Merge "Revert "Allow otapreopt_chroot to call otadexopt binder service""
diff --git a/prebuilts/api/31.0/private/access_vectors b/prebuilts/api/31.0/private/access_vectors
index 22f2ffa..5ff7aef 100644
--- a/prebuilts/api/31.0/private/access_vectors
+++ b/prebuilts/api/31.0/private/access_vectors
@@ -726,6 +726,7 @@
get_state
list
lock
+ pull_metrics
report_off_body
reset
unlock
diff --git a/prebuilts/api/31.0/private/compat/30.0/30.0.ignore.cil b/prebuilts/api/31.0/private/compat/30.0/30.0.ignore.cil
index 4ad7912..4484823 100644
--- a/prebuilts/api/31.0/private/compat/30.0/30.0.ignore.cil
+++ b/prebuilts/api/31.0/private/compat/30.0/30.0.ignore.cil
@@ -70,8 +70,10 @@
hw_timeout_multiplier_prop
keystore_compat_hal_service
keystore_maintenance_service
+ keystore_metrics_service
keystore2_key_contexts_file
legacy_permission_service
+ legacykeystore_service
location_time_zone_manager_service
media_communication_service
media_metrics_service
@@ -140,7 +142,6 @@
vibrator_manager_service
virtualization_service
vpn_management_service
- vpnprofilestore_service
watchdog_metadata_file
wifi_key
zygote_config_prop))
diff --git a/prebuilts/api/31.0/private/service_contexts b/prebuilts/api/31.0/private/service_contexts
index 02f326d..6d2b6a8 100644
--- a/prebuilts/api/31.0/private/service_contexts
+++ b/prebuilts/api/31.0/private/service_contexts
@@ -37,9 +37,10 @@
android.security.compat u:object_r:keystore_compat_hal_service:s0
android.security.identity u:object_r:credstore_service:s0
android.security.keystore u:object_r:keystore_service:s0
+android.security.legacykeystore u:object_r:legacykeystore_service:s0
android.security.maintenance u:object_r:keystore_maintenance_service:s0
+android.security.metrics u:object_r:keystore_metrics_service:s0
android.security.remoteprovisioning u:object_r:remoteprovisioning_service:s0
-android.security.vpnprofilestore u:object_r:vpnprofilestore_service:s0
android.service.gatekeeper.IGateKeeperService u:object_r:gatekeeper_service:s0
app_binding u:object_r:app_binding_service:s0
app_hibernation u:object_r:app_hibernation_service:s0
diff --git a/prebuilts/api/31.0/private/system_server.te b/prebuilts/api/31.0/private/system_server.te
index f35f9a8..73301c1 100644
--- a/prebuilts/api/31.0/private/system_server.te
+++ b/prebuilts/api/31.0/private/system_server.te
@@ -853,6 +853,7 @@
allow system_server installd_service:service_manager find;
allow system_server iorapd_service:service_manager find;
allow system_server keystore_maintenance_service:service_manager find;
+allow system_server keystore_metrics_service:service_manager find;
allow system_server keystore_service:service_manager find;
allow system_server mediaserver_service:service_manager find;
allow system_server mediametrics_service:service_manager find;
@@ -903,6 +904,7 @@
clear_uid
get_state
lock
+ pull_metrics
reset
unlock
};
diff --git a/prebuilts/api/31.0/private/wificond.te b/prebuilts/api/31.0/private/wificond.te
index 8bf37ca..3fdaca2 100644
--- a/prebuilts/api/31.0/private/wificond.te
+++ b/prebuilts/api/31.0/private/wificond.te
@@ -6,4 +6,6 @@
get_prop(wificond, hwservicemanager_prop)
+allow wificond legacykeystore_service:service_manager find;
+
init_daemon_domain(wificond)
diff --git a/prebuilts/api/31.0/public/domain.te b/prebuilts/api/31.0/public/domain.te
index d84abf1..799a2f1 100644
--- a/prebuilts/api/31.0/public/domain.te
+++ b/prebuilts/api/31.0/public/domain.te
@@ -677,6 +677,7 @@
-credstore_service
-keystore_maintenance_service
-keystore_service
+ -legacykeystore_service
-mediadrmserver_service
-mediaextractor_service
-mediametrics_service
@@ -684,7 +685,6 @@
-nfc_service
-radio_service
-virtual_touchpad_service
- -vpnprofilestore_service
-vr_hwc_service
-vr_manager_service
userdebug_or_eng(`-hal_face_service')
diff --git a/prebuilts/api/31.0/public/keystore.te b/prebuilts/api/31.0/public/keystore.te
index 155322c..b7d5090 100644
--- a/prebuilts/api/31.0/public/keystore.te
+++ b/prebuilts/api/31.0/public/keystore.te
@@ -20,7 +20,8 @@
add_service(keystore, keystore_compat_hal_service)
add_service(keystore, authorization_service)
add_service(keystore, keystore_maintenance_service)
-add_service(keystore, vpnprofilestore_service)
+add_service(keystore, keystore_metrics_service)
+add_service(keystore, legacykeystore_service)
