Merge "Add sepolicy for new AIDL sensorservice"
diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index a91789d..738460d 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go
@@ -43,10 +43,10 @@
"android.hardware.cas.IMediaCasService/default": EXCEPTION_NO_FUZZER,
"android.hardware.confirmationui.IConfirmationUI/default": []string{"android.hardware.confirmationui-service.trusty_fuzzer"},
"android.hardware.contexthub.IContextHub/default": EXCEPTION_NO_FUZZER,
- "android.hardware.cpu.monitor.IMonitor/default": EXCEPTION_NO_FUZZER,
"android.hardware.drm.IDrmFactory/clearkey": EXCEPTION_NO_FUZZER,
"android.hardware.drm.ICryptoFactory/clearkey": EXCEPTION_NO_FUZZER,
"android.hardware.dumpstate.IDumpstateDevice/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.fastboot.IFastboot/default": EXCEPTION_NO_FUZZER,
"android.hardware.gatekeeper.IGatekeeper/default": EXCEPTION_NO_FUZZER,
"android.hardware.gnss.IGnss/default": EXCEPTION_NO_FUZZER,
"android.hardware.graphics.allocator.IAllocator/default": EXCEPTION_NO_FUZZER,
diff --git a/microdroid/system/private/compos_key_helper.te b/microdroid/system/private/compos_key_helper.te
index 8ec131c..c9d7647 100644
--- a/microdroid/system/private/compos_key_helper.te
+++ b/microdroid/system/private/compos_key_helper.te
@@ -17,3 +17,6 @@
# Write to /dev/kmsg.
allow compos_key_helper kmsg_device:chr_file rw_file_perms;
+
+# Communicate with microdroid manager to get DICE information
+unix_socket_connect(compos_key_helper, vm_payload_service, microdroid_manager)
diff --git a/microdroid/system/private/file_contexts b/microdroid/system/private/file_contexts
index 7968ff3..15f56c1 100644
--- a/microdroid/system/private/file_contexts
+++ b/microdroid/system/private/file_contexts
@@ -73,6 +73,8 @@
/dev/socket/tombstoned_crash u:object_r:tombstoned_crash_socket:s0
/dev/socket/tombstoned_java_trace u:object_r:tombstoned_java_trace_socket:s0
/dev/socket/tombstoned_intercept u:object_r:tombstoned_intercept_socket:s0
+/dev/socket/authfs_service u:object_r:authfs_service_socket:s0
+/dev/socket/vm_payload_service u:object_r:vm_payload_service_socket:s0
/dev/sys/block/by-name/userdata(/.*)? u:object_r:userdata_sysdev:s0
/dev/sys/fs/by-name/userdata(/.*)? u:object_r:userdata_sysdev:s0
/dev/tty u:object_r:owntty_device:s0
diff --git a/microdroid/system/private/kexec.te b/microdroid/system/private/kexec.te
index c0ab735..8d40986 100644
--- a/microdroid/system/private/kexec.te
+++ b/microdroid/system/private/kexec.te
@@ -10,3 +10,6 @@
# allow kexec to have SYS_BOOT
allow kexec self:capability sys_boot;
+
+# allow kexec to write kmsg_debug
+allow kexec kmsg_debug_device:chr_file w_file_perms;
diff --git a/microdroid/system/private/microdroid_manager.te b/microdroid/system/private/microdroid_manager.te
index ac92f38..5996b55 100644
--- a/microdroid/system/private/microdroid_manager.te
+++ b/microdroid/system/private/microdroid_manager.te
@@ -48,6 +48,9 @@
# Let microdroid_manager to create a vsock connection back to the host VM
allow microdroid_manager self:vsock_socket { create_socket_perms_no_ioctl };
+# Let microdroid_manager listen/accept from the host for stdio proxy
+allow microdroid_manager self:vsock_socket { listen accept };
+
# microdroid_manager is using bootstrap bionic
use_bootstrap_libs(microdroid_manager)
@@ -111,6 +114,9 @@
# Allow microdroid_manager to handle extra_apks
allow microdroid_manager extra_apk_file:dir create_dir_perms;
+# Allow microdroid_manager to write kmsg_debug (stdio_to_kmsg).
