain # TODO(b/34980020) remove exemption for appdomain
+ -coredomain
+ -data_between_core_and_vendor_violators # TODO(b/34980020) Remove once all violators have been cleaned up
+ } {
+ core_data_file_type
+ # libc includes functions like mktime and localtime which attempt to access
+ # files in /data/misc/zoneinfo/tzdata file. These functions are considered
+ # vndk-stable and thus must be allowed for all processes.
+ -zoneinfo_data_file
+ }:file_class_set ~{ append getattr ioctl read write };
+')
+full_treble_only(`
+ # vendor domains may only access dirs in /data/vendor, never core_data_file_types
+ neverallow {
+ domain
+ -appdomain # TODO(b/34980020) remove exemption for appdomain
+ -coredomain
+ -data_between_core_and_vendor_violators
+ } {
+ core_data_file_type
+ -system_data_file # default label for files on /data. Covered below...
+ -zoneinfo_data_file
+ }:dir *;
+')
+full_treble_only(`
+ # vendor domains may only access dirs in /data/vendor, never core_data_file_types
+ neverallow {
+ domain
+ -appdomain # TODO(b/34980020) remove exemption for appdomain
+ -coredomain
+ -data_between_core_and_vendor_violators # TODO(b/34980020) Remove once all violators have been cleaned up
+ } {
+ system_data_file # default label for files on /data. Covered below
+ }:dir ~{ getattr search };
+')
+
# On TREBLE devices, a limited set of files in /vendor are accessible to
# only a few whitelisted coredomains to keep system/vendor separation.
full_treble_only(`
@@ -1012,12 +1096,9 @@
# vendor, and boot partitions.
neverallow * ~{ system_file vendor_file rootfs }:system module_load;
-# Only allow filesystem caps to be set at build time or
-# during upgrade by recovery.
-neverallow {
- domain
- -recovery
-} self:capability setfcap;
+# Only allow filesystem caps to be set at build time. Runtime changes
+# to filesystem capabilities are not permitted.
+neverallow * self:global_capability_class_set setfcap;
# Enforce AT_SECURE for executing crash_dump.
neverallow domain crash_dump:process noatsecure;
diff --git a/public/dumpstate.te b/public/dumpstate.te
index f8ef840..6f1fa69 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -8,12 +8,12 @@
# Allow setting process priority, protect from OOM killer, and dropping
# privileges by switching UID / GID
-allow dumpstate self:capability { setuid setgid sys_resource };
+allow dumpstate self:global_capability_class_set { setuid setgid sys_resource };
# Allow dumpstate to scan through /proc/pid for all processes
r_dir_file(dumpstate, domain)
-allow dumpstate self:capability {
+allow dumpstate self:global_capability_class_set {
# Send signals to processes
kill
# Run iptables
@@ -33,7 +33,7 @@
allow dumpstate system_file:dir r_dir_perms;
# Create and write into /data/anr/
-allow dumpstate self:capability { dac_override chown fowner fsetid };
+allow dumpstate self:global_capability_class_set { dac_override chown fowner fsetid };
allow dumpstate anr_data_file:dir rw_dir_perms;
allow dumpstate anr_data_file:file create_file_perms;
@@ -42,7 +42,7 @@
allow dumpstate system_data_file:file r_file_perms;
# Read dmesg
-allow dumpstate self:capability2 syslog;
+allow dumpstate self:global_capability2_class_set syslog;
allow dumpstate kernel:system syslog_read;
# Read /sys/fs/pstore/console-ramoops
@@ -116,7 +116,7 @@
allow dumpstate sysfs_vibrator:file { rw_file_perms getattr };
# Reading /proc/PID/maps of other processes
-allow dumpstate self:capability sys_ptrace;
+allow dumpstate self:global_capability_class_set sys_ptrace;
# Allow the bugreport service to create a file in
# /data/data/com.android.shell/files/bugreports/bugreport
@@ -151,12 +151,15 @@
read_runtime_log_tags(dumpstate)
# Read files in /proc
-allow dumpstate proc_cmdline:file r_file_perms;
-allow dumpstate proc_meminfo:file r_file_perms;
-allow dumpstate proc_net:file r_file_perms;
-allow dumpstate proc_pagetypeinfo:file r_file_perms;
-allow dumpstate proc_version:file r_file_perms;
-allow dumpstate proc_vmallocinfo:file r_file_perms;
+allow dumpstate {
+ proc_cmdline
+ proc_meminfo
+ proc_net
+ proc_pipe_conf
+ proc_pagetypeinfo
+ proc_version
+ proc_vmallocinfo
+}:file r_file_perms;
r_dir_file(dumpstate, proc)
# Read network state info files.
diff --git a/public/file.te b/public/file.te
index 5353a3d..d8677e8 100644
--- a/public/file.te
+++ b/public/file.te
@@ -38,6 +38,8 @@
type proc_pagetypeinfo, fs_type;
type proc_panic, fs_type;
type proc_perf, fs_type;
+type proc_pid_max, fs_type;
+type proc_pipe_conf, fs_type;
type proc_random, fs_type;
type proc_sched, fs_type;
type proc_stat, fs_type;
@@ -64,6 +66,7 @@
type sysfs_dm, fs_type, sysfs_type;
type sysfs_dt_firmware_android, fs_type, sysfs_type;
type sysfs_ipv4, fs_type, sysfs_type;
+type sysfs_kernel_notes, fs_type, sysfs_type, mlstrustedobject;
type sysfs_leds, fs_type, sysfs_type;
type sysfs_hwrandom, fs_type, sysfs_type;
type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject;
diff --git a/public/global_macros b/public/global_macros
index bcfb686..5dab5ab 100644
--- a/public/global_macros
+++ b/public/global_macros
@@ -1,7 +1,9 @@
#####################################
# Common groupings of object classes.
#
-define(`capability_class_set', `{ capability capability2 }')
+define(`capability_class_set', `{ capability capability2 cap_userns cap2_userns }')
+define(`global_capability_class_set', `{ capability cap_userns }')
+define(`global_capability2_class_set', `{ capability2 cap2_userns }')
define(`devfile_class_set', `{ chr_file blk_file }')
define(`notdevfile_class_set', `{ file lnk_file sock_file fifo_file }')
diff --git a/public/hal_audio.te b/public/hal_audio.te
index 0665e26..dd7b140 100644
--- a/public/hal_audio.te
+++ b/public/hal_audio.te
@@ -23,11 +23,11 @@
###
# Should never execute any executable without a domain transition
-neverallow hal_audio { file_type fs_type }:file execute_no_trans;
+neverallow hal_audio_server { file_type fs_type }:file execute_no_trans;
# Should never need network access.
# Disallow network sockets.
-neverallow hal_audio domain:{ tcp_socket udp_socket rawip_socket } *;
+neverallow hal_audio_server domain:{ tcp_socket udp_socket rawip_socket } *;
# Only audio HAL may directly access the audio hardware
neverallow { halserverdomain -hal_audio_server } audio_device:chr_file *;
diff --git a/public/hal_bluetooth.te b/public/hal_bluetooth.te
index 2394e2e..461523b 100644
--- a/public/hal_bluetooth.te
+++ b/public/hal_bluetooth.te
@@ -8,7 +8,7 @@
wakelock_use(hal_bluetooth);
