Merge "Prevent transition to coredomain except for system files and vice versa"
diff --git a/METADATA b/METADATA
new file mode 100644
index 0000000..313792c
--- /dev/null
+++ b/METADATA
@@ -0,0 +1,3 @@
+third_party {
+ license_type: UNENCUMBERED
+}
diff --git a/private/bug_map b/private/bug_map
index 43a77aa..eaa1593 100644
--- a/private/bug_map
+++ b/private/bug_map
@@ -30,5 +30,6 @@
system_server sdcardfs file b/77856826
system_server storage_stub_file dir b/145267097
system_server zygote process b/77856826
+untrusted_app untrusted_app netlink_route_socket b/155595000
vold system_data_file file b/124108085
zygote untrusted_app_25 process b/77925912
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index b7d6b66..cb7eb22 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -163,6 +163,7 @@
statscompanion_service
storaged_data_file
super_block_device
+ surfaceflinger_color_prop
surfaceflinger_prop
sysfs_fs_ext4_features
system_boot_reason_prop
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 3fdb0b4..19cd7fb 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -149,6 +149,7 @@
statsdw_socket
storaged_data_file
super_block_device
+ surfaceflinger_color_prop
surfaceflinger_prop
staging_data_file
system_boot_reason_prop
diff --git a/private/compat/29.0/29.0.cil b/private/compat/29.0/29.0.cil
index 26a2d34..680d511 100644
--- a/private/compat/29.0/29.0.cil
+++ b/private/compat/29.0/29.0.cil
@@ -1201,7 +1201,9 @@
(typeattributeset exported2_config_prop_29_0 (exported2_config_prop systemsound_config_prop))
(typeattributeset exported2_default_prop_29_0 (exported2_default_prop))
(typeattributeset exported2_radio_prop_29_0 (exported2_radio_prop))
-(typeattributeset exported2_system_prop_29_0 (exported2_system_prop))
+(typeattributeset exported2_system_prop_29_0
+ ( exported2_system_prop
+ surfaceflinger_color_prop))
(typeattributeset exported2_vold_prop_29_0 (exported2_vold_prop vold_config_prop))
(typeattributeset exported3_default_prop_29_0 (exported3_default_prop))
(typeattributeset exported3_radio_prop_29_0 (exported3_radio_prop))
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index 39d1aee..fadc7db 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -56,6 +56,7 @@
hal_tv_tuner_hwservice
hal_vibrator_service
incremental_control_file
+ incremental_prop
incremental_service
init_perf_lsm_hooks_prop
init_svc_debug_prop
diff --git a/private/coredomain.te b/private/coredomain.te
index 32a1e3f..ab731f1 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te
@@ -88,7 +88,7 @@
-webview_zygote
-zygote
userdebug_or_eng(`-heapprofd')
- } vendor_overlay_file:file r_file_perms;
+ } vendor_overlay_file:file open;
')
# Core domains are not permitted to use kernel interfaces which are not
diff --git a/private/domain.te b/private/domain.te
index 5b6dd80..9eed3db 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -82,6 +82,7 @@
get_prop(domain, exported3_default_prop)
get_prop(domain, exported3_radio_prop)
get_prop(domain, exported3_system_prop)
+ get_prop(domain, surfaceflinger_color_prop)
get_prop(domain, systemsound_config_prop)
get_prop(domain, vendor_default_prop)
get_prop(domain, vold_config_prop)
@@ -98,6 +99,7 @@
get_prop({coredomain appdomain shell}, exported3_radio_prop)
get_prop({coredomain appdomain shell}, exported3_system_prop)
get_prop({coredomain appdomain shell}, exported_camera_prop)
+ get_prop({coredomain appdomain shell}, surfaceflinger_color_prop)
get_prop({coredomain appdomain shell}, systemsound_config_prop)
get_prop({coredomain appdomain shell}, userspace_reboot_config_prop)
get_prop({coredomain appdomain shell}, vold_config_prop)
diff --git a/private/property.te b/private/property.te
index 84651ef..d479502 100644
--- a/private/property.te
+++ b/private/property.te
@@ -331,3 +331,11 @@
} {
userspace_reboot_test_prop
}:property_service set;
+
+neverallow {
+ -init
+ -system_server