# Check SELinux permissions.
selinux_check_access(keystore)
diff --git a/prebuilts/api/31.0/public/service.te b/prebuilts/api/31.0/public/service.te
index a0d77c1..8121d04 100644
--- a/prebuilts/api/31.0/public/service.te
+++ b/prebuilts/api/31.0/public/service.te
@@ -20,7 +20,9 @@
type credstore_service, app_api_service, service_manager_type;
type keystore_compat_hal_service, service_manager_type;
type keystore_maintenance_service, service_manager_type;
+type keystore_metrics_service, service_manager_type;
type keystore_service, service_manager_type;
+type legacykeystore_service, service_manager_type;
type lpdump_service, service_manager_type;
type mediaserver_service, service_manager_type;
type mediametrics_service, service_manager_type;
@@ -43,7 +45,6 @@
type virtualization_service, service_manager_type;
type virtual_touchpad_service, service_manager_type;
type vold_service, service_manager_type;
-type vpnprofilestore_service, service_manager_type;
type vr_hwc_service, service_manager_type;
type vrflinger_vsync_service, service_manager_type;
diff --git a/prebuilts/api/31.0/public/te_macros b/prebuilts/api/31.0/public/te_macros
index 2a218cb..200b2e3 100644
--- a/prebuilts/api/31.0/public/te_macros
+++ b/prebuilts/api/31.0/public/te_macros
@@ -635,7 +635,7 @@
allow keystore $1:process getattr;
allow $1 apc_service:service_manager find;
allow $1 keystore_service:service_manager find;
- allow $1 vpnprofilestore_service:service_manager find;
+ allow $1 legacykeystore_service:service_manager find;
binder_call($1, keystore)
binder_call(keystore, $1)
')
diff --git a/private/access_vectors b/private/access_vectors
index 22f2ffa..5ff7aef 100644
--- a/private/access_vectors
+++ b/private/access_vectors
@@ -726,6 +726,7 @@
get_state
list
lock
+ pull_metrics
report_off_body
reset
unlock
diff --git a/private/app_zygote.te b/private/app_zygote.te
index 4ee3af7..004c108 100644
--- a/private/app_zygote.te
+++ b/private/app_zygote.te
@@ -41,6 +41,9 @@
# Check SELinux permissions.
selinux_check_access(app_zygote)
+# Read and inspect temporary files managed by zygote.
+allow app_zygote zygote_tmpfs:file { read getattr };
+
######
###### Policy below is shared with regular zygote-spawned apps
######
@@ -79,6 +82,9 @@
get_prop(app_zygote, device_config_runtime_native_prop)
get_prop(app_zygote, device_config_runtime_native_boot_prop)
+# Allow app_zygote to access odsign verification status
+get_prop(app_zygote, odsign_prop)
+
#####
##### Neverallow
#####
diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index 7c508cd..c943973 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -73,8 +73,10 @@
hw_timeout_multiplier_prop
keystore_compat_hal_service
keystore_maintenance_service
+ keystore_metrics_service
keystore2_key_contexts_file
legacy_permission_service
+ legacykeystore_service
location_time_zone_manager_service
media_communication_service
media_metrics_service
@@ -145,7 +147,6 @@
vibrator_manager_service
virtualization_service
vpn_management_service
- vpnprofilestore_service
watchdog_metadata_file
wifi_key
zygote_config_prop))
diff --git a/private/compat/31.0/31.0.ignore.cil b/private/compat/31.0/31.0.ignore.cil
index f9e073e..d07a595 100644
--- a/private/compat/31.0/31.0.ignore.cil
+++ b/private/compat/31.0/31.0.ignore.cil
@@ -9,4 +9,5 @@
camera2_extensions_prop
power_stats_service
transformer_service
+ proc_watermark_boost_factor
))
diff --git a/private/crosvm.te b/private/crosvm.te
index f7729fd..b139286 100644
--- a/private/crosvm.te
+++ b/private/crosvm.te
@@ -14,3 +14,10 @@
# Most other domains shouldn't access /dev/kvm.
neverallow { domain -crosvm -ueventd -shell } kvm_device:chr_file getattr;
neverallow { domain -crosvm -ueventd } kvm_device:chr_file ~getattr;
+
+# Let crosvm read and write files from clients of virtualizationservice, but not open them directly
+# as they must be passed via virtualizationservice.
+allow crosvm apk_data_file:file { getattr read };
+allow crosvm app_data_file:file { getattr read write };
+# shell_data_file is used for automated tests and manual debugging.
