Merge "perf_event: define security class and access vectors"
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index e3eda7e..96eb1dd 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -15,6 +15,7 @@
auth_service
ashmem_libcutils_device
blob_store_service
+ binder_cache_system_server_prop
binderfs
binderfs_logs
binderfs_logs_proc
diff --git a/private/system_server.te b/private/system_server.te
index c1342d8..ec79319 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -1090,3 +1090,8 @@
-system_server
} password_slot_metadata_file:notdevfile_class_set ~{ relabelto getattr };
neverallow { domain -init -system_server } password_slot_metadata_file:notdevfile_class_set *;
+
+# Allow systemserver to read/write the invalidation property
+set_prop(system_server, binder_cache_system_server_prop)
+neverallow { domain -system_server -init }
+ binder_cache_system_server_prop:property_service set;
diff --git a/public/domain.te b/public/domain.te
index 88093f9..863c167 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -107,6 +107,9 @@
get_prop(domain, logd_prop)
get_prop(domain, vndk_prop)
+# Allow every to read binder cache properties
+get_prop(domain, binder_cache_system_server_prop)
+
# Let everyone read log properties, so that liblog can avoid sending unloggable
# messages to logd.
get_prop(domain, log_property_type)
diff --git a/public/property.te b/public/property.te
index 07581d3..2cf043a 100644
--- a/public/property.te
+++ b/public/property.te
@@ -149,6 +149,9 @@
system_public_prop(wifi_log_prop)
system_public_prop(wifi_prop)
+# Properties used by binder caches
+system_public_prop(binder_cache_system_server_prop)
+
# Properties which are public for devices launching with Android O or earlier
# This should not be used for any new properties.
not_compatible_property(`
@@ -555,6 +558,7 @@
-bluetooth_a2dp_offload_prop
-bluetooth_audio_hal_prop
-bluetooth_prop
+ -binder_cache_system_server_prop
-bootloader_boot_reason_prop
-boottime_prop
-bpf_progs_loaded_prop
diff --git a/public/property_contexts b/public/property_contexts
index bb270fe..8414e87 100644
--- a/public/property_contexts
+++ b/public/property_contexts
@@ -439,3 +439,6 @@
ro.surface_flinger.use_smart_90_for_video u:object_r:exported_default_prop:s0 exact bool
ro.surface_flinger.color_space_agnostic_dataspace u:object_r:exported_default_prop:s0 exact int
ro.surface_flinger.refresh_rate_switching u:object_r:exported_default_prop:s0 exact bool
+
+# Binder cache properties. These are world-readable
+binder.cache_key.has_system_feature u:object_r:binder_cache_system_server_prop:s0
diff --git a/public/vendor_init.te b/public/vendor_init.te
index 6196266..eb93d13 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -198,6 +198,7 @@
not_compatible_property(`
set_prop(vendor_init, {
property_type
+ -binder_cache_system_server_prop
-device_config_activity_manager_native_boot_prop
-device_config_boot_count_prop
-device_config_reset_performed_prop