Merge "Add ro.vendor.build.fingerprint_has_digest to property context"
diff --git a/Android.bp b/Android.bp
index 1ec7570..3afa1d1 100644
--- a/Android.bp
+++ b/Android.bp
@@ -294,6 +294,20 @@
// top_half: "31.0.ignore.cil",
}
+se_cil_compat_map {
+ name: "system_ext_30.0.ignore.cil",
+ bottom_half: [":30.0.board.ignore.map"],
+ // top_half: "system_ext_31.0.ignore.cil",
+ system_ext_specific: true,
+}
+
+se_cil_compat_map {
+ name: "product_30.0.ignore.cil",
+ bottom_half: [":30.0.board.ignore.map"],
+ // top_half: "product_31.0.ignore.cil",
+ product_specific: true,
+}
+
se_compat_cil {
name: "26.0.compat.cil",
srcs: [":26.0.board.compat.cil"],
diff --git a/Android.mk b/Android.mk
index 882f397..d9c5b3c 100644
--- a/Android.mk
+++ b/Android.mk
@@ -1380,6 +1380,130 @@
$(hide) $(HOST_OUT_EXECUTABLES)/build_sepolicy -a $(HOST_OUT_EXECUTABLES) filter_out \
-f $(PRIVATE_REQD_MASK) -t $@
+
+#####################################################
+intermediates := $(call intermediates-dir-for,ETC,built_system_ext_sepolicy,,,,)
+
+policy_files := $(call build_policy, $(sepolicy_build_files), \
+ $(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY) $(SYSTEM_EXT_PUBLIC_POLICY) $(SYSTEM_EXT_PRIVATE_POLICY))
+base_system_ext_policy.conf := $(intermediates)/base_system_ext_policy.conf
+$(base_system_ext_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
+$(base_system_ext_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
+$(base_system_ext_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := user
+$(base_system_ext_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
+$(base_system_ext_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
+$(base_system_ext_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
+$(base_system_ext_policy.conf): PRIVATE_SEPOLICY_SPLIT := true
+$(base_system_ext_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
+$(base_system_ext_policy.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow)
+$(base_system_ext_policy.conf): PRIVATE_POLICY_FILES := $(policy_files)
+$(base_system_ext_policy.conf): $(policy_files) $(M4)
+ $(transform-policy-to-conf)
+ $(hide) sed '/^\s*dontaudit.*;/d' $@ | sed '/^\s*dontaudit/,/;/d' > $@.dontaudit
+
+built_system_ext_sepolicy := $(intermediates)/built_system_ext_sepolicy
+$(built_system_ext_sepolicy): PRIVATE_ADDITIONAL_CIL_FILES := \
+ $(call build_policy, $(sepolicy_build_cil_workaround_files), $(PLAT_PRIVATE_POLICY))
+$(built_system_ext_sepolicy): PRIVATE_NEVERALLOW_ARG := $(NEVERALLOW_ARG)
+$(built_system_ext_sepolicy): $(base_system_ext_policy.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy \
+$(HOST_OUT_EXECUTABLES)/secilc \
+$(call build_policy, $(sepolicy_build_cil_workaround_files), $(PLAT_PRIVATE_POLICY)) \
+$(built_sepolicy_neverallows)
+ @mkdir -p $(dir $@)
+ $(hide) $(CHECKPOLICY_ASAN_OPTIONS) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -C -c \
+ $(POLICYVERS) -o $@ $<
+ $(hide) cat $(PRIVATE_ADDITIONAL_CIL_FILES) >> $@
+ $(hide) $(HOST_OUT_EXECUTABLES)/secilc -m -M true -G -c $(POLICYVERS) $(PRIVATE_NEVERALLOW_ARG) $@ -o $@ -f /dev/null
+
+policy_files := $(call build_policy, $(sepolicy_build_files), \
+$(PLAT_PUBLIC_POLICY) $(SYSTEM_EXT_PUBLIC_POLICY) $(REQD_MASK_POLICY))
+base_system_ext_pub_policy.conf := $(intermediates)/base_system_ext_pub_policy.conf
+$(base_system_ext_pub_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
+$(base_system_ext_pub_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
+$(base_system_ext_pub_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := user
+$(base_system_ext_pub_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
+$(base_system_ext_pub_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
+$(base_system_ext_pub_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
+$(base_system_ext_pub_policy.conf): PRIVATE_SEPOLICY_SPLIT := true
+$(base_system_ext_pub_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
+$(base_system_ext_pub_policy.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow)
+$(base_system_ext_pub_policy.conf): PRIVATE_POLICY_FILES := $(policy_files)
+$(base_system_ext_pub_policy.conf): $(policy_files) $(M4)
+ $(transform-policy-to-conf)
+
+base_system_ext_pub_policy.cil := $(intermediates)/base_system_ext_pub_policy.cil
+$(base_system_ext_pub_policy.cil): PRIVATE_POL_CONF := $(base_system_ext_pub_policy.conf)
+$(base_system_ext_pub_policy.cil): PRIVATE_REQD_MASK := $(reqd_policy_mask.cil)
+$(base_system_ext_pub_policy.cil): $(HOST_OUT_EXECUTABLES)/checkpolicy \
+$(HOST_OUT_EXECUTABLES)/build_sepolicy $(base_system_ext_pub_policy.conf) $(reqd_policy_mask.cil)
+ @mkdir -p $(dir $@)
+ $(hide) $(CHECKPOLICY_ASAN_OPTIONS) $< -C -M -c $(POLICYVERS) -o $@ $(PRIVATE_POL_CONF)
+ $(hide) $(HOST_OUT_EXECUTABLES)/build_sepolicy -a $(HOST_OUT_EXECUTABLES) filter_out \
+ -f $(PRIVATE_REQD_MASK) -t $@
+
+