+allow microdroid_manager kmsg_debug_device:chr_file w_file_perms;
+
# Domains other than microdroid can't write extra_apks
neverallow { domain -microdroid_manager -init -vendor_init } extra_apk_file:file no_w_file_perms;
neverallow { domain -microdroid_manager -init -vendor_init } extra_apk_file:dir no_w_dir_perms;
diff --git a/microdroid/system/private/microdroid_payload.te b/microdroid/system/private/microdroid_payload.te
index 1375442..b0501e9 100644
--- a/microdroid/system/private/microdroid_payload.te
+++ b/microdroid/system/private/microdroid_payload.te
@@ -49,6 +49,9 @@
allow microdroid_payload authfs_binder_service:service_manager find;
binder_call(microdroid_payload, authfs_service);
+# Allow payload to communicate with authfs_service
+unix_socket_connect(microdroid_payload, authfs_service, authfs_service)
+
# Allow locating the authfs mount directory.
allow microdroid_payload authfs_data_file:dir search;
@@ -59,3 +62,6 @@
# Allow use of virtual_machine_payload_service.
allow microdroid_payload vm_payload_binder_service:service_manager find;
binder_call(microdroid_payload, microdroid_manager)
+
+# Allow payload to communicate with microdroid manager
+unix_socket_connect(microdroid_payload, vm_payload_service, microdroid_manager)
diff --git a/microdroid/system/public/file.te b/microdroid/system/public/file.te
index 47d29aa..46ead43 100644
--- a/microdroid/system/public/file.te
+++ b/microdroid/system/public/file.te
@@ -5,6 +5,7 @@
type apex_info_file, file_type;
type apex_mnt_dir, file_type;
type authfs_data_file, file_type, data_file_type, core_data_file_type;
+type authfs_service_socket, file_type, coredomain_socket;
type cgroup_desc_api_file, file_type, system_file_type;
type cgroup_desc_file, file_type, system_file_type;
type cgroup_rc_file, file_type;
@@ -43,6 +44,7 @@
type vendor_data_file, file_type, data_file_type;
type vendor_file, file_type, vendor_file_type;
type vendor_service_contexts_file, vendor_file_type, file_type;
+type vm_payload_service_socket, file_type, coredomain_socket;
# file system types
type binderfs, fs_type;
diff --git a/private/compat/33.0/33.0.ignore.cil b/private/compat/33.0/33.0.ignore.cil
index ee56e52..48c8eb4 100644
--- a/private/compat/33.0/33.0.ignore.cil
+++ b/private/compat/33.0/33.0.ignore.cil
@@ -5,6 +5,7 @@
(typeattribute new_objects)
(typeattributeset new_objects
( new_objects
+ adaptive_haptics_prop
apex_ready_prop
artd
credential_service
@@ -14,8 +15,6 @@
fwk_sensor_service
hal_bootctl_service
hal_cas_service
- hal_cpu_hwservice
- hal_cpu_service
hal_remoteaccess_service
hal_thermal_service
hal_usb_gadget_service
@@ -28,6 +27,7 @@
ntfs
permissive_mte_prop
prng_seeder
+ rkpdapp
servicemanager_prop
system_net_netd_service
timezone_metadata_prop
@@ -38,4 +38,5 @@
hal_gatekeeper_service
hal_broadcastradio_service
hal_confirmationui_service
+ hal_fastboot_service
))
diff --git a/private/crosvm.te b/private/crosvm.te
index 5971b91..9c45131 100644
--- a/private/crosvm.te
+++ b/private/crosvm.te
@@ -10,9 +10,6 @@
neverallow { domain -crosvm -ueventd } kvm_device:chr_file ~getattr;
neverallowxperm { domain -crosvm } kvm_device:chr_file ioctl ~{ KVM_CHECK_EXTENSION };
-# Let crosvm mlock VM memory and page tables.