+allow crosvm shell_data_file:file { getattr read write };
diff --git a/private/file_contexts b/private/file_contexts
index d34f64f..2ac0981 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -370,6 +370,7 @@
/system/bin/android\.frameworks\.automotive\.display@1\.0-service u:object_r:automotive_display_service_exec:s0
/system/bin/snapuserd u:object_r:snapuserd_exec:s0
/system/bin/odsign u:object_r:odsign_exec:s0
+/system/bin/vehicle_binding_util u:object_r:vehicle_binding_util_exec:s0
#############################
# Vendor files
diff --git a/private/flags_health_check.te b/private/flags_health_check.te
index 55d1a9a..f6675ac 100644
--- a/private/flags_health_check.te
+++ b/private/flags_health_check.te
@@ -19,6 +19,7 @@
set_prop(flags_health_check, device_config_window_manager_native_boot_prop)
set_prop(flags_health_check, device_config_configuration_prop)
set_prop(flags_health_check, device_config_connectivity_prop)
+set_prop(flags_health_check, device_config_surface_flinger_native_boot_prop)
# system property device_config_boot_count_prop is used for deciding when to perform server
# configurable flags related disaster recovery. Mistakenly set up by unrelated components can, at a
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 3499aa0..b890ba6 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -86,6 +86,7 @@
genfscon proc /sys/vm/drop_caches u:object_r:proc_drop_caches:s0
genfscon proc /sys/vm/overcommit_memory u:object_r:proc_overcommit_memory:s0
genfscon proc /sys/vm/min_free_order_shift u:object_r:proc_min_free_order_shift:s0
+genfscon proc /sys/vm/watermark_boost_factor u:object_r:proc_watermark_boost_factor:s0
genfscon proc /timer_list u:object_r:proc_timer:s0
genfscon proc /timer_stats u:object_r:proc_timer:s0
genfscon proc /tty/drivers u:object_r:proc_tty_drivers:s0
diff --git a/private/installd.te b/private/installd.te
index c89ba8b..726e5aa 100644
--- a/private/installd.te
+++ b/private/installd.te
@@ -40,6 +40,9 @@
# Allow installd to access apk verity feature flag (for legacy case).
get_prop(installd, apk_verity_prop)
+# Allow installd to access odsign verification status
+get_prop(installd, odsign_prop)
+
# Allow installd to delete files in /data/staging
allow installd staging_data_file:file unlink;
allow installd staging_data_file:dir { open read remove_name rmdir search write };
diff --git a/private/mediaprovider_app.te b/private/mediaprovider_app.te
index 0e4a50e..e8a85e5 100644
--- a/private/mediaprovider_app.te
+++ b/private/mediaprovider_app.te
@@ -21,6 +21,9 @@
# Talk to the MediaServer service
allow mediaprovider_app mediaserver_service:service_manager find;
+# Talk to the AudioServer service
+allow mediaprovider_app audioserver_service:service_manager find;
+
# Talk to regular app services
allow mediaprovider_app app_api_service:service_manager find;
diff --git a/private/odsign.te b/private/odsign.te
index 0ff3b7b..57ca048 100644
--- a/private/odsign.te
+++ b/private/odsign.te
@@ -41,7 +41,7 @@
# For ART apex data dir access
allow odsign apex_module_data_file:dir { getattr search };
-allow odsign apex_art_data_file:dir { rw_dir_perms rmdir };
+allow odsign apex_art_data_file:dir { rw_dir_perms rmdir rename };
allow odsign apex_art_data_file:file { rw_file_perms unlink };
# Run odrefresh to refresh ART artifacts
diff --git a/private/property.te b/private/property.te
index 01d4fd9..d6ddbdf 100644
--- a/private/property.te
+++ b/private/property.te
@@ -10,6 +10,7 @@
system_internal_prop(device_config_configuration_prop)
system_internal_prop(device_config_connectivity_prop)
system_internal_prop(device_config_swcodec_native_prop)
+system_internal_prop(device_config_surface_flinger_native_boot_prop)
system_internal_prop(fastbootd_protocol_prop)
system_internal_prop(gsid_prop)
system_internal_prop(init_perf_lsm_hooks_prop)
diff --git a/private/property_contexts b/private/property_contexts
index 62862e9..593274f 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -52,6 +52,7 @@
persist.audio. u:object_r:audio_prop:s0
persist.bluetooth. u:object_r:bluetooth_prop:s0
+persist.nfc. u:object_r:nfc_prop:s0
