Merge "sepolicy: take sepolicy split in .mk"
diff --git a/apex/com.android.art-file_contexts b/apex/com.android.art-file_contexts
index f1aa92b..ada6c3b 100644
--- a/apex/com.android.art-file_contexts
+++ b/apex/com.android.art-file_contexts
@@ -2,6 +2,7 @@
# System files
#
(/.*)? u:object_r:system_file:s0
+/bin/art_boot u:object_r:art_boot_exec:s0
/bin/art_exec u:object_r:art_exec_exec:s0
/bin/artd u:object_r:artd_exec:s0
/bin/dex2oat(32|64)? u:object_r:dex2oat_exec:s0
diff --git a/apex/com.android.art.debug-file_contexts b/apex/com.android.art.debug-file_contexts
index cc60b70..a3fc35d 100644
--- a/apex/com.android.art.debug-file_contexts
+++ b/apex/com.android.art.debug-file_contexts
@@ -2,6 +2,7 @@
# System files
#
(/.*)? u:object_r:system_file:s0
+/bin/art_boot u:object_r:art_boot_exec:s0
/bin/art_exec u:object_r:art_exec_exec:s0
/bin/artd u:object_r:artd_exec:s0
/bin/dex2oat(d)?(32|64)? u:object_r:dex2oat_exec:s0
diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index 711e6d8..7eef4ea 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go
@@ -307,7 +307,7 @@
"media.log": EXCEPTION_NO_FUZZER,
"media.player": EXCEPTION_NO_FUZZER,
"media.metrics": []string{"mediametrics_aidl_fuzzer"},
- "media.extractor": EXCEPTION_NO_FUZZER,
+ "media.extractor": []string{"mediaextractor_service_fuzzer"},
"media.transcoding": EXCEPTION_NO_FUZZER,
"media.resource_manager": EXCEPTION_NO_FUZZER,
"media.resource_observer": EXCEPTION_NO_FUZZER,
diff --git a/private/art_boot.te b/private/art_boot.te
new file mode 100644
index 0000000..0922931
--- /dev/null
+++ b/private/art_boot.te
@@ -0,0 +1,13 @@
+# ART boot oneshot service
+type art_boot, domain, coredomain;
+type art_boot_exec, exec_type, file_type, system_file_type;
+
+init_daemon_domain(art_boot)
+
+# Allow query of device config properties, typically experiment flags.
+get_prop(art_boot, device_config_runtime_native_boot_prop)
+get_prop(art_boot, device_config_runtime_native_prop)
+
+# Allow ART to set its config properties at boot, mainly to be able to propagate
+# experiment flags to properties that only may change at boot.
+set_prop(art_boot, dalvik_config_prop_type)
diff --git a/private/compat/33.0/33.0.ignore.cil b/private/compat/33.0/33.0.ignore.cil
index aa42c19..c73eefa 100644
--- a/private/compat/33.0/33.0.ignore.cil
+++ b/private/compat/33.0/33.0.ignore.cil
@@ -7,6 +7,8 @@
( new_objects
adaptive_haptics_prop
apex_ready_prop
+ art_boot
+ art_boot_exec
artd
bt_device
build_attestation_prop
diff --git a/private/domain.te b/private/domain.te
index 2cffdd8..f98a285 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -539,6 +539,10 @@
# Do not allow reading the last boot timestamp from system properties
neverallow { domain -init -system_server -dumpstate } firstboot_prop:file r_file_perms;
+# Allow ART to set its config properties in its oneshot boot service, in
+# addition to the common init and vendor_init access.
