Merge "Allow odsign to stop itself."
diff --git a/apex/com.android.compos-file_contexts b/apex/com.android.compos-file_contexts
index 83b4b58..f404a07 100644
--- a/apex/com.android.compos-file_contexts
+++ b/apex/com.android.compos-file_contexts
@@ -1 +1,5 @@
(/.*)? u:object_r:system_file:s0
+/bin/compos_key_cmd u:object_r:compos_key_cmd_exec:s0
+/bin/compos_key_main u:object_r:compos_exec:s0
+/bin/compsvc u:object_r:compos_exec:s0
+/bin/compsvc_worker u:object_r:compos_exec:s0
diff --git a/microdroid/system/private/compos.te b/microdroid/system/private/compos.te
new file mode 100644
index 0000000..a126a02
--- /dev/null
+++ b/microdroid/system/private/compos.te
@@ -0,0 +1,23 @@
+# TODO(b/193504816): move this to compos APEX
+type compos, domain, coredomain, microdroid_payload;
+type compos_exec, exec_type, file_type, system_file_type;
+
+type compos_key_cmd, domain, coredomain;
+type compos_key_cmd_exec, exec_type, file_type, system_file_type;
+
+allow compos self:vsock_socket { create_socket_perms_no_ioctl listen accept };
+
+# Talk to binder services (for keystore)
+binder_use(compos);
+
+# Allow payloads to use keystore
+use_keystore(compos);
+
+# Allow payloads to use and manage their keys
+allow compos vm_payload_key:keystore2_key {
+ delete
+ get_info
+ manage_blob
+ rebind
+ use
+};
diff --git a/microdroid/system/private/dex2oat.te b/microdroid/system/private/dex2oat.te
new file mode 100644
index 0000000..6bfd05e
--- /dev/null
+++ b/microdroid/system/private/dex2oat.te
@@ -0,0 +1,5 @@
+# dex2oat
+type dex2oat, domain, coredomain;
+type dex2oat_exec, system_file_type, exec_type, file_type;
+
+allow dex2oat tmpfs:file { read getattr map };
diff --git a/microdroid/system/private/domain.te b/microdroid/system/private/domain.te
index fe4d072..a3dfb27 100644
--- a/microdroid/system/private/domain.te
+++ b/microdroid/system/private/domain.te
@@ -242,6 +242,15 @@
allow domain task_profiles_file:file r_file_perms;
allow domain task_profiles_api_file:file r_file_perms;
+# cgroupfs directories can be created, but not files within them.
+neverallow domain cgroup:file create;
+neverallow domain cgroup_v2:file create;
+
+dontaudit domain proc_type:dir write;
+dontaudit domain sysfs_type:dir write;
+dontaudit domain cgroup:file create;
+dontaudit domain cgroup_v2:file create;
+
#-----------------------------------------
# Allow access to fsverity keyring.
allow domain kernel:key search;
diff --git a/microdroid/system/private/microdroid_app.te b/microdroid/system/private/microdroid_app.te
index 820ec68..d3ec74b 100644
--- a/microdroid/system/private/microdroid_app.te
+++ b/microdroid/system/private/microdroid_app.te
@@ -6,29 +6,9 @@
# Both microdroid_launcher and payload from the shared library run in the
# context of microdroid_app.
-type microdroid_app, domain, coredomain;
+type microdroid_app, domain, coredomain, microdroid_payload;
type microdroid_app_exec, exec_type, file_type, system_file_type;
-# Allow to communicate use, read and write over the adb connection.
-allow microdroid_app adbd:fd use;
-allow microdroid_app adbd:unix_stream_socket { read write };
-
-# microdroid_launcher is launched by microdroid_manager with fork/execvp.
-allow microdroid_app microdroid_manager:fd use;
-
-# Allow to use FDs inherited from the shell. This includes the FD opened for
-# the microdroid_launcher executable itself and the FD for adb connection.
