Merge "iorapd: add tmpfs type"
diff --git a/private/audioserver.te b/private/audioserver.te
index 53b6299..29933ba 100644
--- a/private/audioserver.te
+++ b/private/audioserver.te
@@ -4,6 +4,7 @@
type audioserver_exec, exec_type, file_type, system_file_type;
init_daemon_domain(audioserver)
+tmpfs_domain(audioserver)
r_dir_file(audioserver, sdcard_type)
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index a8a833a..e8ac336 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -18,6 +18,7 @@
apexd_prop
apexd_tmpfs
app_zygote
+ app_zygote_tmpfs
biometric_service
bpf_progs_loaded_prop
bugreport_service
@@ -76,6 +77,7 @@
mnt_product_file
network_stack
network_stack_service
+ network_stack_tmpfs
overlayfs_file
permissionmgr_service
recovery_socket
@@ -85,11 +87,13 @@
rss_hwm_reset
rss_hwm_reset_exec
runas_app
+ runas_app_tmpfs
runtime_service
sensor_privacy_service
server_configurable_flags_data_file
simpleperf_app_runner
simpleperf_app_runner_exec
+ su_tmpfs
super_block_device
system_event_log_tags_file
system_lmk_prop
diff --git a/private/dexoptanalyzer.te b/private/dexoptanalyzer.te
index 212608b..ab24120 100644
--- a/private/dexoptanalyzer.te
+++ b/private/dexoptanalyzer.te
@@ -1,6 +1,7 @@
# dexoptanalyzer
type dexoptanalyzer, domain, coredomain, mlstrustedsubject;
type dexoptanalyzer_exec, system_file_type, exec_type, file_type;
+type dexoptanalyzer_tmpfs, file_type;
# Reading an APK opens a ZipArchive, which unpack to tmpfs.
# Use tmpfs_domain() which will give tmpfs files created by dexoptanalyzer their
diff --git a/private/dumpstate.te b/private/dumpstate.te
index 606e510..e33d510 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -46,3 +46,6 @@
dontaudit dumpstate perfprofd:binder call;
dontaudit dumpstate update_engine:binder call;
allow dumpstate proc_net_tcp_udp:file r_file_perms;
+
+# For comminucating with the system process to do confirmation ui.
+binder_call(dumpstate, incidentcompanion_service)
diff --git a/private/logd.te b/private/logd.te
index 4338e40..321727b 100644
--- a/private/logd.te
+++ b/private/logd.te
@@ -4,10 +4,8 @@
# logd is not allowed to write anywhere other than /data/misc/logd, and then
# only on userdebug or eng builds
-# TODO: deal with tmpfs_domain pub/priv split properly
neverallow logd {
file_type
- -logd_tmpfs
-runtime_event_log_tags_file
userdebug_or_eng(`-coredump_file -misc_logd_file')
}:file { create write append };
diff --git a/private/mediaextractor.te b/private/mediaextractor.te
index c1a8521..eb90cdc 100644
--- a/private/mediaextractor.te
+++ b/private/mediaextractor.te
@@ -1,3 +1,4 @@
typeattribute mediaextractor coredomain;
init_daemon_domain(mediaextractor)
+tmpfs_domain(mediaextractor)
diff --git a/private/mediaserver.te b/private/mediaserver.te
index 4c30bc0..b1cf64a 100644
--- a/private/mediaserver.te
+++ b/private/mediaserver.te
@@ -1,6 +1,7 @@
typeattribute mediaserver coredomain;
init_daemon_domain(mediaserver)
+tmpfs_domain(mediaserver)
# allocate and use graphic buffers
hal_client_domain(mediaserver, hal_graphics_allocator)
