Merge "Add a new tradeinmode property for testing." into main
diff --git a/Android.bp b/Android.bp
index 558810c..24b6fbc 100644
--- a/Android.bp
+++ b/Android.bp
@@ -906,8 +906,32 @@
// Additional directories can be specified via Makefile variables:
// SEPOLICY_FREEZE_TEST_EXTRA_DIRS and SEPOLICY_FREEZE_TEST_EXTRA_PREBUILT_DIRS.
//////////////////////////////////
+
+FREEZE_TEST_BOARD_API_LEVEL = "202404"
+
+se_policy_conf {
+ name: "base_plat_pub_policy_for_freeze_test.conf",
+ defaults: ["se_policy_conf_flags_defaults"],
+ srcs: plat_public_policy +
+ reqd_mask_policy,
+ build_variant: "user",
+ installable: false,
+ board_api_level: FREEZE_TEST_BOARD_API_LEVEL,
+}
+
+se_policy_cil {
+ name: "base_plat_pub_policy_for_freeze_test.cil",
+ src: ":base_plat_pub_policy_for_freeze_test.conf",
+ filter_out: [":reqd_policy_mask.cil"],
+ secilc_check: false,
+ installable: false,
+}
+
se_freeze_test {
name: "se_freeze_test",
+ board_api_level: FREEZE_TEST_BOARD_API_LEVEL,
+ current_cil: ":base_plat_pub_policy_for_freeze_test.cil",
+ prebuilt_cil: ":" + FREEZE_TEST_BOARD_API_LEVEL + "_plat_pub_policy.cil",
}
//////////////////////////////////
diff --git a/apex/com.android.biometrics.virtual.face-file_contexts b/apex/com.android.biometrics.virtual.face-file_contexts
index 07fc0a8..8d9b86c 100644
--- a/apex/com.android.biometrics.virtual.face-file_contexts
+++ b/apex/com.android.biometrics.virtual.face-file_contexts
@@ -1,3 +1,3 @@
-(/.*)? u:object_r:vendor_file:s0
-/etc(/.*)? u:object_r:vendor_configs_file:s0
+(/.*)? u:object_r:system_file:s0
+/lib(64)?(/.*) u:object_r:system_lib_file:s0
/bin/hw/android\.hardware\.biometrics\.face-service\.example u:object_r:virtual_face_exec:s0
diff --git a/apex/com.android.virt-file_contexts b/apex/com.android.virt-file_contexts
index 75f9c10..bb0f909 100644
--- a/apex/com.android.virt-file_contexts
+++ b/apex/com.android.virt-file_contexts
@@ -12,3 +12,4 @@
is_flag_enabled(RELEASE_AVF_ENABLE_EARLY_VM, `
/bin/early_virtmgr u:object_r:early_virtmgr_exec:s0
')
+/lib(64)?(/.*)? u:object_r:system_lib_file:s0
diff --git a/build/soong/sepolicy_freeze.go b/build/soong/sepolicy_freeze.go
index 41d460d..21f6dba 100644
--- a/build/soong/sepolicy_freeze.go
+++ b/build/soong/sepolicy_freeze.go
@@ -20,9 +20,6 @@
"android/soong/android"
)
-var currentCilTag = dependencyTag{name: "current_cil"}
-var prebuiltCilTag = dependencyTag{name: "prebuilt_cil"}
-
func init() {
ctx := android.InitRegistrationContext
ctx.RegisterModuleType("se_freeze_test", freezeTestFactory)
@@ -33,72 +30,35 @@
// SEPOLICY_FREEZE_TEST_EXTRA_PREBUILT_DIRS.
func freezeTestFactory() android.Module {
f := &freezeTestModule{}
+ f.AddProperties(&f.properties)
android.InitAndroidArchModule(f, android.DeviceSupported, android.MultilibCommon)
- android.AddLoadHook(f, func(ctx android.LoadHookContext) {
- f.loadHook(ctx)
- })
return f
}
+type freezeTestProperties struct {
+ // Frozen SEPolicy version to compare
+ Board_api_level *string
+
+ // Path to the base platform public policy cil
+ Current_cil *string `android:"path"`
+
+ // Path to the prebuilt cil of given board API level
+ Prebuilt_cil *string `android:"path"`
+}
+
type freezeTestModule struct {
android.ModuleBase
+
+ properties freezeTestProperties
+
freezeTestTimestamp android.ModuleOutPath
}
-func (f *freezeTestModule) shouldRunTest(ctx android.EarlyModuleContext) bool {
+func (f *freezeTestModule) shouldCompareExtraDirs(ctx android.EarlyModuleContext) bool {
val, _ := ctx.Config().GetBuildFlag("RELEASE_BOARD_API_LEVEL_FROZEN")
return val == "true"
}
-func (f *freezeTestModule) loadHook(ctx android.LoadHookContext) {
- extraDirs := ctx.DeviceConfig().SepolicyFreezeTestExtraDirs()
- extraPrebuiltDirs := ctx.DeviceConfig().SepolicyFreezeTestExtraPrebuiltDirs()
-
- if !f.shouldRunTest(ctx) {
- if len(extraDirs) > 0 || len(extraPrebuiltDirs) > 0 {
- ctx.ModuleErrorf("SEPOLICY_FREEZE_TEST_EXTRA_DIRS or SEPOLICY_FREEZE_TEST_EXTRA_PREBUILT_DIRS cannot be set before system/sepolicy freezes.")
- return
- }
-
- return
- }
-
- if len(extraDirs) != len(extraPrebuiltDirs) {
- ctx.ModuleErrorf("SEPOLICY_FREEZE_TEST_EXTRA_DIRS and SEPOLICY_FREEZE_TEST_EXTRA_PREBUILT_DIRS must have the same number of directories.")
- return
- }
-}
-
-func (f *freezeTestModule) prebuiltCilModuleName(ctx android.EarlyModuleContext) string {
- return ctx.DeviceConfig().PlatformSepolicyVersion() + "_plat_pub_policy.cil"
-}
-
-func (f *freezeTestModule) DepsMutator(ctx android.BottomUpMutatorContext) {
- if !f.shouldRunTest(ctx) {
- return
- }
-
- ctx.AddDependency(f, currentCilTag, "base_plat_pub_policy.cil")
- ctx.AddDependency(f, prebuiltCilTag, f.prebuiltCilModuleName(ctx))
-}
-
-func (f *freezeTestModule) outputFileOfDep(ctx android.ModuleContext, depTag dependencyTag) android.Path {
- deps := ctx.GetDirectDepsWithTag(depTag)
- if len(deps) != 1 {
- ctx.ModuleErrorf("%d deps having tag %q; expected only one dep", len(deps), depTag)
- return nil
- }
-
- dep := deps[0]
- output := android.OutputFilesForModule(ctx, dep, "")
- if len(output) != 1 {
- ctx.ModuleErrorf("module %q produced %d outputs; expected only one output", dep.String(), len(output))
- return nil
- }
-
- return output[0]
-}
-
func (f *freezeTestModule) GenerateAndroidBuildActions(ctx android.ModuleContext) {
if ctx.ModuleName() != "se_freeze_test" || ctx.ModuleDir() != "system/sepolicy" {
// two freeze test modules don't make sense.
@@ -107,15 +67,9 @@
f.freezeTestTimestamp = android.PathForModuleOut(ctx, "freeze_test")
- if !f.shouldRunTest(ctx) {
- // we still build a rule to prevent possible regression
- android.WriteFileRule(ctx, f.freezeTestTimestamp, ";; no freeze tests needed before system/sepolicy freezes")
- return
- }
-
// Freeze test 1: compare ToT sepolicy and prebuilt sepolicy
- currentCil := f.outputFileOfDep(ctx, currentCilTag)
- prebuiltCil := f.outputFileOfDep(ctx, prebuiltCilTag)
+ currentCil := android.PathForModuleSrc(ctx, String(f.properties.Current_cil))
+ prebuiltCil := android.PathForModuleSrc(ctx, String(f.properties.Prebuilt_cil))
if ctx.Failed() {
return
}
@@ -131,23 +85,35 @@
extraPrebuiltDirs := ctx.DeviceConfig().SepolicyFreezeTestExtraPrebuiltDirs()
var implicits []string
- for _, dir := range append(extraDirs, extraPrebuiltDirs...) {
- glob, err := ctx.GlobWithDeps(dir+"/**/*", []string{"bug_map"} /* exclude */)
- if err != nil {
- ctx.ModuleErrorf("failed to glob sepolicy dir %q: %s", dir, err.Error())
+ if f.shouldCompareExtraDirs(ctx) {
+ if len(extraDirs) != len(extraPrebuiltDirs) {
+ ctx.ModuleErrorf("SEPOLICY_FREEZE_TEST_EXTRA_DIRS and SEPOLICY_FREEZE_TEST_EXTRA_PREBUILT_DIRS must have the same number of directories.")
return
}
- implicits = append(implicits, glob...)
- }
- sort.Strings(implicits)
- for idx, _ := range extraDirs {
- rule.Command().Text("diff").
- Flag("-r").
- Flag("-q").
- FlagWithArg("-x ", "bug_map"). // exclude
- Text(extraDirs[idx]).
- Text(extraPrebuiltDirs[idx])
+ for _, dir := range append(extraDirs, extraPrebuiltDirs...) {
+ glob, err := ctx.GlobWithDeps(dir+"/**/*", []string{"bug_map"} /* exclude */)
+ if err != nil {
+ ctx.ModuleErrorf("failed to glob sepolicy dir %q: %s", dir, err.Error())
+ return
+ }
+ implicits = append(implicits, glob...)
+ }
+ sort.Strings(implicits)
+
+ for idx, _ := range extraDirs {
+ rule.Command().Text("diff").
+ Flag("-r").
+ Flag("-q").
+ FlagWithArg("-x ", "bug_map"). // exclude
+ Text(extraDirs[idx]).
+ Text(extraPrebuiltDirs[idx])
+ }
+ } else {
+ if len(extraDirs) > 0 || len(extraPrebuiltDirs) > 0 {
+ ctx.ModuleErrorf("SEPOLICY_FREEZE_TEST_EXTRA_DIRS or SEPOLICY_FREEZE_TEST_EXTRA_PREBUILT_DIRS cannot be set before system/sepolicy freezes.")
+ return
+ }
}
rule.Command().Text("touch").
diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index 35f4e09..7aaab4e 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go
@@ -23,144 +23,146 @@
var (
ServiceFuzzerBindings = map[string][]string{
- "android.hardware.audio.core.IConfig/default": EXCEPTION_NO_FUZZER,
- "android.hardware.audio.core.IModule/default": EXCEPTION_NO_FUZZER,
- "android.hardware.audio.core.IModule/a2dp": EXCEPTION_NO_FUZZER,
- "android.hardware.audio.core.IModule/bluetooth": EXCEPTION_NO_FUZZER,
- "android.hardware.audio.core.IModule/hearing_aid": EXCEPTION_NO_FUZZER,
- "android.hardware.audio.core.IModule/msd": EXCEPTION_NO_FUZZER,
- "android.hardware.audio.core.IModule/r_submix": EXCEPTION_NO_FUZZER,
- "android.hardware.audio.core.IModule/stub": EXCEPTION_NO_FUZZER,
- "android.hardware.audio.core.IModule/usb": EXCEPTION_NO_FUZZER,
- "android.hardware.audio.effect.IFactory/default": EXCEPTION_NO_FUZZER,
- "android.hardware.audio.sounddose.ISoundDoseFactory/default": EXCEPTION_NO_FUZZER,
- "android.hardware.authsecret.IAuthSecret/default": EXCEPTION_NO_FUZZER,
- "android.hardware.automotive.evs.IEvsEnumerator/hw/0": EXCEPTION_NO_FUZZER,
- "android.hardware.boot.IBootControl/default": EXCEPTION_NO_FUZZER,
- "android.hardware.automotive.can.ICanController/default": EXCEPTION_NO_FUZZER,
- "android.hardware.automotive.evs.IEvsEnumerator/hw/1": EXCEPTION_NO_FUZZER,
- "android.hardware.automotive.ivn.IIvnAndroidDevice/default": EXCEPTION_NO_FUZZER,
- "android.hardware.automotive.remoteaccess.IRemoteAccess/default": EXCEPTION_NO_FUZZER,
- "android.hardware.automotive.vehicle.IVehicle/default": EXCEPTION_NO_FUZZER,
- "android.hardware.automotive.audiocontrol.IAudioControl/default": EXCEPTION_NO_FUZZER,
- "android.hardware.biometrics.face.IFace/default": EXCEPTION_NO_FUZZER,
- "android.hardware.biometrics.face.IFace/virtual": EXCEPTION_NO_FUZZER,
- "android.hardware.biometrics.face.virtualhal.IVirtualHal/virtual": EXCEPTION_NO_FUZZER,
- "android.hardware.biometrics.fingerprint.IFingerprint/default": EXCEPTION_NO_FUZZER,
- "android.hardware.biometrics.fingerprint.IFingerprint/virtual": EXCEPTION_NO_FUZZER,
- "android.hardware.biometrics.fingerprint.virtualhal.IVirtualHal/virtual": EXCEPTION_NO_FUZZER,
- "android.hardware.bluetooth.audio.IBluetoothAudioProviderFactory/default": EXCEPTION_NO_FUZZER,
- "android.hardware.broadcastradio.IBroadcastRadio/amfm": []string{"android.hardware.broadcastradio-service.default_fuzzer"},
- "android.hardware.broadcastradio.IBroadcastRadio/dab": []string{"android.hardware.broadcastradio-service.default_fuzzer"},
- "android.hardware.bluetooth.IBluetoothHci/default": EXCEPTION_NO_FUZZER,
- "android.hardware.bluetooth.finder.IBluetoothFinder/default": EXCEPTION_NO_FUZZER,
- "android.hardware.bluetooth.ranging.IBluetoothChannelSounding/default": EXCEPTION_NO_FUZZER,
- "android.hardware.bluetooth.lmp_event.IBluetoothLmpEvent/default": EXCEPTION_NO_FUZZER,
- "android.hardware.bluetooth.socket.IBluetoothSocket/default": []string{"android.hardware.bluetooth.socket-service_fuzzer"},
- "android.hardware.camera.provider.ICameraProvider/internal/0": EXCEPTION_NO_FUZZER,
- "android.hardware.camera.provider.ICameraProvider/virtual/0": EXCEPTION_NO_FUZZER,
- "android.hardware.cas.IMediaCasService/default": EXCEPTION_NO_FUZZER,
- "android.hardware.confirmationui.IConfirmationUI/default": []string{"android.hardware.confirmationui-service.trusty_fuzzer"},
- "android.hardware.contexthub.IContextHub/default": EXCEPTION_NO_FUZZER,
- "android.hardware.drm.IDrmFactory/clearkey": EXCEPTION_NO_FUZZER,
- "android.hardware.drm.ICryptoFactory/clearkey": EXCEPTION_NO_FUZZER,
- "android.hardware.dumpstate.IDumpstateDevice/default": EXCEPTION_NO_FUZZER,
- "android.hardware.fastboot.IFastboot/default": EXCEPTION_NO_FUZZER,
- "android.hardware.gatekeeper.IGatekeeper/default": EXCEPTION_NO_FUZZER,
- "android.hardware.gnss.IGnss/default": EXCEPTION_NO_FUZZER,
- "android.hardware.graphics.allocator.IAllocator/default": EXCEPTION_NO_FUZZER,
- "android.hardware.graphics.composer3.IComposer/default": EXCEPTION_NO_FUZZER,
- "android.hardware.health.storage.IStorage/default": EXCEPTION_NO_FUZZER,
- "android.hardware.health.IHealth/default": []string{"android.hardware.health-service.aidl_fuzzer"},
- "android.hardware.identity.IIdentityCredentialStore/default": EXCEPTION_NO_FUZZER,
- "android.hardware.input.processor.IInputProcessor/default": EXCEPTION_NO_FUZZER,
- "android.hardware.ir.IConsumerIr/default": EXCEPTION_NO_FUZZER,
- "android.hardware.light.ILights/default": EXCEPTION_NO_FUZZER,
- "android.hardware.macsec.IMacsecPskPlugin/default": EXCEPTION_NO_FUZZER,
- "android.hardware.media.c2.IComponentStore/default": EXCEPTION_NO_FUZZER,
- "android.hardware.media.c2.IComponentStore/default1": EXCEPTION_NO_FUZZER,
- "android.hardware.media.c2.IComponentStore/default2": EXCEPTION_NO_FUZZER,
- "android.hardware.media.c2.IComponentStore/software": []string{"libcodec2-aidl-fuzzer"},
- "android.hardware.memtrack.IMemtrack/default": EXCEPTION_NO_FUZZER,
- "android.hardware.net.nlinterceptor.IInterceptor/default": EXCEPTION_NO_FUZZER,
- "android.hardware.nfc.INfc/default": []string{"nfc_service_fuzzer"},
- "android.hardware.oemlock.IOemLock/default": EXCEPTION_NO_FUZZER,
- "android.hardware.power.IPower/default": EXCEPTION_NO_FUZZER,
- "android.hardware.power.stats.IPowerStats/default": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.config.IRadioConfig/default": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.data.IRadioData/slot1": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.data.IRadioData/slot2": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.data.IRadioData/slot3": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.ims.IRadioIms/slot1": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.ims.IRadioIms/slot2": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.ims.IRadioIms/slot3": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.ims.media.IImsMedia/default": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.messaging.IRadioMessaging/slot1": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.messaging.IRadioMessaging/slot2": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.messaging.IRadioMessaging/slot3": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.modem.IRadioModem/slot1": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.modem.IRadioModem/slot2": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.modem.IRadioModem/slot3": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.network.IRadioNetwork/slot1": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.network.IRadioNetwork/slot2": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.network.IRadioNetwork/slot3": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.satellite.IRadioSatellite/slot1": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.satellite.IRadioSatellite/slot2": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.satellite.IRadioSatellite/slot3": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.sim.IRadioSim/slot1": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.sim.IRadioSim/slot2": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.sim.IRadioSim/slot3": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.sap.ISap/slot1": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.sap.ISap/slot2": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.sap.ISap/slot3": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.voice.IRadioVoice/slot1": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.voice.IRadioVoice/slot2": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.voice.IRadioVoice/slot3": EXCEPTION_NO_FUZZER,
- "android.hardware.rebootescrow.IRebootEscrow/default": EXCEPTION_NO_FUZZER,
- "android.hardware.secure_element.ISecureElement/eSE1": EXCEPTION_NO_FUZZER,
- "android.hardware.secure_element.ISecureElement/eSE2": EXCEPTION_NO_FUZZER,
- "android.hardware.secure_element.ISecureElement/eSE3": EXCEPTION_NO_FUZZER,
- "android.hardware.secure_element.ISecureElement/SIM1": EXCEPTION_NO_FUZZER,
- "android.hardware.secure_element.ISecureElement/SIM2": EXCEPTION_NO_FUZZER,
- "android.hardware.secure_element.ISecureElement/SIM3": EXCEPTION_NO_FUZZER,
- "android.hardware.security.authgraph.IAuthGraphKeyExchange/nonsecure": []string{"android.hardware.authgraph-service.nonsecure_fuzzer"},
- "android.hardware.security.dice.IDiceDevice/default": EXCEPTION_NO_FUZZER,
- "android.hardware.security.keymint.IKeyMintDevice/default": EXCEPTION_NO_FUZZER,
- "android.hardware.security.keymint.IRemotelyProvisionedComponent/default": EXCEPTION_NO_FUZZER,
- "android.hardware.security.secretkeeper.ISecretkeeper/default": EXCEPTION_NO_FUZZER,
- "android.hardware.security.secretkeeper.ISecretkeeper/nonsecure": []string{"android.hardware.security.secretkeeper-service.nonsecure_fuzzer"},
- "android.hardware.security.secureclock.ISecureClock/default": EXCEPTION_NO_FUZZER,
- "android.hardware.security.sharedsecret.ISharedSecret/default": EXCEPTION_NO_FUZZER,
- "android.hardware.sensors.ISensors/default": EXCEPTION_NO_FUZZER,
- "android.hardware.soundtrigger3.ISoundTriggerHw/default": EXCEPTION_NO_FUZZER,
- "android.hardware.tetheroffload.IOffload/default": EXCEPTION_NO_FUZZER,
- "android.hardware.thermal.IThermal/default": EXCEPTION_NO_FUZZER,
- "android.hardware.threadnetwork.IThreadChip/chip0": []string{"android.hardware.threadnetwork-service.fuzzer"},
- "android.hardware.tv.hdmi.cec.IHdmiCec/default": EXCEPTION_NO_FUZZER,
- "android.hardware.tv.hdmi.connection.IHdmiConnection/default": EXCEPTION_NO_FUZZER,
- "android.hardware.tv.hdmi.earc.IEArc/default": EXCEPTION_NO_FUZZER,
- "android.hardware.tv.input.ITvInput/default": EXCEPTION_NO_FUZZER,
- "android.hardware.tv.mediaquality.IMediaQuality/default": EXCEPTION_NO_FUZZER,
- "android.hardware.tv.tuner.ITuner/default": EXCEPTION_NO_FUZZER,
- "android.hardware.usb.IUsb/default": EXCEPTION_NO_FUZZER,
- "android.hardware.usb.gadget.IUsbGadget/default": EXCEPTION_NO_FUZZER,
- "android.hardware.uwb.IUwb/default": EXCEPTION_NO_FUZZER,
- "android.hardware.vibrator.IVibrator/default": EXCEPTION_NO_FUZZER,
- "android.hardware.vibrator.IVibratorManager/default": []string{"android.hardware.vibrator-service.example_fuzzer"},
- "android.hardware.weaver.IWeaver/default": EXCEPTION_NO_FUZZER,
- "android.hardware.wifi.IWifi/default": EXCEPTION_NO_FUZZER,
- "android.hardware.wifi.hostapd.IHostapd/default": EXCEPTION_NO_FUZZER,
- "android.hardware.wifi.supplicant.ISupplicant/default": EXCEPTION_NO_FUZZER,
- "android.frameworks.cameraservice.service.ICameraService/default": EXCEPTION_NO_FUZZER,
- "android.frameworks.devicestate.IDeviceStateService/default": EXCEPTION_NO_FUZZER,
- "android.frameworks.location.altitude.IAltitudeService/default": EXCEPTION_NO_FUZZER,
- "android.frameworks.sensorservice.ISensorManager/default": []string{"libsensorserviceaidl_fuzzer"},
- "android.frameworks.stats.IStats/default": EXCEPTION_NO_FUZZER,
- "android.frameworks.vibrator.IVibratorControlService/default": EXCEPTION_NO_FUZZER,
- "android.se.omapi.ISecureElementService/default": EXCEPTION_NO_FUZZER,
- "android.system.keystore2.IKeystoreService/default": EXCEPTION_NO_FUZZER,
- "android.system.net.netd.INetd/default": []string{"netd_hw_service_fuzzer"},
- "android.system.suspend.ISystemSuspend/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.core.IConfig/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.core.IModule/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.core.IModule/a2dp": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.core.IModule/bluetooth": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.core.IModule/hearing_aid": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.core.IModule/msd": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.core.IModule/r_submix": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.core.IModule/stub": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.core.IModule/usb": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.effect.IFactory/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.sounddose.ISoundDoseFactory/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.authsecret.IAuthSecret/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.automotive.evs.IEvsEnumerator/hw/0": EXCEPTION_NO_FUZZER,
+ "android.hardware.boot.IBootControl/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.automotive.can.ICanController/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.automotive.evs.IEvsEnumerator/hw/1": EXCEPTION_NO_FUZZER,
+ "android.hardware.automotive.ivn.IIvnAndroidDevice/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.automotive.remoteaccess.IRemoteAccess/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.automotive.vehicle.IVehicle/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.automotive.audiocontrol.IAudioControl/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.biometrics.face.IFace/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.biometrics.face.IFace/virtual": EXCEPTION_NO_FUZZER,