# The HAL toggles rfkill to power the chip off/on.
-allow hal_bluetooth self:capability net_admin;
+allow hal_bluetooth self:global_capability_class_set net_admin;
# bluetooth factory file accesses.
r_dir_file(hal_bluetooth, bluetooth_efs_file)
@@ -18,7 +18,7 @@
# sysfs access.
r_dir_file(hal_bluetooth, sysfs_type)
allow hal_bluetooth sysfs_bluetooth_writable:file rw_file_perms;
-allow hal_bluetooth self:capability2 wake_alarm;
+allow hal_bluetooth self:global_capability2_class_set wake_alarm;
# Allow write access to bluetooth-specific properties
set_prop(hal_bluetooth, bluetooth_prop)
@@ -27,4 +27,4 @@
allow hal_bluetooth proc_bluetooth_writable:file rw_file_perms;
# allow to run with real-time scheduling policy
-allow hal_bluetooth self:capability sys_nice;
+allow hal_bluetooth self:global_capability_class_set sys_nice;
diff --git a/public/hal_camera.te b/public/hal_camera.te
index d0824c3..4265b8a 100644
--- a/public/hal_camera.te
+++ b/public/hal_camera.te
@@ -23,10 +23,10 @@
# hal_camera should never execute any executable without a
# domain transition
-neverallow hal_camera { file_type fs_type }:file execute_no_trans;
+neverallow hal_camera_server { file_type fs_type }:file execute_no_trans;
# hal_camera should never need network access. Disallow network sockets.
-neverallow hal_camera domain:{ tcp_socket udp_socket rawip_socket } *;
+neverallow hal_camera_server domain:{ tcp_socket udp_socket rawip_socket } *;
# Only camera HAL may directly access the camera hardware
neverallow { halserverdomain -hal_camera_server } camera_device:chr_file *;
diff --git a/public/hal_cas.te b/public/hal_cas.te
index b4801c5..7f65358 100644
--- a/public/hal_cas.te
+++ b/public/hal_cas.te
@@ -7,7 +7,7 @@
allow hal_cas_server hidl_memory_hwservice:hwservice_manager find;
# Permit reading device's serial number from system properties
-get_prop(hal_cas, serialno_prop)
+get_prop(hal_cas_server, serialno_prop)
# Read files already opened under /data
allow hal_cas system_data_file:file { getattr read };
@@ -29,7 +29,7 @@
# hal_cas should never execute any executable without a
# domain transition
-neverallow hal_cas { file_type fs_type }:file execute_no_trans;
+neverallow hal_cas_server { file_type fs_type }:file execute_no_trans;
# do not allow privileged socket ioctl commands
-neverallowxperm hal_cas domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
+neverallowxperm hal_cas_server domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
diff --git a/public/hal_drm.te b/public/hal_drm.te
index 666b1ba..a46dd91 100644
--- a/public/hal_drm.te
+++ b/public/hal_drm.te
@@ -33,11 +33,6 @@
# Allow access to fds allocated by mediaserver
allow hal_drm mediaserver:fd use;
-# Allow access to app_data and media_data_files
-allow hal_drm media_data_file:dir create_dir_perms;
-allow hal_drm media_data_file:file create_file_perms;
-allow hal_drm media_data_file:file { getattr read };
-
allow hal_drm sysfs:file r_file_perms;
allow hal_drm tee_device:chr_file rw_file_perms;
@@ -52,7 +47,7 @@
# hal_drm should never execute any executable without a
# domain transition
-neverallow hal_drm { file_type fs_type }:file execute_no_trans;
+neverallow hal_drm_server { file_type fs_type }:file execute_no_trans;
# do not allow privileged socket ioctl commands
-neverallowxperm hal_drm domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
+neverallowxperm hal_drm_server domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
diff --git a/public/hal_fingerprint.te b/public/hal_fingerprint.te
index bef9f55..36de761 100644
--- a/public/hal_fingerprint.te
+++ b/public/hal_fingerprint.te
@@ -5,12 +5,6 @@
add_hwservice(hal_fingerprint_server, hal_fingerprint_hwservice)
allow hal_fingerprint_client hal_fingerprint_hwservice:hwservice_manager find;
-# allow HAL module to read dir contents
-allow hal_fingerprint fingerprintd_data_file:file create_file_perms;
-
-# allow HAL module to read/write/unlink contents of this dir
-allow hal_fingerprint fingerprintd_data_file:dir rw_dir_perms;
-
# For memory allocation
allow hal_fingerprint ion_device:chr_file r_file_perms;
diff --git a/public/hal_graphics_allocator.te b/public/hal_graphics_allocator.te
index f56e8f6..e2b04ae 100644
--- a/public/hal_graphics_allocator.te
+++ b/public/hal_graphics_allocator.te
@@ -10,4 +10,4 @@
allow hal_graphics_allocator ion_device:chr_file r_file_perms;
# allow to run with real-time scheduling policy
-allow hal_graphics_allocator self:capability sys_nice;
+allow hal_graphics_allocator self:global_capability_class_set sys_nice;
diff --git a/public/hal_graphics_composer.te b/public/hal_graphics_composer.te
index 287037c..2df4612 100644
--- a/public/hal_graphics_composer.te
+++ b/public/hal_graphics_composer.te
@@ -23,4 +23,4 @@
allow hal_graphics_composer appdomain:fd use;
# allow self to set SCHED_FIFO
-allow hal_graphics_composer self:capability sys_nice;
+allow hal_graphics_composer self:global_capability_class_set sys_nice;
diff --git a/public/hal_neverallows.te b/public/hal_neverallows.te
index 036e1d2..c866bae 100644
--- a/public/hal_neverallows.te
+++ b/public/hal_neverallows.te
@@ -6,7 +6,7 @@
-hal_wifi_server
-hal_wifi_supplicant_server
-rild
-} self:capability { net_admin net_raw };
+} self:global_capability_class_set { net_admin net_raw };
# Unless a HAL's job is to communicate over the network, or control network
# hardware, it should not be using network sockets.
diff --git a/public/hal_nfc.te b/public/hal_nfc.te
index a027c48..3bcdf5e 100644
--- a/public/hal_nfc.te
+++ b/public/hal_nfc.te
@@ -10,7 +10,3 @@
# NFC device access.
allow hal_nfc nfc_device:chr_file rw_file_perms;
-
-# Data file accesses.