persist.nfc_cfg. u:object_r:nfc_prop:s0
persist.debug. u:object_r:persist_debug_prop:s0
logd. u:object_r:logd_prop:s0
@@ -241,6 +242,7 @@
persist.device_config.statsd_native. u:object_r:device_config_statsd_native_prop:s0
persist.device_config.statsd_native_boot. u:object_r:device_config_statsd_native_boot_prop:s0
persist.device_config.storage_native_boot. u:object_r:device_config_storage_native_boot_prop:s0
+persist.device_config.surface_flinger_native_boot. u:object_r:device_config_surface_flinger_native_boot_prop:s0
persist.device_config.swcodec_native. u:object_r:device_config_swcodec_native_prop:s0
persist.device_config.window_manager_native_boot. u:object_r:device_config_window_manager_native_boot_prop:s0
@@ -438,6 +440,8 @@
persist.bluetooth.bluetooth_audio_hal.disabled u:object_r:bluetooth_audio_hal_prop:s0 exact bool
persist.bluetooth.btsnoopenable u:object_r:exported_bluetooth_prop:s0 exact bool
+persist.nfc.debug_enabled u:object_r:nfc_prop:s0 exact bool
+
persist.radio.multisim.config u:object_r:radio_control_prop:s0 exact string
persist.sys.hdmi.keep_awake u:object_r:hdmi_config_prop:s0 exact bool
diff --git a/private/seapp_contexts b/private/seapp_contexts
index 1d38fd9..c9fc8c6 100644
--- a/private/seapp_contexts
+++ b/private/seapp_contexts
@@ -5,11 +5,9 @@
# Input selectors:
# isSystemServer (boolean)
# isEphemeralApp (boolean)
-# isOwner (boolean)
# user (string)
# seinfo (string)
# name (string)
-# path (string)
# isPrivApp (boolean)
# minTargetSdkVersion (unsigned integer)
# fromRunAs (boolean)
@@ -17,7 +15,7 @@
# All specified input selectors in an entry must match (i.e. logical AND).
# An unspecified string or boolean selector with no default will match any
# value.
-# A user, name, or path string selector that ends in * will perform a prefix
+# A user, or name string selector that ends in * will perform a prefix
# match.
# String matching is case-insensitive.
# See external/selinux/libselinux/src/android/android_platform.c,
@@ -26,7 +24,6 @@
# isSystemServer=true only matches the system server.
# An unspecified isSystemServer defaults to false.
# isEphemeralApp=true will match apps marked by PackageManager as Ephemeral
-# isOwner=true will only match for the owner/primary user.
# user=_app will match any regular app process.
# user=_isolated will match any isolated service process.
# Other values of user are matched against the name associated with the process
@@ -35,7 +32,6 @@
# mac_permissions.xml files.
# The ':' character is reserved and may not be used in seinfo.
# name= matches against the package name of the app.
-# path= matches against the directory path when labeling app directories.
# isPrivApp=true will only match for applications preinstalled in
# /system/priv-app.
# minTargetSdkVersion will match applications with a targetSdkVersion
@@ -50,19 +46,16 @@
# (1) isSystemServer=true before isSystemServer=false.
# (2) Specified isEphemeralApp= before unspecified isEphemeralApp=
# boolean.
-# (3) Specified isOwner= before unspecified isOwner= boolean.
-# (4) Specified user= string before unspecified user= string;
+# (3) Specified user= string before unspecified user= string;
# more specific user= string before less specific user= string.
-# (5) Specified seinfo= string before unspecified seinfo= string.
-# (6) Specified name= string before unspecified name= string;
+# (4) Specified seinfo= string before unspecified seinfo= string.
+# (5) Specified name= string before unspecified name= string;
# more specific name= string before less specific name= string.
-# (7) Specified path= string before unspecified path= string.
-# more specific name= string before less specific name= string.
-# (8) Specified isPrivApp= before unspecified isPrivApp= boolean.
-# (9) Higher value of minTargetSdkVersion= before lower value of
+# (6) Specified isPrivApp= before unspecified isPrivApp= boolean.
+# (7) Higher value of minTargetSdkVersion= before lower value of
# minTargetSdkVersion= integer. Note that minTargetSdkVersion=
# defaults to 0 if unspecified.
-# (10) fromRunAs=true before fromRunAs=false.
+# (8) fromRunAs=true before fromRunAs=false.