-# TODO(b/186396070) remove this when this is executed from microdroid_manager
-userdebug_or_eng(`
- allow microdroid_app shell:fd use;
-')
-
-# Allow to use terminal
-allow microdroid_app devpts:chr_file rw_file_perms;
-
-# Allow to set debug prop
-set_prop(microdroid_app, debug_prop)
-
# Talk to binder services (for keystore)
binder_use(microdroid_app);
@@ -44,8 +24,3 @@
use
};
-# Allow microdroid_app to use vsock inherited from microdroid_manager
-allow microdroid_app microdroid_manager:vsock_socket { read write };
-
-# Write to /dev/kmsg.
-allow microdroid_app kmsg_device:chr_file rw_file_perms;
diff --git a/microdroid/system/private/microdroid_manager.te b/microdroid/system/private/microdroid_manager.te
index 074024f..ac81c90 100644
--- a/microdroid/system/private/microdroid_manager.te
+++ b/microdroid/system/private/microdroid_manager.te
@@ -11,14 +11,9 @@
allow microdroid_manager block_device:lnk_file r_file_perms;
allow microdroid_manager vd_device:blk_file r_file_perms;
-# microdroid_manager start payload task via microdroid_launcher
-domain_auto_trans(microdroid_manager, microdroid_app_exec, microdroid_app);
-
-# Let microdroid_manager exec other files (e.g. payload command) in the same domain.
-# TODO(b/189706019) we need to a domain for the app process.
-allow microdroid_manager system_file:file execute_no_trans;
-# Until then, allow microdroid_manager to execute the shell or other system executables.
-allow microdroid_manager {shell_exec toolbox_exec}:file rx_file_perms;
+# Allow microdroid_manager to start payload tasks
+domain_auto_trans(microdroid_manager, microdroid_app_exec, microdroid_app)
+domain_auto_trans(microdroid_manager, compos_exec, compos)
# Let microdroid_manager kernel-log.
allow microdroid_manager kmsg_device:chr_file w_file_perms;
@@ -27,11 +22,12 @@
set_prop(microdroid_manager, vmsecret_keymint_prop);
# Let microdroid_manager read a config file from /mnt/apk (fusefs)
-# TODO(b/188400186) remove the below two rules
+# TODO(b/188400186) remove the below rule
userdebug_or_eng(`
- allow microdroid_manager fuse:dir r_dir_perms;
- allow microdroid_manager fuse:file rx_file_perms;
+ r_dir_file(microdroid_manager, fuse)
')
# Let microdroid_manager to create a vsock connection back to the host VM
allow microdroid_manager self:vsock_socket { create_socket_perms_no_ioctl };
+
+neverallow microdroid_manager { file_type fs_type }:file execute_no_trans;
diff --git a/microdroid/system/private/microdroid_payload.te b/microdroid/system/private/microdroid_payload.te
new file mode 100644
index 0000000..87edb31
--- /dev/null
+++ b/microdroid/system/private/microdroid_payload.te
@@ -0,0 +1,31 @@
+# microdroid_payload is an attribute for microdroid payload processes.
+# Domains should have microdroid_payload to be run from microdroid_manager.
+
+# Allow to communicate use, read and write over the adb connection.
+allow microdroid_payload adbd:fd use;
+allow microdroid_payload adbd:unix_stream_socket { read write };
+
+# microdroid_launcher is launched by microdroid_manager with fork/execvp.
+allow microdroid_payload microdroid_manager:fd use;
+
+# Allow to use FDs inherited from the shell. This includes the FD opened for
+# the microdroid_launcher executable itself and the FD for adb connection.
+# TODO(b/186396070) remove this when this is executed from microdroid_manager
+userdebug_or_eng(`
+ allow microdroid_payload shell:fd use;
+')
+
+# Allow to use terminal
+allow microdroid_payload devpts:chr_file rw_file_perms;
+
+# Allow to set debug prop
+set_prop(microdroid_payload, debug_prop)
+
+# Allow microdroid_payload to use vsock inherited from microdroid_manager
+allow microdroid_payload microdroid_manager:vsock_socket { read write };
+
+# Write to /dev/kmsg.