-allow hal_nfc nfc_data_file:dir create_dir_perms;
-allow hal_nfc nfc_data_file:{ file lnk_file fifo_file } create_file_perms;
diff --git a/public/hal_sensors.te b/public/hal_sensors.te
index 068c93b..9d7cbe9 100644
--- a/public/hal_sensors.te
+++ b/public/hal_sensors.te
@@ -12,4 +12,4 @@
allow hal_sensors hal_allocator:fd use;
# allow to run with real-time scheduling policy
-allow hal_sensors self:capability sys_nice;
+allow hal_sensors self:global_capability_class_set sys_nice;
diff --git a/public/hal_wifi.te b/public/hal_wifi.te
index e267731..ac8a0d9 100644
--- a/public/hal_wifi.te
+++ b/public/hal_wifi.te
@@ -14,7 +14,7 @@
allow hal_wifi self:udp_socket create_socket_perms;
allowxperm hal_wifi self:udp_socket ioctl { SIOCSIFFLAGS };
-allow hal_wifi self:capability { net_admin net_raw };
+allow hal_wifi self:global_capability_class_set { net_admin net_raw };
# allow hal_wifi to speak to nl80211 in the kernel
allow hal_wifi self:netlink_socket create_socket_perms_no_ioctl;
# newer kernels (e.g. 4.4 but not 4.1) have a new class for sockets
@@ -22,4 +22,4 @@
# hal_wifi writes firmware paths to this file.
allow hal_wifi sysfs_wlan_fwpath:file { w_file_perms };
# allow hal_wifi to access /proc/modules to check if Wi-Fi driver is loaded
-allow hal_wifi proc_modules:file { getattr open read };
\ No newline at end of file
+allow hal_wifi proc_modules:file { getattr open read };
diff --git a/public/hal_wifi_supplicant.te b/public/hal_wifi_supplicant.te
index 82c9e7d..6bf0d32 100644
--- a/public/hal_wifi_supplicant.te
+++ b/public/hal_wifi_supplicant.te
@@ -12,19 +12,13 @@
r_dir_file(hal_wifi_supplicant, proc_net)
allow hal_wifi_supplicant kernel:system module_request;
-allow hal_wifi_supplicant self:capability { setuid net_admin setgid net_raw };
+allow hal_wifi_supplicant self:global_capability_class_set { setuid net_admin setgid net_raw };
allow hal_wifi_supplicant cgroup:dir create_dir_perms;
allow hal_wifi_supplicant self:netlink_route_socket nlmsg_write;
allow hal_wifi_supplicant self:netlink_socket create_socket_perms_no_ioctl;
allow hal_wifi_supplicant self:netlink_generic_socket create_socket_perms_no_ioctl;
allow hal_wifi_supplicant self:packet_socket create_socket_perms;
allowxperm hal_wifi_supplicant self:packet_socket ioctl { unpriv_sock_ioctls priv_sock_ioctls unpriv_tty_ioctls };
-allow hal_wifi_supplicant wifi_data_file:dir create_dir_perms;
-allow hal_wifi_supplicant wifi_data_file:file create_file_perms;
-
-# Create a socket for receiving info from wpa
-allow hal_wifi_supplicant wpa_socket:dir create_dir_perms;
-allow hal_wifi_supplicant wpa_socket:sock_file create_file_perms;
###
### neverallow rules
diff --git a/public/healthd.te b/public/healthd.te
index e7c92c4..856a4b1 100644
--- a/public/healthd.te
+++ b/public/healthd.te
@@ -14,8 +14,8 @@
# /{system,vendor,odm}/lib[64]/hw/
r_dir_file(healthd, system_file)
-allow healthd self:capability { sys_tty_config };
-allow healthd self:capability sys_boot;
+allow healthd self:global_capability_class_set { sys_tty_config };
+allow healthd self:global_capability_class_set sys_boot;
allow healthd self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
diff --git a/public/init.te b/public/init.te
index deeb887..62a6e04 100644
--- a/public/init.te
+++ b/public/init.te
@@ -23,7 +23,7 @@
allow init property_type:file { create_file_perms relabelto };
# /dev/event-log-tags
allow init device:file relabelfrom;
-allow init runtime_event_log_tags_file:file { open write setattr relabelto };
+allow init runtime_event_log_tags_file:file { open write setattr relabelto create };
# /dev/socket
allow init { device socket_device }:dir relabelto;
# /dev/random, /dev/urandom
@@ -40,7 +40,7 @@
allow init misc_block_device:{ blk_file lnk_file } relabelto;
# setrlimit
-allow init self:capability sys_resource;
+allow init self:global_capability_class_set sys_resource;
# Remove /dev/.booting, created before initial policy load or restorecon /dev.
allow init tmpfs:file unlink;
@@ -61,7 +61,7 @@
allow init tty_device:chr_file rw_file_perms;
# Call mount(2).
-allow init self:capability sys_admin;
+allow init self:global_capability_class_set sys_admin;
# Create and mount on directories in /.
allow init rootfs:dir create_dir_perms;
@@ -92,12 +92,12 @@
allow init tmpfs:dir relabelfrom;
# Create directories under /dev/cpuctl after chowning it to system.
-allow init self:capability dac_override;
+allow init self:global_capability_class_set dac_override;
# Set system clock.
-allow init self:capability sys_time;
+allow init self:global_capability_class_set sys_time;
-allow init self:capability { sys_rawio mknod };
+allow init self:global_capability_class_set { sys_rawio mknod };
# Mounting filesystems from block devices.
allow init dev_type:blk_file r_file_perms;
@@ -124,7 +124,7 @@
# system/core/init.rc requires at least cache_file and data_file_type.
# init.<board>.rc files often include device-specific types, so
# we just allow all file types except /system files here.
-allow init self:capability { chown fowner fsetid };
+allow init self:global_capability_class_set { chown fowner fsetid };
allow init {
file_type
@@ -211,6 +211,7 @@
-contextmount_type
-proc
-sdcard_type
+ -sysfs
-rootfs
}:file { open read setattr };
allow init { fs_type -contextmount_type -sdcard_type -rootfs }:dir { open read setattr search };
@@ -256,7 +257,7 @@
# Any operation that can modify the kernel ring buffer, e.g. clear
# or a read that consumes the messages that were read.
allow init kernel:system syslog_mod;
-allow init self:capability2 syslog;
+allow init self:global_capability2_class_set syslog;
# init access to /proc.
r_dir_file(init, proc_net)
@@ -292,18 +293,31 @@
proc_security
}:file rw_file_perms;
+# init access to /sys files.
+allow init {
+ sysfs_android_usb
+ sysfs_leds
+ sysfs_power
+ sysfs_zram
+}:file w_file_perms;
+
+# init chmod/chown access to /sys files.
+allow init {
+ sysfs_android_usb
+ sysfs_devices_system_cpu
+ sysfs_ipv4
+ sysfs_leds
+ sysfs_lowmemorykiller
+ sysfs_power
+}:file setattr;
+
# Set usermodehelpers.
allow init { usermodehelper sysfs_usermodehelper }:file rw_file_perms;
-allow init self:capability net_admin;
+allow init self:global_capability_class_set net_admin;
# Reboot.
-allow init self:capability sys_boot;
-
-# Write to sysfs nodes.