+ "android.hardware.biometrics.face.virtualhal.IVirtualHal/virtual": EXCEPTION_NO_FUZZER,
+ "android.hardware.biometrics.fingerprint.IFingerprint/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.biometrics.fingerprint.IFingerprint/virtual": EXCEPTION_NO_FUZZER,
+ "android.hardware.biometrics.fingerprint.virtualhal.IVirtualHal/virtual": EXCEPTION_NO_FUZZER,
+ "android.hardware.bluetooth.audio.IBluetoothAudioProviderFactory/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.broadcastradio.IBroadcastRadio/amfm": []string{"android.hardware.broadcastradio-service.default_fuzzer"},
+ "android.hardware.broadcastradio.IBroadcastRadio/dab": []string{"android.hardware.broadcastradio-service.default_fuzzer"},
+ "android.hardware.bluetooth.IBluetoothHci/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.bluetooth.finder.IBluetoothFinder/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.bluetooth.ranging.IBluetoothChannelSounding/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.bluetooth.lmp_event.IBluetoothLmpEvent/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.bluetooth.socket.IBluetoothSocket/default": []string{"android.hardware.bluetooth.socket-service_fuzzer"},
+ "android.hardware.camera.provider.ICameraProvider/internal/0": EXCEPTION_NO_FUZZER,
+ "android.hardware.camera.provider.ICameraProvider/virtual/0": EXCEPTION_NO_FUZZER,
+ "android.hardware.cas.IMediaCasService/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.confirmationui.IConfirmationUI/default": []string{"android.hardware.confirmationui-service.trusty_fuzzer"},
+ "android.hardware.contexthub.IContextHub/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.drm.IDrmFactory/clearkey": EXCEPTION_NO_FUZZER,
+ "android.hardware.drm.ICryptoFactory/clearkey": EXCEPTION_NO_FUZZER,
+ "android.hardware.dumpstate.IDumpstateDevice/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.fastboot.IFastboot/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.gatekeeper.IGatekeeper/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.gnss.IGnss/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.graphics.allocator.IAllocator/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.graphics.composer3.IComposer/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.health.storage.IStorage/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.health.IHealth/default": []string{"android.hardware.health-service.aidl_fuzzer"},
+ "android.hardware.identity.IIdentityCredentialStore/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.input.processor.IInputProcessor/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.ir.IConsumerIr/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.light.ILights/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.macsec.IMacsecPskPlugin/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.media.c2.IComponentStore/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.media.c2.IComponentStore/default1": EXCEPTION_NO_FUZZER,
+ "android.hardware.media.c2.IComponentStore/default2": EXCEPTION_NO_FUZZER,
+ "android.hardware.media.c2.IComponentStore/software": []string{"libcodec2-aidl-fuzzer"},
+ "android.hardware.memtrack.IMemtrack/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.net.nlinterceptor.IInterceptor/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.nfc.INfc/default": []string{"nfc_service_fuzzer"},
+ "android.hardware.oemlock.IOemLock/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.power.IPower/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.power.stats.IPowerStats/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.config.IRadioConfig/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.data.IRadioData/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.data.IRadioData/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.data.IRadioData/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.ims.IRadioIms/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.ims.IRadioIms/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.ims.IRadioIms/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.ims.media.IImsMedia/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.messaging.IRadioMessaging/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.messaging.IRadioMessaging/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.messaging.IRadioMessaging/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.modem.IRadioModem/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.modem.IRadioModem/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.modem.IRadioModem/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.network.IRadioNetwork/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.network.IRadioNetwork/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.network.IRadioNetwork/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.satellite.IRadioSatellite/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.satellite.IRadioSatellite/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.satellite.IRadioSatellite/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.sim.IRadioSim/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.sim.IRadioSim/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.sim.IRadioSim/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.sap.ISap/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.sap.ISap/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.sap.ISap/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.voice.IRadioVoice/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.voice.IRadioVoice/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.voice.IRadioVoice/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.rebootescrow.IRebootEscrow/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.secure_element.ISecureElement/eSE1": EXCEPTION_NO_FUZZER,
+ "android.hardware.secure_element.ISecureElement/eSE2": EXCEPTION_NO_FUZZER,
+ "android.hardware.secure_element.ISecureElement/eSE3": EXCEPTION_NO_FUZZER,
+ "android.hardware.secure_element.ISecureElement/SIM1": EXCEPTION_NO_FUZZER,
+ "android.hardware.secure_element.ISecureElement/SIM2": EXCEPTION_NO_FUZZER,
+ "android.hardware.secure_element.ISecureElement/SIM3": EXCEPTION_NO_FUZZER,
+ "android.hardware.security.authgraph.IAuthGraphKeyExchange/nonsecure": []string{"android.hardware.authgraph-service.nonsecure_fuzzer"},
+ "android.hardware.security.dice.IDiceDevice/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.security.keymint.IKeyMintDevice/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.security.keymint.IRemotelyProvisionedComponent/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.security.secretkeeper.ISecretkeeper/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.security.secretkeeper.ISecretkeeper/nonsecure": []string{"android.hardware.security.secretkeeper-service.nonsecure_fuzzer"},
+ "android.hardware.security.secureclock.ISecureClock/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.security.sharedsecret.ISharedSecret/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.sensors.ISensors/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.soundtrigger3.ISoundTriggerHw/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.tetheroffload.IOffload/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.thermal.IThermal/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.threadnetwork.IThreadChip/chip0": []string{"android.hardware.threadnetwork-service.fuzzer"},
+ "android.hardware.tv.hdmi.cec.IHdmiCec/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.tv.hdmi.connection.IHdmiConnection/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.tv.hdmi.earc.IEArc/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.tv.input.ITvInput/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.tv.mediaquality.IMediaQuality/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.tv.tuner.ITuner/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.usb.IUsb/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.usb.gadget.IUsbGadget/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.uwb.IUwb/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.vibrator.IVibrator/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.vibrator.IVibratorManager/default": []string{"android.hardware.vibrator-service.example_fuzzer"},
+ "android.hardware.virtualization.capabilities.IVmCapabilitiesService/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.virtualization.capabilities.IVmCapabilitiesService/noop": EXCEPTION_NO_FUZZER,
+ "android.hardware.weaver.IWeaver/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.wifi.IWifi/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.wifi.hostapd.IHostapd/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.wifi.supplicant.ISupplicant/default": EXCEPTION_NO_FUZZER,
+ "android.frameworks.cameraservice.service.ICameraService/default": EXCEPTION_NO_FUZZER,
+ "android.frameworks.devicestate.IDeviceStateService/default": EXCEPTION_NO_FUZZER,
+ "android.frameworks.location.altitude.IAltitudeService/default": EXCEPTION_NO_FUZZER,
+ "android.frameworks.sensorservice.ISensorManager/default": []string{"libsensorserviceaidl_fuzzer"},
+ "android.frameworks.stats.IStats/default": EXCEPTION_NO_FUZZER,
+ "android.frameworks.vibrator.IVibratorControlService/default": EXCEPTION_NO_FUZZER,
+ "android.se.omapi.ISecureElementService/default": EXCEPTION_NO_FUZZER,
+ "android.system.keystore2.IKeystoreService/default": EXCEPTION_NO_FUZZER,
+ "android.system.net.netd.INetd/default": []string{"netd_hw_service_fuzzer"},
+ "android.system.suspend.ISystemSuspend/default": EXCEPTION_NO_FUZZER,
"accessibility": EXCEPTION_NO_FUZZER,
"account": EXCEPTION_NO_FUZZER,
"activity": EXCEPTION_NO_FUZZER,
@@ -197,101 +199,101 @@
"android.system.virtualizationservice_internal.IVmnic": EXCEPTION_NO_FUZZER,
"android.system.virtualizationmaintenance": EXCEPTION_NO_FUZZER,
"android.system.vmtethering.IVmTethering": EXCEPTION_NO_FUZZER,
- "ambient_context": EXCEPTION_NO_FUZZER,
- "app_binding": EXCEPTION_NO_FUZZER,
- "app_function": EXCEPTION_NO_FUZZER,
- "app_hibernation": EXCEPTION_NO_FUZZER,
- "app_integrity": EXCEPTION_NO_FUZZER,
- "app_prediction": EXCEPTION_NO_FUZZER,
- "app_search": EXCEPTION_NO_FUZZER,
- "apexservice": EXCEPTION_NO_FUZZER,
- "archive": EXCEPTION_NO_FUZZER,
- "attestation_verification": EXCEPTION_NO_FUZZER,
- "authentication_policy": EXCEPTION_NO_FUZZER,
- "blob_store": EXCEPTION_NO_FUZZER,
- "gsiservice": EXCEPTION_NO_FUZZER,
- "appops": EXCEPTION_NO_FUZZER,
- "appwidget": EXCEPTION_NO_FUZZER,
- "artd": []string{"artd_fuzzer"},
- "artd_pre_reboot": []string{"artd_fuzzer"},
- "assetatlas": EXCEPTION_NO_FUZZER,
- "attention": EXCEPTION_NO_FUZZER,
- "audio": EXCEPTION_NO_FUZZER,
- "auth": EXCEPTION_NO_FUZZER,
- "autofill": EXCEPTION_NO_FUZZER,
- "background_install_control": EXCEPTION_NO_FUZZER,
- "backup": EXCEPTION_NO_FUZZER,
- "batteryproperties": EXCEPTION_NO_FUZZER,
- "batterystats": EXCEPTION_NO_FUZZER,
- "battery": EXCEPTION_NO_FUZZER,
- "binder_calls_stats": EXCEPTION_NO_FUZZER,
- "biometric": EXCEPTION_NO_FUZZER,
- "bluetooth_manager": EXCEPTION_NO_FUZZER,
- "bluetooth": EXCEPTION_NO_FUZZER,
- "broadcastradio": EXCEPTION_NO_FUZZER,
- "bugreport": EXCEPTION_NO_FUZZER,
- "cacheinfo": EXCEPTION_NO_FUZZER,
- "carrier_config": EXCEPTION_NO_FUZZER,
- "clipboard": EXCEPTION_NO_FUZZER,
- "cloudsearch": EXCEPTION_NO_FUZZER,
- "cloudsearch_service": EXCEPTION_NO_FUZZER,
- "com.android.net.IProxyService": EXCEPTION_NO_FUZZER,
- "companiondevice": EXCEPTION_NO_FUZZER,
- "communal": EXCEPTION_NO_FUZZER,
- "platform_compat": EXCEPTION_NO_FUZZER,
- "platform_compat_native": EXCEPTION_NO_FUZZER,
- "connectivity": EXCEPTION_NO_FUZZER,
- "connectivity_native": EXCEPTION_NO_FUZZER,
- "connmetrics": EXCEPTION_NO_FUZZER,
- "consumer_ir": EXCEPTION_NO_FUZZER,
- "content": EXCEPTION_NO_FUZZER,
- "content_capture": EXCEPTION_NO_FUZZER,
- "content_suggestions": EXCEPTION_NO_FUZZER,
- "contexthub": EXCEPTION_NO_FUZZER,
- "contextual_search": EXCEPTION_NO_FUZZER,
- "country_detector": EXCEPTION_NO_FUZZER,
- "coverage": EXCEPTION_NO_FUZZER,
- "cpuinfo": EXCEPTION_NO_FUZZER,
- "cpu_monitor": EXCEPTION_NO_FUZZER,
- "credential": EXCEPTION_NO_FUZZER,
- "crossprofileapps": EXCEPTION_NO_FUZZER,
- "dataloader_manager": EXCEPTION_NO_FUZZER,
- "dbinfo": EXCEPTION_NO_FUZZER,
- "device_config": EXCEPTION_NO_FUZZER,
- "device_config_updatable": EXCEPTION_NO_FUZZER,
- "device_policy": EXCEPTION_NO_FUZZER,
- "device_identifiers": EXCEPTION_NO_FUZZER,
- "deviceidle": EXCEPTION_NO_FUZZER,
- "device_lock": EXCEPTION_NO_FUZZER,
- "device_state": EXCEPTION_NO_FUZZER,
- "devicestoragemonitor": EXCEPTION_NO_FUZZER,
- "dexopt_chroot_setup": []string{"dexopt_chroot_setup_fuzzer"},
- "diskstats": EXCEPTION_NO_FUZZER,
- "display": EXCEPTION_NO_FUZZER,