+allow microdroid_payload kmsg_device:chr_file rw_file_perms;
+
+# Only microdroid_payload can be run by microdroid_manager
+neverallow microdroid_manager { domain -crash_dump -microdroid_payload }:process transition;
diff --git a/microdroid/system/public/attributes b/microdroid/system/public/attributes
index c82c0c8..cf516dd 100644
--- a/microdroid/system/public/attributes
+++ b/microdroid/system/public/attributes
@@ -393,3 +393,6 @@
attribute gsi_metadata_file_type;
attribute fusefs_type;
+
+# All types run from microdroid_manager as a payload
+attribute microdroid_payload;
diff --git a/prebuilts/api/31.0/private/bug_map b/prebuilts/api/31.0/private/bug_map
index 5b042ae..de7a4b5 100644
--- a/prebuilts/api/31.0/private/bug_map
+++ b/prebuilts/api/31.0/private/bug_map
@@ -25,6 +25,7 @@
netd untrusted_app_27 unix_stream_socket b/77870037
netd untrusted_app_29 unix_stream_socket b/77870037
platform_app nfc_data_file dir b/74331887
+system_server apex_art_data_file file b/194054685
system_server crash_dump process b/73128755
system_server overlayfs_file file b/142390309
system_server sdcardfs file b/77856826
diff --git a/private/app.te b/private/app.te
index 2b3554f..a33b6a0 100644
--- a/private/app.te
+++ b/private/app.te
@@ -103,3 +103,8 @@
-system_data_file # shared libs in apks
-apk_data_file
}:file no_x_file_perms;
+
+# Allow apps to read/write vsock created by virtualizationservice to communicate with
+# the VM that the app created. Notice that the app doesn't have permission to create
+# a vsock by itself; it can't connect to other VMs that it doesn't own.
+allow appdomain virtualizationservice:vsock_socket { getattr read write };
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 5c41b02..eb93529 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -114,9 +114,13 @@
ax25_socket ipx_socket netrom_socket atmpvc_socket x25_socket rose_socket decnet_socket
atmsvc_socket rds_socket irda_socket pppox_socket llc_socket can_socket tipc_socket
bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket
- alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket xdp_socket
+ alg_socket nfc_socket kcm_socket qipcrtr_socket smc_socket xdp_socket
} *;
+# Apps can read/write vsock created by virtualizationservice to communicate with the VM that they own,
+# but nothing more than that (e.g. creating a new vsock, etc.)
+neverallow all_untrusted_apps virtualizationservice:vsock_socket ~{ getattr read write };
+
# Disallow sending RTM_GETLINK messages on netlink sockets.
neverallow all_untrusted_apps domain:netlink_route_socket { bind nlmsg_readpriv };
diff --git a/private/bug_map b/private/bug_map
index 5b042ae..de7a4b5 100644
--- a/private/bug_map
+++ b/private/bug_map
@@ -25,6 +25,7 @@
netd untrusted_app_27 unix_stream_socket b/77870037
netd untrusted_app_29 unix_stream_socket b/77870037
platform_app nfc_data_file dir b/74331887
+system_server apex_art_data_file file b/194054685
system_server crash_dump process b/73128755
system_server overlayfs_file file b/142390309
system_server sdcardfs file b/77856826
diff --git a/private/compat/31.0/31.0.ignore.cil b/private/compat/31.0/31.0.ignore.cil
index c2ffde0..1fcfa4d 100644
--- a/private/compat/31.0/31.0.ignore.cil
+++ b/private/compat/31.0/31.0.ignore.cil
@@ -7,6 +7,8 @@
( new_objects
artd_service
camera2_extensions_prop
+ hal_system_suspend_service
+ hal_tv_tuner_service
power_stats_service
tare_service
transformer_service
diff --git a/private/compos.te b/private/compos.te
new file mode 100644
index 0000000..a86fd38
--- /dev/null
+++ b/private/compos.te
@@ -0,0 +1,6 @@
+# TODO(b/193504816): move this to compos APEX
+type compos, domain, coredomain;
+type compos_exec, exec_type, file_type, system_file_type;
+
+type compos_key_cmd, domain, coredomain;
+type compos_key_cmd_exec, exec_type, file_type, system_file_type;
diff --git a/private/crosvm.te b/private/crosvm.te
index b139286..42e5181 100644
--- a/private/crosvm.te
+++ b/private/crosvm.te
@@ -2,12 +2,6 @@
type crosvm_exec, system_file_type, exec_type, file_type;
type crosvm_tmpfs, file_type;
-# Let crosvm create temporary files.