-allow init sysfs_type:dir r_dir_perms;
-allow init sysfs_type:lnk_file read;
-allow init sysfs_type:file rw_file_perms;
+allow init self:global_capability_class_set sys_boot;
# Init will create /data/misc/logd when the property persist.logd.logpersistd is "logcatd".
# Init will also walk through the directory as part of a recursive restorecon.
@@ -311,7 +325,7 @@
allow init misc_logd_file:file { open create getattr setattr write };
# Support "adb shell stop"
-allow init self:capability kill;
+allow init self:global_capability_class_set kill;
allow init domain:process { getpgid sigkill signal };
# Init creates keystore's directory on boot, and walks through
@@ -329,7 +343,7 @@
allow init shell_data_file:file { getattr };
# Set UID, GID, and adjust capability bounding set for services.
-allow init self:capability { setuid setgid setpcap };
+allow init self:global_capability_class_set { setuid setgid setpcap };
# For bootchart to read the /proc/$pid/cmdline file of each process,
# we need to have following line to allow init to have access
@@ -369,13 +383,13 @@
# so it can be picked up and processed by logd. These denials are
# generated when an attempt to set a property is denied by policy.
allow init self:netlink_audit_socket { create_socket_perms_no_ioctl nlmsg_relay };
-allow init self:capability audit_write;
+allow init self:global_capability_class_set audit_write;
# Run "ifup lo" to bring up the localhost interface
allow init self:udp_socket { create ioctl };
# in addition to unpriv ioctls granted to all domains, init also needs:
allowxperm init self:udp_socket ioctl SIOCSIFFLAGS;
-allow init self:capability net_raw;
+allow init self:global_capability_class_set net_raw;
# This line seems suspect, as it should not really need to
# set scheduling parameters for a kernel domain task.
@@ -396,7 +410,7 @@
allow init device:file create_file_perms;
# keychord configuration
-allow init self:capability sys_tty_config;
+allow init self:global_capability_class_set sys_tty_config;
allow init keychord_device:chr_file rw_file_perms;
# Access device mapper for setting up dm-verity
@@ -458,3 +472,6 @@
# Init should not be creating subdirectories in /data/local/tmp
neverallow init shell_data_file:dir { write add_name remove_name };
+
+# Init should not access sysfs node that are not explicitly labeled.
+neverallow init sysfs:file { open read write };
diff --git a/public/install_recovery.te b/public/install_recovery.te
index 2115663..ab68838 100644
--- a/public/install_recovery.te
+++ b/public/install_recovery.te
@@ -2,7 +2,7 @@
type install_recovery, domain;
type install_recovery_exec, exec_type, file_type;
-allow install_recovery self:capability dac_override;
+allow install_recovery self:global_capability_class_set dac_override;
# /system/bin/install-recovery.sh is a shell script.
# Needs to execute /system/bin/sh
diff --git a/public/installd.te b/public/installd.te
index d02a86a..fad4562 100644
--- a/public/installd.te
+++ b/public/installd.te
@@ -2,7 +2,7 @@
type installd, domain;
type installd_exec, exec_type, file_type;
typeattribute installd mlstrustedsubject;
-allow installd self:capability { chown dac_override fowner fsetid setgid setuid sys_admin };
+allow installd self:global_capability_class_set { chown dac_override fowner fsetid setgid setuid sys_admin };
# Allow labeling of files under /data/app/com.example/oat/
allow installd dalvikcache_data_file:dir relabelto;
diff --git a/public/kernel.te b/public/kernel.te
index 74c77a9..ba1dec9 100644
--- a/public/kernel.te
+++ b/public/kernel.te
@@ -1,7 +1,7 @@
# Life begins with the kernel.
type kernel, domain, mlstrustedsubject;
-allow kernel self:capability sys_nice;
+allow kernel self:global_capability_class_set sys_nice;
# Root fs.
r_dir_file(kernel, rootfs)
@@ -33,14 +33,14 @@
dontaudit kernel self:security setenforce;
# Write to /proc/1/oom_adj prior to switching to init domain.
-allow kernel self:capability sys_resource;
+allow kernel self:global_capability_class_set sys_resource;
# Init reboot before switching selinux domains under certain error
# conditions. Allow it.
# As part of rebooting, init writes "u" to /proc/sysrq-trigger to
# remount filesystems read-only. /data is not mounted at this point,
# so we could ignore this. For now, we allow it.
-allow kernel self:capability sys_boot;
+allow kernel self:global_capability_class_set sys_boot;
allow kernel proc_sysrq:file w_file_perms;
# Allow writing to /dev/kmsg which was created prior to loading policy.
@@ -101,4 +101,4 @@
# the kernel should not be accessing files owned by other users.
# Instead of adding dac_{read_search,override}, fix the unix permissions
# on files being accessed.
-neverallow kernel self:capability { dac_override dac_read_search };
+neverallow kernel self:global_capability_class_set { dac_override dac_read_search };
diff --git a/public/lmkd.te b/public/lmkd.te
index 0ff9518..f43e42a 100644
--- a/public/lmkd.te
+++ b/public/lmkd.te
@@ -2,13 +2,13 @@
type lmkd, domain, mlstrustedsubject;
type lmkd_exec, exec_type, file_type;
-allow lmkd self:capability { dac_override sys_resource kill };
+allow lmkd self:global_capability_class_set { dac_override sys_resource kill };
# lmkd locks itself in memory, to prevent it from being
# swapped out and unable to kill other memory hogs.
# system/core commit b28ff9131363f7b4a698990da5748b2a88c3ed35
# b/16236289
-allow lmkd self:capability ipc_lock;
+allow lmkd self:global_capability_class_set ipc_lock;
## Open and write to /proc/PID/oom_score_adj
## TODO: maybe scope this down?
@@ -31,7 +31,7 @@
allow lmkd cgroup:file r_file_perms;
# Set self to SCHED_FIFO
-allow lmkd self:capability sys_nice;
+allow lmkd self:global_capability_class_set sys_nice;
allow lmkd proc_zoneinfo:file r_file_perms;
diff --git a/public/logd.te b/public/logd.te
index c47bfd7..817a705 100644
--- a/public/logd.te
+++ b/public/logd.te
@@ -8,8 +8,8 @@
r_dir_file(logd, proc_meminfo)
r_dir_file(logd, proc_net)
-allow logd self:capability { setuid setgid setpcap sys_nice audit_control };
-allow logd self:capability2 syslog;
+allow logd self:global_capability_class_set { setuid setgid setpcap sys_nice audit_control };
+allow logd self:global_capability2_class_set syslog;
allow logd self:netlink_audit_socket { create_socket_perms_no_ioctl nlmsg_write };
allow logd kernel:system syslog_read;
allow logd kmsg_device:chr_file w_file_perms;
diff --git a/public/mediaserver.te b/public/mediaserver.te
index 6efaf0f..f0c94ed 100644
--- a/public/mediaserver.te
+++ b/public/mediaserver.te
@@ -39,9 +39,6 @@
set_prop(mediaserver, audio_prop)
-# XXX Label with a specific type?
-allow mediaserver sysfs:file r_file_perms;
-
# Read resources from open apk files passed over Binder.
allow mediaserver apk_data_file:file { read getattr };
allow mediaserver asec_apk_file:file { read getattr };
diff --git a/public/modprobe.te b/public/modprobe.te
index 3ed320e..7d9e05d 100644
--- a/public/modprobe.te
+++ b/public/modprobe.te
@@ -1,7 +1,7 @@
type modprobe, domain;
allow modprobe proc_modules:file r_file_perms;
-allow modprobe self:capability sys_module;
+allow modprobe self:global_capability_class_set sys_module;
allow modprobe kernel:key search;
recovery_only(`
allow modprobe rootfs:system module_load;
diff --git a/public/mtp.te b/public/mtp.te
index a776240..7256bcf 100644
--- a/public/mtp.te
+++ b/public/mtp.te
@@ -6,6 +6,6 @@
# pptp policy
allow mtp self:socket create_socket_perms_no_ioctl;
-allow mtp self:capability net_raw;
+allow mtp self:global_capability_class_set net_raw;
allow mtp ppp:process signal;
allow mtp vpn_data_file:dir search;
diff --git a/public/netd.te b/public/netd.te
index a8a32be..fa03dbd 100644
--- a/public/netd.te
+++ b/public/netd.te
@@ -9,14 +9,14 @@
r_dir_file(netd, cgroup)
allow netd system_server:fd use;
-allow netd self:capability { net_admin net_raw kill };
+allow netd self:global_capability_class_set { net_admin net_raw kill };
# Note: fsetid is deliberately not included above. fsetid checks are
# triggered by chmod on a directory or file owned by a group other
# than one of the groups assigned to the current process to see if
# the setgid bit should be cleared, regardless of whether the setgid
# bit was even set. We do not appear to truly need this capability
# for netd to operate.
-dontaudit netd self:capability fsetid;
+dontaudit netd self:global_capability_class_set fsetid;
allow netd self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
allow netd self:netlink_route_socket nlmsg_write;
@@ -37,6 +37,8 @@
# TODO: Add proper rules to prevent other process to access qtaguid_proc file after migration
# complete
allow netd qtaguid_proc:file rw_file_perms;
+# Allow netd to read /dev/qtaguid. This is the same privilege level that normal apps have.