- "dnsresolver": []string{"resolv_service_fuzzer"},
- "domain_verification": EXCEPTION_NO_FUZZER,
- "color_display": EXCEPTION_NO_FUZZER,
- "netd_listener": EXCEPTION_NO_FUZZER,
- "network_watchlist": EXCEPTION_NO_FUZZER,
- "DockObserver": EXCEPTION_NO_FUZZER,
- "dreams": EXCEPTION_NO_FUZZER,
- "drm.drmManager": []string{"drmserver_fuzzer"},
- "dropbox": EXCEPTION_NO_FUZZER,
- "dumpstate": EXCEPTION_NO_FUZZER,
- "dynamic_system": EXCEPTION_NO_FUZZER,
- "dynamic_instrumentation": EXCEPTION_NO_FUZZER,
- "econtroller": EXCEPTION_NO_FUZZER,
- "ecm_enhanced_confirmation": EXCEPTION_NO_FUZZER,
- "emergency_affordance": EXCEPTION_NO_FUZZER,
- "euicc_card_controller": EXCEPTION_NO_FUZZER,
- "external_vibrator_service": EXCEPTION_NO_FUZZER,
- "ethernet": EXCEPTION_NO_FUZZER,
- "face": EXCEPTION_NO_FUZZER,
- "file_integrity": EXCEPTION_NO_FUZZER,
- "fingerprint": EXCEPTION_NO_FUZZER,
- "feature_flags": EXCEPTION_NO_FUZZER,
- "font": EXCEPTION_NO_FUZZER,
- "forensic": EXCEPTION_NO_FUZZER,
+ "android.system.vold.IVold/default": []string{"vold_native_service_fuzzer"},
+ "ambient_context": EXCEPTION_NO_FUZZER,
+ "app_binding": EXCEPTION_NO_FUZZER,
+ "app_function": EXCEPTION_NO_FUZZER,
+ "app_hibernation": EXCEPTION_NO_FUZZER,
+ "app_integrity": EXCEPTION_NO_FUZZER,
+ "app_prediction": EXCEPTION_NO_FUZZER,
+ "app_search": EXCEPTION_NO_FUZZER,
+ "apexservice": EXCEPTION_NO_FUZZER,
+ "archive": EXCEPTION_NO_FUZZER,
+ "attestation_verification": EXCEPTION_NO_FUZZER,
+ "authentication_policy": EXCEPTION_NO_FUZZER,
+ "blob_store": EXCEPTION_NO_FUZZER,
+ "gsiservice": EXCEPTION_NO_FUZZER,
+ "appops": EXCEPTION_NO_FUZZER,
+ "appwidget": EXCEPTION_NO_FUZZER,
+ "artd": []string{"artd_fuzzer"},
+ "artd_pre_reboot": []string{"artd_fuzzer"},
+ "assetatlas": EXCEPTION_NO_FUZZER,
+ "attention": EXCEPTION_NO_FUZZER,
+ "audio": EXCEPTION_NO_FUZZER,
+ "auth": EXCEPTION_NO_FUZZER,
+ "autofill": EXCEPTION_NO_FUZZER,
+ "background_install_control": EXCEPTION_NO_FUZZER,
+ "backup": EXCEPTION_NO_FUZZER,
+ "batteryproperties": EXCEPTION_NO_FUZZER,
+ "batterystats": EXCEPTION_NO_FUZZER,
+ "battery": EXCEPTION_NO_FUZZER,
+ "binder_calls_stats": EXCEPTION_NO_FUZZER,
+ "biometric": EXCEPTION_NO_FUZZER,
+ "bluetooth_manager": EXCEPTION_NO_FUZZER,
+ "bluetooth": EXCEPTION_NO_FUZZER,
+ "broadcastradio": EXCEPTION_NO_FUZZER,
+ "bugreport": EXCEPTION_NO_FUZZER,
+ "cacheinfo": EXCEPTION_NO_FUZZER,
+ "carrier_config": EXCEPTION_NO_FUZZER,
+ "clipboard": EXCEPTION_NO_FUZZER,
+ "cloudsearch": EXCEPTION_NO_FUZZER,
+ "cloudsearch_service": EXCEPTION_NO_FUZZER,
+ "com.android.net.IProxyService": EXCEPTION_NO_FUZZER,
+ "companiondevice": EXCEPTION_NO_FUZZER,
+ "communal": EXCEPTION_NO_FUZZER,
+ "platform_compat": EXCEPTION_NO_FUZZER,
+ "platform_compat_native": EXCEPTION_NO_FUZZER,
+ "connectivity": EXCEPTION_NO_FUZZER,
+ "connectivity_native": EXCEPTION_NO_FUZZER,
+ "connmetrics": EXCEPTION_NO_FUZZER,
+ "consumer_ir": EXCEPTION_NO_FUZZER,
+ "content": EXCEPTION_NO_FUZZER,
+ "content_capture": EXCEPTION_NO_FUZZER,
+ "content_suggestions": EXCEPTION_NO_FUZZER,
+ "contexthub": EXCEPTION_NO_FUZZER,
+ "contextual_search": EXCEPTION_NO_FUZZER,
+ "country_detector": EXCEPTION_NO_FUZZER,
+ "coverage": EXCEPTION_NO_FUZZER,
+ "cpuinfo": EXCEPTION_NO_FUZZER,
+ "cpu_monitor": EXCEPTION_NO_FUZZER,
+ "credential": EXCEPTION_NO_FUZZER,
+ "crossprofileapps": EXCEPTION_NO_FUZZER,
+ "dataloader_manager": EXCEPTION_NO_FUZZER,
+ "dbinfo": EXCEPTION_NO_FUZZER,
+ "device_config": EXCEPTION_NO_FUZZER,
+ "device_config_updatable": EXCEPTION_NO_FUZZER,
+ "device_policy": EXCEPTION_NO_FUZZER,
+ "device_identifiers": EXCEPTION_NO_FUZZER,
+ "deviceidle": EXCEPTION_NO_FUZZER,
+ "device_lock": EXCEPTION_NO_FUZZER,
+ "device_state": EXCEPTION_NO_FUZZER,
+ "devicestoragemonitor": EXCEPTION_NO_FUZZER,
+ "dexopt_chroot_setup": []string{"dexopt_chroot_setup_fuzzer"},
+ "diskstats": EXCEPTION_NO_FUZZER,
+ "display": EXCEPTION_NO_FUZZER,
+ "dnsresolver": []string{"resolv_service_fuzzer"},
+ "domain_verification": EXCEPTION_NO_FUZZER,
+ "color_display": EXCEPTION_NO_FUZZER,
+ "netd_listener": EXCEPTION_NO_FUZZER,
+ "network_watchlist": EXCEPTION_NO_FUZZER,
+ "DockObserver": EXCEPTION_NO_FUZZER,
+ "dreams": EXCEPTION_NO_FUZZER,
+ "drm.drmManager": []string{"drmserver_fuzzer"},
+ "dropbox": EXCEPTION_NO_FUZZER,
+ "dumpstate": EXCEPTION_NO_FUZZER,
+ "dynamic_system": EXCEPTION_NO_FUZZER,
+ "dynamic_instrumentation": EXCEPTION_NO_FUZZER,
+ "econtroller": EXCEPTION_NO_FUZZER,
+ "ecm_enhanced_confirmation": EXCEPTION_NO_FUZZER,
+ "emergency_affordance": EXCEPTION_NO_FUZZER,
+ "euicc_card_controller": EXCEPTION_NO_FUZZER,
+ "external_vibrator_service": EXCEPTION_NO_FUZZER,
+ "ethernet": EXCEPTION_NO_FUZZER,
+ "face": EXCEPTION_NO_FUZZER,
+ "file_integrity": EXCEPTION_NO_FUZZER,
+ "fingerprint": EXCEPTION_NO_FUZZER,
+ "feature_flags": EXCEPTION_NO_FUZZER,
+ "font": EXCEPTION_NO_FUZZER,
"android.hardware.fingerprint.IFingerprintDaemon": EXCEPTION_NO_FUZZER,
"game": EXCEPTION_NO_FUZZER,
"gfxinfo": EXCEPTION_NO_FUZZER,
diff --git a/compat/plat_sepolicy_genfs_202504.cil b/compat/plat_sepolicy_genfs_202504.cil
index 79cc732..d78194f 100644
--- a/compat/plat_sepolicy_genfs_202504.cil
+++ b/compat/plat_sepolicy_genfs_202504.cil
@@ -1 +1,2 @@
(genfscon sysfs "/class/udc" (u object_r sysfs_udc ((s0) (s0))))
+(genfscon sysfs "/power/mem_sleep" (u object_r sysfs_mem_sleep ((s0) (s0))))
diff --git a/contexts/Android.bp b/contexts/Android.bp
index 08a4f64..638f202 100644
--- a/contexts/Android.bp
+++ b/contexts/Android.bp
@@ -242,7 +242,14 @@
defaults: ["contexts_flags_defaults"],
srcs: [":property_contexts_files{.system_ext_private}"],
system_ext_specific: true,
- recovery_available: true,
+}
+
+property_contexts {
+ name: "system_ext_property_contexts.recovery",
+ defaults: ["contexts_flags_defaults"],
+ srcs: [":property_contexts_files{.system_ext_private}"],
+ recovery: true,
+ stem: "system_ext_property_contexts",
}
property_contexts {
@@ -250,7 +257,14 @@
defaults: ["contexts_flags_defaults"],
srcs: [":property_contexts_files{.product_private}"],
product_specific: true,
- recovery_available: true,
+}
+
+property_contexts {
+ name: "product_property_contexts.recovery",
+ defaults: ["contexts_flags_defaults"],
+ srcs: [":property_contexts_files{.product_private}"],
+ recovery: true,
+ stem: "product_property_contexts",
}
property_contexts {
@@ -262,7 +276,18 @@
":property_contexts_files{.reqd_mask}",
],
soc_specific: true,
- recovery_available: true,
+}
+
+property_contexts {
+ name: "vendor_property_contexts.recovery",
+ defaults: ["contexts_flags_defaults"],
+ srcs: [
+ ":property_contexts_files{.plat_vendor}",
+ ":property_contexts_files{.vendor}",
+ ":property_contexts_files{.reqd_mask}",
+ ],
+ recovery: true,
+ stem: "vendor_property_contexts",
}
property_contexts {
@@ -270,7 +295,14 @@
defaults: ["contexts_flags_defaults"],
srcs: [":property_contexts_files{.odm}"],
device_specific: true,
- recovery_available: true,
+}
+
+property_contexts {
+ name: "odm_property_contexts.recovery",
+ defaults: ["contexts_flags_defaults"],
+ srcs: [":property_contexts_files{.odm}"],
+ recovery: true,
+ stem: "odm_property_contexts",
}
service_contexts {
@@ -292,7 +324,14 @@
defaults: ["contexts_flags_defaults"],
srcs: [":service_contexts_files{.system_ext_private}"],
system_ext_specific: true,
- recovery_available: true,
+}
+
+service_contexts {
+ name: "system_ext_service_contexts.recovery",
+ defaults: ["contexts_flags_defaults"],
+ srcs: [":service_contexts_files{.system_ext_private}"],
+ recovery: true,
+ stem: "system_ext_service_contexts",
}
service_contexts {
@@ -300,7 +339,14 @@
defaults: ["contexts_flags_defaults"],
srcs: [":service_contexts_files{.product_private}"],
product_specific: true,
- recovery_available: true,
+}
+
+service_contexts {
+ name: "product_service_contexts.recovery",
+ defaults: ["contexts_flags_defaults"],
+ srcs: [":service_contexts_files{.product_private}"],
+ recovery: true,
+ stem: "product_service_contexts",
}
service_contexts {
@@ -312,7 +358,18 @@
":service_contexts_files{.reqd_mask}",
],
soc_specific: true,
- recovery_available: true,
+}
+
+service_contexts {
+ name: "vendor_service_contexts.recovery",
+ defaults: ["contexts_flags_defaults"],
+ srcs: [
+ ":service_contexts_files{.plat_vendor}",
+ ":service_contexts_files{.vendor}",
+ ":service_contexts_files{.reqd_mask}",
+ ],
+ recovery: true,
+ stem: "vendor_service_contexts",
}
service_contexts {
diff --git a/contexts/plat_file_contexts_test b/contexts/plat_file_contexts_test
index fc2d7b8..fcaf9f6 100644
--- a/contexts/plat_file_contexts_test
+++ b/contexts/plat_file_contexts_test
@@ -321,7 +321,6 @@
/system/bin/fsck.f2fs fsck_exec
/system/bin/init init_exec
/system/bin/mini-keyctl toolbox_exec
-/system/bin/fsverity_init fsverity_init_exec
/system/bin/sload_f2fs e2fs_exec
/system/bin/make_f2fs e2fs_exec
/system/bin/fsck_msdos fsck_exec
diff --git a/microdroid/system/private/init.te b/microdroid/system/private/init.te
index 9a0345f..11e398e 100644
--- a/microdroid/system/private/init.te
+++ b/microdroid/system/private/init.te
@@ -19,6 +19,12 @@
allow init self:global_capability2_class_set perfmon;
dontaudit init self:perf_event { kernel tracepoint read write };
+# Allow opening /proc/kallsyms so that on boot, init can create and retain an
+# fd with the full address visibility (which is evaluated on open and persists
+# for the lifetime of the open file description). This fd can then be shared
+# with other privileged processes.
+allow init proc_kallsyms:file r_file_perms;
+
# Allow init to restore contexts of vd_device(/dev/block/vd[..]) when labeling
# /dev/block.
allow init vd_device:blk_file relabelto;
diff --git a/microdroid/system/private/microdroid_payload.te b/microdroid/system/private/microdroid_payload.te
index e4315a2..822797c 100644
--- a/microdroid/system/private/microdroid_payload.te
+++ b/microdroid/system/private/microdroid_payload.te
@@ -14,6 +14,10 @@
# Allow to set debug prop
set_prop(microdroid_payload, debug_prop)
+# Allow to use service manager APIs without waiting for the servicemanager
+# process because it's not installed in microdroid
+get_prop(microdroid_payload, servicemanager_prop)
+
# Allow microdroid_payload to use vsock inherited from microdroid_manager
allow microdroid_payload microdroid_manager:vsock_socket { read write };
diff --git a/microdroid/system/private/property_contexts b/microdroid/system/private/property_contexts
index 803e25e..13306dd 100644
--- a/microdroid/system/private/property_contexts
+++ b/microdroid/system/private/property_contexts
@@ -122,6 +122,9 @@
microdroid_manager.config_done u:object_r:microdroid_lifecycle_prop:s0 exact bool
microdroid_manager.init_done u:object_r:microdroid_lifecycle_prop:s0 exact bool
+# servicemanager property to avoid waiting for servicemanager process
+servicemanager.installed u:object_r:servicemanager_prop:s0 exact bool
+
init_debug_policy.adbd.enabled u:object_r:init_debug_policy_prop:s0 exact bool
dev.mnt.blk.root u:object_r:dev_mnt_prop:s0 exact string
diff --git a/microdroid/system/public/property.te b/microdroid/system/public/property.te
index 18dab10..ae1c70c 100644
--- a/microdroid/system/public/property.te
+++ b/microdroid/system/public/property.te
@@ -50,6 +50,7 @@
type usb_control_prop, property_type;
type vendor_default_prop, property_type;
type powerctl_prop, property_type;
+type servicemanager_prop, property_type;
# public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 0e2b01c..434fb13 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -204,6 +204,7 @@
# Create a more specific label if needed
neverallow all_untrusted_apps {
proc
+ proc_allocinfo
proc_asound
proc_kmsg
proc_loadavg
diff --git a/private/attributes b/private/attributes
index 13479c9..4f59acf 100644
--- a/private/attributes
+++ b/private/attributes
@@ -16,6 +16,11 @@
hal_attribute(mediaquality);
')
+until_board_api(202504, `
+attribute unconstrained_vsock_violators;
+expandattribute unconstrained_vsock_violators false;
+')
+
# All SDK sandbox domains
attribute sdk_sandbox_all;
# The SDK sandbox domains for the current SDK level.
@@ -31,3 +36,7 @@
until_board_api(202504, `
attribute tee_service_type;
')
+
+until_board_api(202504, `
+ hal_attribute(vm_capabilities);
+')
diff --git a/private/compat/202404/202404.cil b/private/compat/202404/202404.cil
index 85eb601..e9c97e5 100644
--- a/private/compat/202404/202404.cil
+++ b/private/compat/202404/202404.cil
@@ -1,8 +1,10 @@
;; This type may or may not already exist in vendor policy. Re-define it here (duplicate
;; definitions in CIL will be ignored) - so we can reference it in 202404.cil.
-(type virtual_fingerprint_hal_prop)
+(type cgroup_desc_api_file)
(type otapreopt_chroot)
+(type task_profiles_api_file)
(type vendor_hidraw_device)
+(type virtual_fingerprint_hal_prop)
(typeattributeset dev_type (vendor_hidraw_device))
;; mapping information from ToT policy's types to 202404 policy's types.
