Merge "Give ueventd permissions to read /proc/bootconfig"
diff --git a/private/coredomain.te b/private/coredomain.te
index de9b953..9fe82d3 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te
@@ -11,6 +11,7 @@
get_prop(coredomain, localization_prop)
get_prop(coredomain, pm_prop)
get_prop(coredomain, radio_control_prop)
+get_prop(coredomain, rollback_test_prop)
get_prop(coredomain, setupwizard_prop)
get_prop(coredomain, sqlite_log_prop)
get_prop(coredomain, storagemanager_config_prop)
diff --git a/private/keystore2_key_contexts b/private/keystore2_key_contexts
index 9612b90..5695cc3 100644
--- a/private/keystore2_key_contexts
+++ b/private/keystore2_key_contexts
@@ -20,3 +20,6 @@
# namespace in keystore.
102 u:object_r:wifi_key:s0
+# resume_on_reboot_key is a keystore2_key namespace intended for resume on reboot.
+120 u:object_r:resume_on_reboot_key:s0
+
diff --git a/private/keystore_keys.te b/private/keystore_keys.te
index 990bc29..8d33d5d 100644
--- a/private/keystore_keys.te
+++ b/private/keystore_keys.te
@@ -13,3 +13,7 @@
# A keystore2 namespace for the on-device signing daemon.
type odsign_key, keystore2_key_type;
+
+# A keystore2 namespace for resume on reboot.
+type resume_on_reboot_key, keystore2_key_type;
+
diff --git a/private/property.te b/private/property.te
index 34c0fd8..88f3ec0 100644
--- a/private/property.te
+++ b/private/property.te
@@ -21,6 +21,7 @@
system_internal_prop(lower_kptr_restrict_prop)
system_internal_prop(netd_stable_secret_prop)
system_internal_prop(pm_prop)
+system_internal_prop(rollback_test_prop)
system_internal_prop(setupwizard_prop)
system_internal_prop(system_adbd_prop)
system_internal_prop(suspend_prop)
@@ -556,3 +557,9 @@
# Only one of system_property_type and vendor_property_type can be assigned.
# Property types having both attributes won't be accessible from anywhere.
neverallow domain system_and_vendor_property_type:{file property_service} *;
+
+neverallow {
+ # Only allow init and shell to set rollback_test_prop
+ -init
+ -shell
+} rollback_test_prop:property_service set;
diff --git a/private/property_contexts b/private/property_contexts
index 22e0ff6..35bf7eb 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -467,6 +467,7 @@
external_storage.projid.enabled u:object_r:storage_config_prop:s0 exact bool
external_storage.casefold.enabled u:object_r:storage_config_prop:s0 exact bool
external_storage.sdcardfs.enabled u:object_r:storage_config_prop:s0 exact bool
+external_storage.cross_user.enabled u:object_r:storage_config_prop:s0 exact bool
ro.config.per_app_memcg u:object_r:lmkd_config_prop:s0 exact bool
ro.lmk.critical u:object_r:lmkd_config_prop:s0 exact int
@@ -1122,3 +1123,7 @@
# SOC related props
ro.soc.manufacturer u:object_r:soc_prop:s0 exact string
ro.soc.model u:object_r:soc_prop:s0 exact string
+
+# set to true when running rollback tests to disable fallback-to-copy when enabling rollbacks
+# to detect failures where hard linking should work otherwise
+persist.rollback.is_test u:object_r:rollback_test_prop:s0 exact bool
diff --git a/private/shell.te b/private/shell.te
index 94a2c2e..a99ada8 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -94,6 +94,9 @@
# userspace reboot
set_prop(shell, userspace_reboot_test_prop)
+# Allow shell to set this property used for rollback tests
+set_prop(shell, rollback_test_prop)
+
# Allow shell to get encryption policy of /data/local/tmp/, for CTS
allowxperm shell shell_data_file:dir ioctl {
FS_IOC_GET_ENCRYPTION_POLICY
diff --git a/private/system_server.te b/private/system_server.te
index 8bee1bf..349a0b8 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -891,6 +891,15 @@
use
};
+# Allow lock_settings service to manage RoR keys.
+allow system_server resume_on_reboot_key:keystore2_key {
+ delete
+ get_info
+ rebind
+ update
+ use
+};
+
# Allow system server to search and write to the persistent factory reset
# protection partition. This block device does not get wiped in a factory reset.
allow system_server block_device:dir search;
diff --git a/private/zygote.te b/private/zygote.te
index 83323c9..5f24115 100644
--- a/private/zygote.te
+++ b/private/zygote.te
@@ -197,9 +197,11 @@
# undesirable, so suppress the denial.
dontaudit zygote self:global_capability_class_set { sys_resource fsetid };
-# Ignore spurious denials calling access() on fuse
+# Ignore spurious denials calling access() on fuse.
+# Also ignore read and open as sdcardfs may read and open dir when app tries to access a dir that
+# doesn't exist.
# TODO(b/151316657): avoid the denials
-dontaudit zygote media_rw_data_file:dir setattr;
+dontaudit zygote media_rw_data_file:dir { read open setattr };
# Allow zygote to use ashmem fds from system_server.
allow zygote system_server:fd use;