+allow netd qtaguid_device:chr_file r_file_perms;
r_dir_file(netd, proc_net)
# For /proc/sys/net/ipv[46]/route/flush.
@@ -58,12 +60,12 @@
# TODO: netd previously thought it needed these permissions to do WiFi related
# work. However, after all the WiFi stuff is gone, we still need them.
# Why?
-allow netd self:capability { dac_override chown };
+allow netd self:global_capability_class_set { dac_override chown };
# Needed to update /data/misc/net/rt_tables
allow netd net_data_file:file create_file_perms;
allow netd net_data_file:dir rw_dir_perms;
-allow netd self:capability fowner;
+allow netd self:global_capability_class_set fowner;
# Needed to lock the iptables lock.
allow netd system_file:file lock;
diff --git a/public/otapreopt_chroot.te b/public/otapreopt_chroot.te
index c071f44..894363a 100644
--- a/public/otapreopt_chroot.te
+++ b/public/otapreopt_chroot.te
@@ -5,7 +5,7 @@
# Chroot preparation and execution.
# We need to create an unshared mount namespace, and then mount /data.
allow otapreopt_chroot postinstall_file:dir { search mounton };
-allow otapreopt_chroot self:capability { sys_admin sys_chroot };
+allow otapreopt_chroot self:global_capability_class_set { sys_admin sys_chroot };
# This is required to mount /vendor.
allow otapreopt_chroot block_device:dir search;
diff --git a/public/performanced.te b/public/performanced.te
index 9bf813e..5f23088 100644
--- a/public/performanced.te
+++ b/public/performanced.te
@@ -10,7 +10,7 @@
pdx_server(performanced, performance_client)
# TODO: use file caps to obtain sys_nice instead of setuid / setgid.
-allow performanced self:capability { setuid setgid sys_nice };
+allow performanced self:global_capability_class_set { setuid setgid sys_nice };
# Access /proc to validate we're only affecting threads in the same thread group.
# Performanced also shields unbound kernel threads. It scans every task in the
diff --git a/public/perfprofd.te b/public/perfprofd.te
index bfb8693..4571969 100644
--- a/public/perfprofd.te
+++ b/public/perfprofd.te
@@ -20,7 +20,7 @@
# perfprofd reads a config file from /data/data/com.google.android.gms/files
allow perfprofd app_data_file:file r_file_perms;
allow perfprofd app_data_file:dir search;
- allow perfprofd self:capability { dac_override };
+ allow perfprofd self:global_capability_class_set { dac_override };
# perfprofd opens a file for writing in /data/misc/perfprofd
allow perfprofd perfprofd_data_file:file create_file_perms;
@@ -33,14 +33,17 @@
# perfprofd inspects /sys/power/wake_unlock
wakelock_use(perfprofd);
+ # simpleperf reads kernel notes.
+ allow perfprofd sysfs_kernel_notes:file r_file_perms;
+
# simpleperf uses ioctl() to turn on kernel perf events measurements
- allow perfprofd self:capability sys_admin;
+ allow perfprofd self:global_capability_class_set sys_admin;
# simpleperf needs to examine /proc to collect task/thread info
r_dir_file(perfprofd, domain)
# simpleperf needs to access /proc/<pid>/exec
- allow perfprofd self:capability { sys_resource sys_ptrace };
+ allow perfprofd self:global_capability_class_set { sys_resource sys_ptrace };
neverallow perfprofd domain:process ptrace;
# simpleperf needs open/read any file that turns up in a profile
@@ -54,6 +57,12 @@
allow perfprofd toolbox_exec:file rx_file_perms;
# needed for simpleperf on some kernels
- allow perfprofd self:capability ipc_lock;
+ allow perfprofd self:global_capability_class_set ipc_lock;
+
+ # simpleperf attempts to put a temp file into /data/local/tmp. Do not allow,
+ # use the fallback cwd code, do not spam the log. But ensure this is correctly
+ # removed at some point. b/70232908.
+ dontaudit perfprofd shell_data_file:dir *;
+ dontaudit perfprofd shell_data_file:file *;
')
diff --git a/public/postinstall_dexopt.te b/public/postinstall_dexopt.te
index d6c2060..8881f44 100644
--- a/public/postinstall_dexopt.te
+++ b/public/postinstall_dexopt.te
@@ -5,7 +5,7 @@
type postinstall_dexopt, domain;
-allow postinstall_dexopt self:capability { chown dac_override fowner setgid setuid };
+allow postinstall_dexopt self:global_capability_class_set { chown dac_override fowner setgid setuid };
allow postinstall_dexopt postinstall_file:filesystem getattr;
allow postinstall_dexopt postinstall_file:dir { getattr search };
diff --git a/public/ppp.te b/public/ppp.te
index 04e17f5..9340dee 100644
--- a/public/ppp.te
+++ b/public/ppp.te
@@ -15,7 +15,7 @@
allow ppp mtp:unix_dgram_socket rw_socket_perms;
allow ppp ppp_device:chr_file rw_file_perms;
-allow ppp self:capability net_admin;
+allow ppp self:global_capability_class_set net_admin;
allow ppp system_file:file rx_file_perms;
not_full_treble(`allow ppp vendor_file:file rx_file_perms;')
allow ppp vpn_data_file:dir w_dir_perms;
diff --git a/public/racoon.te b/public/racoon.te
index 00744d8..c759217 100644
--- a/public/racoon.te
+++ b/public/racoon.te
@@ -15,7 +15,7 @@
allow racoon self:key_socket create_socket_perms_no_ioctl;
allow racoon self:tun_socket create_socket_perms_no_ioctl;
-allow racoon self:capability { net_admin net_bind_service net_raw };
+allow racoon self:global_capability_class_set { net_admin net_bind_service net_raw };
# XXX: should we give ip-up-vpn its own label (currently racoon domain)
allow racoon system_file:file rx_file_perms;
diff --git a/public/recovery.te b/public/recovery.te
index fb61dbd..f6ad47f 100644
--- a/public/recovery.te
+++ b/public/recovery.te
@@ -12,10 +12,7 @@
# Recovery can only use HALs in passthrough mode
passthrough_hal_client_domain(recovery, hal_bootctl)
- allow recovery self:capability { chown dac_override fowner fsetid setfcap setuid setgid sys_admin sys_tty_config };
-
- # Set security contexts on files that are not known to the loaded policy.