+################################################################################
+intermediates := $(call intermediates-dir-for,ETC,built_product_sepolicy,,,,)
+
+policy_files := $(call build_policy, $(sepolicy_build_files), \
+ $(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY) $(SYSTEM_EXT_PUBLIC_POLICY) $(SYSTEM_EXT_PRIVATE_POLICY) \
+ $(PRODUCT_PUBLIC_POLICY) $(PRODUCT_PRIVATE_POLICY))
+base_product_policy.conf := $(intermediates)/base_product_policy.conf
+$(base_product_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
+$(base_product_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
+$(base_product_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := user
+$(base_product_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
+$(base_product_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
+$(base_product_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
+$(base_product_policy.conf): PRIVATE_SEPOLICY_SPLIT := true
+$(base_product_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
+$(base_product_policy.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow)
+$(base_product_policy.conf): PRIVATE_POLICY_FILES := $(policy_files)
+$(base_product_policy.conf): $(policy_files) $(M4)
+ $(transform-policy-to-conf)
+ $(hide) sed '/^\s*dontaudit.*;/d' $@ | sed '/^\s*dontaudit/,/;/d' > $@.dontaudit
+
+built_product_sepolicy := $(intermediates)/built_product_sepolicy
+$(built_product_sepolicy): PRIVATE_ADDITIONAL_CIL_FILES := \
+ $(call build_policy, $(sepolicy_build_cil_workaround_files), $(PLAT_PRIVATE_POLICY))
+$(built_product_sepolicy): PRIVATE_NEVERALLOW_ARG := $(NEVERALLOW_ARG)
+$(built_product_sepolicy): $(base_product_policy.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy \
+$(HOST_OUT_EXECUTABLES)/secilc \
+$(call build_policy, $(sepolicy_build_cil_workaround_files), $(PLAT_PRIVATE_POLICY)) \
+$(built_sepolicy_neverallows)
+ @mkdir -p $(dir $@)
+ $(hide) $(CHECKPOLICY_ASAN_OPTIONS) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -C -c \
+ $(POLICYVERS) -o $@ $<
+ $(hide) cat $(PRIVATE_ADDITIONAL_CIL_FILES) >> $@
+ $(hide) $(HOST_OUT_EXECUTABLES)/secilc -m -M true -G -c $(POLICYVERS) $(PRIVATE_NEVERALLOW_ARG) $@ -o $@ -f /dev/null
+
+
+policy_files := $(call build_policy, $(sepolicy_build_files), \
+$(PLAT_PUBLIC_POLICY) $(SYSTEM_EXT_PUBLIC_POLICY) $(PRODUCT_PUBLIC_POLICY) $(REQD_MASK_POLICY))
+base_product_pub_policy.conf := $(intermediates)/base_product_pub_policy.conf
+$(base_product_pub_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
+$(base_product_pub_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
+$(base_product_pub_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := user
+$(base_product_pub_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
+$(base_product_pub_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
+$(base_product_pub_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
+$(base_product_pub_policy.conf): PRIVATE_SEPOLICY_SPLIT := true
+$(base_product_pub_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
+$(base_product_pub_policy.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow)
+$(base_product_pub_policy.conf): PRIVATE_POLICY_FILES := $(policy_files)
+$(base_product_pub_policy.conf): $(policy_files) $(M4)
+ $(transform-policy-to-conf)
+
+base_product_pub_policy.cil := $(intermediates)/base_product_pub_policy.cil
+$(base_product_pub_policy.cil): PRIVATE_POL_CONF := $(base_product_pub_policy.conf)
+$(base_product_pub_policy.cil): PRIVATE_REQD_MASK := $(reqd_policy_mask.cil)
+$(base_product_pub_policy.cil): $(HOST_OUT_EXECUTABLES)/checkpolicy \
+$(HOST_OUT_EXECUTABLES)/build_sepolicy $(base_product_pub_policy.conf) $(reqd_policy_mask.cil)
+ @mkdir -p $(dir $@)
+ $(hide) $(CHECKPOLICY_ASAN_OPTIONS) $< -C -M -c $(POLICYVERS) -o $@ $(PRIVATE_POL_CONF)
+ $(hide) $(HOST_OUT_EXECUTABLES)/build_sepolicy -a $(HOST_OUT_EXECUTABLES) filter_out \
+ -f $(PRIVATE_REQD_MASK) -t $@
+
ifeq ($(PRODUCT_SEPOLICY_SPLIT),true)
# Tests for Treble compatibility of current platform policy and vendor policy of
# given release version.
diff --git a/apex/com.android.virt-file_contexts b/apex/com.android.virt-file_contexts
index 4703eba..ad8d55c 100644
--- a/apex/com.android.virt-file_contexts
+++ b/apex/com.android.virt-file_contexts
@@ -1,3 +1,3 @@
-(/.*)? u:object_r:system_file:s0
-/bin/crosvm u:object_r:crosvm_exec:s0
-/bin/virtmanager u:object_r:virtmanager_exec:s0
+(/.*)? u:object_r:system_file:s0
+/bin/crosvm u:object_r:crosvm_exec:s0
+/bin/virtualizationservice u:object_r:virtualizationservice_exec:s0
diff --git a/prebuilt_policy.mk b/prebuilt_policy.mk
index a591a48..e46f92a 100644
--- a/prebuilt_policy.mk
+++ b/prebuilt_policy.mk
@@ -240,7 +240,7 @@
$(hide) $(CHECKPOLICY_ASAN_OPTIONS) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -C -c \
$(POLICYVERS) -o $@ $<
$(hide) $(HOST_OUT_EXECUTABLES)/build_sepolicy -a $(HOST_OUT_EXECUTABLES) filter_out \