-allow crosvm self:capability ipc_lock;
-
# Let crosvm create temporary files.
tmpfs_domain(crosvm)
diff --git a/private/domain.te b/private/domain.te
index 60303ff..65e2029 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -101,6 +101,48 @@
get_prop({domain -coredomain -appdomain}, vendor_default_prop)
')
+# Public readable properties
+get_prop(domain, aaudio_config_prop)
+get_prop(domain, apexd_select_prop)
+get_prop(domain, arm64_memtag_prop)
+get_prop(domain, bluetooth_config_prop)
+get_prop(domain, bootloader_prop)
+get_prop(domain, build_odm_prop)
+get_prop(domain, build_prop)
+get_prop(domain, build_vendor_prop)
+get_prop(domain, debug_prop)
+get_prop(domain, exported_config_prop)
+get_prop(domain, exported_default_prop)
+get_prop(domain, exported_dumpstate_prop)
+get_prop(domain, exported_secure_prop)
+get_prop(domain, exported_system_prop)
+get_prop(domain, fingerprint_prop)
+get_prop(domain, framework_status_prop)
+get_prop(domain, gwp_asan_prop)
+get_prop(domain, hal_instrumentation_prop)
+get_prop(domain, hw_timeout_multiplier_prop)
+get_prop(domain, init_service_status_prop)
+get_prop(domain, libc_debug_prop)
+get_prop(domain, locale_prop)
+get_prop(domain, logd_prop)
+get_prop(domain, mediadrm_config_prop)
+get_prop(domain, property_service_version_prop)
+get_prop(domain, soc_prop)
+get_prop(domain, socket_hook_prop)
+get_prop(domain, surfaceflinger_prop)
+get_prop(domain, telephony_status_prop)
+get_prop(domain, timezone_prop)
+get_prop({domain - untrusted_app_all }, userdebug_or_eng_prop)
+get_prop(domain, vendor_socket_hook_prop)
+get_prop(domain, vndk_prop)
+get_prop(domain, vold_status_prop)
+get_prop(domain, vts_config_prop)
+
+# Binder cache properties are world-readable
+get_prop(domain, binder_cache_bluetooth_server_prop)
+get_prop(domain, binder_cache_system_server_prop)
+get_prop(domain, binder_cache_telephony_server_prop)
+
# Allow access to fsverity keyring.
allow domain kernel:key search;
# Allow access to keys in the fsverity keyring that were installed at boot.
diff --git a/private/fastbootd.te b/private/fastbootd.te
index c33e044..d93ee42 100644
--- a/private/fastbootd.te
+++ b/private/fastbootd.te
@@ -45,6 +45,9 @@
# Needed for reading boot properties.
allow fastbootd proc_bootconfig:file r_file_perms;
+ # Let this domain use the hal fastboot service
+ binder_use(fastbootd)
+ hal_client_domain(fastbootd, hal_fastboot)
')
# io_uring_setup needs ipc_lock and permission to operate anon inodes
diff --git a/private/hwservice_contexts b/private/hwservice_contexts
index c87a792..4a44dc5 100644
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts
@@ -27,7 +27,6 @@
android.hardware.confirmationui::IConfirmationUI u:object_r:hal_confirmationui_hwservice:s0
android.hardware.contexthub::IContexthub u:object_r:hal_contexthub_hwservice:s0
android.hardware.cas::IMediaCasService u:object_r:hal_cas_hwservice:s0
-android.hardware.cpu.monitor::IMonitor u:object_r:hal_cpu_hwservice:s0
android.hardware.drm::ICryptoFactory u:object_r:hal_drm_hwservice:s0
android.hardware.drm::IDrmFactory u:object_r:hal_drm_hwservice:s0
android.hardware.dumpstate::IDumpstateDevice u:object_r:hal_dumpstate_hwservice:s0
diff --git a/private/init.te b/private/init.te
index f03a138..2fd2940 100644
--- a/private/init.te
+++ b/private/init.te
@@ -14,6 +14,7 @@
domain_trans(init, rootfs, hal_bootctl_server)
domain_trans(init, rootfs, charger)
domain_trans(init, rootfs, fastbootd)
+ domain_trans(init, rootfs, hal_fastboot_server)
domain_trans(init, rootfs, hal_health_server)
domain_trans(init, rootfs, recovery)
domain_trans(init, rootfs, linkerconfig)
diff --git a/private/property_contexts b/private/property_contexts
index 48eed1c..b8503bd 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -1438,19 +1438,34 @@