-tmpfs_domain(crosvm)
-
-# Let crosvm receive file descriptors from VirtualizationService.
-allow crosvm virtualizationservice:fd use;
-
# Let crosvm open /dev/kvm.
allow crosvm kvm_device:chr_file rw_file_perms;
@@ -15,9 +9,53 @@
neverallow { domain -crosvm -ueventd -shell } kvm_device:chr_file getattr;
neverallow { domain -crosvm -ueventd } kvm_device:chr_file ~getattr;
-# Let crosvm read and write files from clients of virtualizationservice, but not open them directly
-# as they must be passed via virtualizationservice.
-allow crosvm apk_data_file:file { getattr read };
-allow crosvm app_data_file:file { getattr read write };
-# shell_data_file is used for automated tests and manual debugging.
-allow crosvm shell_data_file:file { getattr read write };
+# Let crosvm create temporary files.
+tmpfs_domain(crosvm)
+
+# Let crosvm receive file descriptors from VirtualizationService.
+allow crosvm virtualizationservice:fd use;
+
+# Let crosvm read the composite disk images (virtualizationservice_data_file), APEXes
+# (staging_data_file), APKs (apk_data_file and shell_data_file where the latter is for test apks in
+# /data/local/tmp), and instance.img (app_data_file). Note that the open permission is not given as
+# the files are passed as file descriptors.
+allow crosvm {
+ virtualizationservice_data_file
+ staging_data_file
+ apk_data_file
+ app_data_file
+ userdebug_or_eng(`shell_data_file')
+}:file { getattr read ioctl lock };
+
+# Allow searching the directory where the composite disk images are.
+allow crosvm virtualizationservice_data_file:dir search;
+
+# TODO(b/193402941) delete this. This for now is required because crosvm needs to open the files for
+# the GPT headers of the composite disks.
+allow crosvm virtualizationservice_data_file:file open;
+
+# Don't allow crosvm to open files that it doesn't own.
+neverallow crosvm {
+ #TODO(b/193402941) uncomment the following line
+ #virtualizationservice_data_file
+ staging_data_file
+ apk_data_file
+ app_data_file
+ userdebug_or_eng(`-shell_data_file')
+}:file open;
+
+# The instance image and the composite image should be writable as well because they could represent
+# mutable disks.
+allow crosvm {
+ virtualizationservice_data_file
+ app_data_file
+}:file write;
+
+# Allow crosvm to pipe console log to shell or app which could be the owner of a VM.
+allow crosvm { adbd appdomain }:fd use;
+allow crosvm adbd:unix_stream_socket { read write };
+allow crosvm appdomain:fifo_file { read write };
+
+# The console log can also be written to /data/local/tmp. This is not safe as the log then can be
+# visible to the processes which don't own the VM. Therefore, this is a debugging only feature.
+userdebug_or_eng(`allow crosvm shell_data_file:file w_file_perms;')
diff --git a/private/domain.te b/private/domain.te
index 7f4401d..9eeee88 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -216,6 +216,7 @@
-iorap_inode2filename
-priv_app
-virtualizationservice
+ -crosvm
} staging_data_file:file *;
neverallow { domain -init -system_server -installd} staging_data_file:dir no_w_dir_perms;
# apexd needs the link and unlink permissions, so list every `no_w_file_perms`
@@ -553,3 +554,18 @@
-tracefs_type
}:file no_rw_file_perms;
')
+
+# Restrict write access to shell owned files. The /data/local/tmp directory is
+# untrustworthy, and non-allowed domains should not be trusting any content in
+# those directories. We allow shell files to be passed around by file
+# descriptor, but not directly opened.