diff --git a/private/perfetto.te b/private/perfetto.te
index 2e43d90..128205b 100644
--- a/private/perfetto.te
+++ b/private/perfetto.te
@@ -4,6 +4,7 @@
# daemon.
type perfetto_exec, system_file_type, exec_type, file_type;
+type perfetto_tmpfs, file_type;
tmpfs_domain(perfetto);
diff --git a/private/recovery_persist.te b/private/recovery_persist.te
index 1fdd758..2d244fd 100644
--- a/private/recovery_persist.te
+++ b/private/recovery_persist.te
@@ -3,5 +3,4 @@
init_daemon_domain(recovery_persist)
# recovery_persist is not allowed to write anywhere other than recovery_data_file
-# TODO: deal with tmpfs_domain pub/priv split properly
-neverallow recovery_persist { file_type -recovery_data_file -recovery_persist_tmpfs userdebug_or_eng(`-coredump_file') }:file write;
+neverallow recovery_persist { file_type -recovery_data_file userdebug_or_eng(`-coredump_file') }:file write;
diff --git a/private/recovery_refresh.te b/private/recovery_refresh.te
index 327098d..b6cd56f 100644
--- a/private/recovery_refresh.te
+++ b/private/recovery_refresh.te
@@ -3,5 +3,4 @@
init_daemon_domain(recovery_refresh)
# recovery_refresh is not allowed to write anywhere
-# TODO: deal with tmpfs_domain pub/priv split properly
-neverallow recovery_refresh { file_type -recovery_refresh_tmpfs userdebug_or_eng(`-coredump_file') }:file write;
+neverallow recovery_refresh { file_type userdebug_or_eng(`-coredump_file') }:file write;
diff --git a/private/service.te b/private/service.te
index fc9a95a..84e524d 100644
--- a/private/service.te
+++ b/private/service.te
@@ -1,3 +1,4 @@
-type gsi_service, service_manager_type;
-type stats_service, service_manager_type;
-type statscompanion_service, system_server_service, service_manager_type;
+type gsi_service, service_manager_type;
+type incidentcompanion_service, system_api_service, system_server_service, service_manager_type;
+type stats_service, service_manager_type;
+type statscompanion_service, system_server_service, service_manager_type;
diff --git a/private/service_contexts b/private/service_contexts
index 4ce5566..ba06542 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -75,6 +75,7 @@
ions u:object_r:radio_service:s0
idmap u:object_r:idmap_service:s0
incident u:object_r:incident_service:s0
+incidentcompanion u:object_r:incidentcompanion_service:s0
inputflinger u:object_r:inputflinger_service:s0
input_method u:object_r:input_method_service:s0
input u:object_r:input_service:s0
diff --git a/private/system_server_startup.te b/private/system_server_startup.te
index 4bd10c8..bd7b2c0 100644
--- a/private/system_server_startup.te
+++ b/private/system_server_startup.te
@@ -1,4 +1,5 @@
type system_server_startup, domain, coredomain;
+type system_server_startup_tmpfs, file_type;
tmpfs_domain(system_server_startup)
diff --git a/private/traced.te b/private/traced.te
index f58aa0f..fb8465c 100644
--- a/private/traced.te
+++ b/private/traced.te
@@ -3,9 +3,11 @@
# type traced is defined under /public (because iorapd rules
# under public/ need to refer to it).
type traced_exec, system_file_type, exec_type, file_type;
+type traced_tmpfs, file_type;
# Allow init to exec the daemon.
init_daemon_domain(traced)
+tmpfs_domain(traced)
# Allow apps in other MLS contexts (for multi-user) to access
# share memory buffers created by traced.
diff --git a/private/viewcompiler.te b/private/viewcompiler.te
index 14009c6..3c9c1ee 100644
--- a/private/viewcompiler.te
+++ b/private/viewcompiler.te
@@ -1,6 +1,7 @@
# viewcompiler
type viewcompiler, domain, coredomain, mlstrustedsubject;
type viewcompiler_exec, system_file_type, exec_type, file_type;
+type viewcompiler_tmpfs, file_type;
# Reading an APK opens a ZipArchive, which unpack to tmpfs.
# Use tmpfs_domain() which will give tmpfs files created by viewcompiler their
diff --git a/public/app_zygote.te b/public/app_zygote.te
index 0d5fec1..4c1ec96 100644
--- a/public/app_zygote.te
+++ b/public/app_zygote.te
@@ -3,3 +3,4 @@
# spawned from the regular zygote process as a "child zygote".
type app_zygote, domain;
+type app_zygote_tmpfs, file_type;
diff --git a/public/audioserver.te b/public/audioserver.te
index 9a72858..2ad86e3 100644
--- a/public/audioserver.te
+++ b/public/audioserver.te
@@ -1,2 +1,3 @@
# audioserver - audio services daemon
type audioserver, domain;
+type audioserver_tmpfs, file_type;
diff --git a/public/bluetooth.te b/public/bluetooth.te
index 9b3442a..28a169f 100644
--- a/public/bluetooth.te
+++ b/public/bluetooth.te
@@ -1,2 +1,3 @@
# bluetooth subsystem
type bluetooth, domain;
+type bluetooth_tmpfs, file_type;
diff --git a/public/domain.te b/public/domain.te
index a073f03..1816c81 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -52,6 +52,7 @@
')
# Root fs.
+allow domain tmpfs:dir { getattr search };
allow domain rootfs:dir search;
allow domain rootfs:lnk_file { read getattr };
diff --git a/public/ephemeral_app.te b/public/ephemeral_app.te
index dc39a22..5993c0b 100644
--- a/public/ephemeral_app.te
+++ b/public/ephemeral_app.te
@@ -12,3 +12,4 @@
### PackageManager flags an app as ephemeral at install time.
type ephemeral_app, domain;
+type ephemeral_app_tmpfs, file_type;
diff --git a/public/init.te b/public/init.te
index baf5333..63edb20 100644
--- a/public/init.te
+++ b/public/init.te
@@ -1,8 +1,7 @@
# init is its own domain.
type init, domain, mlstrustedsubject;
-
-# The init domain is entered by execing init.