# properties for the virtual Fingerprint HAL
persist.vendor.fingerprint.virtual.type u:object_r:virtual_fingerprint_hal_prop:s0 exact string
persist.vendor.fingerprint.virtual.enrollments u:object_r:virtual_fingerprint_hal_prop:s0 exact string
+persist.vendor.fingerprint.virtual.lockout u:object_r:virtual_fingerprint_hal_prop:s0 exact bool
+persist.vendor.fingerprint.virtual.authenticator_id u:object_r:virtual_fingerprint_hal_prop:s0 exact int
+persist.vendor.fingerprint.virtual.sensor_location u:object_r:virtual_fingerprint_hal_prop:s0 exact string
+persist.vendor.fingerprint.virtual.sensor_id u:object_r:virtual_fingerprint_hal_prop:s0 exact int
+persist.vendor.fingerprint.virtual.sensor_strength u:object_r:virtual_fingerprint_hal_prop:s0 exact int
+persist.vendor.fingerprint.virtual.max_enrollments u:object_r:virtual_fingerprint_hal_prop:s0 exact int
+persist.vendor.fingerprint.virtual.navigation_guesture u:object_r:virtual_fingerprint_hal_prop:s0 exact bool
+persist.vendor.fingerprint.virtual.detect_interaction u:object_r:virtual_fingerprint_hal_prop:s0 exact bool
+persist.vendor.fingerprint.virtual.udfps.display_touch u:object_r:virtual_fingerprint_hal_prop:s0 exact bool
+persist.vendor.fingerprint.virtual.udfps.control_illumination u:object_r:virtual_fingerprint_hal_prop:s0 exact bool
+persist.vendor.fingerprint.virtual.lockout_enable u:object_r:virtual_fingerprint_hal_prop:s0 exact bool
+persist.vendor.fingerprint.virtual.lockout_timed_threshold u:object_r:virtual_fingerprint_hal_prop:s0 exact int
+persist.vendor.fingerprint.virtual.lockout_timed_duration u:object_r:virtual_fingerprint_hal_prop:s0 exact int
+persist.vendor.fingerprint.virtual.lockout_permanent_threshold u:object_r:virtual_fingerprint_hal_prop:s0 exact int
vendor.fingerprint.virtual.enrollment_hit u:object_r:virtual_fingerprint_hal_prop:s0 exact int
vendor.fingerprint.virtual.next_enrollment u:object_r:virtual_fingerprint_hal_prop:s0 exact string
-vendor.fingerprint.virtual.authenticator_id u:object_r:virtual_fingerprint_hal_prop:s0 exact int
vendor.fingerprint.virtual.challenge u:object_r:virtual_fingerprint_hal_prop:s0 exact int
-vendor.fingerprint.virtual.lockout u:object_r:virtual_fingerprint_hal_prop:s0 exact bool
vendor.fingerprint.virtual.operation_authenticate_fails u:object_r:virtual_fingerprint_hal_prop:s0 exact bool
vendor.fingerprint.virtual.operation_detect_interaction_fails u:object_r:virtual_fingerprint_hal_prop:s0 exact bool
vendor.fingerprint.virtual.operation_enroll_fails u:object_r:virtual_fingerprint_hal_prop:s0 exact bool
-vendor.fingerprint.virtual.operation_authenticate_latency u:object_r:virtual_fingerprint_hal_prop:s0 exact int
-vendor.fingerprint.virtual.operation_detect_interaction_latency u:object_r:virtual_fingerprint_hal_prop:s0 exact int
-vendor.fingerprint.virtual.operation_enroll_latency u:object_r:virtual_fingerprint_hal_prop:s0 exact int
+vendor.fingerprint.virtual.operation_authenticate_latency u:object_r:virtual_fingerprint_hal_prop:s0 exact string
+vendor.fingerprint.virtual.operation_detect_interaction_latency u:object_r:virtual_fingerprint_hal_prop:s0 exact string
+vendor.fingerprint.virtual.operation_enroll_latency u:object_r:virtual_fingerprint_hal_prop:s0 exact string
vendor.fingerprint.virtual.operation_authenticate_duration u:object_r:virtual_fingerprint_hal_prop:s0 exact int
# properties for tuner
ro.tuner.lazyhal u:object_r:tuner_config_prop:s0 exact bool
tuner.server.enable u:object_r:tuner_server_ctl_prop:s0 exact bool
+
+# Adaptive haptics settings property
+vibrator.adaptive_haptics.enabled u:object_r:adaptive_haptics_prop:s0 exact string
diff --git a/private/rkpd_app.te b/private/rkpd_app.te
new file mode 100644
index 0000000..535f324
--- /dev/null
+++ b/private/rkpd_app.te
@@ -0,0 +1,20 @@
+###
+### A domain for sandboxing the remote key provisioning daemon
+### app that is shipped via mainline.
