Merge "grant bpfloader CAP_CHOWN"
diff --git a/apex/com.android.os.statsd-file_contexts b/apex/com.android.os.statsd-file_contexts
index 7068190..040441a 100644
--- a/apex/com.android.os.statsd-file_contexts
+++ b/apex/com.android.os.statsd-file_contexts
@@ -1,3 +1,3 @@
(/.*)? u:object_r:system_file:s0
/lib(64)?(/.*) u:object_r:system_lib_file:s0
-
+/bin/statsd u:object_r:statsd_exec:s0
diff --git a/private/access_vectors b/private/access_vectors
index aa0109c..4144be8 100644
--- a/private/access_vectors
+++ b/private/access_vectors
@@ -733,3 +733,9 @@
read
write
}
+
+class lockdown
+{
+ integrity
+ confidentiality
+}
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index e5a01de..f28757e 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -24,6 +24,7 @@
binderfs_logs
binderfs_logs_proc
boringssl_self_test
+ bq_config_prop
charger_prop
cold_boot_done_prop
platform_compat_service
@@ -44,6 +45,7 @@
hal_rebootescrow_service
hal_tv_tuner_hwservice
hal_vibrator_service
+ incremental_control_file
incremental_service
init_perf_lsm_hooks_prop
init_svc_debug_prop
diff --git a/private/domain.te b/private/domain.te
index 1f31cea..1614ecb 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -67,6 +67,9 @@
# Read access to sdkextensions props
get_prop(domain, module_sdkextensions_prop)
+# Read access to bq configuration values
+get_prop(domain, bq_config_prop);
+
# For now, everyone can access core property files
# Device specific properties are not granted by default
not_compatible_property(`
diff --git a/private/file_contexts b/private/file_contexts
index a35cfb4..3955708 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -611,7 +611,9 @@
/data/misc_ce/[0-9]+/apexrollback(/.*)? u:object_r:apex_rollback_data_file:s0
# Incremental directories
-/data/incremental(/.*)? u:object_r:apk_data_file:s0
+/data/incremental(/.*)? u:object_r:apk_data_file:s0
+/data/incremental/MT_[^/]+/mount/.pending_reads u:object_r:incremental_control_file:s0
+/data/incremental/MT_[^/]+/mount/.log u:object_r:incremental_control_file:s0
#############################
# Expanded data files
diff --git a/private/priv_app.te b/private/priv_app.te
index 74930ee..75e9732 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -146,6 +146,10 @@
allow priv_app system_server:udp_socket {
connect getattr read recvfrom sendto write getopt setopt };
+# allow apps like Phonesky to check the file signature of an apk installed on
+# the Incremental File System
+allowxperm priv_app apk_data_file:file ioctl INCFS_IOCTL_READ_SIGNATURE;
+
###
### neverallow rules
###
diff --git a/private/property_contexts b/private/property_contexts
index 1197de3..59bc9ef 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -52,6 +52,7 @@
persist.audio. u:object_r:audio_prop:s0
persist.bluetooth. u:object_r:bluetooth_prop:s0
+persist.nfc_cfg. u:object_r:nfc_prop:s0
persist.debug. u:object_r:persist_debug_prop:s0
persist.logd. u:object_r:logd_prop:s0
ro.logd. u:object_r:logd_prop:s0
@@ -235,3 +236,9 @@
# Userspace reboot properties
sys.userspace_reboot.log. u:object_r:userspace_reboot_log_prop:s0
persist.sys.userspace_reboot.log. u:object_r:userspace_reboot_log_prop:s0
+
+# Integer property which is used in libgui to configure the number of frames
+# tracked by buffer queue's frame event timing history. The property is set
+# by devices with video decoding pipelines long enough to overflow the default
+# history size.
+ro.lib_gui.frame_event_history_size u:object_r:bq_config_prop:s0
diff --git a/private/security_classes b/private/security_classes
index c0631e9..04ed814 100644
--- a/private/security_classes
+++ b/private/security_classes
@@ -141,6 +141,9 @@
class perf_event
+# Introduced in https://github.com/torvalds/linux/commit/59438b46471ae6cdfb761afc8c9beaf1e428a331
+class lockdown
+
# Property service
class property_service # userspace
diff --git a/private/system_app.te b/private/system_app.te
index 1432017..9789a52 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -72,6 +72,9 @@
# Allow system_app (adb data loader) to write data to /data/incremental
allow system_app apk_data_file:file write;
+# Allow system app (adb data loader) to read logs
+allow system_app incremental_control_file:file r_file_perms;
+
# Allow system apps (like Settings) to interact with statsd
binder_call(system_app, statsd)
diff --git a/private/system_server.te b/private/system_server.te
index 9eea579..ef527fd 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -24,6 +24,13 @@
# For Incremental Service to check if incfs is available
allow system_server proc_filesystems:file r_file_perms;
+# To create files on Incremental File System
+allow system_server incremental_control_file:file { ioctl r_file_perms };
+allowxperm system_server incremental_control_file:file ioctl INCFS_IOCTL_CREATE_FILE;
+
+# To get signature of an APK installed on Incremental File System
+allowxperm system_server apk_data_file:file ioctl INCFS_IOCTL_READ_SIGNATURE;
+
# For art.
allow system_server dalvikcache_data_file:dir r_dir_perms;
allow system_server dalvikcache_data_file:file r_file_perms;
diff --git a/private/traced.te b/private/traced.te
index 42c6704..7ecfb7f 100644
--- a/private/traced.te
+++ b/private/traced.te
@@ -36,6 +36,23 @@
allow traced iorapd:fd use;
allow traced iorapd_tmpfs:file { read write };
+# Allow traced to use shared memory supplied by producers. Typically, traced
+# (i.e. the tracing service) creates the shared memory used for data transfer
+# from the producer. This rule allows an alternative scheme, where the producer
+# creates the shared memory, that is then adopted by traced (after validating
+# that it is appropriately sealed).