# (A fixed selector is more specific than a prefix, i.e. ending in *, and a
# longer prefix is more specific than a shorter prefix.)
# Apps are checked against entries in precedence order until the first match,
diff --git a/private/service_contexts b/private/service_contexts
index c020a04..f8c1607 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -37,9 +37,10 @@
android.security.compat u:object_r:keystore_compat_hal_service:s0
android.security.identity u:object_r:credstore_service:s0
android.security.keystore u:object_r:keystore_service:s0
+android.security.legacykeystore u:object_r:legacykeystore_service:s0
android.security.maintenance u:object_r:keystore_maintenance_service:s0
+android.security.metrics u:object_r:keystore_metrics_service:s0
android.security.remoteprovisioning u:object_r:remoteprovisioning_service:s0
-android.security.vpnprofilestore u:object_r:vpnprofilestore_service:s0
android.service.gatekeeper.IGateKeeperService u:object_r:gatekeeper_service:s0
app_binding u:object_r:app_binding_service:s0
app_hibernation u:object_r:app_hibernation_service:s0
diff --git a/private/simpleperf.te b/private/simpleperf.te
index 0639c11..9c70060 100644
--- a/private/simpleperf.te
+++ b/private/simpleperf.te
@@ -5,7 +5,16 @@
typeattribute simpleperf coredomain;
type simpleperf_exec, system_file_type, exec_type, file_type;
-domain_auto_trans({ untrusted_app_all -runas_app }, simpleperf_exec, simpleperf)
+# Define apps that can be marked debuggable/profileable and be profiled by simpleperf.
+define(`simpleperf_profileable_apps', `{
+ ephemeral_app
+ isolated_app
+ platform_app
+ priv_app
+ untrusted_app_all
+}')
+
+domain_auto_trans({ simpleperf_profileable_apps -runas_app }, simpleperf_exec, simpleperf)
# When running in this domain, simpleperf is scoped to profiling an individual
# app. The necessary MAC permissions for profiling are more maintainable and
@@ -16,14 +25,19 @@
# Allow ptrace attach to the target app, for reading JIT debug info (using
# process_vm_readv) during unwinding and symbolization.
-allow simpleperf untrusted_app_all:process ptrace;
+allow simpleperf simpleperf_profileable_apps:process ptrace;
# Allow using perf_event_open syscall for profiling the target app.
allow simpleperf self:perf_event { open read write kernel };
# Allow /proc/<pid> access for the target app (for example, when trying to
# discover it by cmdline).
-r_dir_file(simpleperf, untrusted_app_all)
+r_dir_file(simpleperf, simpleperf_profileable_apps)
+
+# Allow apps signalling simpleperf domain, which is the domain that the simpleperf
+# profiler runs as when executed by the app. The signals are used to control
+# the profiler (which would be profiling the app that is sending the signal).
+allow simpleperf_profileable_apps simpleperf:process signal;
# Suppress denial logspam when simpleperf is trying to find a matching process
# by scanning /proc/<pid>/cmdline files. The /proc/<pid> directories are within
diff --git a/private/simpleperf_app_runner.te b/private/simpleperf_app_runner.te
index 8501826..184a80a 100644
--- a/private/simpleperf_app_runner.te
+++ b/private/simpleperf_app_runner.te
@@ -1,3 +1,45 @@
typeattribute simpleperf_app_runner coredomain;
domain_auto_trans(shell, simpleperf_app_runner_exec, simpleperf_app_runner)
+
+# run simpleperf_app_runner in adb shell.
+allow simpleperf_app_runner adbd:fd use;
+allow simpleperf_app_runner shell:fd use;
+allow simpleperf_app_runner devpts:chr_file { read write ioctl };
+
+# simpleperf_app_runner reads package information.
+allow simpleperf_app_runner system_data_file:file r_file_perms;
+allow simpleperf_app_runner system_data_file:lnk_file getattr;
+allow simpleperf_app_runner packages_list_file:file r_file_perms;
+
+# The app's data dir may be accessed through a symlink.
+allow simpleperf_app_runner system_data_file:lnk_file read;
+
+# simpleperf_app_runner switches to the app UID/GID.
+allow simpleperf_app_runner self:global_capability_class_set { setuid setgid };
+
+# simpleperf_app_runner switches to the app security context.
+selinux_check_context(simpleperf_app_runner) # validate context
+allow simpleperf_app_runner self:process setcurrent;
+allow simpleperf_app_runner { ephemeral_app isolated_app platform_app priv_app untrusted_app_all }:process dyntransition; # setcon
+
+# simpleperf_app_runner/libselinux needs access to seapp_contexts_file to
+# determine which domain to transition to.
+allow simpleperf_app_runner seapp_contexts_file:file r_file_perms;
+
+# simpleperf_app_runner passes pipe fds.
+# simpleperf_app_runner writes app type (debuggable or profileable) to pipe fds.
+allow simpleperf_app_runner shell:fifo_file { read write };
+
+# simpleperf_app_runner checks shell data paths.
+# simpleperf_app_runner passes shell data fds.