@@ -2473,7 +2475,7 @@
(typeattributeset surfaceflinger_tmpfs_202404 (surfaceflinger_tmpfs))
(typeattributeset suspend_prop_202404 (suspend_prop))
(typeattributeset swap_block_device_202404 (swap_block_device))
-(typeattributeset sysfs_202404 (sysfs))
+(typeattributeset sysfs_202404 (sysfs sysfs_mem_sleep sysfs_udc))
(typeattributeset sysfs_android_usb_202404 (sysfs_android_usb))
(typeattributeset sysfs_batteryinfo_202404 (sysfs_batteryinfo))
(typeattributeset sysfs_bluetooth_writable_202404 (sysfs_bluetooth_writable))
diff --git a/private/compat/202404/202404.ignore.cil b/private/compat/202404/202404.ignore.cil
index 4430364..c10b0d5 100644
--- a/private/compat/202404/202404.ignore.cil
+++ b/private/compat/202404/202404.ignore.cil
@@ -5,24 +5,36 @@
(typeattribute new_objects)
(typeattributeset new_objects
( new_objects
- bluetooth_finder_prop
- profcollectd_etr_prop
- fstype_prop
- binderfs_logs_transactions
+ app_function_service
binderfs_logs_transaction_history
- proc_compaction_proactiveness
+ binderfs_logs_transactions
+ bluetooth_finder_prop
+ crosvm
+ early_virtmgr
+ early_virtmgr_exec
+ forensic_service
+ fstype_prop
+ hal_mediaquality_service
+ hal_vm_capabilities_service
+ intrusion_detection_service
+ media_quality_service
proc_cgroups
+ proc_compaction_proactiveness
+ profcollectd_etr_prop
ranging_service
supervision_service
- app_function_service
- virtual_fingerprint
- virtual_fingerprint_exec
+ sysfs_cma
+ sysfs_firmware_acpi_tables
+ tee_service_contexts_file
+ trusty_security_vm_sys_vendor_prop
+ virtual_camera
+ virtual_camera_exec
virtual_face
virtual_face_exec
- hal_mediaquality_service
- media_quality_service
- advanced_protection_service
- sysfs_firmware_acpi_tables
- intrusion_detection_service
+ virtual_fingerprint
+ virtual_fingerprint_exec
+ virtualizationmanager
+ virtualizationmanager_exec
wifi_mainline_supplicant_service
+ wifi_usd_service
))
diff --git a/private/crosvm.te b/private/crosvm.te
index 750df24..a377e7a 100644
--- a/private/crosvm.te
+++ b/private/crosvm.te
@@ -1,4 +1,7 @@
-type crosvm, domain, coredomain;
+until_board_api(202504, `
+ type crosvm, domain, coredomain;
+')
+
type crosvm_exec, system_file_type, exec_type, file_type;
type crosvm_tmpfs, file_type;
diff --git a/private/dexopt_chroot_setup.te b/private/dexopt_chroot_setup.te
index 9e98bae..b4b35dd 100644
--- a/private/dexopt_chroot_setup.te
+++ b/private/dexopt_chroot_setup.te
@@ -76,6 +76,7 @@
system_file
system_lib_file
tmpfs
+ vendor_configs_file
vendor_file
}:dir mounton;
diff --git a/private/domain.te b/private/domain.te
index 4563895..6aaf5de 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -526,11 +526,12 @@
# still contains global information about the system.
neverallow { domain -dumpstate -init -vendor_init -system_server } binderfs_logs_transaction_history:file no_rw_file_perms;
-# Allow access to fsverity keyring.
+# Needed for loading kernel modules.
+# TODO(384942085): Reduce the scope.
allow domain kernel:key search;
-# Allow access to keys in the fsverity keyring that were installed at boot.
-allow domain fsverity_init:key search;
+
# For testing purposes, allow access to keys installed with su.
+# TODO(277916185): Remove since this shouldn't be needed anymore.
userdebug_or_eng(`
allow domain su:key search;
')
@@ -1170,6 +1171,8 @@
# Vendor components still can invoke shell commands via /system/bin/sh
-shell_exec
-toolbox_exec
+ -virtualizationmanager_exec
+ is_flag_enabled(RELEASE_AVF_ENABLE_EARLY_VM, `-early_virtmgr_exec')
}:file { entrypoint execute execute_no_trans };
')
@@ -1254,6 +1257,8 @@
# Vendor components still can invoke shell commands via /system/bin/sh
-shell_exec
-toolbox_exec
+ -virtualizationmanager_exec
+ is_flag_enabled(RELEASE_AVF_ENABLE_EARLY_VM, `-early_virtmgr_exec')
}:file *;
')
@@ -2118,18 +2123,24 @@
-dumpstate
} mm_events_config_prop:file no_rw_file_perms;
-# Allow the tracing daemon and callstack sampler to use kallsyms to symbolize
-# kernel traces. Addresses are not disclosed, they are repalced with symbol
-# names (if available). Traces don't disclose KASLR.
+# Allow init to open /proc/kallsyms while kernel address mappings are still
+# visible, and later share it with tracing daemons (traced_probes,
+# traced_perf). These daemons are allowed to read from the shared fd, but also
+# to separately open the file (which will always have zeroed out addresses due
+# to init raising kptr_restrict) for locking to coordinate access to the shared
+# fd. The performance traces contain only the referenced kernel symbols, and
+# never the raw addresses (i.e. KASLR is not disclosed).
+# On debuggable builds, performance tools are allowed to open and read the file
+# directly because init is allowed to temporarily unrestrict systemwide address
+# visibility.
neverallow {
domain
-init
- userdebug_or_eng(`-profcollectd')
- -vendor_init
- userdebug_or_eng(`-simpleperf_boot')
-traced_probes
-traced_perf
-} proc_kallsyms:file { open read };
+ userdebug_or_eng(`-profcollectd')
+ userdebug_or_eng(`-simpleperf_boot')
+} proc_kallsyms:file *;
# debugfs_kcov type is not included in this neverallow statement since the KCOV
# tool uses it for kernel fuzzing.
diff --git a/private/dumpstate.te b/private/dumpstate.te
index 5e3bce5..501d829 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -347,6 +347,7 @@
dump_hal(hal_sensors)
dump_hal(hal_thermal)
dump_hal(hal_vehicle)
+dump_hal(hal_vm_capabilities)
dump_hal(hal_weaver)
dump_hal(hal_wifi)
@@ -394,6 +395,7 @@
# Read files in /proc
allow dumpstate {
+ proc_allocinfo
proc_bootconfig
proc_buddyinfo
proc_cmdline
@@ -461,6 +463,7 @@
-hal_service_type
-virtual_touchpad_service
-vold_service
+ -fwk_vold_service
-default_android_service
}:service_manager find;
# suppress denials for services dumpstate should not be accessing.
@@ -471,6 +474,7 @@
hal_service_type
virtual_touchpad_service
vold_service
+ fwk_vold_service
}:service_manager find;
# Most of these are neverallowed.
@@ -539,6 +543,9 @@
vm_data_file
}:dir getattr;
+#suppress denials for dumpstate to call vitualizationservice.
+dontaudit dumpstate virtualizationservice:binder { call };
+
# Allow dumpstate to talk to bufferhubd over binder
binder_call(dumpstate, bufferhubd);
diff --git a/private/early_virtmgr.te b/private/early_virtmgr.te
index e244be2..d1579fe 100644
--- a/private/early_virtmgr.te
+++ b/private/early_virtmgr.te
@@ -1,8 +1,8 @@
is_flag_enabled(RELEASE_AVF_ENABLE_EARLY_VM, `
- # Domain for a child process that manages early VMs available before /data mount, on behalf of
- # its parent.
- type early_virtmgr, domain, coredomain;
- type early_virtmgr_exec, system_file_type, exec_type, file_type;
+ until_board_api(202504, `
+ type early_virtmgr, domain, coredomain;
+ type early_virtmgr_exec, system_file_type, exec_type, file_type;
+ ')
use_bootstrap_libs(early_virtmgr)
diff --git a/private/file.te b/private/file.te
index 189fb47..b60ce34 100644
--- a/private/file.te
+++ b/private/file.te
@@ -1,3 +1,6 @@
+# /proc/allocinfo
+type proc_allocinfo, fs_type, proc_type;
+
# /proc/config.gz
type config_gz, fs_type, proc_type;
@@ -256,5 +259,8 @@
type tee_service_contexts_file, system_file_type, file_type;
')
-## END Types added in 202504 in public/file.te
+until_board_api(202504, `
+ type sysfs_mem_sleep, fs_type, sysfs_type;
+')
+## END Types added in 202504 in public/file.te
diff --git a/private/file_contexts b/private/file_contexts
index d6f7113..7e7ae7c 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -256,7 +256,6 @@
/system/bin/init u:object_r:init_exec:s0
# TODO(/123600489): merge mini-keyctl into toybox
/system/bin/mini-keyctl -- u:object_r:toolbox_exec:s0
-/system/bin/fsverity_init u:object_r:fsverity_init_exec:s0
/system/bin/sload_f2fs -- u:object_r:e2fs_exec:s0
/system/bin/make_f2fs -- u:object_r:e2fs_exec:s0
/system/bin/fsck_msdos -- u:object_r:fsck_exec:s0
diff --git a/private/fsverity_init.te b/private/fsverity_init.te
deleted file mode 100644
index a3765ec..0000000
--- a/private/fsverity_init.te
+++ /dev/null
@@ -1,16 +0,0 @@
-type fsverity_init, domain, coredomain;
-type fsverity_init_exec, exec_type, file_type, system_file_type;
-
-init_daemon_domain(fsverity_init)
-
-# Allow to read /proc/keys for searching key id.
-allow fsverity_init proc_keys:file r_file_perms;
-
-# Ignore denials to access irrelevant keys, as a side effect to access /proc/keys.
-dontaudit fsverity_init domain:key view;
-allow fsverity_init kernel:key { view search write setattr };
-allow fsverity_init fsverity_init:key { view search write };
-
-# Read the on-device signing certificate, to be able to add it to the keyring
-allow fsverity_init odsign:fd use;
-allow fsverity_init odsign_data_file:file { getattr read };
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 3ff1012..a872a04 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -2,6 +2,7 @@
genfscon rootfs / u:object_r:rootfs:s0
# proc labeling can be further refined (longest matching prefix).
genfscon proc / u:object_r:proc:s0
+genfscon proc /allocinfo u:object_r:proc_allocinfo:s0
genfscon proc /asound u:object_r:proc_asound:s0
genfscon proc /bootconfig u:object_r:proc_bootconfig:s0
genfscon proc /buddyinfo u:object_r:proc_buddyinfo:s0
@@ -168,6 +169,9 @@
genfscon sysfs /kernel/dma_heap u:object_r:sysfs_dma_heap:s0
genfscon sysfs /kernel/ion u:object_r:sysfs_ion:s0
genfscon sysfs /kernel/ipv4 u:object_r:sysfs_ipv4:s0
+starting_at_board_api(202504, `
+genfscon sysfs /kernel/mm/cma u:object_r:sysfs_cma:s0
+')
genfscon sysfs /kernel/mm/transparent_hugepage u:object_r:sysfs_transparent_hugepage:s0
genfscon sysfs /kernel/mm/lru_gen/enabled u:object_r:sysfs_lru_gen_enabled:s0
genfscon sysfs /kernel/mm/pgsize_migration/enabled u:object_r:sysfs_pgsize_migration:s0
diff --git a/private/hal_vm_capabilities.te b/private/hal_vm_capabilities.te
new file mode 100644
index 0000000..3197784
--- /dev/null
+++ b/private/hal_vm_capabilities.te
@@ -0,0 +1,9 @@
+# Domain for the VM capability HAL, which is used to allow some pVMs to issue
+# vendor-specific SMCs.
+
+binder_call(hal_vm_capabilities_client, hal_vm_capabilities_server)
+
+hal_attribute_service(hal_vm_capabilities, hal_vm_capabilities_service)
+
+binder_use(hal_vm_capabilities_client)
+binder_use(hal_vm_capabilities_server)
diff --git a/private/init.te b/private/init.te
index 012ef0b..35d7647 100644
--- a/private/init.te
+++ b/private/init.te
@@ -68,6 +68,12 @@
allow init self:perf_event { open cpu };
allow init self:global_capability2_class_set perfmon;
+# Allow opening /proc/kallsyms so that on boot, init can create and retain an
+# fd with the full address visibility (which is evaluated on open and persists
+# for the lifetime of the open file description). This fd can then be shared
+# with other privileged processes.
+allow init proc_kallsyms:file r_file_perms;
+
# Allow init to communicate with snapuserd to transition Virtual A/B devices
# from the first-stage daemon to the second-stage.
allow init snapuserd_socket:sock_file write;
@@ -533,6 +539,7 @@
allow init {
proc # b/67049235 processes /proc/<pid>/* files are mislabeled.
+ proc_allocinfo
proc_bootconfig
proc_cmdline
proc_diskstats
@@ -568,6 +575,7 @@
# init chmod/chown access to /proc files.
allow init {
+ proc_allocinfo
proc_cmdline
proc_bootconfig
proc_kmsg
diff --git a/private/keystore.te b/private/keystore.te
index 014903e..41c29db 100644
--- a/private/keystore.te
+++ b/private/keystore.te
@@ -39,7 +39,7 @@
# can call keystore methods on those references.
allow keystore vold:binder transfer;
-set_prop(keystore, keystore_crash_prop)
+set_prop(keystore, keystore_diagnostics_prop)
# Allow keystore to monitor the `apexd.status` property.
get_prop(keystore, apexd_prop)
@@ -102,6 +102,6 @@
neverallow * keystore:process ptrace;
-# Only keystore can set keystore.crash_count system property. Since init is allowed to set any
-# system property, an exception is added for init as well.
-neverallow { domain -keystore -init } keystore_crash_prop:property_service set;
+# Only keystore can set keystore_diagnostics_prop system properties. Since init is allowed to set
+# any system property, an exception is added for init as well.