+###
+typeattribute rkpdapp coredomain;
+
+app_domain(rkpdapp)
+
+# RKPD needs to be able to call the remote provisioning HALs
+hal_client_domain(rkpdapp, hal_keymint)
+
+# Grant access to certain system properties related to RKP
+get_prop(rkpdapp, device_config_remote_key_provisioning_native_prop)
+
+# Grant access to the normal services that are available to all apps
+allow rkpdapp app_api_service:service_manager find;
+
+# Grant access to statsd
+allow rkpdapp statsmanager_service:service_manager find;
+binder_call(rkpdapp, statsd)
diff --git a/private/seapp_contexts b/private/seapp_contexts
index b26d977..81563a5 100644
--- a/private/seapp_contexts
+++ b/private/seapp_contexts
@@ -164,6 +164,7 @@
user=_app isPrivApp=true name=com.google.android.providers.media.module domain=mediaprovider_app type=privapp_data_file levelFrom=all
user=_app seinfo=platform isPrivApp=true name=com.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all
user=_app isPrivApp=true name=com.android.vzwomatrigger domain=vzwomatrigger_app type=privapp_data_file levelFrom=all
+user=_app isPrivApp=true name=com.android.rkpdapp domain=rkpdapp type=privapp_data_file levelFrom=user
user=_app isPrivApp=true name=com.google.android.gms domain=gmscore_app type=privapp_data_file levelFrom=user
user=_app isPrivApp=true name=com.google.android.gms.* domain=gmscore_app type=privapp_data_file levelFrom=user
user=_app isPrivApp=true name=com.google.android.gms:* domain=gmscore_app type=privapp_data_file levelFrom=user
diff --git a/private/service_contexts b/private/service_contexts
index 496fcd4..562e3d4 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -22,10 +22,10 @@
android.hardware.cas.IMediaCasService/default u:object_r:hal_cas_service:s0
android.hardware.confirmationui.IConfirmationUI/default u:object_r:hal_confirmationui_service:s0
android.hardware.contexthub.IContextHub/default u:object_r:hal_contexthub_service:s0
-android.hardware.cpu.monitor.IMonitor/default u:object_r:hal_cpu_service:s0
android.hardware.drm.IDrmFactory/clearkey u:object_r:hal_drm_service:s0
android.hardware.drm.ICryptoFactory/clearkey u:object_r:hal_drm_service:s0
android.hardware.dumpstate.IDumpstateDevice/default u:object_r:hal_dumpstate_service:s0
+android.hardware.fastboot.IFastboot/default u:object_r:hal_fastboot_service:s0
android.hardware.gnss.IGnss/default u:object_r:hal_gnss_service:s0
android.hardware.graphics.allocator.IAllocator/default u:object_r:hal_graphics_allocator_service:s0
android.hardware.graphics.composer3.IComposer/default u:object_r:hal_graphics_composer_service:s0
diff --git a/private/shell.te b/private/shell.te
index 6a7c629..02105a9 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -184,6 +184,9 @@
get_prop(shell, last_boot_reason_prop)
get_prop(shell, system_boot_reason_prop)
+# Allow shell to execute the remote key provisioning factory tool
+binder_call(shell, hal_keymint)