+neverallow { domain -art_boot -init -vendor_init } dalvik_config_prop:property_service set;
+
# Kprobes should only be used by adb root
neverallow { domain -init -vendor_init } debugfs_kprobes:file *;
diff --git a/public/domain.te b/public/domain.te
index 39cd5c2..4ad73f1 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -334,6 +334,10 @@
allow domain apex_mnt_dir:dir { getattr search };
allow domain apex_mnt_dir:lnk_file r_file_perms;
+# Allow everyone to read media server-configurable flags, so that libstagefright can be
+# configured using server-configurable flags
+get_prop(domain, device_config_media_native_prop)
+
###
### neverallow rules
###
@@ -1286,7 +1290,3 @@
# Linux lockdown "integrity" level is enforced for user builds.
neverallow { domain userdebug_or_eng(`-domain') } self:lockdown integrity;
-
-# Allow everyone to read media server-configurable flags, so that libstagefright can be
-# configured using server-configurable flags
-get_prop(domain, device_config_media_native_prop)
diff --git a/public/property.te b/public/property.te
index 4315eef..c11264b 100644
--- a/public/property.te
+++ b/public/property.te
@@ -146,7 +146,6 @@
system_vendor_config_prop(codec2_config_prop)
system_vendor_config_prop(composd_vm_vendor_prop)
system_vendor_config_prop(cpu_variant_prop)
-system_vendor_config_prop(dalvik_config_prop)
system_vendor_config_prop(debugfs_restriction_prop)
system_vendor_config_prop(drm_service_config_prop)
system_vendor_config_prop(exported_camera_prop)
@@ -209,6 +208,7 @@
system_public_prop(ctl_interface_start_prop)
system_public_prop(ctl_start_prop)
system_public_prop(ctl_stop_prop)
+system_public_prop(dalvik_config_prop)
system_public_prop(dalvik_dynamic_config_prop)
system_public_prop(dalvik_runtime_prop)
system_public_prop(debug_prop)
diff --git a/public/vendor_init.te b/public/vendor_init.te
index 38c7699..a9d1b5d 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -235,6 +235,7 @@
set_prop(vendor_init, camera2_extensions_prop)
set_prop(vendor_init, camerax_extensions_prop)
set_prop(vendor_init, cpu_variant_prop)
+set_prop(vendor_init, dalvik_config_prop)
set_prop(vendor_init, dalvik_dynamic_config_prop)
set_prop(vendor_init, dalvik_runtime_prop)
set_prop(vendor_init, debug_prop)
diff --git a/tests/apex_sepolicy_tests.py b/tests/apex_sepolicy_tests.py
index 0bcc998..518ebbc 100644
--- a/tests/apex_sepolicy_tests.py
+++ b/tests/apex_sepolicy_tests.py
@@ -81,16 +81,20 @@
def check_rule(pol, path: str, tcontext: str, rule: Rule) -> List[str]:
"""Returns error message if scontext can't read the target"""
+ errors = []
match rule:
case AllowRead(tclass, scontext):
- te_rules = list(pol.QueryTERule(scontext=scontext,
- tcontext={tcontext},
- tclass={tclass},
- perms={'read'}))
- if len(te_rules) > 0:
- return [] # no errors
+ # Test every source in scontext(set)
+ for s in scontext:
+ te_rules = list(pol.QueryTERule(scontext={s},
+ tcontext={tcontext},
+ tclass={tclass},
+ perms={'read'}))
+ if len(te_rules) > 0:
+ continue # no errors
- return [f"Error: {path}: {scontext} can't read. (tcontext={tcontext})"]
+ errors.append(f"Error: {path}: {s} can't read. (tcontext={tcontext})")
+ return errors
rules = [
diff --git a/tests/apex_sepolicy_tests_test.py b/tests/apex_sepolicy_tests_test.py
index 9b427a0..9c87a00 100644
--- a/tests/apex_sepolicy_tests_test.py
+++ b/tests/apex_sepolicy_tests_test.py
@@ -93,6 +93,8 @@
self.assert_ok('./etc/linker.config.pb u:object_r:linkerconfig_file:s0')
self.assert_error('./etc/linker.config.pb u:object_r:vendor_file:s0',
r'Error: .*linkerconfig.* can\'t read')
+ self.assert_error('./ u:object_r:apex_data_file:s0',
+ r'Error: .*linkerconfig.* can\'t read')
if __name__ == '__main__':
unittest.main(verbosity=2)