+# This list has to replicate the tmpfs domains of all applicable domains that
+# have perfetto_producer() macro applied to them.
+# perfetto_tmpfs excluded as it should never need to use the producer-supplied
+# shared memory scheme.
+allow traced {
+ appdomain_tmpfs
+ heapprofd_tmpfs
+ surfaceflinger_tmpfs
+ traced_probes_tmpfs
+ userdebug_or_eng(`system_server_tmpfs')
+}:file { getattr map read write };
+
# Allow traced to notify Traceur when a trace ends by setting the
# sys.trace.trace_end_signal property.
set_prop(traced, system_trace_prop)
diff --git a/private/traced_probes.te b/private/traced_probes.te
index 28538da..dd6ece0 100644
--- a/private/traced_probes.te
+++ b/private/traced_probes.te
@@ -1,8 +1,10 @@
# Perfetto tracing probes, has tracefs access.
type traced_probes_exec, system_file_type, exec_type, file_type;
+type traced_probes_tmpfs, file_type;
# Allow init to exec the daemon.
init_daemon_domain(traced_probes)
+tmpfs_domain(traced_probes)
# Write trace data to the Perfetto traced damon. This requires connecting to its
# producer socket and obtaining a (per-process) tmpfs fd.
diff --git a/public/file.te b/public/file.te
index ddae678..0585afd 100644
--- a/public/file.te
+++ b/public/file.te
@@ -186,6 +186,8 @@
type art_apex_dir, system_file_type, file_type;
# /linkerconfig(/.*)?
type linkerconfig_file, file_type;
+# Control files under /data/incremental
+type incremental_control_file, file_type, data_file_type, core_data_file_type;
# Default type for directories search for
# HAL implementations
diff --git a/public/init.te b/public/init.te
index 19c7e4b..cfca727 100644
--- a/public/init.te
+++ b/public/init.te
@@ -574,6 +574,9 @@
allow init system_bootstrap_lib_file:dir r_dir_perms;
allow init system_bootstrap_lib_file:file { execute read open getattr map };
+# stat the root dir of fuse filesystems (for the mount handler)
+allow init fuse:dir { search getattr };
+
###
### neverallow rules
###
diff --git a/public/ioctl_defines b/public/ioctl_defines
index b2a6fbf..4eeeb4e 100644
--- a/public/ioctl_defines
+++ b/public/ioctl_defines
@@ -1055,6 +1055,8 @@
define(`IMGETVERSION', `0x80044942')
define(`IMHOLD_L1', `0x80044948')
define(`IMSETDEVNAME', `0x80184947')
+define(`INCFS_IOCTL_CREATE_FILE', `0x0000671e')
+define(`INCFS_IOCTL_READ_SIGNATURE', `0x0000671f')
define(`IOCTL_EVTCHN_BIND_INTERDOMAIN', `0x00084501')
define(`IOCTL_EVTCHN_BIND_UNBOUND_PORT', `0x00044502')
define(`IOCTL_EVTCHN_BIND_VIRQ', `0x00044500')
diff --git a/public/property.te b/public/property.te
index 3de80ff..f309036 100644
--- a/public/property.te
+++ b/public/property.te
@@ -64,6 +64,7 @@
# Properties used by binder caches
system_restricted_prop(binder_cache_bluetooth_server_prop)
system_restricted_prop(binder_cache_system_server_prop)
+system_restricted_prop(bq_config_prop)
system_restricted_prop(linker_prop)
system_restricted_prop(module_sdkextensions_prop)
system_restricted_prop(nnapi_ext_deny_product_prop)
diff --git a/public/te_macros b/public/te_macros
index 430f172..89061a0 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -748,6 +748,9 @@
###################################
# perfetto_producer(domain)
# Allow processes within the domain to write data to Perfetto.
+# When applying this macro, you might need to also allow traced to use the
+# producer tmpfs domain, if the producer will be the one creating the shared
+# memory.
define(`perfetto_producer', `
allow $1 traced:fd use;
allow $1 traced_tmpfs:file { read write getattr map };
diff --git a/public/vold.te b/public/vold.te
index 1ddd19e..fd3ed84 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -132,6 +132,8 @@
allow vold apk_data_file:file rw_file_perms;
# Allow to bind-mount incremental file system on /data/app/vmdl*.tmp and read files
allow vold apk_tmp_file:dir { mounton r_dir_perms };
+# Allow to read incremental control file and call selinux restorecon on it
+allow vold incremental_control_file:file { r_file_perms relabelto };
allow vold tmpfs:filesystem { mount unmount };
allow vold tmpfs:dir create_dir_perms;