+neverallow { domain -keystore -init } keystore_diagnostics_prop:property_service set;
diff --git a/private/netd.te b/private/netd.te
index 8b6ea4c..3b3c697 100644
--- a/private/netd.te
+++ b/private/netd.te
@@ -48,7 +48,7 @@
allow netd system_server:fd use;
-allow netd self:global_capability_class_set { net_admin net_raw kill };
+allow netd self:global_capability_class_set { net_admin net_raw net_bind_service kill };
# Note: fsetid is deliberately not included above. fsetid checks are
# triggered by chmod on a directory or file owned by a group other
# than one of the groups assigned to the current process to see if
diff --git a/private/odsign.te b/private/odsign.te
index f06795c..4af0708 100644
--- a/private/odsign.te
+++ b/private/odsign.te
@@ -51,9 +51,6 @@
# Run odrefresh to refresh ART artifacts
domain_auto_trans(odsign, odrefresh_exec, odrefresh)
-# Run fsverity_init to add key to fsverity keyring
-domain_auto_trans(odsign, fsverity_init_exec, fsverity_init)
-
# Run compos_verify to verify CompOs signatures
domain_auto_trans(odsign, compos_verify_exec, compos_verify)
@@ -65,5 +62,5 @@
set_prop(odsign, ctl_odsign_prop)
# Neverallows
-neverallow { domain -odsign -init -fsverity_init} odsign_data_file:dir ~search;
-neverallow { domain -odsign -init -fsverity_init} odsign_data_file:file *;
+neverallow { domain -odsign -init} odsign_data_file:dir ~search;
+neverallow { domain -odsign -init} odsign_data_file:file *;
diff --git a/private/property.te b/private/property.te
index 92e244d..dec43e1 100644
--- a/private/property.te
+++ b/private/property.te
@@ -30,7 +30,7 @@
system_internal_prop(init_storage_prop)
system_internal_prop(init_svc_debug_prop)
system_internal_prop(kcmdline_prop)
-system_internal_prop(keystore_crash_prop)
+system_internal_prop(keystore_diagnostics_prop)
system_internal_prop(keystore_listen_prop)
system_internal_prop(last_boot_reason_prop)
system_internal_prop(localization_prop)
@@ -77,7 +77,7 @@
system_internal_prop(system_service_enable_prop)
system_internal_prop(ctl_artd_pre_reboot_prop)
system_internal_prop(trusty_security_vm_sys_prop)
-
+system_internal_prop(hint_manager_config_prop)
# Properties which can't be written outside system
system_restricted_prop(bionic_linker_16kb_app_compat_prop)
diff --git a/private/property_contexts b/private/property_contexts
index 1e70fa2..fa82e29 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -251,7 +251,8 @@
traced.oome_heap_session.count u:object_r:traced_oome_heap_session_count_prop:s0 exact uint
# servicemanager properties
-servicemanager.ready u:object_r:servicemanager_prop:s0 exact bool
+servicemanager.ready u:object_r:servicemanager_prop:s0 exact bool
+servicemanager.installed u:object_r:servicemanager_prop:s0 exact bool
# hwservicemanager properties
hwservicemanager. u:object_r:hwservicemanager_prop:s0
@@ -368,9 +369,9 @@
ro.prefetch_boot.duration_s u:object_r:prefetch_boot_prop:s0 exact int
ro.prefetch_boot.io_depth u:object_r:prefetch_boot_prop:s0 exact int
ro.prefetch_boot.max_fds u:object_r:prefetch_boot_prop:s0 exact int
-ro.prefetch_boot.record_stop u:object_r:prefetch_boot_prop:s0 exact bool
# Prefetch property to start and stop the record/replay
prefetch_boot.record u:object_r:prefetch_service_prop:s0 exact bool
+prefetch_boot.record_stop u:object_r:prefetch_boot_prop:s0 exact bool
prefetch_boot.replay u:object_r:prefetch_service_prop:s0 exact bool
# Virtual A/B and snapuserd properties
@@ -622,6 +623,7 @@
persist.bluetooth.btsnoopdefaultmode u:object_r:bluetooth_prop:s0 exact enum empty disabled filtered full
persist.bluetooth.btsnooplogmode u:object_r:bluetooth_prop:s0 exact enum empty disabled filtered full
persist.bluetooth.finder.supported u:object_r:bluetooth_finder_prop:s0 exact bool
+persist.bluetooth.sniff_offload.enabled u:object_r:bluetooth_config_prop:s0 exact bool
persist.bluetooth.snooplogfilter.headers.enabled u:object_r:bluetooth_prop:s0 exact bool
persist.bluetooth.snooplogfilter.profiles.a2dp.enabled u:object_r:bluetooth_prop:s0 exact bool
persist.bluetooth.snooplogfilter.profiles.map u:object_r:bluetooth_prop:s0 exact enum empty disabled fullfilter header magic
@@ -704,6 +706,7 @@
bluetooth.core.le.max_connection_interval_relaxed u:object_r:bluetooth_config_prop:s0 exact uint
bluetooth.core.le.min_connection_interval_aggressive u:object_r:bluetooth_config_prop:s0 exact uint
bluetooth.core.le.max_connection_interval_aggressive u:object_r:bluetooth_config_prop:s0 exact uint
+bluetooth.core.le.aggressive_connection_threshold u:object_r:bluetooth_config_prop:s0 exact uint
bluetooth.core.le.connection_latency u:object_r:bluetooth_config_prop:s0 exact uint
bluetooth.core.le.connection_supervision_timeout u:object_r:bluetooth_config_prop:s0 exact uint
bluetooth.core.le.direct_connection_timeout u:object_r:bluetooth_config_prop:s0 exact uint
@@ -776,6 +779,7 @@
ro.apk_verity.mode u:object_r:apk_verity_prop:s0 exact int
ro.bluetooth.a2dp_offload.supported u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool
+ro.bluetooth.leaudio_offload.supported u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool
ro.boot.vendor.overlay.theme u:object_r:exported_overlay_prop:s0 exact string
@@ -800,6 +804,7 @@
ro.crypto.dm_default_key.options_format.version u:object_r:vold_config_prop:s0 exact int
ro.crypto.fde_algorithm u:object_r:vold_config_prop:s0 exact string
ro.crypto.fde_sector_size u:object_r:vold_config_prop:s0 exact int
+ro.crypto.hw_wrapped_keys.kdf u:object_r:vold_config_prop:s0 exact string
ro.crypto.metadata_init_delete_all_keys.enabled u:object_r:vold_config_prop:s0 exact bool
ro.crypto.scrypt_params u:object_r:vold_config_prop:s0 exact string
ro.crypto.set_dun u:object_r:vold_config_prop:s0 exact bool
@@ -1604,8 +1609,11 @@
# Broadcast boot stages, which keystore listens to
keystore.boot_level u:object_r:keystore_listen_prop:s0 exact int
-# Property that tracks keystore crash counts during a boot cycle.
-keystore.crash_count u:object_r:keystore_crash_prop:s0 exact int
+# Tracks keystore crash counts during a boot cycle.
+keystore.crash_count u:object_r:keystore_diagnostics_prop:s0 exact int
+
+# Tracks whether Keystore has successfully sent the module info hash to (V4+) KeyMints.
+keystore.module_hash.sent u:object_r:keystore_diagnostics_prop:s0 exact bool
# Configure the means by which we protect the L0 key from the future
ro.keystore.boot_level_key.strategy u:object_r:keystore_config_prop:s0 exact string
@@ -1717,7 +1725,7 @@
persist.vendor.fingerprint.virtual.sensor_id u:object_r:virtual_fingerprint_prop:s0 exact int
persist.vendor.fingerprint.virtual.sensor_strength u:object_r:virtual_fingerprint_prop:s0 exact int
persist.vendor.fingerprint.virtual.max_enrollments u:object_r:virtual_fingerprint_prop:s0 exact int
-persist.vendor.fingerprint.virtual.navigation_guesture u:object_r:virtual_fingerprint_prop:s0 exact bool
+persist.vendor.fingerprint.virtual.navigation_gesture u:object_r:virtual_fingerprint_prop:s0 exact bool
persist.vendor.fingerprint.virtual.detect_interaction u:object_r:virtual_fingerprint_prop:s0 exact bool
persist.vendor.fingerprint.virtual.udfps.display_touch u:object_r:virtual_fingerprint_prop:s0 exact bool
persist.vendor.fingerprint.virtual.udfps.control_illumination u:object_r:virtual_fingerprint_prop:s0 exact bool
@@ -1764,6 +1772,13 @@
# Properties for game manager service
persist.graphics.game_default_frame_rate.enabled u:object_r:game_manager_config_prop:s0 exact bool
+# Properties for the HintManagerService
+persist.hms.use_hal_headrooms u:object_r:hint_manager_config_prop:s0 exact bool
+persist.hms.check_headroom_tid u:object_r:hint_manager_config_prop:s0 exact bool
+persist.hms.check_headroom_affinity u:object_r:hint_manager_config_prop:s0 exact bool
+persist.hms.check_headroom_proc_stat_min_millis u:object_r:hint_manager_config_prop:s0 exact int
+persist.hms.cpu_headroom_tid_max_cnt u:object_r:hint_manager_config_prop:s0 exact int
+
# Properties for ThreadNetworkService
threadnetwork.country_code u:object_r:threadnetwork_config_prop:s0 exact string
diff --git a/private/service.te b/private/service.te
index dde4bd2..6912eb9 100644
--- a/private/service.te
+++ b/private/service.te
@@ -60,9 +60,19 @@
')
type uce_service, service_manager_type;
+type fwk_vold_service, service_manager_type;
type wearable_sensing_service, app_api_service, system_server_service, service_manager_type;
type wifi_mainline_supplicant_service, service_manager_type;
type dynamic_instrumentation_service, app_api_service, system_server_service, service_manager_type;
+type advanced_protection_service, app_api_service, system_server_service, service_manager_type;
+
+is_flag_enabled(RELEASE_RANGING_STACK, `
+ type ranging_service, app_api_service, system_server_service, service_manager_type;
+')
+
+until_board_api(202504, `
+ type hal_vm_capabilities_service, protected_service, hal_service_type, service_manager_type;
+')
###
### Neverallow rules
diff --git a/private/service_contexts b/private/service_contexts
index 2e050eb..c72f9b0 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -138,9 +138,12 @@
android.hardware.secure_element.ISecureElement/SIM3 u:object_r:hal_secure_element_service:s0
android.hardware.security.secretkeeper.ISecretkeeper/default u:object_r:hal_secretkeeper_service:s0
android.hardware.security.secretkeeper.ISecretkeeper/nonsecure u:object_r:hal_secretkeeper_service:s0
+android.hardware.virtualization.capabilities.IVmCapabilitiesService/default u:object_r:hal_vm_capabilities_service:s0
+android.hardware.virtualization.capabilities.IVmCapabilitiesService/noop u:object_r:hal_vm_capabilities_service:s0
android.system.keystore2.IKeystoreService/default u:object_r:keystore_service:s0
android.system.net.netd.INetd/default u:object_r:system_net_netd_service:s0
android.system.suspend.ISystemSuspend/default u:object_r:hal_system_suspend_service:s0
+android.system.vold.IVold/default u:object_r:fwk_vold_service:s0
accessibility u:object_r:accessibility_service:s0
account u:object_r:account_service:s0
@@ -148,9 +151,7 @@
activity_task u:object_r:activity_task_service:s0
adb u:object_r:adb_service:s0
adservices_manager u:object_r:adservices_manager_service:s0
-starting_at_board_api(202504, `
- advanced_protection u:object_r:advanced_protection_service:s0
-')
+advanced_protection u:object_r:advanced_protection_service:s0
aidl_lazy_test_1 u:object_r:aidl_lazy_test_service:s0
aidl_lazy_test_2 u:object_r:aidl_lazy_test_service:s0
aidl_lazy_test_quit u:object_r:aidl_lazy_test_service:s0
@@ -278,9 +279,6 @@
file_integrity u:object_r:file_integrity_service:s0
fingerprint u:object_r:fingerprint_service:s0
font u:object_r:font_service:s0
-starting_at_board_api(202504, `
- forensic u:object_r:forensic_service:s0
-')
android.hardware.fingerprint.IFingerprintDaemon u:object_r:fingerprintd_service:s0
game u:object_r:game_service:s0
gfxinfo u:object_r:gfxinfo_service:s0
diff --git a/private/shell.te b/private/shell.te
index 890d6f4..2033f7e 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -444,6 +444,9 @@
# Allow reads (but not writes) of the MGLRU state
allow shell sysfs_lru_gen_enabled:file r_file_perms;
+# Allow reads (but not writes) of mem_sleep to determine suspend mechanism
+allow shell sysfs_mem_sleep:file r_file_perms;
+
# Allow communicating with the VM terminal.
userdebug_or_eng(`
allow shell vmlauncher_app_devpts:chr_file rw_file_perms;
diff --git a/private/su.te b/private/su.te
index 1e2adef..247fd0b 100644
--- a/private/su.te
+++ b/private/su.te
@@ -127,6 +127,7 @@
typeattribute su hal_tv_tuner_client;
typeattribute su hal_usb_client;
typeattribute su hal_vibrator_client;
+ typeattribute su hal_vm_capabilities_client;
typeattribute su hal_vr_client;
typeattribute su hal_weaver_client;
typeattribute su hal_wifi_client;
diff --git a/private/system_app.te b/private/system_app.te
index 93be46f..9a70375 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -70,6 +70,9 @@
# Allow developer settings to check 16k pages boot option status
get_prop(system_app, enable_16k_pages_prop)
+# Allow developer settings to check virtualization capabilities
+get_prop(system_app, hypervisor_prop)
+
# Create /data/anr/traces.txt.
allow system_app anr_data_file:dir ra_dir_perms;
allow system_app anr_data_file:file create_file_perms;
diff --git a/private/system_server.te b/private/system_server.te
index 01097f2..20556ab 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -243,6 +243,11 @@
# Read /sys/kernel/dma_heap/*.
allow system_server sysfs_dma_heap:file r_file_perms;
+# Read /sys/kernel/mm/cma/*.
+starting_at_board_api(202504, `
+allow system_server sysfs_cma:file r_file_perms;
+')
+
# Allow reading DMA-BUF sysfs stats from /sys/kernel/dmabuf.
allow system_server sysfs_dmabuf_stats:dir r_dir_perms;
allow system_server sysfs_dmabuf_stats:file r_file_perms;
@@ -1651,6 +1656,16 @@
# Allow GameManagerService to read and write persist.graphics.game_default_frame_rate.enabled
set_prop(system_server, game_manager_config_prop)
+# Allow system server to write HintManagerService properties
+set_prop(system_server, hint_manager_config_prop)
+neverallow {
+ domain
+ -init
+ -vendor_init
+ -system_server
+ userdebug_or_eng(`-shell')
+} hint_manager_config_prop:property_service set;
+
# ThreadNetworkService reads Thread Network properties
get_prop(system_server, threadnetwork_config_prop)
diff --git a/private/system_suspend_internal_server.te b/private/system_suspend_internal_server.te
index 67bff77..8ff9da9 100644
--- a/private/system_suspend_internal_server.te
+++ b/private/system_suspend_internal_server.te
@@ -7,5 +7,6 @@
-dumpstate # bug reports
-system_suspend_internal_server # implements system_suspend_control_internal_service
-system_server # configures system_suspend via ISuspendControlServiceInternal
+ -traced_probes # tracing
-traceur_app # tracing
} system_suspend_control_internal_service:service_manager find;
diff --git a/private/traced_perf.te b/private/traced_perf.te
index c7e81cd..8bd7ad3 100644
--- a/private/traced_perf.te
+++ b/private/traced_perf.te
@@ -35,10 +35,13 @@
r_dir_file(traced_perf, apex_art_data_file)
allow traced_perf apex_module_data_file:dir { getattr search };
-# Allow to temporarily lift the kptr_restrict setting and build a symbolization
-# map reading /proc/kallsyms.