+neverallow {
+ domain
+ -adbd
+ -appdomain
+ -dumpstate
+ -installd
+ userdebug_or_eng(`-uncrypt')
+ userdebug_or_eng(`-virtualizationservice')
+ userdebug_or_eng(`-crosvm')
+} shell_data_file:file open;
diff --git a/private/file_contexts b/private/file_contexts
index 779a37a..c9b7c69 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -475,8 +475,10 @@
/(system_ext|system/system_ext)/etc/selinux/system_ext_service_contexts u:object_r:service_contexts_file:s0
/(system_ext|system/system_ext)/etc/selinux/system_ext_mac_permissions\.xml u:object_r:mac_perms_file:s0
-/(system_ext|system/system_ext)/bin/aidl_lazy_test_server u:object_r:aidl_lazy_test_server_exec:s0
-/(system_ext|system/system_ext)/bin/hidl_lazy_test_server u:object_r:hidl_lazy_test_server_exec:s0
+/(system_ext|system/system_ext)/bin/aidl_lazy_test_server u:object_r:aidl_lazy_test_server_exec:s0
+/(system_ext|system/system_ext)/bin/aidl_lazy_cb_test_server u:object_r:aidl_lazy_test_server_exec:s0
+/(system_ext|system/system_ext)/bin/hidl_lazy_test_server u:object_r:hidl_lazy_test_server_exec:s0
+/(system_ext|system/system_ext)/bin/hidl_lazy_cb_test_server u:object_r:hidl_lazy_test_server_exec:s0
/(system_ext|system/system_ext)/lib(64)?(/.*)? u:object_r:system_lib_file:s0
diff --git a/private/hwservice_contexts b/private/hwservice_contexts
index 5b6e79d..4a44dc5 100644
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts
@@ -41,6 +41,7 @@
android.hardware.ir::IConsumerIr u:object_r:hal_ir_hwservice:s0
android.hardware.keymaster::IKeymasterDevice u:object_r:hal_keymaster_hwservice:s0
android.hardware.tests.lazy::ILazy u:object_r:hal_lazy_test_hwservice:s0
+android.hardware.tests.lazy_cb::ILazyCb u:object_r:hal_lazy_test_hwservice:s0
android.hardware.light::ILight u:object_r:hal_light_hwservice:s0
android.hardware.lowpan::ILowpanDevice u:object_r:hal_lowpan_hwservice:s0
android.hardware.media.omx::IOmx u:object_r:hal_omx_hwservice:s0
diff --git a/private/service_contexts b/private/service_contexts
index 6c8c83e..4da2781 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -16,11 +16,13 @@
android.hardware.security.secureclock.ISecureClock/default u:object_r:hal_secureclock_service:s0
android.hardware.security.sharedsecret.ISharedSecret/default u:object_r:hal_sharedsecret_service:s0
android.hardware.soundtrigger3.ISoundTriggerHw/default u:object_r:hal_audio_service:s0
+android.hardware.tv.tuner.ITuner/default u:object_r:hal_tv_tuner_service:s0
android.hardware.vibrator.IVibrator/default u:object_r:hal_vibrator_service:s0
android.hardware.vibrator.IVibratorManager/default u:object_r:hal_vibrator_service:s0
android.hardware.weaver.IWeaver/default u:object_r:hal_weaver_service:s0
android.frameworks.stats.IStats/default u:object_r:fwk_stats_service:s0
android.system.keystore2.IKeystoreService/default u:object_r:keystore_service:s0
+android.system.suspend.ISystemSuspend/default u:object_r:hal_system_suspend_service:s0
accessibility u:object_r:accessibility_service:s0
account u:object_r:account_service:s0
@@ -29,6 +31,7 @@
adb u:object_r:adb_service:s0
aidl_lazy_test_1 u:object_r:aidl_lazy_test_service:s0
aidl_lazy_test_2 u:object_r:aidl_lazy_test_service:s0
+aidl_lazy_cb_test u:object_r:aidl_lazy_test_service:s0
alarm u:object_r:alarm_service:s0
android.os.UpdateEngineService u:object_r:update_engine_service:s0
android.os.UpdateEngineStableService u:object_r:update_engine_stable_service:s0
diff --git a/private/system_suspend.te b/private/system_suspend.te
index caf8955..d924187 100644
--- a/private/system_suspend.te
+++ b/private/system_suspend.te
@@ -7,6 +7,8 @@
binder_use(system_suspend)
add_service(system_suspend, system_suspend_control_service)
+add_service(system_suspend, hal_system_suspend_service)
