Merge "ODM updates the recovery partition through vendor's materials"
diff --git a/private/art_apex_boot_integrity.te b/private/art_apex_boot_integrity.te
new file mode 100644
index 0000000..14feee6
--- /dev/null
+++ b/private/art_apex_boot_integrity.te
@@ -0,0 +1,34 @@
+# This command set moves the artifact corresponding to the current slot
+# from /data/ota to /data/dalvik-cache.
+
+type art_apex_boot_integrity, domain, coredomain;
+type art_apex_boot_integrity_exec, system_file_type, exec_type, file_type;
+
+# Technically not a daemon but we do want the transition from init domain to
+# art_apex_boot_integrity to occur.
+init_daemon_domain(art_apex_boot_integrity)
+
+# Read dalvik cache directories, remove entries.
+allow art_apex_boot_integrity dalvikcache_data_file:dir { r_dir_perms write remove_name };
+# Read and possibly delete dalvik cache files.
+allow art_apex_boot_integrity dalvikcache_data_file:file { r_file_perms unlink };
+
+# Allow art_apex_boot_integrity to execute itself using #!/system/bin/sh
+allow art_apex_boot_integrity shell_exec:file rx_file_perms;
+
+# Allow running the mv and rm/rmdir commands using art_apex_boot_integrity
+# permissions.
+allow art_apex_boot_integrity toolbox_exec:file rx_file_perms;
+
+# Fsverity in the same domain.
+allow art_apex_boot_integrity system_file:file execute_no_trans;
+# Fsverity work.
+allowxperm art_apex_boot_integrity ota_data_file:file ioctl {
+ FS_IOC_ENABLE_VERITY FS_IOC_MEASURE_VERITY
+};
+
+allow art_apex_boot_integrity kernel:key search;
+# For testing purposes, allow keys installed with su.
+userdebug_or_eng(`
+ allow art_apex_boot_integrity su:key search;
+')
diff --git a/private/art_apex_postinstall.te b/private/art_apex_postinstall.te
index 314fb7c..40b09d2 100644
--- a/private/art_apex_postinstall.te
+++ b/private/art_apex_postinstall.te
@@ -17,6 +17,7 @@
# Required for relabel.
allow art_apex_postinstall file_contexts_file:file r_file_perms;
+allow art_apex_postinstall self:global_capability_class_set sys_admin;
# Script helpers.
allow art_apex_postinstall shell_exec:file rx_file_perms;
diff --git a/private/compat/26.0/26.0.cil b/private/compat/26.0/26.0.cil
index abd5fc3..1e21719 100644
--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@@ -481,6 +481,9 @@
proc_panic
proc_pid_max
proc_pipe_conf
+ proc_pressure_cpu
+ proc_pressure_io
+ proc_pressure_mem
proc_random
proc_sched
proc_slabinfo
diff --git a/private/compat/27.0/27.0.cil b/private/compat/27.0/27.0.cil
index 8bc2ca6..078d608 100644
--- a/private/compat/27.0/27.0.cil
+++ b/private/compat/27.0/27.0.cil
@@ -1196,6 +1196,9 @@
proc_panic
proc_pid_max
proc_pipe_conf
+ proc_pressure_cpu
+ proc_pressure_io
+ proc_pressure_mem
proc_random
proc_sched
proc_slabinfo
diff --git a/private/compat/28.0/28.0.cil b/private/compat/28.0/28.0.cil
index 18604bc..77c215c 100644
--- a/private/compat/28.0/28.0.cil
+++ b/private/compat/28.0/28.0.cil
@@ -1378,6 +1378,9 @@
(typeattributeset proc_28_0
( proc
proc_keys
+ proc_pressure_cpu
+ proc_pressure_io
+ proc_pressure_mem
proc_slabinfo))
(typeattributeset proc_abi_28_0 (proc_abi))
(typeattributeset proc_asound_28_0 (proc_asound))
diff --git a/private/domain.te b/private/domain.te
index 3b340c5..d6b233f 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -221,6 +221,7 @@
-dex2oat
-otapreopt_slot
-art_apex_postinstall
+ -art_apex_boot_integrity
} dalvikcache_data_file:file no_w_file_perms;
neverallow {
@@ -232,6 +233,7 @@
-dex2oat
-zygote
-otapreopt_slot
+ -art_apex_boot_integrity
-art_apex_postinstall
} dalvikcache_data_file:dir no_w_dir_perms;
diff --git a/private/file_contexts b/private/file_contexts
index 9625acc..f81f399 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -238,6 +238,7 @@
/system/bin/installd u:object_r:installd_exec:s0
/system/bin/otapreopt_chroot u:object_r:otapreopt_chroot_exec:s0
/system/bin/otapreopt_slot u:object_r:otapreopt_slot_exec:s0
+/system/bin/art_apex_boot_integrity u:object_r:art_apex_boot_integrity_exec:s0
/system/bin/keystore u:object_r:keystore_exec:s0
/system/bin/fingerprintd u:object_r:fingerprintd_exec:s0
/system/bin/gatekeeperd u:object_r:gatekeeperd_exec:s0
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 9eeb43a..070559f 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -24,6 +24,9 @@