type init_exec, system_file_type, exec_type, file_type;
+type init_tmpfs, file_type;
# /dev/__null__ node created by init.
allow init tmpfs:chr_file { create setattr unlink rw_file_perms };
diff --git a/public/isolated_app.te b/public/isolated_app.te
index a907dac..584d743 100644
--- a/public/isolated_app.te
+++ b/public/isolated_app.te
@@ -7,3 +7,4 @@
###
type isolated_app, domain;
+type isolated_app_tmpfs, file_type;
diff --git a/public/mediaextractor.te b/public/mediaextractor.te
index 4edab55..ee5534c 100644
--- a/public/mediaextractor.te
+++ b/public/mediaextractor.te
@@ -1,6 +1,7 @@
# mediaextractor - multimedia daemon
type mediaextractor, domain;
type mediaextractor_exec, system_file_type, exec_type, file_type;
+type mediaextractor_tmpfs, file_type;
typeattribute mediaextractor mlstrustedsubject;
diff --git a/public/mediaprovider.te b/public/mediaprovider.te
index 24170a5..90eb053 100644
--- a/public/mediaprovider.te
+++ b/public/mediaprovider.te
@@ -4,3 +4,4 @@
###
type mediaprovider, domain;
+type mediaprovider_tmpfs, file_type;
diff --git a/public/mediaserver.te b/public/mediaserver.te
index 540c039..ee2d2ec 100644
--- a/public/mediaserver.te
+++ b/public/mediaserver.te
@@ -1,6 +1,7 @@
# mediaserver - multimedia daemon
type mediaserver, domain;
type mediaserver_exec, system_file_type, exec_type, file_type;
+type mediaserver_tmpfs, file_type;
typeattribute mediaserver mlstrustedsubject;
diff --git a/public/network_stack.te b/public/network_stack.te
index feff664..61a40b0 100644
--- a/public/network_stack.te
+++ b/public/network_stack.te
@@ -1,2 +1,3 @@
# Network stack service app
type network_stack, domain;
+type network_stack_tmpfs, file_type;
diff --git a/public/nfc.te b/public/nfc.te
index e3a03e7..5c1aa24 100644
--- a/public/nfc.te
+++ b/public/nfc.te
@@ -1,2 +1,3 @@
# nfc subsystem
type nfc, domain;
+type nfc_tmpfs, file_type;
diff --git a/public/platform_app.te b/public/platform_app.te
index 9b1faf0..b7d783d 100644
--- a/public/platform_app.te
+++ b/public/platform_app.te
@@ -3,3 +3,4 @@
###
type platform_app, domain;
+type platform_app_tmpfs, file_type;
diff --git a/public/priv_app.te b/public/priv_app.te
index 0761fc3..7c7dd12 100644
--- a/public/priv_app.te
+++ b/public/priv_app.te
@@ -3,3 +3,4 @@
###
type priv_app, domain;
+type priv_app_tmpfs, file_type;
diff --git a/public/radio.te b/public/radio.te
index 8a8bef3..bbaa752 100644
--- a/public/radio.te
+++ b/public/radio.te
@@ -1,5 +1,6 @@
# phone subsystem
type radio, domain, mlstrustedsubject;
+type radio_tmpfs, file_type;
net_domain(radio)
bluetooth_domain(radio)
diff --git a/public/runas_app.te b/public/runas_app.te
index cdaa799..ff03940 100644
--- a/public/runas_app.te
+++ b/public/runas_app.te
@@ -1 +1,2 @@
type runas_app, domain;
+type runas_app_tmpfs, file_type;
diff --git a/public/secure_element.te b/public/secure_element.te
index 4ce6714..985c66d 100644
--- a/public/secure_element.te
+++ b/public/secure_element.te
@@ -1,2 +1,3 @@
# secure_element subsystem
type secure_element, domain;
+type secure_element_tmpfs, file_type;
diff --git a/public/shared_relro.te b/public/shared_relro.te
index 8e58e42..422a375 100644
--- a/public/shared_relro.te
+++ b/public/shared_relro.te
@@ -1,5 +1,6 @@
# Process which creates/updates shared RELRO files to be used by other apps.
type shared_relro, domain;
+type shared_relro_tmpfs, file_type;
# Grant write access to the shared relro files/directory.
allow shared_relro shared_relro_file:dir rw_dir_perms;