- -f $(PRIVATE_PLAT_CIL) -t $@
+ -f $(PRIVATE_PLAT_CIL_FILES) -t $@
# Line markers (denoted by ;;) are malformed after above cmd. They are only
# used for debugging, so we remove them.
$(hide) grep -v ';;' $@ > $@.tmp
diff --git a/private/apexd.te b/private/apexd.te
index 48fbcb8..b6fff92 100644
--- a/private/apexd.te
+++ b/private/apexd.te
@@ -18,6 +18,8 @@
allow apexd apex_ota_reserved_file:file create_file_perms;
# Allow apexd to create files and directories for snapshots of apex data
+allow apexd apex_appsearch_data_file:dir { create_dir_perms relabelto };
+allow apexd apex_appsearch_data_file:file { create_file_perms relabelto };
allow apexd apex_art_data_file:dir { create_dir_perms relabelto };
allow apexd apex_art_data_file:file { create_file_perms relabelto };
allow apexd apex_permission_data_file:dir { create_dir_perms relabelto };
diff --git a/private/audioserver.te b/private/audioserver.te
index 5047e2c..2d0b46d 100644
--- a/private/audioserver.te
+++ b/private/audioserver.te
@@ -36,6 +36,7 @@
allow audioserver external_vibrator_service:service_manager find;
allow audioserver package_native_service:service_manager find;
allow audioserver permission_service:service_manager find;
+allow audioserver permission_checker_service:service_manager find;
allow audioserver power_service:service_manager find;
allow audioserver scheduling_policy_service:service_manager find;
allow audioserver mediametrics_service:service_manager find;
diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index 59c07d3..6e66493 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -8,6 +8,7 @@
ab_update_gki_prop
adbd_config_prop
apc_service
+ apex_appsearch_data_file
apex_art_data_file
apex_art_staging_data_file
apex_info_file
@@ -27,6 +28,7 @@
cgroup_v2
codec2_config_prop
ctl_snapuserd_prop
+ dck_prop
debugfs_kprobes
debugfs_mm_events_tracing
debugfs_bootreceiver_tracing
diff --git a/private/crosvm.te b/private/crosvm.te
index 5d7080a..f7729fd 100644
--- a/private/crosvm.te
+++ b/private/crosvm.te
@@ -5,8 +5,8 @@
# Let crosvm create temporary files.
tmpfs_domain(crosvm)
-# Let crosvm receive file descriptors from virtmanager.
-allow crosvm virtmanager:fd use;
+# Let crosvm receive file descriptors from VirtualizationService.
+allow crosvm virtualizationservice:fd use;
# Let crosvm open /dev/kvm.
allow crosvm kvm_device:chr_file rw_file_perms;
diff --git a/private/domain.te b/private/domain.te
index b91d36d..c1dea0a 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -216,6 +216,7 @@
-appdomain # for oemfs
-bootanim # for oemfs
-recovery # for /tmp/update_binary in tmpfs
+ userdebug_or_eng(`-microdroid_launcher') # for executing shared libs on /mnt/apk in Microdroid
} { fs_type -rootfs }:file execute;
#
@@ -367,6 +368,7 @@
-update_engine
-vold
-zygote
+ -zipfuse
} { fs_type
-sdcard_type
}:filesystem { mount remount relabelfrom relabelto };
diff --git a/private/file.te b/private/file.te
index a024600..0f7e689 100644
--- a/private/file.te
+++ b/private/file.te
@@ -57,6 +57,9 @@
# /data/misc/odsign
type odsign_data_file, file_type, data_file_type, core_data_file_type;
+# /data/misc/virtualizationservice
+type virtualizationservice_data_file, file_type, data_file_type, core_data_file_type;
+
# /data/system/environ
type environ_system_data_file, file_type, data_file_type, core_data_file_type;
diff --git a/private/file_contexts b/private/file_contexts
index 4a4867b..89b63d6 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -565,12 +565,12 @@
# Misc data
/data/misc/adb(/.*)? u:object_r:adb_keys_file:s0
-/data/misc/a11ytrace(/.*)? u:object_r:accessibility_trace_data_file:s0
+/data/misc/a11ytrace(/.*)? u:object_r:accessibility_trace_data_file:s0
/data/misc/apexdata(/.*)? u:object_r:apex_module_data_file:s0
-/data/misc/apexdata/com\.android\.art(/.*)? u:object_r:apex_art_data_file:s0
+/data/misc/apexdata/com\.android\.art(/.*)? u:object_r:apex_art_data_file:s0
/data/misc/apexdata/com\.android\.permission(/.*)? u:object_r:apex_permission_data_file:s0
/data/misc/apexdata/com\.android\.scheduling(/.*)? u:object_r:apex_scheduling_data_file:s0
-/data/misc/apexdata/com\.android\.wifi(/.*)? u:object_r:apex_wifi_data_file:s0
+/data/misc/apexdata/com\.android\.wifi(/.*)? u:object_r:apex_wifi_data_file:s0
/data/misc/apexrollback(/.*)? u:object_r:apex_rollback_data_file:s0
/data/misc/apns(/.*)? u:object_r:radio_data_file:s0
/data/misc/appcompat(/.*)? u:object_r:appcompat_data_file:s0
@@ -620,6 +620,7 @@
/data/misc/textclassifier(/.*)? u:object_r:textclassifier_data_file:s0
/data/misc/train-info(/.*)? u:object_r:stats_data_file:s0
/data/misc/user(/.*)? u:object_r:misc_user_data_file:s0
+/data/misc/virtualizationservice(/.*)? u:object_r:virtualizationservice_data_file:s0
/data/misc/vpn(/.*)? u:object_r:vpn_data_file:s0
/data/misc/wifi(/.*)? u:object_r:wifi_data_file:s0
/data/misc_ce/[0-9]+/wifi(/.*)? u:object_r:wifi_data_file:s0
@@ -671,6 +672,7 @@
# Apex data directories
/data/misc_de/[0-9]+/apexdata(/.*)? u:object_r:apex_module_data_file:s0
/data/misc_ce/[0-9]+/apexdata(/.*)? u:object_r:apex_module_data_file:s0
+/data/misc_ce/[0-9]+/apexdata/com\.android\.appsearch(/.*)? u:object_r:apex_appsearch_data_file:s0
/data/misc_de/[0-9]+/apexdata/com\.android\.permission(/.*)? u:object_r:apex_permission_data_file:s0
/data/misc_ce/[0-9]+/apexdata/com\.android\.permission(/.*)? u:object_r:apex_permission_data_file:s0
/data/misc_de/[0-9]+/apexdata/com\.android\.wifi(/.*)? u:object_r:apex_wifi_data_file:s0