genfscon proc /net/xt_qtaguid/ u:object_r:proc_qtaguid_stat:s0
genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
genfscon proc /pagetypeinfo u:object_r:proc_pagetypeinfo:s0
+genfscon proc /pressure/cpu u:object_r:proc_pressure_cpu:s0
+genfscon proc /pressure/io u:object_r:proc_pressure_io:s0
+genfscon proc /pressure/memory u:object_r:proc_pressure_mem:s0
genfscon proc /slabinfo u:object_r:proc_slabinfo:s0
genfscon proc /softirqs u:object_r:proc_timer:s0
genfscon proc /stat u:object_r:proc_stat:s0
diff --git a/private/mini_keyctl.te b/private/mini_keyctl.te
index c81a17c..53dbfce 100644
--- a/private/mini_keyctl.te
+++ b/private/mini_keyctl.te
@@ -8,7 +8,7 @@
# Kernel only prints the keys that can be accessed and only kernel keyring is needed here.
dontaudit mini-keyctl init:key view;
dontaudit mini-keyctl vold:key view;
-allow mini-keyctl kernel:key { view search write };
+allow mini-keyctl kernel:key { view search write setattr };
allow mini-keyctl mini-keyctl:key { view search write };
# When kernel requests an algorithm, the crypto API first looks for an
diff --git a/private/traced_probes.te b/private/traced_probes.te
index 8aa475e..689ff5c 100644
--- a/private/traced_probes.te
+++ b/private/traced_probes.te
@@ -66,8 +66,9 @@
proc_stat
}:file r_file_perms;
-# Allow access to the IHealth HAL service for tracing battery counters.
+# Allow access to the IHealth and IPowerStats HAL service for tracing battery counters.
hal_client_domain(traced_probes, hal_health)
+hal_client_domain(traced_probes, hal_power_stats)
# On debug builds allow to ingest system logs into the trace.
userdebug_or_eng(`read_logd(traced_probes)')
diff --git a/public/file.te b/public/file.te
index 256bca5..a2d1967 100644
--- a/public/file.te
+++ b/public/file.te
@@ -44,6 +44,9 @@
type proc_perf, fs_type, proc_type;
type proc_pid_max, fs_type, proc_type;
type proc_pipe_conf, fs_type, proc_type;
+type proc_pressure_cpu, fs_type, proc_type;
+type proc_pressure_io, fs_type, proc_type;
+type proc_pressure_mem, fs_type, proc_type;
type proc_random, fs_type, proc_type;
type proc_sched, fs_type, proc_type;
type proc_slabinfo, fs_type, proc_type;
diff --git a/public/lmkd.te b/public/lmkd.te
index cd23701..518fb8f 100644
--- a/public/lmkd.te
+++ b/public/lmkd.te
@@ -49,6 +49,13 @@
# Read /proc/meminfo
allow lmkd proc_meminfo:file r_file_perms;
+# Read /proc/pressure/cpu and /proc/pressure/io
+allow lmkd proc_pressure_cpu:file r_file_perms;
+allow lmkd proc_pressure_io:file r_file_perms;
+
+# Read/Write /proc/pressure/memory
+allow lmkd proc_pressure_mem:file rw_file_perms;
+
# Allow lmkd to write to statsd.
unix_socket_send(lmkd, statsdw, statsd)
diff --git a/public/vold.te b/public/vold.te
index ace733f..cb21b83 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -9,11 +9,14 @@
r_dir_file(vold, { sysfs_type -sysfs_batteryinfo })
# XXX Label sysfs files with a specific type?
-allow vold sysfs:file w_file_perms; # writing to /sys/*/uevent during coldboot.
-allow vold sysfs_loop:file w_file_perms; # writing to /sys/block/loop*/uevent during coldboot.
-allow vold sysfs_dm:file w_file_perms;
-allow vold sysfs_usb:file w_file_perms;
-allow vold sysfs_zram_uevent:file w_file_perms;
+allow vold {
+ sysfs # writing to /sys/*/uevent during coldboot.
+ sysfs_devices_block
+ sysfs_dm
+ sysfs_loop # writing to /sys/block/loop*/uevent during coldboot.
+ sysfs_usb
+ sysfs_zram_uevent
+}:file w_file_perms;
r_dir_file(vold, rootfs)
r_dir_file(vold, metadata_file)