diff --git a/public/shell.te b/public/shell.te
index 7201df0..1c30d7a 100644
--- a/public/shell.te
+++ b/public/shell.te
@@ -1,6 +1,7 @@
# Domain for shell processes spawned by ADB or console service.
type shell, domain, mlstrustedsubject;
type shell_exec, system_file_type, exec_type, file_type;
+type shell_tmpfs, file_type;
# Create and use network sockets.
net_domain(shell)
diff --git a/public/su.te b/public/su.te
index e09248b..41ae4ef 100644
--- a/public/su.te
+++ b/public/su.te
@@ -1,6 +1,7 @@
# All types must be defined regardless of build variant to ensure
# policy compilation succeeds with userdebug/user combination at boot
type su, domain;
+type su_tmpfs, file_type;
# File types must be defined for file_contexts.
type su_exec, system_file_type, exec_type, file_type;
diff --git a/public/system_app.te b/public/system_app.te
index 023058e..da781bc 100644
--- a/public/system_app.te
+++ b/public/system_app.te
@@ -5,3 +5,4 @@
###
type system_app, domain;
+type system_app_tmpfs, file_type;
diff --git a/public/system_server.te b/public/system_server.te
index 805d617..aa9c6c1 100644
--- a/public/system_server.te
+++ b/public/system_server.te
@@ -3,3 +3,4 @@
# Most of the framework services run in this process.
#
type system_server, domain;
+type system_server_tmpfs, file_type;
diff --git a/public/te_macros b/public/te_macros
index ca6070b..4195b88 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -72,13 +72,10 @@
#####################################
# tmpfs_domain(domain)
-# Define and allow access to a unique type for
-# this domain when creating tmpfs / shmem / ashmem files.
+# Allow access to a unique type for this domain when creating tmpfs / ashmem files.
define(`tmpfs_domain', `
-type $1_tmpfs, file_type;
type_transition $1 tmpfs:file $1_tmpfs;
allow $1 $1_tmpfs:file { read write getattr map };
-allow $1 tmpfs:dir { getattr search };
')
# pdx macros for IPC. pdx is a high-level name which contains transport-specific
@@ -164,7 +161,6 @@
# upon executing its binary.
define(`init_daemon_domain', `
domain_auto_trans(init, $1_exec, $1)
-tmpfs_domain($1)
')
#####################################
diff --git a/public/traceur_app.te b/public/traceur_app.te
index 0bce885..3396570 100644
--- a/public/traceur_app.te
+++ b/public/traceur_app.te
@@ -1,4 +1,5 @@
type traceur_app, domain;
+type traceur_app_tmpfs, file_type;
allow traceur_app servicemanager:service_manager list;
allow traceur_app hwservicemanager:hwservice_manager list;
diff --git a/public/ueventd.te b/public/ueventd.te
index cc4e30b..db02d3f 100644
--- a/public/ueventd.te
+++ b/public/ueventd.te
@@ -1,6 +1,7 @@
# ueventd seclabel is specified in init.rc since
# it lives in the rootfs and has no unique file type.
type ueventd, domain;
+type ueventd_tmpfs, file_type;
# Write to /dev/kmsg.
allow ueventd kmsg_device:chr_file rw_file_perms;
diff --git a/public/untrusted_app.te b/public/untrusted_app.te
index 5289bf9..3843f55 100644
--- a/public/untrusted_app.te
+++ b/public/untrusted_app.te
@@ -19,3 +19,6 @@
type untrusted_app, domain;
type untrusted_app_27, domain;
type untrusted_app_25, domain;
+type untrusted_app_tmpfs, file_type;
+type untrusted_app_27_tmpfs, file_type;
+type untrusted_app_25_tmpfs, file_type;
diff --git a/public/webview_zygote.te b/public/webview_zygote.te
index 5d19b32..ace3a01 100644
--- a/public/webview_zygote.te
+++ b/public/webview_zygote.te
@@ -3,3 +3,4 @@
type webview_zygote, domain;
type webview_zygote_exec, exec_type, file_type;
+type webview_zygote_tmpfs, file_type;
diff --git a/public/zygote.te b/public/zygote.te
index 85c3580..071354e 100644
--- a/public/zygote.te
+++ b/public/zygote.te
@@ -1,3 +1,4 @@
# zygote
type zygote, domain;
+type zygote_tmpfs, file_type;
type zygote_exec, system_file_type, exec_type, file_type;
diff --git a/vendor/hal_graphics_allocator_default.te b/vendor/hal_graphics_allocator_default.te
index 3d97ed0..a129ad4 100644
--- a/vendor/hal_graphics_allocator_default.te
+++ b/vendor/hal_graphics_allocator_default.te
@@ -1,8 +1,10 @@
type hal_graphics_allocator_default, domain;
+type hal_graphics_allocator_default_tmpfs, file_type;
hal_server_domain(hal_graphics_allocator_default, hal_graphics_allocator)
type hal_graphics_allocator_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_graphics_allocator_default)
+tmpfs_domain(hal_graphics_allocator_default)
# b/70180742
dontaudit hal_graphics_allocator_default unlabeled:dir search;