+
# Allow reading the outcome of perf_event_open LSM support test for CTS.
get_prop(shell, init_perf_lsm_hooks_prop)
diff --git a/private/stats.te b/private/stats.te
index db29072..c784145 100644
--- a/private/stats.te
+++ b/private/stats.te
@@ -47,6 +47,7 @@
-mediametrics
-platform_app
-priv_app
+ -rkpdapp
-shell
-stats
-statsd
diff --git a/private/system_app.te b/private/system_app.te
index 61d3b5d..3b92c0f 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -34,6 +34,7 @@
allow system_app icon_file:file r_file_perms;
# Write to properties
+set_prop(system_app, adaptive_haptics_prop)
set_prop(system_app, arm64_memtag_prop)
set_prop(system_app, bluetooth_a2dp_offload_prop)
set_prop(system_app, bluetooth_audio_hal_prop)
@@ -192,3 +193,6 @@
# bug reports, but not reads.
neverallow system_app shell_data_file:dir { no_w_dir_perms open search read };
neverallow system_app shell_data_file:file { open read ioctl lock };
+
+# system_app should be the only domain writing the adaptive haptics prop
+neverallow { domain -init -system_app } adaptive_haptics_prop:property_service set;
diff --git a/private/system_server.te b/private/system_server.te
index e8395ed..9d1f97f 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -310,7 +310,6 @@
hal_client_domain(system_server, hal_codec2)
hal_client_domain(system_server, hal_configstore)
hal_client_domain(system_server, hal_contexthub)
-hal_client_domain(system_server, hal_cpu)
hal_client_domain(system_server, hal_face)
hal_client_domain(system_server, hal_fingerprint)
hal_client_domain(system_server, hal_gnss)
@@ -392,7 +391,6 @@
hal_bluetooth_server
hal_camera_server
hal_codec2_server
- hal_cpu_server
hal_face_server
hal_fingerprint_server
hal_gnss_server
diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
index 3e057fe..46871b7 100644
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te
@@ -22,6 +22,9 @@
# When virtualizationservice execs a file with the crosvm_exec label, run it in the crosvm domain.
domain_auto_trans(virtualizationservice, crosvm_exec, crosvm)
+# Let virtualizationservice (and specifically its children) mlock VM memory and page tables.
+allow virtualizationservice self:capability sys_resource;
+
# Let virtualizationservice kill crosvm.
allow virtualizationservice crosvm:process sigkill;
@@ -81,6 +84,9 @@
allow virtualizationservice tombstone_data_file:file { append getattr };
allow virtualizationservice tombstoned:fd use;
+# Allow reading files under /proc/[crosvm pid]/, for collecting CPU & memory usage inside VM.
+r_dir_file(virtualizationservice, crosvm);
+
neverallow {
domain
-init
diff --git a/public/attributes b/public/attributes
index d462c09..ae610e6 100644
--- a/public/attributes
+++ b/public/attributes
@@ -333,12 +333,12 @@
hal_attribute(configstore);
hal_attribute(confirmationui);
hal_attribute(contexthub);
-hal_attribute(cpu);
hal_attribute(dice);
hal_attribute(drm);
hal_attribute(dumpstate);
hal_attribute(evs);
hal_attribute(face);
+hal_attribute(fastboot);
hal_attribute(fingerprint);
hal_attribute(gatekeeper);
hal_attribute(gnss);
diff --git a/public/domain.te b/public/domain.te
index f9e4c46..217738d 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -101,48 +101,6 @@
allow domain properties_serial:file r_file_perms;
allow domain property_info:file r_file_perms;
-# Public readable properties
-get_prop(domain, aaudio_config_prop)
-get_prop(domain, apexd_select_prop)
-get_prop(domain, arm64_memtag_prop)
-get_prop(domain, bluetooth_config_prop)
-get_prop(domain, bootloader_prop)
-get_prop(domain, build_odm_prop)
-get_prop(domain, build_prop)
-get_prop(domain, build_vendor_prop)
