Merge "Add charger related property contexts"
diff --git a/private/bug_map b/private/bug_map
index eaa1593..c2670ef 100644
--- a/private/bug_map
+++ b/private/bug_map
@@ -1,5 +1,6 @@
dnsmasq netd fifo_file b/77868789
dnsmasq netd unix_stream_socket b/77868789
+gmscore_app ashmem_device chr_file b/160984921
gmscore_app system_data_file dir b/146166941
init app_data_file file b/77873135
init cache_file blk_file b/77873135
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index d17b5bd..92ff8d7 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -187,6 +187,7 @@
test_boot_reason_prop
time_prop
timedetector_service
+ tombstone_config_prop
tombstone_wifi_data_file
trace_data_file
traced
diff --git a/private/compat/30.0/30.0.cil b/private/compat/30.0/30.0.cil
index 7c9d913..b54644f 100644
--- a/private/compat/30.0/30.0.cil
+++ b/private/compat/30.0/30.0.cil
@@ -1369,6 +1369,7 @@
packagemanager_config_prop
recovery_config_prop
telephony_config_prop
+ tombstone_config_prop
zram_config_prop))
(typeattributeset exported3_radio_prop_30_0 (exported3_radio_prop))
(typeattributeset exported3_system_prop_30_0
diff --git a/private/coredomain.te b/private/coredomain.te
index 92efa47..6062bc0 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te
@@ -7,6 +7,7 @@
get_prop(coredomain, hdmi_config_prop)
get_prop(coredomain, init_service_status_private_prop)
get_prop(coredomain, lmkd_config_prop)
+get_prop(coredomain, localization_prop)
get_prop(coredomain, pm_prop)
get_prop(coredomain, surfaceflinger_color_prop)
get_prop(coredomain, systemsound_config_prop)
diff --git a/private/property.te b/private/property.te
index 6f984ec..db43ae3 100644
--- a/private/property.te
+++ b/private/property.te
@@ -10,6 +10,7 @@
system_internal_prop(init_service_status_private_prop)
system_internal_prop(init_svc_debug_prop)
system_internal_prop(last_boot_reason_prop)
+system_internal_prop(localization_prop)
system_internal_prop(netd_stable_secret_prop)
system_internal_prop(pm_prop)
system_internal_prop(system_adbd_prop)
@@ -417,3 +418,9 @@
-coredomain
-vendor_init
} keyguard_config_prop:file no_rw_file_perms;
+
+neverallow {
+ -init
+} {
+ localization_prop
+}:property_service set;
diff --git a/private/property_contexts b/private/property_contexts
index b6b7295..b89d4e4 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -484,7 +484,7 @@
sys.usb.ffs.ready u:object_r:ffs_control_prop:s0 exact bool
sys.usb.ffs.mtp.ready u:object_r:ffs_control_prop:s0 exact bool
-tombstoned.max_tombstone_count u:object_r:exported3_default_prop:s0 exact int
+tombstoned.max_tombstone_count u:object_r:tombstone_config_prop:s0 exact int
vold.post_fs_data_done u:object_r:vold_config_prop:s0 exact int
@@ -843,6 +843,9 @@
persist.dbg.vt_avail_ovr u:object_r:telephony_config_prop:s0 exact int
persist.dbg.wfc_avail_ovr u:object_r:telephony_config_prop:s0 exact int
+# System locale list filter configuration
+ro.localization.locale_filter u:object_r:localization_prop:s0 exact string
+
# Graphics related properties
ro.gfx.driver.0 u:object_r:graphics_config_prop:s0 exact string
ro.gfx.driver.1 u:object_r:graphics_config_prop:s0 exact string
diff --git a/private/tombstoned.te b/private/tombstoned.te
index 305f9d0..ca9a0aa 100644
--- a/private/tombstoned.te
+++ b/private/tombstoned.te
@@ -1,3 +1,12 @@
typeattribute tombstoned coredomain;
init_daemon_domain(tombstoned)
+
+get_prop(tombstoned, tombstone_config_prop)
+
+neverallow {
+ -init
+ -vendor_init
+ -dumpstate
+ -tombstoned
+} tombstone_config_prop:file no_rw_file_perms;
diff --git a/public/netd.te b/public/netd.te
index a020a57..ceb1a27 100644
--- a/public/netd.te
+++ b/public/netd.te
@@ -36,8 +36,10 @@
not_full_treble(`allow netd vendor_file:file x_file_perms;')
allow netd devpts:chr_file rw_file_perms;
-# Acquire advisory lock on /system/etc/xtables.lock
+# Acquire advisory lock on /system/etc/xtables.lock. If this file doesn't
+# exist, suppress the denial.
allow netd system_file:file lock;
+dontaudit netd system_file:dir write;
# Allow netd to write to qtaguid ctrl file.
# TODO: Add proper rules to prevent other process to access qtaguid_proc file
diff --git a/public/property.te b/public/property.te
index f9d3fda..f4572c7 100644
--- a/public/property.te
+++ b/public/property.te
@@ -132,6 +132,7 @@
system_vendor_config_prop(surfaceflinger_prop)
system_vendor_config_prop(systemsound_config_prop)
system_vendor_config_prop(telephony_config_prop)
+system_vendor_config_prop(tombstone_config_prop)
system_vendor_config_prop(usb_config_prop)
system_vendor_config_prop(userspace_reboot_config_prop)
system_vendor_config_prop(vehicle_hal_prop)