- allow recovery self:capability2 mac_admin;
+ allow recovery self:global_capability_class_set { dac_override fowner setuid setgid sys_admin sys_tty_config };
# Run helpers from / or /system without changing domain.
r_dir_file(recovery, rootfs)
@@ -29,26 +26,9 @@
allow recovery unlabeled:filesystem ~relabelto;
allow recovery contextmount_type:filesystem relabelto;
- # Create and relabel files and directories under /system.
- allow recovery exec_type:{ file lnk_file } { create_file_perms relabelfrom relabelto };
- allow recovery { system_file }:{ file lnk_file } { create_file_perms relabelfrom relabelto };
- allow recovery system_file:dir { create_dir_perms relabelfrom relabelto };
-
- # We may be asked to set an SELinux label for a type not known to the
- # currently loaded policy. Allow it.
- allow recovery unlabeled:{ file lnk_file } { create_file_perms relabelfrom relabelto };
- allow recovery unlabeled:dir { create_dir_perms relabelfrom relabelto };
# Get file contexts
allow recovery file_contexts_file:file r_file_perms;
- # 0eb17d944704b3eb140bb9dded299d3be3aed77e in build/ added SELinux
- # support to OTAs. However, that code has a bug. When an update occurs,
- # some directories are inappropriately labeled as exec_type. This is
- # only transient, and subsequent steps in the OTA script correct this
- # mistake. New devices are moving to block based OTAs, so this is not
- # worth fixing. b/15575013
- allow recovery exec_type:dir { create_dir_perms relabelfrom relabelto };
-
# Write to /proc/sys/vm/drop_caches
allow recovery proc_drop_caches:file w_file_perms;
diff --git a/public/rild.te b/public/rild.te
index 4244ff3..5bcde72 100644
--- a/public/rild.te
+++ b/public/rild.te
@@ -7,7 +7,7 @@
allow rild self:netlink_route_socket nlmsg_write;
allow rild kernel:system module_request;
-allow rild self:capability { setpcap setgid setuid net_admin net_raw };
+allow rild self:global_capability_class_set { setpcap setgid setuid net_admin net_raw };
allow rild alarm_device:chr_file rw_file_perms;
allow rild cgroup:dir create_dir_perms;
allow rild cgroup:{ file lnk_file } r_file_perms;
diff --git a/public/runas.te b/public/runas.te
index ca6f4f6..053a87f 100644
--- a/public/runas.te
+++ b/public/runas.te
@@ -18,11 +18,11 @@
allow runas system_data_file:lnk_file read;
# run-as checks and changes to the app data dir.
-dontaudit runas self:capability dac_override;
+dontaudit runas self:global_capability_class_set dac_override;
allow runas app_data_file:dir { getattr search };
# run-as switches to the app UID/GID.
-allow runas self:capability { setuid setgid };
+allow runas self:global_capability_class_set { setuid setgid };
# run-as switches to the app security context.
selinux_check_context(runas) # validate context
@@ -38,5 +38,5 @@
###
# run-as cannot have capabilities other than CAP_SETUID and CAP_SETGID
-neverallow runas self:capability ~{ setuid setgid };
-neverallow runas self:capability2 *;
+neverallow runas self:global_capability_class_set ~{ setuid setgid };
+neverallow runas self:global_capability2_class_set *;
diff --git a/public/sdcardd.te b/public/sdcardd.te
index 2af6410..4a88f54 100644
--- a/public/sdcardd.te
+++ b/public/sdcardd.te
@@ -10,7 +10,7 @@
allow sdcardd storage_file:dir search;
allow sdcardd storage_stub_file:dir { search mounton };
allow sdcardd sdcard_type:filesystem { mount unmount };
-allow sdcardd self:capability { setuid setgid dac_override sys_admin sys_resource };
+allow sdcardd self:global_capability_class_set { setuid setgid dac_override sys_admin sys_resource };
allow sdcardd sdcard_type:dir create_dir_perms;
allow sdcardd sdcard_type:file create_file_perms;
diff --git a/public/service.te b/public/service.te
index bc1244a..6dec274 100644
--- a/public/service.te
+++ b/public/service.te
@@ -70,6 +70,7 @@
type display_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type font_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type netd_listener_service, system_server_service, service_manager_type;
+type network_watchlist_service, system_server_service, service_manager_type;
type DockObserver_service, system_server_service, service_manager_type;
type dreams_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type dropbox_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
@@ -126,6 +127,7 @@
type servicediscovery_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type settings_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type shortcut_service, app_api_service, system_server_service, service_manager_type;
+type slice_service, app_api_service, system_server_service, service_manager_type;
type statusbar_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type storagestats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type task_service, system_server_service, service_manager_type;
diff --git a/public/sgdisk.te b/public/sgdisk.te
index 3007398..ca3096c 100644
--- a/public/sgdisk.te
+++ b/public/sgdisk.te
@@ -14,7 +14,7 @@
allow sgdisk vold:fifo_file { read write getattr };
# Used to probe kernel to reload partition tables
-allow sgdisk self:capability sys_admin;
+allow sgdisk self:global_capability_class_set sys_admin;
# Only allow entry from vold
neverallow { domain -vold } sgdisk:process transition;
diff --git a/public/shell.te b/public/shell.te
index 3ef1486..1318c35 100644
--- a/public/shell.te
+++ b/public/shell.te
@@ -107,16 +107,22 @@
allow shell hwservicemanager:hwservice_manager list;
# allow shell to look through /proc/ for lsmod, ps, top, netstat.
-r_dir_file(shell, proc)
r_dir_file(shell, proc_net)
-allow shell proc_filesystems:file r_file_perms;
-allow shell proc_interrupts:file r_file_perms;
-allow shell proc_meminfo:file r_file_perms;
-allow shell proc_modules:file r_file_perms;
-allow shell proc_stat:file r_file_perms;
-allow shell proc_timer:file r_file_perms;
-allow shell proc_version:file r_file_perms;
-allow shell proc_zoneinfo:file r_file_perms;
+
+allow shell {
+ proc_asound
+ proc_filesystems
+ proc_interrupts
+ proc_meminfo
+ proc_modules
+ proc_pid_max
+ proc_stat
+ proc_timer
+ proc_uptime
+ proc_version
+ proc_zoneinfo
+}:file r_file_perms;
+
r_dir_file(shell, cgroup)
allow shell domain:dir { search open read getattr };
allow shell domain:{ file lnk_file } { open read getattr };
diff --git a/public/slideshow.te b/public/slideshow.te
index 86d4bff..10fbbb8 100644
--- a/public/slideshow.te
+++ b/public/slideshow.te
@@ -5,7 +5,7 @@
allow slideshow kmsg_device:chr_file rw_file_perms;
wakelock_use(slideshow)
allow slideshow device:dir r_dir_perms;
-allow slideshow self:capability sys_tty_config;
+allow slideshow self:global_capability_class_set sys_tty_config;
allow slideshow graphics_device:dir r_dir_perms;
allow slideshow graphics_device:chr_file rw_file_perms;
allow slideshow input_device:dir r_dir_perms;
diff --git a/public/te_macros b/public/te_macros
index f3aa583..02be63d 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -213,7 +213,6 @@
attribute hal_$1_server;
expandattribute hal_$1_server false;
-neverallow { hal_$1_client -halclientdomain } domain:process fork;
neverallow { hal_$1_server -halserverdomain } domain:process fork;
')
@@ -402,7 +401,7 @@
# Access /sys/power/wake_lock and /sys/power/wake_unlock
allow $1 sysfs_wake_lock:file rw_file_perms;
# Accessing these files requires CAP_BLOCK_SUSPEND
-allow $1 self:capability2 block_suspend;
+allow $1 self:global_capability2_class_set block_suspend;
')
#####################################
@@ -478,6 +477,12 @@
define(`userdebug_or_eng', ifelse(target_build_variant, `eng', $1, ifelse(target_build_variant, `userdebug', $1)))
#####################################
+# User builds
+# SELinux rules which apply only to user builds
+#
+define(`userbuild', ifelse(target_build_variant, `user', $1, ))