-get_prop(domain, debug_prop)
-get_prop(domain, exported_config_prop)
-get_prop(domain, exported_default_prop)
-get_prop(domain, exported_dumpstate_prop)
-get_prop(domain, exported_secure_prop)
-get_prop(domain, exported_system_prop)
-get_prop(domain, fingerprint_prop)
-get_prop(domain, framework_status_prop)
-get_prop(domain, gwp_asan_prop)
-get_prop(domain, hal_instrumentation_prop)
-get_prop(domain, hw_timeout_multiplier_prop)
-get_prop(domain, init_service_status_prop)
-get_prop(domain, libc_debug_prop)
-get_prop(domain, locale_prop)
-get_prop(domain, logd_prop)
-get_prop(domain, mediadrm_config_prop)
-get_prop(domain, property_service_version_prop)
-get_prop(domain, soc_prop)
-get_prop(domain, socket_hook_prop)
-get_prop(domain, surfaceflinger_prop)
-get_prop(domain, telephony_status_prop)
-get_prop(domain, timezone_prop)
-get_prop({domain - untrusted_app_all }, userdebug_or_eng_prop)
-get_prop(domain, vendor_socket_hook_prop)
-get_prop(domain, vndk_prop)
-get_prop(domain, vold_status_prop)
-get_prop(domain, vts_config_prop)
-
-# Binder cache properties are world-readable
-get_prop(domain, binder_cache_bluetooth_server_prop)
-get_prop(domain, binder_cache_system_server_prop)
-get_prop(domain, binder_cache_telephony_server_prop)
-
# Let everyone read log properties, so that liblog can avoid sending unloggable
# messages to logd.
get_prop(domain, log_property_type)
@@ -593,6 +551,7 @@
-hal_camera_server
-hal_cas_server
-hal_drm_server
+ -hal_keymint_server
userdebug_or_eng(`-incidentd')
-init
-mediadrmserver
diff --git a/public/dumpstate.te b/public/dumpstate.te
index ea973fe..c0af235 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -75,13 +75,13 @@
vold
# This list comes from hal_interfaces_to_dump in dumputils/dump_utils.c
+ evsmanagerd
hal_audio_server
hal_audiocontrol_server
hal_bluetooth_server
hal_broadcastradio_server
hal_camera_server
hal_codec2_server
- hal_cpu_server
hal_drm_server
hal_evs_server
hal_face_server
@@ -151,7 +151,6 @@
# Allow dumpstate to call dump() on specific hals.
dump_hal(hal_authsecret)
dump_hal(hal_contexthub)
-dump_hal(hal_cpu)
dump_hal(hal_drm)
dump_hal(hal_dumpstate)
dump_hal(hal_face)
@@ -366,7 +365,7 @@
allow dumpstate binderfs_logs:file r_file_perms;
allow dumpstate binderfs_logs_proc:file r_file_perms;
-allow dumpstate apex_info_file:file getattr;
+use_apex_info(dumpstate)
###
### neverallow rules
diff --git a/public/fastbootd.te b/public/fastbootd.te
index 68cb9e0..8452b97 100644
--- a/public/fastbootd.te
+++ b/public/fastbootd.te
@@ -13,6 +13,7 @@
# fastbootd can use AIDL HALs in binder mode
binder_use(fastbootd)
hal_client_domain(fastbootd, hal_health)
+ hal_client_domain(fastbootd, hal_fastboot)
# Access /dev/usb-ffs/fastbootd/ep0
allow fastbootd functionfs:dir search;
diff --git a/public/hal_cpu.te b/public/hal_cpu.te
deleted file mode 100644
index 4bf7e12..0000000
--- a/public/hal_cpu.te
+++ /dev/null
@@ -1,9 +0,0 @@
-# HwBinder IPC from client to server, and callbacks
-binder_call(hal_cpu_client, hal_cpu_server)
-binder_call(hal_cpu_server, hal_cpu_client)
-
-hal_attribute_hwservice(hal_cpu, hal_cpu_hwservice)
-hal_attribute_service(hal_cpu, hal_cpu_service)
-
-binder_call(hal_cpu_server, servicemanager)
-binder_call(hal_cpu_client, servicemanager)
diff --git a/public/hal_fastboot.te b/public/hal_fastboot.te
new file mode 100644
index 0000000..7aecac1
--- /dev/null
+++ b/public/hal_fastboot.te
@@ -0,0 +1,7 @@
+# allow binder connection from client to server
+binder_call(hal_fastboot_client, hal_fastboot_server)
+# allow client to find the service, allow server to register the service