diff --git a/private/gmscore_app.te b/private/gmscore_app.te
index 10de777..571d155 100644
--- a/private/gmscore_app.te
+++ b/private/gmscore_app.te
@@ -135,3 +135,6 @@
# b/168059475 Allow GMSCore to read Virtual AB properties to determine
# if device supports VAB.
get_prop(gmscore_app, virtual_ab_prop)
+
+# b/186488185: Allow GMSCore to read dck properties
+get_prop(gmscore_app, dck_prop)
diff --git a/private/microdroid_launcher.te b/private/microdroid_launcher.te
new file mode 100644
index 0000000..5983cb7
--- /dev/null
+++ b/private/microdroid_launcher.te
@@ -0,0 +1,31 @@
+# microdroid_launcher is a binary that loads a shared library from an apk and
+# executes it by calling an entry point in the library. This can be considered
+# as the native counterpart of app_process for Java.
+
+type microdroid_launcher, domain, coredomain;
+type microdroid_launcher_exec, exec_type, file_type, system_file_type;
+
+# allow executing files on the zipfuse fs
+# TODO(b/188400186) uncomment the below when the zipfuse is mounted with
+# fscontext=u:object_r:zipfusefs:s0
+# allow microdroid_launcher zipfusefs:dir r_dir_perms;
+# allow microdroid_launcher zipfusefs:file rx_file_perms;
+# TODO(b/188400186) remove the below two rules
+userdebug_or_eng(`
+ allow microdroid_launcher fuse:dir r_dir_perms;
+ allow microdroid_launcher fuse:file rx_file_perms;
+')
+
+# Allow to communicate use, read and write over the adb connection.
+allow microdroid_launcher adbd:fd use;
+allow microdroid_launcher adbd:unix_stream_socket { read write };
+
+# Allow to use FDs inherited from the shell. This includes the FD opened for
+# the microdroid_launcher executable itself and the FD for adb connection.
+# TODO(b/186396070) remove this when this is executed from microdroid_manager
+userdebug_or_eng(`
+ allow microdroid_launcher shell:fd use;
+')
+
+# Allow to use terminal
+allow microdroid_launcher devpts:chr_file rw_file_perms;
diff --git a/private/property_contexts b/private/property_contexts
index 10e7c41..79b8015 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -447,6 +447,7 @@
pm.dexopt.ab-ota u:object_r:exported_pm_prop:s0 exact string
pm.dexopt.bg-dexopt u:object_r:exported_pm_prop:s0 exact string
pm.dexopt.boot u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.cmdline u:object_r:exported_pm_prop:s0 exact string
pm.dexopt.disable_bg_dexopt u:object_r:exported_pm_prop:s0 exact bool
pm.dexopt.downgrade_after_inactive_days u:object_r:exported_pm_prop:s0 exact int
pm.dexopt.first-boot u:object_r:exported_pm_prop:s0 exact string
@@ -1190,3 +1191,6 @@
# bootanimation properties
ro.bootanim.quiescent.enabled u:object_r:bootanim_config_prop:s0 exact bool
+
+# dck properties
+ro.gms.dck.eligible_wcc u:object_r:dck_prop:s0 exact int
diff --git a/private/service_contexts b/private/service_contexts
index 3357943..b410b18 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -71,7 +71,7 @@
carrier_config u:object_r:radio_service:s0
clipboard u:object_r:clipboard_service:s0
com.android.net.IProxyService u:object_r:IProxyService_service:s0
-android.system.virtmanager u:object_r:virtualization_service:s0
+android.system.virtualizationservice u:object_r:virtualization_service:s0
companiondevice u:object_r:companion_device_service:s0
platform_compat u:object_r:platform_compat_service:s0
platform_compat_native u:object_r:platform_compat_service:s0
diff --git a/private/shell.te b/private/shell.te
index 5831d54..231a63f 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -191,6 +191,10 @@
# Allow shell to read Virtual A/B related properties
get_prop(shell, virtual_ab_prop)
+# Allow shell to launch microdroid_launcher in its own domain
+# TODO(b/186396070) remove this when microdroid_manager can do this
+domain_auto_trans(shell, microdroid_launcher_exec, microdroid_launcher)
+
# Never allow others to set or get the perf.drop_caches property.
neverallow { domain -shell -init } perf_drop_caches_prop:property_service set;
neverallow { domain -shell -init -dumpstate } perf_drop_caches_prop:file read;
diff --git a/private/system_server.te b/private/system_server.te
index c9f3f8e..9dd4b1b 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -1259,6 +1259,8 @@
# Allow the system server to manage relevant apex module data files.
allow system_server apex_module_data_file:dir { getattr search };
+allow system_server apex_appsearch_data_file:dir create_dir_perms;
+allow system_server apex_appsearch_data_file:file create_file_perms;
allow system_server apex_permission_data_file:dir create_dir_perms;
allow system_server apex_permission_data_file:file create_file_perms;
allow system_server apex_scheduling_data_file:dir create_dir_perms;
diff --git a/private/virtmanager.te b/private/virtmanager.te
deleted file mode 100644
index 467f7d4..0000000
--- a/private/virtmanager.te
+++ /dev/null
@@ -1,17 +0,0 @@
-type virtmanager, domain, coredomain;
-type virtmanager_exec, system_file_type, exec_type, file_type;
-
-# When init runs a file labelled with virtmanager_exec, run it in the virtmanager domain.