+
+#####################################
# asan builds
# SELinux rules which apply only to asan builds
#
diff --git a/public/ueventd.te b/public/ueventd.te
index 7e1f3fd..b4a2497 100644
--- a/public/ueventd.te
+++ b/public/ueventd.te
@@ -5,7 +5,7 @@
# Write to /dev/kmsg.
allow ueventd kmsg_device:chr_file rw_file_perms;
-allow ueventd self:capability { chown mknod net_admin setgid fsetid sys_rawio dac_override fowner };
+allow ueventd self:global_capability_class_set { chown mknod net_admin setgid fsetid sys_rawio dac_override fowner };
allow ueventd device:file create_file_perms;
r_dir_file(ueventd, rootfs)
diff --git a/public/uncrypt.te b/public/uncrypt.te
index dd2d7dd..1e48b83 100644
--- a/public/uncrypt.te
+++ b/public/uncrypt.te
@@ -2,7 +2,7 @@
type uncrypt, domain, mlstrustedsubject;
type uncrypt_exec, exec_type, file_type;
-allow uncrypt self:capability dac_override;
+allow uncrypt self:global_capability_class_set dac_override;
# Read OTA zip file from /data/data/com.google.android.gsf/app_download
r_dir_file(uncrypt, app_data_file)
@@ -29,7 +29,7 @@
set_prop(uncrypt, powerctl_prop)
# Raw writes to block device
-allow uncrypt self:capability sys_rawio;
+allow uncrypt self:global_capability_class_set sys_rawio;
allow uncrypt misc_block_device:blk_file w_file_perms;
allow uncrypt block_device:dir r_dir_perms;
diff --git a/public/update_engine.te b/public/update_engine.te
index 9f9b557..6e97aa9 100644
--- a/public/update_engine.te
+++ b/public/update_engine.te
@@ -11,7 +11,13 @@
# Following permissions are needed for update_engine.
allow update_engine self:process { setsched };
-allow update_engine self:capability { fowner sys_admin };
+allow update_engine self:global_capability_class_set { fowner sys_admin };
+# Note: fsetid checks are triggered when creating a file in a directory with
+# the setgid bit set to determine if the file should inherit setgid. In this
+# case, setgid on the file is undesirable so we should just suppress the
+# denial.
+dontaudit update_engine self:global_capability_class_set fsetid;
+
allow update_engine kmsg_device:chr_file w_file_perms;
allow update_engine update_engine_exec:file rx_file_perms;
wakelock_use(update_engine);
diff --git a/public/update_engine_common.te b/public/update_engine_common.te
index e275900..eb4cdc1 100644
--- a/public/update_engine_common.te
+++ b/public/update_engine_common.te
@@ -38,9 +38,8 @@
# Allow update_engine_common to suspend, resume and kill the postinstall program.
allow update_engine_common postinstall:process { signal sigstop sigkill };
-# access /proc/cmdline and /proc/sys/kernel/random/
+# access /proc/cmdline
allow update_engine_common proc_cmdline:file r_file_perms;
-r_dir_file(update_engine_common, proc_random)
# Read files in /sys/firmware/devicetree/base/firmware/android/
r_dir_file(update_engine_common, sysfs_dt_firmware_android)
diff --git a/public/vendor_init.te b/public/vendor_init.te
index 16d283f..5b9d09f 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -22,14 +22,14 @@
allow vendor_init configfs:{ file lnk_file } create_file_perms;
# Create directories under /dev/cpuctl after chowning it to system.
-allow vendor_init self:capability dac_override;
+allow vendor_init self:global_capability_class_set dac_override;
# mkdir, symlink, write, rm/rmdir, chown/chmod, restorecon/restorecon_recursive from init.rc files.
# chown/chmod require open+read+setattr required for open()+fchown/fchmod().
# system/core/init.rc requires at least cache_file and data_file_type.
# init.<board>.rc files often include device-specific types, so
# we just allow all file types except /system files here.
-allow vendor_init self:capability { chown fowner fsetid };
+allow vendor_init self:global_capability_class_set { chown fowner fsetid };
allow vendor_init {
file_type
@@ -188,7 +188,7 @@
# Write to /proc/sys/net/ping_group_range and other /proc/sys/net files.
r_dir_file(vendor_init, proc_net)
allow vendor_init proc_net:file w_file_perms;
-allow vendor_init self:capability net_admin;
+allow vendor_init self:global_capability_class_set net_admin;
# Write to /proc/sys/vm/page-cluster
allow vendor_init proc_page_cluster:file w_file_perms;
@@ -207,4 +207,4 @@
allow vendor_init serialno_prop:file { getattr open read };
# Vendor init can perform operations on trusted and security Extended Attributes
-allow vendor_init self:capability sys_admin;
+allow vendor_init self:global_capability_class_set sys_admin;
diff --git a/public/vold.te b/public/vold.te
index 148f4b5..9dbf8dd 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -75,7 +75,7 @@
allow vold tmpfs:filesystem { mount unmount };
allow vold tmpfs:dir create_dir_perms;
allow vold tmpfs:dir mounton;
-allow vold self:capability { net_admin dac_override mknod sys_admin chown fowner fsetid };
+allow vold self:global_capability_class_set { net_admin dac_override mknod sys_admin chown fowner fsetid };
allow vold self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
allow vold app_data_file:dir search;
allow vold app_data_file:file rw_file_perms;
@@ -88,7 +88,7 @@
allow vold domain:dir r_dir_perms;
allow vold domain:{ file lnk_file } r_file_perms;
allow vold domain:process { signal sigkill };
-allow vold self:capability { sys_ptrace kill };
+allow vold self:global_capability_class_set { sys_ptrace kill };
# XXX Label sysfs files with a specific type?
allow vold sysfs:file rw_file_perms;
@@ -179,10 +179,10 @@
allow vold vold:key { write search setattr };
# vold temporarily changes its priority when running benchmarks
-allow vold self:capability sys_nice;
+allow vold self:global_capability_class_set sys_nice;
# vold needs to chroot into app namespaces to remount when runtime permissions change
-allow vold self:capability sys_chroot;
+allow vold self:global_capability_class_set sys_chroot;
allow vold storage_file:dir mounton;