+# For kernel address symbolisation. Allow reading from /proc/kallsyms inherited
+# from init, as well as separately opening and locking the file for
+# coordinating the use of that shared fd.
+# On debuggable builds, allow using lower_kptr_restrict_prop to temporarily
+# lift kptr_restrict systemwide.
userdebug_or_eng(`set_prop(traced_perf, lower_kptr_restrict_prop)')
-allow traced_perf proc_kallsyms:file r_file_perms;
+allow traced_perf proc_kallsyms:file { open read lock };
# Allow reading tracefs files to get the format and numeric ids of tracepoints.
allow traced_perf debugfs_tracing:dir r_dir_perms;
diff --git a/private/traced_probes.te b/private/traced_probes.te
index 6540420..6a42eb2 100644
--- a/private/traced_probes.te
+++ b/private/traced_probes.te
@@ -35,10 +35,13 @@
# Allow procfs access
r_dir_file(traced_probes, domain)
-# Allow to temporarily lift the kptr_restrict setting and build a symbolization
-# map reading /proc/kallsyms.
+# For kernel address symbolisation. Allow reading from /proc/kallsyms inherited
+# from init, as well as separately opening and locking the file for
+# coordinating the use of that shared fd.
+# On debuggable builds, allow using lower_kptr_restrict_prop to temporarily
+# lift kptr_restrict systemwide.
userdebug_or_eng(`set_prop(traced_probes, lower_kptr_restrict_prop)')
-allow traced_probes proc_kallsyms:file r_file_perms;
+allow traced_probes proc_kallsyms:file { open read lock };
# Allow to read packages.list file.
allow traced_probes packages_list_file:file r_file_perms;
@@ -111,6 +114,10 @@
binder_call(traced_probes, statsd)
allow traced_probes stats_service:service_manager find;
+# Allow traced_probes to talk to suspend control service to read details of kernel wakelocks.
+allow traced_probes system_suspend_control_internal_service:service_manager find;
+allow traced_probes system_suspend:binder call;
+
# Allow reading the system property representing number of desktop windows to
# set the initial value for the counter in traces.
get_prop(traced_probes, debug_tracing_desktop_mode_visible_tasks_prop)
diff --git a/private/vendor_init.te b/private/vendor_init.te
index a50bc27..60962d4 100644
--- a/private/vendor_init.te
+++ b/private/vendor_init.te
@@ -116,6 +116,7 @@
-aconfig_storage_metadata_file
-aconfig_storage_flags_metadata_file
-tradeinmode_metadata_file
+ -proc_kallsyms
enforce_debugfs_restriction(`-debugfs_type')
}:file { create getattr open read write setattr relabelfrom unlink map };
@@ -195,6 +196,7 @@
-proc_uid_time_in_state
-proc_uid_concurrent_active_time
-proc_uid_concurrent_policy_time
+ -proc_kallsyms
enforce_debugfs_restriction(`-debugfs_type')
}:file { open read setattr map };
diff --git a/private/virtual_camera.te b/private/virtual_camera.te
index c4fa6a1..9b64c63 100644
--- a/private/virtual_camera.te
+++ b/private/virtual_camera.te
@@ -1,7 +1,10 @@
# virtual_camera - virtual camera daemon
-type virtual_camera, domain, coredomain;
-type virtual_camera_exec, system_file_type, exec_type, file_type;
+# The types are moved to public starting at 202502
+until_board_api(202504, `
+ type virtual_camera, domain, coredomain;
+ type virtual_camera_exec, system_file_type, exec_type, file_type;
+')
init_daemon_domain(virtual_camera)
@@ -55,3 +58,6 @@
allow virtual_camera adbd:fd use;
allow virtual_camera adbd:unix_stream_socket { getattr read write };
allow virtual_camera shell:fifo_file { getattr read write };
+
+# Allow virtual_camera to access dmabuf_system_heap_device
+allow virtual_camera dmabuf_system_heap_device:chr_file { read open };
diff --git a/private/virtualizationmanager.te b/private/virtualizationmanager.te
index ca72279..259c402 100644
--- a/private/virtualizationmanager.te
+++ b/private/virtualizationmanager.te
@@ -1,7 +1,7 @@
-# Domain for a child process that manages virtual machines on behalf of its parent.
-
-type virtualizationmanager, domain, coredomain;
-type virtualizationmanager_exec, system_file_type, exec_type, file_type;
+until_board_api(202504, `
+ type virtualizationmanager, domain, coredomain;
+ type virtualizationmanager_exec, system_file_type, exec_type, file_type;
+')
# Allow virtualizationmanager to communicate use, read and write over the adb connection.
allow virtualizationmanager adbd:fd use;
diff --git a/private/vold.te b/private/vold.te
index c242040..8fe8518 100644
--- a/private/vold.te
+++ b/private/vold.te
@@ -291,9 +291,10 @@
# Allow vold to use wake locks. Needed for idle maintenance and moving storage.
wakelock_use(vold)
-# Allow vold to publish a binder service and make binder calls.
+# Allow vold to make binder calls and publish binder services.
binder_use(vold)
add_service(vold, vold_service)
+add_service(vold, fwk_vold_service)
# Allow vold to call into the system server so it can check permissions.
binder_call(vold, system_server)
diff --git a/public/attributes b/public/attributes
index 6e11b86..bc58e40 100644
--- a/public/attributes
+++ b/public/attributes
@@ -250,6 +250,16 @@
attribute socket_between_core_and_vendor_violators;
expandattribute socket_between_core_and_vendor_violators false;
+starting_at_board_api(202504, `
+# All vsock communication is required to go through AVF so that we can
+# have a consistent permission model for which is allowed to talk to
+# which. This breaks Treble as well as updatability of VMs and
+# other components.
+# TODO(b/347661724): Remove this once there are no violations.
+attribute unconstrained_vsock_violators;
+expandattribute unconstrained_vsock_violators false;
+')
+
# All vendor domains which violate the requirement of not executing
# system processes
# TODO(b/36463595)
@@ -457,3 +467,8 @@
starting_at_board_api(202504, `
attribute tee_service_type;
')
+
+# HAL service used for custom smc filtering project
+starting_at_board_api(202504, `
+ hal_attribute(vm_capabilities);
+')
diff --git a/public/crosvm.te b/public/crosvm.te
new file mode 100644
index 0000000..174a8b2
--- /dev/null
+++ b/public/crosvm.te
@@ -0,0 +1,7 @@
+starting_at_board_api(202504, `
+ type crosvm, domain, coredomain;
+')
+
+# system/sepolicy/public is for vendor-facing type and attribute definitions.
+# DO NOT ADD allow, neverallow, or dontaudit statements here.
+# Instead, add such policy rules to system/sepolicy/private/*.te.
diff --git a/public/early_virtmgr.te b/public/early_virtmgr.te
new file mode 100644
index 0000000..6caac18
--- /dev/null
+++ b/public/early_virtmgr.te
@@ -0,0 +1,12 @@
+is_flag_enabled(RELEASE_AVF_ENABLE_EARLY_VM, `
+ # Domain for a child process that manages early VMs available before /data mount, on behalf of
+ # its parent.
+ starting_at_board_api(202504, `
+ type early_virtmgr, domain, coredomain;
+ type early_virtmgr_exec, system_file_type, exec_type, file_type;
+ ')
+')
+
+# system/sepolicy/public is for vendor-facing type and attribute definitions.
+# DO NOT ADD allow, neverallow, or dontaudit statements here.
+# Instead, add such policy rules to system/sepolicy/private/*.te.
diff --git a/public/file.te b/public/file.te
index 94483a3..7a8e3af 100644
--- a/public/file.te
+++ b/public/file.te
@@ -103,6 +103,11 @@
type sysfs_uio, sysfs_type, fs_type;
type sysfs_batteryinfo, fs_type, sysfs_type;
type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject;
+
+starting_at_board_api(202504, `
+ type sysfs_cma, fs_type, sysfs_type;
+')
+
type sysfs_devfreq_cur, fs_type, sysfs_type;
type sysfs_devfreq_dir, fs_type, sysfs_type;
type sysfs_devices_block, fs_type, sysfs_type;
@@ -124,6 +129,11 @@
type sysfs_net, fs_type, sysfs_type;
type sysfs_power, fs_type, sysfs_type;
type sysfs_rtc, fs_type, sysfs_type;
+
+starting_at_board_api(202504, `
+ type sysfs_mem_sleep, fs_type, sysfs_type;
+')
+
type sysfs_suspend_stats, fs_type, sysfs_type;
type sysfs_switch, fs_type, sysfs_type;
type sysfs_sync_on_suspend, fs_type, sysfs_type;
diff --git a/public/service.te b/public/service.te
index 312c592..db79fdf 100644
--- a/public/service.te
+++ b/public/service.te
@@ -66,9 +66,6 @@
type activity_task_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type adb_service, system_api_service, system_server_service, service_manager_type;
type adservices_manager_service, system_api_service, system_server_service, service_manager_type;
-starting_at_board_api(202504, `
- type advanced_protection_service, app_api_service, system_server_service, service_manager_type;
-')
type alarm_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type app_binding_service, system_server_service, service_manager_type;
starting_at_board_api(202504, `
@@ -144,9 +141,6 @@
type platform_compat_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type face_service, app_api_service, system_server_service, service_manager_type;
type fingerprint_service, app_api_service, system_server_service, service_manager_type;
-starting_at_board_api(202504, `
- type forensic_service, app_api_service, system_api_service, system_server_service, service_manager_type;
-')
type fwk_altitude_service, system_server_service, service_manager_type;
type fwk_stats_service, app_api_service, system_server_service, service_manager_type;
type fwk_sensor_service, system_server_service, service_manager_type;
@@ -217,9 +211,6 @@
type print_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type processinfo_service, system_server_service, service_manager_type;
type procstats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
-is_flag_enabled(RELEASE_RANGING_STACK, `
- type ranging_service, app_api_service, system_server_service, service_manager_type;
-')
type reboot_readiness_service, app_api_service, system_server_service, service_manager_type;
type recovery_service, system_server_service, service_manager_type;
type registry_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
@@ -378,6 +369,9 @@
type hal_wifi_hostapd_service, protected_service, hal_service_type, service_manager_type;
type hal_wifi_supplicant_service, protected_service, hal_service_type, service_manager_type;
type hal_gatekeeper_service, protected_service, hal_service_type, service_manager_type;
+starting_at_board_api(202504, `
+ type hal_vm_capabilities_service, protected_service, hal_service_type, service_manager_type;
+')
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
diff --git a/public/te_macros b/public/te_macros
index e446f56..2ba15b3 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -201,6 +201,10 @@
get_prop($1, hypervisor_prop)
# Allow client to read (but not open) the crashdump provided by virtualizationmanager
allow $1 virtualizationservice_data_file:file { getattr read };
+# Allow virtualizationmanager to read the path of the client using /proc/{PID}/exe
+allow virtualizationmanager $1:dir search;
+allow virtualizationmanager $1:file read;
+allow virtualizationmanager $1:lnk_file read;
')
####################################
diff --git a/public/virtual_camera.te b/public/virtual_camera.te
new file mode 100644
index 0000000..1c9e9d6
--- /dev/null
+++ b/public/virtual_camera.te
@@ -0,0 +1,10 @@
+# virtual_camera - virtual camera daemon
+
+starting_at_board_api(202504, `
+ type virtual_camera, domain, coredomain;
+ type virtual_camera_exec, system_file_type, exec_type, file_type;
+')
+
+# system/sepolicy/public is for vendor-facing type and attribute definitions.
+# DO NOT ADD allow, neverallow, or dontaudit statements here.
+# Instead, add such policy rules to system/sepolicy/private/*.te.
diff --git a/public/virtualizationmanager.te b/public/virtualizationmanager.te
new file mode 100644
index 0000000..555bc23
--- /dev/null
+++ b/public/virtualizationmanager.te
@@ -0,0 +1,9 @@
+# Domain for a child process that manages virtual machines on behalf of its parent.
+starting_at_board_api(202504, `
+ type virtualizationmanager, domain, coredomain;
+ type virtualizationmanager_exec, system_file_type, exec_type, file_type;
+')
+
+# system/sepolicy/public is for vendor-facing type and attribute definitions.
+# DO NOT ADD allow, neverallow, or dontaudit statements here.