+ -vendor_init
+} {
+ surfaceflinger_color_prop
+}:property_service set;
diff --git a/private/property_contexts b/private/property_contexts
index fff39d1..f18a23d 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -360,9 +360,6 @@
persist.sys.dalvik.vm.lib.2 u:object_r:exported2_system_prop:s0 exact string
persist.sys.media.avsync u:object_r:exported2_system_prop:s0 exact bool
persist.sys.hdmi.keep_awake u:object_r:exported2_system_prop:s0 exact bool
-persist.sys.sf.color_mode u:object_r:exported2_system_prop:s0 exact int
-persist.sys.sf.color_saturation u:object_r:exported2_system_prop:s0 exact string
-persist.sys.sf.native_mode u:object_r:exported2_system_prop:s0 exact int
pm.dexopt.ab-ota u:object_r:exported_pm_prop:s0 exact string
pm.dexopt.bg-dexopt u:object_r:exported_pm_prop:s0 exact string
@@ -465,9 +462,6 @@
ro.statsd.enable u:object_r:exported3_default_prop:s0 exact bool
-ro.sf.disable_triple_buffer u:object_r:exported3_default_prop:s0 exact bool
-ro.sf.lcd_density u:object_r:exported3_default_prop:s0 exact int
-
ro.storage_manager.enabled u:object_r:exported3_default_prop:s0 exact bool
ro.telephony.call_ring.multiple u:object_r:exported3_default_prop:s0 exact bool
@@ -779,6 +773,9 @@
ro.apex.updatable u:object_r:exported_default_prop:s0 exact bool
+# Property to enable incremental feature
+ro.incremental.enable u:object_r:incremental_prop:s0
+
# Properties to configure userspace reboot.
init.userspace_reboot.is_supported u:object_r:userspace_reboot_config_prop:s0 exact bool
init.userspace_reboot.sigkill.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int
@@ -797,7 +794,7 @@
sys.shutdown.requested u:object_r:exported_system_prop:s0 exact string
-# Using Sysprop as API. So the ro.surface_flinger.* are guaranteed to be API-stable
+# surfaceflinger properties
ro.surface_flinger.default_composition_dataspace u:object_r:surfaceflinger_prop:s0 exact int
ro.surface_flinger.default_composition_pixel_format u:object_r:surfaceflinger_prop:s0 exact int
ro.surface_flinger.force_hwc_copy_for_virtual_displays u:object_r:surfaceflinger_prop:s0 exact bool
@@ -832,6 +829,13 @@
ro.surface_flinger.color_space_agnostic_dataspace u:object_r:surfaceflinger_prop:s0 exact int
ro.surface_flinger.refresh_rate_switching u:object_r:surfaceflinger_prop:s0 exact bool
+ro.sf.disable_triple_buffer u:object_r:surfaceflinger_prop:s0 exact bool
+ro.sf.lcd_density u:object_r:surfaceflinger_prop:s0 exact int
+
+persist.sys.sf.color_mode u:object_r:surfaceflinger_color_prop:s0 exact int
+persist.sys.sf.color_saturation u:object_r:surfaceflinger_color_prop:s0 exact string
+persist.sys.sf.native_mode u:object_r:surfaceflinger_color_prop:s0 exact int
+
# Binder cache properties. These are world-readable
cache_key.app_inactive u:object_r:binder_cache_system_server_prop:s0
cache_key.is_compat_change_enabled u:object_r:binder_cache_system_server_prop:s0
diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index cf709df..973350e 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@@ -54,7 +54,6 @@
# Set properties.
set_prop(surfaceflinger, system_prop)
set_prop(surfaceflinger, exported_system_prop)
-set_prop(surfaceflinger, exported2_system_prop)
set_prop(surfaceflinger, exported3_system_prop)
set_prop(surfaceflinger, ctl_bootanim_prop)
diff --git a/private/system_server.te b/private/system_server.te
index 4fc507f..18b62a7 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -621,6 +621,7 @@
set_prop(system_server, socket_hook_prop)
set_prop(system_server, audio_prop)
set_prop(system_server, boot_status_prop)
+set_prop(system_server, surfaceflinger_color_prop)
userdebug_or_eng(`set_prop(system_server, wifi_log_prop)')
# ctl interface
@@ -680,6 +681,9 @@
# Read wifi.interface
get_prop(system_server, wifi_prop)
+# Read the vendor property that indicates if Incremental features is enabled
+get_prop(system_server, incremental_prop)