-init_daemon_domain(virtmanager)
-
-# Let the virtmanager domain use Binder.
-binder_use(virtmanager)
-
-# Let the virtmanager domain register the virtualization_service with ServiceManager.
-add_service(virtmanager, virtualization_service)
-
-# When virtmanager execs a file with the crosvm_exec label, run it in the crosvm domain.
-domain_auto_trans(virtmanager, crosvm_exec, crosvm)
-
-# Let virtmanager kill crosvm.
-allow virtmanager crosvm:process sigkill;
diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
new file mode 100644
index 0000000..4c6f1f9
--- /dev/null
+++ b/private/virtualizationservice.te
@@ -0,0 +1,25 @@
+type virtualizationservice, domain, coredomain;
+type virtualizationservice_exec, system_file_type, exec_type, file_type;
+
+# When init runs a file labelled with virtualizationservice_exec, run it in the
+# virtualizationservice domain.
+init_daemon_domain(virtualizationservice)
+
+# Let the virtualizationservice domain use Binder.
+binder_use(virtualizationservice)
+
+# Let the virtualizationservice domain register the virtualization_service with ServiceManager.
+add_service(virtualizationservice, virtualization_service)
+
+# When virtualizationservice execs a file with the crosvm_exec label, run it in the crosvm domain.
+domain_auto_trans(virtualizationservice, crosvm_exec, crosvm)
+
+# Let virtualizationservice exec other files (e.g. mk_cdisk) in the same domain.
+allow virtualizationservice system_file:file execute_no_trans;
+
+# Let virtualizationservice kill crosvm.
+allow virtualizationservice crosvm:process sigkill;
+
+# Let virtualizationservice access its data directory.
+allow virtualizationservice virtualizationservice_data_file:file create_file_perms;
+allow virtualizationservice virtualizationservice_data_file:dir create_dir_perms;
diff --git a/private/vold_prepare_subdirs.te b/private/vold_prepare_subdirs.te
index 1414f6c..956e94e 100644
--- a/private/vold_prepare_subdirs.te
+++ b/private/vold_prepare_subdirs.te
@@ -16,6 +16,7 @@
vendor_data_file
}:dir { open read write add_name remove_name rmdir relabelfrom };
allow vold_prepare_subdirs {
+ apex_appsearch_data_file
apex_art_data_file
apex_module_data_file
apex_permission_data_file
@@ -32,6 +33,7 @@
vold_data_file
}:dir { create_dir_perms relabelto };
allow vold_prepare_subdirs {
+ apex_appsearch_data_file
apex_art_data_file
apex_art_staging_data_file
apex_module_data_file
diff --git a/private/wait_for_keymaster.te b/private/wait_for_keymaster.te
index 8878acf..da98e2e 100644
--- a/private/wait_for_keymaster.te
+++ b/private/wait_for_keymaster.te
@@ -10,6 +10,6 @@
# wait_for_keymaster needs to find keystore and call methods with the returned
# binder reference.
-allow wait_for_keymaster servicemanager:binder call;
+binder_use(wait_for_keymaster)
allow wait_for_keymaster keystore_service:service_manager find;
-allow wait_for_keymaster keystore:binder call;
+binder_call(wait_for_keymaster, keystore)
diff --git a/private/zipfuse.te b/private/zipfuse.te
new file mode 100644
index 0000000..9d5faad
--- /dev/null
+++ b/private/zipfuse.te
@@ -0,0 +1,34 @@
+# zipfuse is a FUSE daemon running in the microdroid. It mounts
+# /dev/block/by-name/microdroid-apk whose content is from an apk file on
+# /mnt/apk so that the entries in the apk file are seen as regular files. See
+# packages/modules/Virtualization/zipfuse.
+
+type zipfuse, domain, coredomain;
+type zipfuse_exec, exec_type, file_type, system_file_type;
+
+# allow domain transition from init
+init_daemon_domain(zipfuse)
+
+# allow basic rules to implement FUSE
+allow zipfuse fuse_device:chr_file rw_file_perms;
+allow zipfuse self:global_capability_class_set sys_admin;
+
+# allow access to /dev/vd* block device files and also access to the symlinks
+# /dev/block/by-name/*
+allow zipfuse block_device:dir r_dir_perms;
+allow zipfuse block_device:lnk_file r_file_perms;
+allow zipfuse vd_device:blk_file r_file_perms;
+
+# allow mounting on /mnt/apk
+allow zipfuse tmpfs:dir mounton;
+
+# TODO(b/188400186) uncomment the following when this filesystem is mounted with
+# fscontext=u:object_r:zipfusefs:s0
+# type zipfusefs, fs_type, contextmount_type;
+# allow zipfuse fuse:filesystem relabelfrom;
+# allow zipfuse zipfusefs:filesystem { mount relabelfrom relabelto };
+
+# TODO(b/188400186) remove this when this filesystem is mounted with correct fcontext
+userdebug_or_eng(`
+ allow zipfuse fuse:filesystem mount;
+')
diff --git a/public/e2fs.te b/public/e2fs.te
index dd5bd69..6eeb7ea 100644
--- a/public/e2fs.te
+++ b/public/e2fs.te
@@ -12,6 +12,15 @@
BLKSECDISCARD BLKDISCARD BLKPBSZGET BLKDISCARDZEROES BLKROGET
};