+
# Access to /sys/power/{ wakeup_count, state } suspend interface.
allow system_suspend sysfs_power:file rw_file_perms;
diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
index 4efe355..837fc59 100644
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te
@@ -7,6 +7,14 @@
# Let the virtualizationservice domain use Binder.
binder_use(virtualizationservice)
+# ... and host a binder service
+binder_service(virtualizationservice)
+# It needs to call back to app
+binder_call(virtualizationservice, appdomain)
+
+# Allow calling into the system server so that it can check permissions.
+binder_call(virtualizationservice, system_server)
+allow virtualizationservice permission_service:service_manager find;
# Let the virtualizationservice domain register the virtualization_service with ServiceManager.
add_service(virtualizationservice, virtualization_service)
@@ -32,22 +40,28 @@
allow virtualizationservice $1:fd use;
')
-# Let the shell user call virtualizationservice for debugging.
+# Let the shell user call virtualizationservice (and virtualizationservice call back to shell) for
+# debugging.
virtualizationservice_use(shell)
+binder_call(virtualizationservice, shell)
+
+# Allow to use fd (e.g. /dev/pts/0) inherited from adbd so that we can redirect output from
+# crosvm to the console
+allow virtualizationservice adbd:fd use;
+allow virtualizationservice adbd:unix_stream_socket { read write };
# Let virtualizationservice read and write files from its various clients, but not open them
# directly as they must be passed over Binder by the client.
allow virtualizationservice apk_data_file:file { getattr read };
+# Write access is needed for mutable partitions like instance.img
allow virtualizationservice app_data_file:file { getattr read write };
# shell_data_file is used for automated tests and manual debugging.
allow virtualizationservice shell_data_file:file { getattr read write };
-# Allow virtualizationservice to access apex files in /data/apex/{active,decompressed}
+# Allow virtualizationservice to read apex-info-list.xml and access the APEX files listed there.
+allow virtualizationservice apex_info_file:file r_file_perms;
allow virtualizationservice apex_data_file:dir search;
allow virtualizationservice staging_data_file:file r_file_perms;
-# Allow virtualizationservice to read apex-info-list.xml
-allow virtualizationservice apex_info_file:file r_file_perms;
-
# Let virtualizationservice to accept vsock connection from the guest VMs
allow virtualizationservice self:vsock_socket { create_socket_perms_no_ioctl listen accept };
diff --git a/public/domain.te b/public/domain.te
index 799a2f1..3643d8c 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -1227,17 +1227,6 @@
userdebug_or_eng(`-uncrypt')
} shell_data_file:dir { open search };
-# Same as above for /data/local/tmp files. We allow shell files
-# to be passed around by file descriptor, but not directly opened.