+allow simpleperf_app_runner shell_data_file:dir { getattr search };
+allow simpleperf_app_runner shell_data_file:file { getattr write };
+
+###
+### neverallow rules
+###
+
+# simpleperf_app_runner cannot have capabilities other than CAP_SETUID and CAP_SETGID
+neverallow simpleperf_app_runner self:global_capability_class_set ~{ setuid setgid };
+neverallow simpleperf_app_runner self:global_capability2_class_set *;
diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index 8203724..f99ce96 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@@ -61,6 +61,7 @@
# Get properties.
get_prop(surfaceflinger, qemu_sf_lcd_density_prop)
+get_prop(network_stack, device_config_surface_flinger_native_boot_prop)
# Use open files supplied by an app.
allow surfaceflinger appdomain:fd use;
diff --git a/private/system_server.te b/private/system_server.te
index d76a2a8..5d685c3 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -708,7 +708,7 @@
set_prop(system_server, device_config_window_manager_native_boot_prop)
set_prop(system_server, device_config_configuration_prop)
set_prop(system_server, device_config_connectivity_prop)
-
+set_prop(system_server, device_config_surface_flinger_native_boot_prop)
# Allow query ART device config properties
get_prop(system_server, device_config_runtime_native_boot_prop)
@@ -853,6 +853,7 @@
allow system_server installd_service:service_manager find;
allow system_server iorapd_service:service_manager find;
allow system_server keystore_maintenance_service:service_manager find;
+allow system_server keystore_metrics_service:service_manager find;
allow system_server keystore_service:service_manager find;
allow system_server mediaserver_service:service_manager find;
allow system_server mediametrics_service:service_manager find;
@@ -903,6 +904,7 @@
clear_uid
get_state
lock
+ pull_metrics
reset
unlock
};
@@ -1216,6 +1218,7 @@
device_config_runtime_native_prop
device_config_media_native_prop
device_config_storage_native_boot_prop
+ device_config_surface_flinger_native_boot_prop
device_config_sys_traced_prop
device_config_swcodec_native_prop
device_config_window_manager_native_boot_prop
diff --git a/private/toolbox.te b/private/toolbox.te
index 8202e04..b4a3466 100644
--- a/private/toolbox.te
+++ b/private/toolbox.te
@@ -3,5 +3,5 @@
init_daemon_domain(toolbox)
# rm -rf /data/misc/virtualizationservice
-allow toolbox virtualizationservice_data_file:dir { getattr remove_name rmdir };
-allow toolbox virtualizationservice_data_file:file { getattr unlink };
+allow toolbox virtualizationservice_data_file:dir create_dir_perms;
+allow toolbox virtualizationservice_data_file:file create_file_perms;
diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index 6064c14..f7dfdeb 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -170,8 +170,3 @@
# according to the heuristic of lockdown.
allow untrusted_app_all self:lockdown integrity;
')
-
-# Allow signalling simpleperf domain, which is the domain that the simpleperf
-# profiler runs as when executed by the app. The signals are used to control
-# the profiler (which would be profiling the app that is sending the signal).
-allow untrusted_app_all simpleperf:process signal;
diff --git a/private/vdc.te b/private/vdc.te
index bc7409e..63c9c2a 100644
--- a/private/vdc.te
+++ b/private/vdc.te
@@ -1,3 +1,6 @@
typeattribute vdc coredomain;
init_daemon_domain(vdc)
+
+# Allow stdin/out back to vehicle_binding_util
+allow vdc vehicle_binding_util:fd use;
diff --git a/private/vehicle_binding_util.te b/private/vehicle_binding_util.te
new file mode 100644
index 0000000..76d0756
--- /dev/null
+++ b/private/vehicle_binding_util.te
@@ -0,0 +1,20 @@
+# vehicle binding util startup application
+type vehicle_binding_util, domain, coredomain;
+
+# allow init to start vehicle_binding_util
+type vehicle_binding_util_exec, exec_type, file_type, system_file_type;
+init_daemon_domain(vehicle_binding_util)
+
+# allow writing to kmsg during boot
+allow vehicle_binding_util kmsg_device:chr_file { getattr w_file_perms };
+
+# allow reading the binding property from vhal
+hwbinder_use(vehicle_binding_util)
+hal_client_domain(vehicle_binding_util, hal_vehicle)
+
+# allow executing vdc
+domain_auto_trans(vehicle_binding_util, vdc_exec, vdc)
+
+# devpts is needed to redirect output from vdc
+allow vehicle_binding_util devpts:chr_file rw_file_perms;
+
diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
index 4c6f1f9..9b82e01 100644
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te
@@ -23,3 +23,21 @@
# Let virtualizationservice access its data directory.
allow virtualizationservice virtualizationservice_data_file:file create_file_perms;
allow virtualizationservice virtualizationservice_data_file:dir create_dir_perms;
+
+# virtualizationservice_use(client)
+define(`virtualizationservice_use', `
+# Let the client call virtualizationservice.
+binder_call($1, virtualizationservice)
+# Let the client pass file descriptors to virtualizationservice.
+allow virtualizationservice $1:fd use;
+')
+
+# Let the shell user call virtualizationservice for debugging.
+virtualizationservice_use(shell)
+
+# Let virtualizationservice read and write files from its various clients, but not open them
+# directly as they must be passed over Binder by the client.