+# Allow e2fs to format /dev/block/vd*
+# TODO(b/189165759) move this rule to packages/modules/Virtualization
+userdebug_or_eng(`
+allow e2fs vd_device:blk_file rw_file_perms;
+allowxperm e2fs vd_device:blk_file ioctl {
+ BLKSECDISCARD BLKDISCARD BLKPBSZGET BLKDISCARDZEROES BLKROGET
+};
+')
+
allow e2fs {
proc_filesystems
proc_mounts
diff --git a/public/file.te b/public/file.te
index 2250482..20348b5 100644
--- a/public/file.te
+++ b/public/file.te
@@ -385,6 +385,7 @@
# /data/misc subdirectories
type adb_keys_file, file_type, data_file_type, core_data_file_type;
+type apex_appsearch_data_file, file_type, data_file_type, core_data_file_type;
type apex_module_data_file, file_type, data_file_type, core_data_file_type;
type apex_ota_reserved_file, file_type, data_file_type, core_data_file_type;
type apex_permission_data_file, file_type, data_file_type, core_data_file_type;
diff --git a/public/ioctl_defines b/public/ioctl_defines
index afb0b2d..5ac4d94 100644
--- a/public/ioctl_defines
+++ b/public/ioctl_defines
@@ -698,22 +698,30 @@
define(`EVIOCSKEYCODE', `0x40084504')
define(`EVIOCSKEYCODE_V2', `0x40284504')
define(`EVIOCSREP', `0x40084503')
-define(`F2FS_IOC_ABORT_VOLATILE_WRITE', `0xf505')
+define(`F2FS_IOC_START_ATOMIC_WRITE', `0xf501')
define(`F2FS_IOC_COMMIT_ATOMIC_WRITE', `0xf502')
-define(`F2FS_IOC_DEFRAGMENT', `0xf508')
-define(`F2FS_IOC_FLUSH_DEVICE', `0xf50a')
+define(`F2FS_IOC_START_VOLATILE_WRITE', `0xf503')
+define(`F2FS_IOC_RELEASE_VOLATILE_WRITE', `0xf504')
+define(`F2FS_IOC_ABORT_VOLATILE_WRITE', `0xf505')
define(`F2FS_IOC_GARBAGE_COLLECT', `0xf506')
+define(`F2FS_IOC_WRITE_CHECKPOINT', `0xf507')
+define(`F2FS_IOC_DEFRAGMENT', `0xf508')
+define(`F2FS_IOC_MOVE_RANGE', `0xf509')
+define(`F2FS_IOC_FLUSH_DEVICE', `0xf50a')
define(`F2FS_IOC_GARBAGE_COLLECT_RANGE', `0xf50b')
define(`F2FS_IOC_GET_FEATURES', `0xf50c')
-define(`F2FS_IOC_GET_PIN_FILE', `0xf50e')
-define(`F2FS_IOC_MOVE_RANGE', `0xf509')
-define(`F2FS_IOC_PRECACHE_EXTENTS', `0xf50f')
-define(`F2FS_IOC_RELEASE_VOLATILE_WRITE', `0xf504')
-define(`F2FS_IOC_SEC_TRIM_FILE', `0xf514')
define(`F2FS_IOC_SET_PIN_FILE', `0xf50d')
-define(`F2FS_IOC_START_ATOMIC_WRITE', `0xf501')
-define(`F2FS_IOC_START_VOLATILE_WRITE', `0xf503')
-define(`F2FS_IOC_WRITE_CHECKPOINT', `0xf507')
+define(`F2FS_IOC_GET_PIN_FILE', `0xf50e')
+define(`F2FS_IOC_PRECACHE_EXTENTS', `0xf50f')
+define(`F2FS_IOC_RESIZE_FS', `0xf510')
+define(`F2FS_IOC_GET_COMPRESS_BLOCKS', `0xf511')
+define(`F2FS_IOC_RELEASE_COMPRESS_BLOCKS', `0xf512')
+define(`F2FS_IOC_RESERVE_COMPRESS_BLOCKS', `0xf513')
+define(`F2FS_IOC_SEC_TRIM_FILE', `0xf514')
+define(`F2FS_IOC_GET_COMPRESS_OPTION', `0xf515')
+define(`F2FS_IOC_SET_COMPRESS_OPTION', `0xf516')
+define(`F2FS_IOC_DECOMPRESS_FILE', `0xf517')
+define(`F2FS_IOC_COMPRESS_FILE', `0xf518')
define(`FAT_IOCTL_GET_ATTRIBUTES', `0x80047210')
define(`FAT_IOCTL_GET_VOLUME_ID', `0x80047213')
define(`FAT_IOCTL_SET_ATTRIBUTES', `0x40047211')
diff --git a/public/mediaserver.te b/public/mediaserver.te
index 388001d..ad460e1 100644
--- a/public/mediaserver.te
+++ b/public/mediaserver.te
@@ -76,6 +76,7 @@
allow mediaserver mediametrics_service:service_manager find;
allow mediaserver media_session_service:service_manager find;
allow mediaserver permission_service:service_manager find;
+allow mediaserver permission_checker_service:service_manager find;
allow mediaserver power_service:service_manager find;
allow mediaserver processinfo_service:service_manager find;
allow mediaserver scheduling_policy_service:service_manager find;
diff --git a/public/property.te b/public/property.te
index 5edb59e..eca1a8c 100644
--- a/public/property.te
+++ b/public/property.te
@@ -169,6 +169,7 @@
system_vendor_config_prop(wifi_config_prop)
system_vendor_config_prop(zram_config_prop)
system_vendor_config_prop(zygote_config_prop)
+system_vendor_config_prop(dck_prop)
# Properties with no restrictions
system_public_prop(adbd_config_prop)
diff --git a/public/vendor_init.te b/public/vendor_init.te
index 7e96cb1..b0e1da5 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -262,6 +262,7 @@
get_prop(vendor_init, surfaceflinger_display_prop)
get_prop(vendor_init, test_harness_prop)
get_prop(vendor_init, theme_prop)
+set_prop(vendor_init, dck_prop)
###
diff --git a/treble_sepolicy_tests_for_release.mk b/treble_sepolicy_tests_for_release.mk
index fdfe9ee..1f27727 100644
--- a/treble_sepolicy_tests_for_release.mk
+++ b/treble_sepolicy_tests_for_release.mk
@@ -11,6 +11,27 @@
LOCAL_MODULE_CLASS := FAKE
LOCAL_MODULE_TAGS := optional
+# BOARD_SYSTEM_EXT_PREBUILT_DIR can be set as system_ext prebuilt dir in sepolicy
+# make file of the system_ext partition.