-neverallow {
- domain
- -adbd
- -appdomain
- -dumpstate
- -installd
- userdebug_or_eng(`-uncrypt')
-} shell_data_file:file open;
-
# servicemanager and vndservicemanager are the only processes which handle the
# service_manager list request
neverallow * ~{
diff --git a/public/hal_tv_tuner.te b/public/hal_tv_tuner.te
index 0da4ec7..4b7c030 100644
--- a/public/hal_tv_tuner.te
+++ b/public/hal_tv_tuner.te
@@ -2,3 +2,7 @@
binder_call(hal_tv_tuner_server, hal_tv_tuner_client)
hal_attribute_hwservice(hal_tv_tuner, hal_tv_tuner_hwservice)
+hal_attribute_service(hal_tv_tuner, hal_tv_tuner_service)
+
+binder_call(hal_tv_tuner_server, servicemanager)
+binder_call(hal_tv_tuner_client, servicemanager)
diff --git a/public/ioctl_defines b/public/ioctl_defines
index 3585d90..fa96726 100644
--- a/public/ioctl_defines
+++ b/public/ioctl_defines
@@ -841,12 +841,12 @@
define(`FSL_HV_IOCTL_PARTITION_STOP', `0xc008af04')
define(`FSL_HV_IOCTL_SETPROP', `0xc028af08')
define(`FUNCTIONFS_CLEAR_HALT', `0x00006703')
+define(`FUNCTIONFS_ENDPOINT_ALLOC', `0x000067e7')
define(`FUNCTIONFS_ENDPOINT_DESC', `0x80096782')
define(`FUNCTIONFS_ENDPOINT_REVMAP', `0x00006781')
define(`FUNCTIONFS_FIFO_FLUSH', `0x00006702')
define(`FUNCTIONFS_FIFO_STATUS', `0x00006701')
define(`FUNCTIONFS_INTERFACE_REVMAP', `0x00006780')
-define(`FUNCTIONFS_ENDPOINT_ALLOC', `0x000067e7')
define(`FW_CDEV_IOC_ADD_DESCRIPTOR', `0xc0182306')
define(`FW_CDEV_IOC_ALLOCATE', `0xc0202302')
define(`FW_CDEV_IOC_ALLOCATE_ISO_RESOURCE', `0xc018230d')
diff --git a/public/service.te b/public/service.te
index 5e94477..f8f37f0 100644
--- a/public/service.te
+++ b/public/service.te
@@ -43,7 +43,7 @@
type system_suspend_control_service, service_manager_type;
type update_engine_service, service_manager_type;
type update_engine_stable_service, service_manager_type;
-type virtualization_service, service_manager_type;
+type virtualization_service, app_api_service, service_manager_type;
type virtual_touchpad_service, service_manager_type;
type vold_service, service_manager_type;
type vr_hwc_service, service_manager_type;
@@ -267,6 +267,8 @@
type hal_remotelyprovisionedcomponent_service, vendor_service, protected_service, service_manager_type;
type hal_secureclock_service, vendor_service, protected_service, service_manager_type;
type hal_sharedsecret_service, vendor_service, protected_service, service_manager_type;
+type hal_system_suspend_service, protected_service, service_manager_type;
+type hal_tv_tuner_service, vendor_service, protected_service, service_manager_type;
type hal_vibrator_service, vendor_service, protected_service, service_manager_type;
type hal_weaver_service, vendor_service, protected_service, service_manager_type;
diff --git a/public/te_macros b/public/te_macros
index 200b2e3..1bdf039 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -431,6 +431,9 @@
hwbinder_use($1)
get_prop($1, hwservicemanager_prop)
allow $1 hidl_manager_hwservice:hwservice_manager find;
+# AIDL suspend hal permissions
+allow $1 hal_system_suspend_service:service_manager find;
+binder_use($1)
')
#####################################
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 3f7c8f9..79bbda4 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -76,6 +76,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.cec@1\.[01]-service u:object_r:hal_tv_cec_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.input@1\.0-service u:object_r:hal_tv_input_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.tuner@1\.[01]-service u:object_r:hal_tv_tuner_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.tuner-service\.example u:object_r:hal_tv_tuner_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.0-service u:object_r:hal_usb_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.usb\.gadget@1\.1-service u:object_r:hal_usb_gadget_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.vibrator@1\.0-service u:object_r:hal_vibrator_default_exec:s0