+allow virtualizationservice apk_data_file:file { getattr read };
+allow virtualizationservice app_data_file:file { getattr read write };
+# shell_data_file is used for automated tests and manual debugging.
+allow virtualizationservice shell_data_file:file { getattr read write };
diff --git a/private/webview_zygote.te b/private/webview_zygote.te
index 10bcf1c..3473eca 100644
--- a/private/webview_zygote.te
+++ b/private/webview_zygote.te
@@ -87,6 +87,9 @@
get_prop(webview_zygote, device_config_runtime_native_prop)
get_prop(webview_zygote, device_config_runtime_native_boot_prop)
+# Allow webview_zygote to access odsign verification status
+get_prop(zygote, odsign_prop)
+
#####
##### Neverallow
#####
diff --git a/private/wificond.te b/private/wificond.te
index 8bf37ca..3fdaca2 100644
--- a/private/wificond.te
+++ b/private/wificond.te
@@ -6,4 +6,6 @@
get_prop(wificond, hwservicemanager_prop)
+allow wificond legacykeystore_service:service_manager find;
+
init_daemon_domain(wificond)
diff --git a/private/zygote.te b/private/zygote.te
index de64c8f..651fb10 100644
--- a/private/zygote.te
+++ b/private/zygote.te
@@ -217,6 +217,9 @@
# Allow zygote to access media_variant_prop for static initialization
get_prop(zygote, media_variant_prop)
+# Allow zygote to access odsign verification status
+get_prop(zygote, odsign_prop)
+
# Allow zygote to read ro.control_privapp_permissions and ro.cp_system_other_odex
get_prop(zygote, packagemanager_config_prop)
diff --git a/public/app.te b/public/app.te
index e8178d1..7de9c00 100644
--- a/public/app.te
+++ b/public/app.te
@@ -569,6 +569,9 @@
-system_app
} { bluetooth_audio_hal_prop bluetooth_a2dp_offload_prop bluetooth_prop exported_bluetooth_prop }:file create_file_perms;
+# allow system_app to access Nfc-related system properties.
+set_prop(system_app, nfc_prop)
+
# Apps cannot access proc_uid_time_in_state
neverallow appdomain proc_uid_time_in_state:file *;
diff --git a/public/domain.te b/public/domain.te
index d84abf1..799a2f1 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -677,6 +677,7 @@
-credstore_service
-keystore_maintenance_service
-keystore_service
+ -legacykeystore_service
-mediadrmserver_service
-mediaextractor_service
-mediametrics_service
@@ -684,7 +685,6 @@
-nfc_service
-radio_service
-virtual_touchpad_service
- -vpnprofilestore_service
-vr_hwc_service
-vr_manager_service
userdebug_or_eng(`-hal_face_service')
diff --git a/public/file.te b/public/file.te
index 6ed459e..cfac66d 100644
--- a/public/file.te
+++ b/public/file.te
@@ -13,6 +13,7 @@
type proc_overcommit_memory, fs_type, proc_type;
type proc_min_free_order_shift, fs_type, proc_type;
type proc_kpageflags, fs_type, proc_type;
+type proc_watermark_boost_factor, fs_type, proc_type;
# proc, sysfs, or other nodes that permit configuration of kernel usermodehelpers.
type usermodehelper, fs_type, proc_type;
type sysfs_usermodehelper, fs_type, sysfs_type;
diff --git a/public/init.te b/public/init.te
index f606c71..5fd1715 100644
--- a/public/init.te
+++ b/public/init.te
@@ -384,6 +384,7 @@
proc_perf
proc_sched
proc_sysrq
+ proc_watermark_boost_factor
}:file w_file_perms;
allow init {
diff --git a/public/kernel.te b/public/kernel.te
index 902933d..09d2480 100644
--- a/public/kernel.te
+++ b/public/kernel.te
@@ -95,6 +95,11 @@
staging_data_file
vendor_apex_file
}:file read;
+# Also allow the kernel to read /data/local/tmp files via loop device
+# for ApexTestCases
+userdebug_or_eng(`
+ allow kernel shell_data_file:file read;
+')
# Allow the first-stage init (which is running in the kernel domain) to execute the
# dynamic linker when it re-executes /init to switch into the second stage.
diff --git a/public/keystore.te b/public/keystore.te
index 155322c..b7d5090 100644
--- a/public/keystore.te
+++ b/public/keystore.te
@@ -20,7 +20,8 @@
add_service(keystore, keystore_compat_hal_service)
add_service(keystore, authorization_service)
add_service(keystore, keystore_maintenance_service)
-add_service(keystore, vpnprofilestore_service)
+add_service(keystore, keystore_metrics_service)
+add_service(keystore, legacykeystore_service)