+SYSTEM_EXT_PREBUILT_POLICY := $(BOARD_SYSTEM_EXT_PREBUILT_DIR)
+# BOARD_PRODUCT_PREBUILT_DIR can be set as product prebuilt dir in sepolicy
+# make file of the product partition.
+PRODUCT_PREBUILT_POLICY := $(BOARD_PRODUCT_PREBUILT_DIR)
+# BOARD_PLAT_PUB_VERSIONED_POLICY - path_to_plat_pub_versioned_of_vendor
+# plat_pub_versioned.cil should be in
+# $(BOARD_PLAT_PUB_VERSIONED_POLICY)/prebuilts/api/$(version) dir.
+# plat_pub_versioned.cil should have platform, system_ext and product sepolicies
+# similar to system/sepolicy/prebuilts/api/$(version/plat_pub_verioned.cil file.
+# In order to enable treble sepolicy tests for platform, system_ext and product
+# sepolicies SYSTEM_EXT_PREBUILT_POLICY , PRODUCT_PREBUILT_POLICY and
+# BOARD_PLAT_PUB_VERSIONED_POLICY should be set.
+IS_TREBLE_TEST_ENABLED_PARTNER := false
+ifeq ($(filter 26.0 27.0 28.0 29.0,$(version)),)
+ifneq (,$(BOARD_PLAT_PUB_VERSIONED_POLICY))
+IS_TREBLE_TEST_ENABLED_PARTNER := true
+endif # (,$(BOARD_PLAT_PUB_VERSIONED_POLICY))
+endif # ($(filter 26.0 27.0 28.0 29.0,$(version)),)
+
include $(BUILD_SYSTEM)/base_rules.mk
# $(version)_plat - the platform policy shipped as part of the $(version) release. This is
@@ -19,6 +40,20 @@
# been maintained by our mapping files.
$(version)_PLAT_PUBLIC_POLICY := $(LOCAL_PATH)/prebuilts/api/$(version)/public
$(version)_PLAT_PRIVATE_POLICY := $(LOCAL_PATH)/prebuilts/api/$(version)/private
+ifeq ($(IS_TREBLE_TEST_ENABLED_PARTNER),true)
+ifneq (,$(SYSTEM_EXT_PREBUILT_POLICY))
+$(version)_PLAT_PUBLIC_POLICY += \
+ $(SYSTEM_EXT_PREBUILT_POLICY)/prebuilts/api/$(version)/public
+$(version)_PLAT_PRIVATE_POLICY += \
+ $(SYSTEM_EXT_PREBUILT_POLICY)/prebuilts/api/$(version)/private
+endif # (,$(SYSTEM_EXT_PREBUILT_POLICY))
+ifneq (,$(PRODUCT_PREBUILT_POLICY))
+$(version)_PLAT_PUBLIC_POLICY += \
+ $(PRODUCT_PREBUILT_POLICY)/prebuilts/api/$(version)/public
+$(version)_PLAT_PRIVATE_POLICY += \
+ $(PRODUCT_PREBUILT_POLICY)/prebuilts/api/$(version)/private
+endif # (,$(PRODUCT_PREBUILT_POLICY))
+endif # ($(IS_TREBLE_TEST_ENABLED_PARTNER),true)
policy_files := $(call build_policy, $(sepolicy_build_files), $($(version)_PLAT_PUBLIC_POLICY) $($(version)_PLAT_PRIVATE_POLICY))
$(version)_plat_policy.conf := $(intermediates)/$(version)_plat_policy.conf
$($(version)_plat_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
@@ -52,7 +87,6 @@
$(version)_plat_policy.conf :=
-
# $(version)_compat - the current plat_sepolicy.cil built with the compatibility file
# targeting the $(version) SELinux release. This ensures that our policy will build
# when used on a device that has non-platform policy targetting the $(version) release.
@@ -61,6 +95,21 @@
$(version)_mapping.ignore.cil := \
$(call intermediates-dir-for,ETC,$(version).ignore.cil)/$(version).ignore.cil
$(version)_prebuilts_dir := $(LOCAL_PATH)/prebuilts/api/$(version)
+ifeq ($(IS_TREBLE_TEST_ENABLED_PARTNER),true)
+ifneq (,$(SYSTEM_EXT_PREBUILT_POLICY))
+$(version)_mapping.cil += \
+ $(call intermediates-dir-for,ETC,system_ext_$(version).cil)/system_ext_$(version).cil
+$(version)_mapping.ignore.cil += \
+ $(call intermediates-dir-for,ETC,system_ext_$(version).ignore.cil)/system_ext_$(version).ignore.cil
+endif # (,$(SYSTEM_EXT_PREBUILT_POLICY))
+ifneq (,$(PRODUCT_PREBUILT_POLICY))
+$(version)_mapping.cil += \
+ $(call intermediates-dir-for,ETC,product_$(version).cil)/product_$(version).cil
+$(version)_mapping.ignore.cil += \
+ $(call intermediates-dir-for,ETC,product_$(version).ignore.cil)/product_$(version).ignore.cil
+endif # (,$(PRODUCT_PREBUILT_POLICY))
+$(version)_prebuilts_dir := $(BOARD_PLAT_PUB_VERSIONED_POLICY)/prebuilts/api/$(version)
+endif #($(IS_TREBLE_TEST_ENABLED_PARTNER),true)