# For AppFuse.
@@ -210,7 +210,7 @@
neverallow { domain -system_server -vdc -vold } vold_service:service_manager find;
neverallow vold {
domain
- -hal_keymaster
+ -hal_keymaster_server
-healthd
-hwservicemanager
-servicemanager
diff --git a/public/wificond.te b/public/wificond.te
index c91053e..8eeb8c8 100644
--- a/public/wificond.te
+++ b/public/wificond.te
@@ -14,7 +14,7 @@
allow wificond self:udp_socket create_socket_perms;
# setting interface state up/down is a privileged ioctl
allowxperm wificond self:udp_socket ioctl { SIOCSIFFLAGS };
-allow wificond self:capability { net_admin net_raw };
+allow wificond self:global_capability_class_set { net_admin net_raw };
# allow wificond to speak to nl80211 in the kernel
allow wificond self:netlink_socket create_socket_perms_no_ioctl;
# newer kernels (e.g. 4.4 but not 4.1) have a new class for sockets
diff --git a/public/wpantund.te b/public/wpantund.te
index a97481e..b317236 100644
--- a/public/wpantund.te
+++ b/public/wpantund.te
@@ -25,5 +25,5 @@
# Allow us to bring up a TUN network interface.
allow wpantund tun_device:chr_file rw_file_perms;
-allow wpantund self:capability { net_admin net_raw };
+allow wpantund self:global_capability_class_set { net_admin net_raw };
allow wpantund self:tun_socket create;
diff --git a/tests/treble_sepolicy_tests.py b/tests/treble_sepolicy_tests.py
index ea03731..9f2526e 100644
--- a/tests/treble_sepolicy_tests.py
+++ b/tests/treble_sepolicy_tests.py
@@ -332,18 +332,11 @@
if not os.path.exists(options.libpath):
sys.exit("Error: library-path " + options.libpath + " does not exist\n"
+ parser.usage)
- if not options.basepolicy:
- sys.exit("Must specify the current platform-only policy file\n" + parser.usage)
- if not options.mapping:
- sys.exit("Must specify a compatibility mapping file\n" + parser.usage)
- if not options.oldpolicy:
- sys.exit("Must specify the previous monolithic policy file\n" + parser.usage)
if not options.policy:
sys.exit("Must specify current monolithic policy file\n" + parser.usage)
if not os.path.exists(options.policy):
sys.exit("Error: policy file " + options.policy + " does not exist\n"
+ parser.usage)
-
if not options.file_contexts:
sys.exit("Error: Must specify file_contexts file(s)\n" + parser.usage)
for f in options.file_contexts:
@@ -351,15 +344,25 @@
sys.exit("Error: File_contexts file " + f + " does not exist\n" +
parser.usage)
+ # Mapping files are only necessary for the TrebleCompatMapping test
+ if options.tests is None or options.tests is "TrebleCompatMapping":
+ if not options.basepolicy:
+ sys.exit("Must specify the current platform-only policy file\n" + parser.usage)
+ if not options.mapping:
+ sys.exit("Must specify a compatibility mapping file\n" + parser.usage)
+ if not options.oldpolicy:
+ sys.exit("Must specify the previous monolithic policy file\n" + parser.usage)
+ basepol = policy.Policy(options.basepolicy, None, options.libpath)
+ oldpol = policy.Policy(options.oldpolicy, None, options.libpath)
+ mapping = mini_parser.MiniCilParser(options.mapping)
+ compatSetup(basepol, oldpol, mapping)
+
+
if options.faketreble:
FakeTreble = True
pol = policy.Policy(options.policy, options.file_contexts, options.libpath)
setup(pol)
- basepol = policy.Policy(options.basepolicy, None, options.libpath)
- oldpol = policy.Policy(options.oldpolicy, None, options.libpath)
- mapping = mini_parser.MiniCilParser(options.mapping)
- compatSetup(basepol, oldpol, mapping)
if DEBUG:
PrintScontexts()
diff --git a/tools/sepolicy-analyze/Android.mk b/tools/sepolicy-analyze/Android.mk
index 1754fc7..25408a3 100644
--- a/tools/sepolicy-analyze/Android.mk
+++ b/tools/sepolicy-analyze/Android.mk
@@ -10,6 +10,6 @@
LOCAL_STATIC_LIBRARIES := libsepol
LOCAL_CXX_STL := none
-LOCAL_COMPATIBILITY_SUITE := cts gts
+LOCAL_COMPATIBILITY_SUITE := cts gts vts
include $(BUILD_HOST_EXECUTABLE)
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 1efbe73..d28121e 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -16,6 +16,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.gnss@1\.0-service u:object_r:hal_gnss_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.allocator@2\.0-service u:object_r:hal_graphics_allocator_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.composer@2\.1-service u:object_r:hal_graphics_composer_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.composer@2\.2-service u:object_r:hal_graphics_composer_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.health@1\.0-service u:object_r:hal_health_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.ir@1\.0-service u:object_r:hal_ir_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@3\.0-service u:object_r:hal_keymaster_default_exec:s0
diff --git a/vendor/hostapd.te b/vendor/hostapd.te
index 2c62cf0..9f99378 100644
--- a/vendor/hostapd.te
+++ b/vendor/hostapd.te
@@ -5,7 +5,7 @@
init_daemon_domain(hostapd)
net_domain(hostapd)
-allow hostapd self:capability { net_admin net_raw };
+allow hostapd self:global_capability_class_set { net_admin net_raw };
# hostapd learns about its network interface via sysfs.
allow hostapd sysfs:file r_file_perms;
@@ -21,13 +21,3 @@
allow hostapd self:netlink_generic_socket create_socket_perms_no_ioctl;
allow hostapd self:packet_socket create_socket_perms_no_ioctl;
allow hostapd self:netlink_route_socket nlmsg_write;
-
-# hostapd can read and write WiFi related data and configuration.
-# For example, the entropy file is periodically updated.
-allow hostapd wifi_data_file:file rw_file_perms;
-r_dir_file(hostapd, wifi_data_file)
-
-# hostapd wants to create the directory holding its control socket.
-allow hostapd hostapd_socket:dir create_dir_perms;
-# hostapd needs to create, bind to, read, and write its control socket.
-allow hostapd hostapd_socket:sock_file create_file_perms;
diff --git a/vendor/tee.te b/vendor/tee.te
index 348d715..4b2e6c7 100644
--- a/vendor/tee.te
+++ b/vendor/tee.te
@@ -4,7 +4,7 @@
type tee_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(tee)
-allow tee self:capability { dac_override };
+allow tee self:global_capability_class_set { dac_override };
allow tee tee_device:chr_file rw_file_perms;
allow tee tee_data_file:dir rw_dir_perms;
allow tee tee_data_file:file create_file_perms;
@@ -14,4 +14,4 @@
r_dir_file(tee, sysfs_type)
allow tee system_data_file:file { getattr read };
-allow tee system_data_file:lnk_file r_file_perms;
+allow tee system_data_file:lnk_file { getattr read };
diff --git a/vendor/vendor_modprobe.te b/vendor/vendor_modprobe.te
index b8a1edb..7689ca5 100644
--- a/vendor/vendor_modprobe.te
+++ b/vendor/vendor_modprobe.te
@@ -4,7 +4,7 @@
domain_trans(init, vendor_toolbox_exec, vendor_modprobe)
allow vendor_modprobe proc_modules:file r_file_perms;
-allow vendor_modprobe self:capability sys_module;
+allow vendor_modprobe self:global_capability_class_set sys_module;
allow vendor_modprobe kernel:key search;
allow vendor_modprobe { vendor_file }:system module_load;