# Check SELinux permissions.
selinux_check_access(keystore)
diff --git a/public/service.te b/public/service.te
index 4fa6a13..756c31c 100644
--- a/public/service.te
+++ b/public/service.te
@@ -21,7 +21,9 @@
type credstore_service, app_api_service, service_manager_type;
type keystore_compat_hal_service, service_manager_type;
type keystore_maintenance_service, service_manager_type;
+type keystore_metrics_service, service_manager_type;
type keystore_service, service_manager_type;
+type legacykeystore_service, service_manager_type;
type lpdump_service, service_manager_type;
type mediaserver_service, service_manager_type;
type mediametrics_service, service_manager_type;
@@ -44,7 +46,6 @@
type virtualization_service, service_manager_type;
type virtual_touchpad_service, service_manager_type;
type vold_service, service_manager_type;
-type vpnprofilestore_service, service_manager_type;
type vr_hwc_service, service_manager_type;
type vrflinger_vsync_service, service_manager_type;
diff --git a/public/simpleperf_app_runner.te b/public/simpleperf_app_runner.te
index 2ed007e..3719d9f 100644
--- a/public/simpleperf_app_runner.te
+++ b/public/simpleperf_app_runner.te
@@ -1,44 +1,2 @@
type simpleperf_app_runner, domain, mlstrustedsubject;
type simpleperf_app_runner_exec, system_file_type, exec_type, file_type;
-
-# run simpleperf_app_runner in adb shell.
-allow simpleperf_app_runner adbd:fd use;
-allow simpleperf_app_runner shell:fd use;
-allow simpleperf_app_runner devpts:chr_file { read write ioctl };
-
-# simpleperf_app_runner reads package information.
-allow simpleperf_app_runner system_data_file:file r_file_perms;
-allow simpleperf_app_runner system_data_file:lnk_file getattr;
-allow simpleperf_app_runner packages_list_file:file r_file_perms;
-
-# The app's data dir may be accessed through a symlink.
-allow simpleperf_app_runner system_data_file:lnk_file read;
-
-# simpleperf_app_runner switches to the app UID/GID.
-allow simpleperf_app_runner self:global_capability_class_set { setuid setgid };
-
-# simpleperf_app_runner switches to the app security context.
-selinux_check_context(simpleperf_app_runner) # validate context
-allow simpleperf_app_runner self:process setcurrent;
-allow simpleperf_app_runner untrusted_app_all:process dyntransition; # setcon
-
-# simpleperf_app_runner/libselinux needs access to seapp_contexts_file to
-# determine which domain to transition to.
-allow simpleperf_app_runner seapp_contexts_file:file r_file_perms;
-
-# simpleperf_app_runner passes pipe fds.
-# simpleperf_app_runner writes app type (debuggable or profileable) to pipe fds.
-allow simpleperf_app_runner shell:fifo_file { read write };
-
-# simpleperf_app_runner checks shell data paths.
-# simpleperf_app_runner passes shell data fds.
-allow simpleperf_app_runner shell_data_file:dir { getattr search };
-allow simpleperf_app_runner shell_data_file:file { getattr write };
-
-###
-### neverallow rules
-###
-
-# simpleperf_app_runner cannot have capabilities other than CAP_SETUID and CAP_SETGID
-neverallow simpleperf_app_runner self:global_capability_class_set ~{ setuid setgid };
-neverallow simpleperf_app_runner self:global_capability2_class_set *;
diff --git a/public/te_macros b/public/te_macros
index 2a218cb..200b2e3 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -635,7 +635,7 @@
allow keystore $1:process getattr;
allow $1 apc_service:service_manager find;
allow $1 keystore_service:service_manager find;
- allow $1 vpnprofilestore_service:service_manager find;
+ allow $1 legacykeystore_service:service_manager find;
binder_call($1, keystore)
binder_call(keystore, $1)
')
diff --git a/tools/check_seapp.c b/tools/check_seapp.c
index 2b06c11..7795e3a 100644
--- a/tools/check_seapp.c
+++ b/tools/check_seapp.c
@@ -207,11 +207,9 @@
/*Inputs*/
{ .name = "isSystemServer", .dir = dir_in, .fn_validate = validate_bool },
{ .name = "isEphemeralApp", .dir = dir_in, .fn_validate = validate_bool },
- { .name = "isOwner", .dir = dir_in, .fn_validate = validate_bool },
{ .name = "user", .dir = dir_in, },
{ .name = "seinfo", .dir = dir_in, },
{ .name = "name", .dir = dir_in, },
- { .name = "path", .dir = dir_in, },
{ .name = "isPrivApp", .dir = dir_in, .fn_validate = validate_bool },
{ .name = "minTargetSdkVersion", .dir = dir_in, .fn_validate = validate_uint },
{ .name = "fromRunAs", .dir = dir_in, .fn_validate = validate_bool },