# vendor_sepolicy.cil and plat_pub_versioned.cil are the new design to replace
# nonplat_sepolicy.cil.
@@ -70,10 +119,18 @@
$(version)_nonplat := $($(version)_prebuilts_dir)/nonplat_sepolicy.cil
endif
-$($(version)_compat): PRIVATE_CIL_FILES := \
-$(built_plat_cil) $($(version)_mapping.cil) $($(version)_nonplat)
-$($(version)_compat): $(HOST_OUT_EXECUTABLES)/secilc \
-$(built_plat_cil) $($(version)_mapping.cil) $($(version)_nonplat)
+cil_files := $(built_plat_cil)
+ifeq ($(IS_TREBLE_TEST_ENABLED_PARTNER),true)
+ifneq (,$(SYSTEM_EXT_PREBUILT_POLICY)
+cil_files += $(built_system_ext_cil)
+endif # (,$(SYSTEM_EXT_PREBUILT_POLICY)
+ifneq (,$(PRODUCT_PREBUILT_POLICY)
+cil_files += $(built_product_cil)
+endif # (,$(PRODUCT_PREBUILT_POLICY)
+endif # ($(IS_TREBLE_TEST_ENABLED_PARTNER),true)
+cil_files += $($(version)_mapping.cil) $($(version)_nonplat)
+$($(version)_compat): PRIVATE_CIL_FILES := $(cil_files)
+$($(version)_compat): $(HOST_OUT_EXECUTABLES)/secilc $(cil_files)
$(hide) $(HOST_OUT_EXECUTABLES)/secilc -m -M true -G -N -c $(POLICYVERS) \
$(PRIVATE_CIL_FILES) -o $@ -f /dev/null
@@ -86,32 +143,47 @@
mkdir -p $(dir $@)
cat $^ > $@
+ifeq ($(IS_TREBLE_TEST_ENABLED_PARTNER),true)
+built_sepolicy_files := $(built_product_sepolicy)
+public_cil_files := $(base_product_pub_policy.cil)
+else
+built_sepolicy_files := $(built_plat_sepolicy)
+public_cil_files := $(base_plat_pub_policy.cil)
+endif # ($(IS_TREBLE_TEST_ENABLED_PARTNER),true)
$(LOCAL_BUILT_MODULE): ALL_FC_ARGS := $(all_fc_args)
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY_OLD := $(built_$(version)_plat_sepolicy)
$(LOCAL_BUILT_MODULE): PRIVATE_COMBINED_MAPPING := $($(version)_mapping.combined.cil)
-$(LOCAL_BUILT_MODULE): PRIVATE_PLAT_SEPOLICY := $(built_plat_sepolicy)
-$(LOCAL_BUILT_MODULE): PRIVATE_PLAT_PUB_SEPOLICY := $(base_plat_pub_policy.cil)
+$(LOCAL_BUILT_MODULE): PRIVATE_PLAT_SEPOLICY := $(built_sepolicy_files)
+$(LOCAL_BUILT_MODULE): PRIVATE_PLAT_PUB_SEPOLICY := $(public_cil_files)
$(LOCAL_BUILT_MODULE): PRIVATE_FAKE_TREBLE :=
ifeq ($(PRODUCT_FULL_TREBLE_OVERRIDE),true)
# TODO(b/113124961): remove fake-treble
$(LOCAL_BUILT_MODULE): PRIVATE_FAKE_TREBLE := --fake-treble
endif # PRODUCT_FULL_TREBLE_OVERRIDE = true
$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/treble_sepolicy_tests \
- $(all_fc_files) $(built_sepolicy) $(built_plat_sepolicy) \
- $(base_plat_pub_policy.cil) \
+ $(all_fc_files) $(built_sepolicy) \
+ $(built_sepolicy_files) \
+ $(public_cil_files) \
$(built_$(version)_plat_sepolicy) $($(version)_compat) $($(version)_mapping.combined.cil)
@mkdir -p $(dir $@)
$(hide) $(HOST_OUT_EXECUTABLES)/treble_sepolicy_tests -l \
- $(HOST_OUT)/lib64/libsepolwrap.$(SHAREDLIB_EXT) $(ALL_FC_ARGS) \
- -b $(PRIVATE_PLAT_SEPOLICY) -m $(PRIVATE_COMBINED_MAPPING) \
- -o $(PRIVATE_SEPOLICY_OLD) -p $(PRIVATE_SEPOLICY) \
- -u $(PRIVATE_PLAT_PUB_SEPOLICY) \
- $(PRIVATE_FAKE_TREBLE)
+ $(HOST_OUT)/lib64/libsepolwrap.$(SHAREDLIB_EXT) $(ALL_FC_ARGS) \
+ -b $(PRIVATE_PLAT_SEPOLICY) -m $(PRIVATE_COMBINED_MAPPING) \
+ -o $(PRIVATE_SEPOLICY_OLD) -p $(PRIVATE_SEPOLICY) \
+ -u $(PRIVATE_PLAT_PUB_SEPOLICY) \
+ $(PRIVATE_FAKE_TREBLE)
$(hide) touch $@
+$(version)_SYSTEM_EXT_PUBLIC_POLICY :=
+$(version)_SYSTEM_EXT_PRIVATE_POLICY :=
+$(version)_PRODUCT_PUBLIC_POLICY :=
+$(version)_PRODUCT_PRIVATE_POLICY :=
$(version)_PLAT_PUBLIC_POLICY :=
$(version)_PLAT_PRIVATE_POLICY :=
+built_sepolicy_files :=
+public_cil_files :=
+cil_files :=
$(version)_compat :=
$(version)_mapping.cil :=
$(version)_mapping.combined.cil :=