+
# Create a socket for connections from debuggerd.
allow system_server system_ndebug_socket:sock_file create_file_perms;
diff --git a/private/vold.te b/private/vold.te
index 3332d63..e62d7a9 100644
--- a/private/vold.te
+++ b/private/vold.te
@@ -21,6 +21,7 @@
# Property Service
get_prop(vold, vold_config_prop)
get_prop(vold, storage_config_prop);
+get_prop(vold, incremental_prop);
set_prop(vold, vold_prop)
set_prop(vold, vold_status_prop)
diff --git a/public/drmserver.te b/public/drmserver.te
index 12c080a..e2c6638 100644
--- a/public/drmserver.te
+++ b/public/drmserver.te
@@ -49,6 +49,9 @@
allow drmserver oemfs:dir search;
allow drmserver oemfs:file r_file_perms;
+# overlay package access
+allow drmserver vendor_overlay_file:file { read map };
+
add_service(drmserver, drmserver_service)
allow drmserver permission_service:service_manager find;
allow drmserver mediametrics_service:service_manager find;
diff --git a/public/mediaextractor.te b/public/mediaextractor.te
index 4bee4f8..1f34030 100644
--- a/public/mediaextractor.te
+++ b/public/mediaextractor.te
@@ -34,6 +34,9 @@
allow mediaextractor asec_apk_file:file { read getattr };
allow mediaextractor ringtone_file:file { read getattr };
+# overlay package access
+allow mediaextractor vendor_overlay_file:file { read map };
+
# scan extractor library directory to dynamically load extractors
allow mediaextractor system_file:dir { read open };
diff --git a/public/mediaserver.te b/public/mediaserver.te
index 832eaa3..86db99c 100644
--- a/public/mediaserver.te
+++ b/public/mediaserver.te
@@ -128,6 +128,9 @@
# b/120491318 allow mediaserver to access void:fd
allow mediaserver vold:fd use;
+# overlay package access
+allow mediaserver vendor_overlay_file:file { read getattr map };
+
hal_client_domain(mediaserver, hal_allocator)
###
diff --git a/public/mediatranscoding.te b/public/mediatranscoding.te
index 386535b..5b64083 100644
--- a/public/mediatranscoding.te
+++ b/public/mediatranscoding.te
@@ -3,11 +3,13 @@
type mediatranscoding_exec, system_file_type, exec_type, file_type;
binder_use(mediatranscoding)
+binder_call(mediatranscoding, binderservicedomain)
binder_service(mediatranscoding)
add_service(mediatranscoding, mediatranscoding_service)
allow mediatranscoding system_server:fd use;
+allow mediatranscoding activity_service:service_manager find;
# mediatranscoding should never execute any executable without a
# domain transition
diff --git a/public/property.te b/public/property.te
index 96866b3..8e5a7fc 100644
--- a/public/property.te
+++ b/public/property.te
@@ -106,6 +106,7 @@
system_vendor_config_prop(exported_config_prop)
system_vendor_config_prop(exported_default_prop)
system_vendor_config_prop(exported3_default_prop)
+system_vendor_config_prop(incremental_prop)
system_vendor_config_prop(media_variant_prop)
system_vendor_config_prop(storage_config_prop)
system_vendor_config_prop(surfaceflinger_prop)
@@ -152,6 +153,7 @@
system_public_prop(powerctl_prop)
system_public_prop(radio_prop)
system_public_prop(serialno_prop)
+system_public_prop(surfaceflinger_color_prop)
system_public_prop(system_prop)
system_public_prop(wifi_log_prop)
system_public_prop(wifi_prop)
diff --git a/public/vendor_init.te b/public/vendor_init.te
index d661d81..cd96643 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -225,11 +225,13 @@
set_prop(vendor_init, exported2_system_prop)
set_prop(vendor_init, exported3_default_prop)
set_prop(vendor_init, exported3_radio_prop)
+set_prop(vendor_init, incremental_prop)
set_prop(vendor_init, logd_prop)
set_prop(vendor_init, log_tag_prop)
set_prop(vendor_init, log_prop)
set_prop(vendor_init, rebootescrow_hal_prop)
set_prop(vendor_init, serialno_prop)
+set_prop(vendor_init, surfaceflinger_color_prop)
set_prop(vendor_init, userspace_reboot_config_prop)
set_prop(vendor_init, vehicle_hal_prop)
set_prop(vendor_init, vendor_default_prop)