+# Instead, add such policy rules to system/sepolicy/private/*.te.
diff --git a/tests/apex_sepolicy_tests.py b/tests/apex_sepolicy_tests.py
index 26082cb..d8c5c2b 100644
--- a/tests/apex_sepolicy_tests.py
+++ b/tests/apex_sepolicy_tests.py
@@ -29,7 +29,7 @@
import sys
import tempfile
from dataclasses import dataclass
-from typing import List
+from typing import Callable, List
import policy
@@ -61,7 +61,12 @@
pass
-Matcher = Is | Glob | Regex | BinaryFile
+@dataclass
+class MatchPred:
+ pred: Callable[[str], bool]
+
+
+Matcher = Is | Glob | Regex | BinaryFile | MatchPred
# predicate functions for Func matcher
@@ -87,7 +92,13 @@
labels: set[str]
-Rule = AllowPerm | ResolveType | NotAnyOf
+@dataclass
+class HasAttr:
+ """Rule checking if the context has the specified attribute"""
+ attr: str
+
+
+Rule = AllowPerm | ResolveType | NotAnyOf | HasAttr
# Helper for 'read'
@@ -104,8 +115,10 @@
return pathlib.PurePath(path).match(pattern)
case Regex(pattern):
return re.match(pattern, path)
- case BinaryFile:
+ case BinaryFile():
return path.startswith('./bin/') and not path.endswith('/')
+ case MatchPred(pred):
+ return pred(path)
def check_rule(pol, path: str, tcontext: str, rule: Rule) -> List[str]:
@@ -129,6 +142,9 @@
case NotAnyOf(labels):
if tcontext in labels:
errors.append(f"Error: {path}: can't be labelled as '{tcontext}'")
+ case HasAttr(attr):
+ if tcontext not in pol.QueryTypeAttribute(attr, True):
+ errors.append(f"Error: {path}: tcontext({tcontext}) must be associated with {attr}")
return errors
@@ -139,7 +155,7 @@
generic_rules = [
# binaries should be executable
- (BinaryFile, NotAnyOf({'vendor_file'})),
+ (BinaryFile(), NotAnyOf({'vendor_file'})),
# permissions
(Is('./etc/permissions/'), AllowRead('dir', {'system_server'})),
(Glob('./etc/permissions/*.xml'), AllowRead('file', {'system_server'})),
@@ -159,6 +175,25 @@
all_rules = target_specific_rules + generic_rules
+def base_attr_for(partition):
+ if partition in ['system', 'system_ext', 'product']:
+ return 'system_file_type'
+ elif partition in ['vendor', 'odm']:
+ return 'vendor_file_type'
+ else:
+ sys.exit(f"Error: invalid partition: {partition}\n")
+
+
+def system_vendor_rule(partition):
+ exceptions = [
+ "./etc/linkerconfig.pb"
+ ]
+ def pred(path):
+ return path not in exceptions
+
+ return pred, HasAttr(base_attr_for(partition))
+
+
def check_line(pol: policy.Policy, line: str, rules) -> List[str]:
"""Parses a file_contexts line and runs checks"""
# skip empty/comment line
@@ -197,7 +232,8 @@
"""Do testing"""
parser = argparse.ArgumentParser()
parser.add_argument('--all', action='store_true', help='tests ALL aspects')
- parser.add_argument('-f', '--file_contexts', help='output of "deapexer list -Z"')
+ parser.add_argument('-f', '--file_contexts', required=True, help='output of "deapexer list -Z"')
+ parser.add_argument('-p', '--partition', help='partition to check Treble violations')
args = parser.parse_args()
lib_path = extract_data(LIBSEPOLWRAP, work_dir)
@@ -209,6 +245,9 @@
else:
rules = generic_rules
+ if args.partition:
+ rules.append(system_vendor_rule(args.partition))
+
errors = []
with open(args.file_contexts, 'rt', encoding='utf-8') as file_contexts:
for line in file_contexts:
diff --git a/tests/apex_sepolicy_tests_test.py b/tests/apex_sepolicy_tests_test.py
index 727a023..2a92aee 100644
--- a/tests/apex_sepolicy_tests_test.py
+++ b/tests/apex_sepolicy_tests_test.py
@@ -106,7 +106,7 @@
self.assert_ok('./bin/init u:object_r:init_exec:s0')
self.assert_ok('./bin/hw/svc u:object_r:init_exec:s0')
self.assert_error('./bin/hw/svc u:object_r:vendor_file:s0',
- r"Error: .*svc: can\'t be labelled as \'vendor_file\'")
+ r'Error: .*svc: can\'t be labelled as \'vendor_file\'')
if __name__ == '__main__':
unittest.main(verbosity=2)
diff --git a/treble_sepolicy_tests_for_release/Android.bp b/treble_sepolicy_tests_for_release/Android.bp
index 7756cbb..d27dc56 100644
--- a/treble_sepolicy_tests_for_release/Android.bp
+++ b/treble_sepolicy_tests_for_release/Android.bp
@@ -38,12 +38,12 @@
srcs: [
":29.0_plat_policy.cil",
":29.0_mapping.combined.cil",
- ":29.0_plat_pub_policy.cil",
+ ":base_plat_pub_policy.cil",
],
tools: ["treble_sepolicy_tests"],
out: ["treble_sepolicy_tests_29.0"],
cmd: "$(location treble_sepolicy_tests) " +
- "-b $(location :29.0_plat_pub_policy.cil) " +
+ "-b $(location :base_plat_pub_policy.cil) " +
"-m $(location :29.0_mapping.combined.cil) " +
"-o $(location :29.0_plat_policy.cil) && " +
"touch $(out)",
@@ -92,8 +92,8 @@
soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"),
soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"),
), {
- (false, false): [":30.0_plat_pub_policy.cil"],
- (default, default): [":30.0_product_pub_policy.cil"],
+ (false, false): [":base_plat_pub_policy.cil"],
+ (default, default): [":base_product_pub_policy.cil"],
}),
tools: ["treble_sepolicy_tests"],
out: ["treble_sepolicy_tests_30.0"],
@@ -102,12 +102,12 @@
soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"),
), {
(false, false): "$(location treble_sepolicy_tests) " +
- "-b $(location :30.0_plat_pub_policy.cil) " +
+ "-b $(location :base_plat_pub_policy.cil) " +
"-m $(location :30.0_mapping.combined.cil) " +
"-o $(location :30.0_plat_policy.cil) && " +
"touch $(out)",
(default, default): "$(location treble_sepolicy_tests) " +
- "-b $(location :30.0_product_pub_policy.cil) " +
+ "-b $(location :base_product_pub_policy.cil) " +
"-m $(location :30.0_mapping.combined.cil) " +
"-o $(location :30.0_plat_policy.cil) && " +
"touch $(out)",
@@ -157,8 +157,8 @@
soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"),
soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"),
), {
- (false, false): [":31.0_plat_pub_policy.cil"],
- (default, default): [":31.0_product_pub_policy.cil"],
+ (false, false): [":base_plat_pub_policy.cil"],
+ (default, default): [":base_product_pub_policy.cil"],
}),
tools: ["treble_sepolicy_tests"],
out: ["treble_sepolicy_tests_31.0"],
@@ -167,12 +167,12 @@
soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"),
), {
(false, false): "$(location treble_sepolicy_tests) " +
- "-b $(location :31.0_plat_pub_policy.cil) " +
+ "-b $(location :base_plat_pub_policy.cil) " +
"-m $(location :31.0_mapping.combined.cil) " +
"-o $(location :31.0_plat_policy.cil) && " +
"touch $(out)",
(default, default): "$(location treble_sepolicy_tests) " +
- "-b $(location :31.0_product_pub_policy.cil) " +
+ "-b $(location :base_product_pub_policy.cil) " +
"-m $(location :31.0_mapping.combined.cil) " +
"-o $(location :31.0_plat_policy.cil) && " +
"touch $(out)",
@@ -222,8 +222,8 @@
soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"),
soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"),
), {
- (false, false): [":32.0_plat_pub_policy.cil"],
- (default, default): [":32.0_product_pub_policy.cil"],
+ (false, false): [":base_plat_pub_policy.cil"],
+ (default, default): [":base_product_pub_policy.cil"],
}),
tools: ["treble_sepolicy_tests"],
out: ["treble_sepolicy_tests_32.0"],
@@ -232,12 +232,12 @@
soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"),
), {
(false, false): "$(location treble_sepolicy_tests) " +
- "-b $(location :32.0_plat_pub_policy.cil) " +
+ "-b $(location :base_plat_pub_policy.cil) " +
"-m $(location :32.0_mapping.combined.cil) " +
"-o $(location :32.0_plat_policy.cil) && " +
"touch $(out)",
(default, default): "$(location treble_sepolicy_tests) " +
- "-b $(location :32.0_product_pub_policy.cil) " +
+ "-b $(location :base_product_pub_policy.cil) " +
"-m $(location :32.0_mapping.combined.cil) " +
"-o $(location :32.0_plat_policy.cil) && " +
"touch $(out)",
@@ -287,8 +287,8 @@
soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"),
soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"),
), {
- (false, false): [":33.0_plat_pub_policy.cil"],
- (default, default): [":33.0_product_pub_policy.cil"],
+ (false, false): [":base_plat_pub_policy.cil"],
+ (default, default): [":base_product_pub_policy.cil"],
}),
tools: ["treble_sepolicy_tests"],
out: ["treble_sepolicy_tests_33.0"],
@@ -297,12 +297,12 @@
soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"),
), {
(false, false): "$(location treble_sepolicy_tests) " +
- "-b $(location :33.0_plat_pub_policy.cil) " +
+ "-b $(location :base_plat_pub_policy.cil) " +
"-m $(location :33.0_mapping.combined.cil) " +
"-o $(location :33.0_plat_policy.cil) && " +
"touch $(out)",
(default, default): "$(location treble_sepolicy_tests) " +
- "-b $(location :33.0_product_pub_policy.cil) " +
+ "-b $(location :base_product_pub_policy.cil) " +
"-m $(location :33.0_mapping.combined.cil) " +
"-o $(location :33.0_plat_policy.cil) && " +
"touch $(out)",
@@ -352,8 +352,8 @@
soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"),
soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"),
), {
- (false, false): [":34.0_plat_pub_policy.cil"],
- (default, default): [":34.0_product_pub_policy.cil"],
+ (false, false): [":base_plat_pub_policy.cil"],
+ (default, default): [":base_product_pub_policy.cil"],
}),
tools: ["treble_sepolicy_tests"],
out: ["treble_sepolicy_tests_34.0"],
@@ -362,12 +362,12 @@
soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"),
), {
(false, false): "$(location treble_sepolicy_tests) " +
- "-b $(location :34.0_plat_pub_policy.cil) " +
+ "-b $(location :base_plat_pub_policy.cil) " +
"-m $(location :34.0_mapping.combined.cil) " +
"-o $(location :34.0_plat_policy.cil) && " +
"touch $(out)",
(default, default): "$(location treble_sepolicy_tests) " +
- "-b $(location :34.0_product_pub_policy.cil) " +
+ "-b $(location :base_product_pub_policy.cil) " +
"-m $(location :34.0_mapping.combined.cil) " +
"-o $(location :34.0_plat_policy.cil) && " +
"touch $(out)",
@@ -422,8 +422,8 @@
soong_config_variable("ANDROID", "HAS_BOARD_SYSTEM_EXT_PREBUILT_DIR"),
soong_config_variable("ANDROID", "HAS_BOARD_PRODUCT_PREBUILT_DIR"),
), {
- (false, false): [":202404_plat_pub_policy.cil"],
- (default, default): [":202404_product_pub_policy.cil"],
+ (false, false): [":base_plat_pub_policy.cil"],
+ (default, default): [":base_product_pub_policy.cil"],
}),
tools: ["treble_sepolicy_tests"],
out: ["treble_sepolicy_tests_202404"],
@@ -435,12 +435,12 @@
("202404", false, false): "touch $(out)",
("202404", default, default): "touch $(out)",
(default, false, false): "$(location treble_sepolicy_tests) " +
- "-b $(location :202404_plat_pub_policy.cil) " +
+ "-b $(location :base_plat_pub_policy.cil) " +
"-m $(location :202404_mapping.combined.cil) " +
"-o $(location :202404_plat_policy.cil) && " +
"touch $(out)",
(default, default, default): "$(location treble_sepolicy_tests) " +
- "-b $(location :202404_product_pub_policy.cil) " +
+ "-b $(location :base_product_pub_policy.cil) " +
"-m $(location :202404_mapping.combined.cil) " +
"-o $(location :202404_plat_policy.cil) && " +
"touch $(out)",
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 220fbd2..b0c7a37 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -207,3 +207,4 @@
/(vendor|system/vendor)/lib(64)?/libutils\.so u:object_r:same_process_hal_file:s0
/(vendor|system/vendor)/lib(64)?/libutilscallstack\.so u:object_r:same_process_hal_file:s0
/(vendor|system/vendor)/lib(64)?/libz\.so u:object_r:same_process_hal_file:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.virtualization\.capabilities\.capabilities_service-noop u:object_r:hal_vm_capabilities_default_exec:s0
diff --git a/vendor/hal_bluetooth_default.te b/vendor/hal_bluetooth_default.te
index efa75a7..2b3729d 100644
--- a/vendor/hal_bluetooth_default.te
+++ b/vendor/hal_bluetooth_default.te
@@ -1,7 +1,7 @@
type hal_bluetooth_default, domain;
hal_server_domain(hal_bluetooth_default, hal_bluetooth)
-allow hal_bluetooth_default bt_device:chr_file { open read write };
+allow hal_bluetooth_default bt_device:chr_file { open read write ioctl };
allow hal_bluetooth_default self:bluetooth_socket { create bind read write };
type hal_bluetooth_default_exec, exec_type, vendor_file_type, file_type;
diff --git a/vendor/hal_vm_capabilities_default.te b/vendor/hal_vm_capabilities_default.te
new file mode 100644
index 0000000..82aaf41
--- /dev/null
+++ b/vendor/hal_vm_capabilities_default.te
@@ -0,0 +1,10 @@
+type hal_vm_capabilities_default, domain;
+
+starting_at_board_api(202504, `
+ hal_server_domain(hal_vm_capabilities_default, hal_vm_capabilities);
+')
+
+type hal_vm_capabilities_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_vm_capabilities_default);
+
+# TODO(b/360102915): add more rules around vm_fd passed to the HAL