+hal_attribute_service(hal_fastboot, hal_fastboot_service)
+# allow binder communication from server to service_manager
+binder_call(hal_fastboot_server, servicemanager)
+
diff --git a/public/hwservice.te b/public/hwservice.te
index 574702f..11b77f0 100644
--- a/public/hwservice.te
+++ b/public/hwservice.te
@@ -19,7 +19,6 @@
type hal_can_controller_hwservice, hwservice_manager_type, protected_hwservice;
type hal_confirmationui_hwservice, hwservice_manager_type, protected_hwservice;
type hal_contexthub_hwservice, hwservice_manager_type, protected_hwservice;
-type hal_cpu_hwservice, hwservice_manager_type, protected_hwservice;
type hal_dumpstate_hwservice, hwservice_manager_type, protected_hwservice;
type hal_evs_hwservice, hwservice_manager_type, protected_hwservice;
type hal_face_hwservice, hwservice_manager_type, protected_hwservice;
diff --git a/public/property.te b/public/property.te
index a9e61b5..14abd0f 100644
--- a/public/property.te
+++ b/public/property.te
@@ -52,6 +52,7 @@
# Properties which can't be written outside system
system_restricted_prop(aac_drc_prop)
+system_restricted_prop(adaptive_haptics_prop)
system_restricted_prop(apex_ready_prop)
system_restricted_prop(arm64_memtag_prop)
system_restricted_prop(binder_cache_bluetooth_server_prop)
diff --git a/public/rkpd_app.te b/public/rkpd_app.te
new file mode 100644
index 0000000..2aaf3b8
--- /dev/null
+++ b/public/rkpd_app.te
@@ -0,0 +1,6 @@
+###
+### A domain for sandboxing the remote key provisioning daemon
+### app that is shipped via mainline.
+###
+
+type rkpdapp, domain;
diff --git a/public/service.te b/public/service.te
index a44edfb..1ff3668 100644
--- a/public/service.te
+++ b/public/service.te
@@ -277,12 +277,12 @@
type hal_cas_service, hal_service_type, service_manager_type;
type hal_confirmationui_service, protected_service, hal_service_type, service_manager_type;
type hal_contexthub_service, protected_service, hal_service_type, service_manager_type;
-type hal_cpu_service, protected_service, hal_service_type, service_manager_type;
type hal_dice_service, protected_service, hal_service_type, service_manager_type;
type hal_drm_service, hal_service_type, service_manager_type;
type hal_dumpstate_service, protected_service, hal_service_type, service_manager_type;
type hal_evs_service, protected_service, hal_service_type, service_manager_type;
type hal_face_service, protected_service, hal_service_type, service_manager_type;
+type hal_fastboot_service, protected_service, hal_service_type, service_manager_type;
type hal_fingerprint_service, protected_service, hal_service_type, service_manager_type;
type hal_gnss_service, protected_service, hal_service_type, service_manager_type;
type hal_graphics_allocator_service, hal_service_type, service_manager_type;
diff --git a/public/shell.te b/public/shell.te
index 496061c..6c67cea 100644
--- a/public/shell.te
+++ b/public/shell.te
@@ -81,6 +81,9 @@
-apex_service
-dnsresolver_service
-gatekeeper_service
+ -hal_keymint_service
+ -hal_secureclock_service
+ -hal_sharedsecret_service
-incident_service
-installd_service
-mdns_service
@@ -196,6 +199,14 @@
### Neverallow rules
###
+# Do not allow shell to talk directly to security HAL services other than
+# hal_remotelyprovisionedcomponent_service
+neverallow shell {
+ hal_keymint_service
+ hal_secureclock_service
+ hal_sharedsecret_service
+}:service_manager find;
+
# Do not allow shell to hard link to any files.
# In particular, if shell hard links to app data
# files, installd will not be able to guarantee the deletion
diff --git a/public/su.te b/public/su.te
index 74c386e..730c1e0 100644
--- a/public/su.te
+++ b/public/su.te
@@ -72,7 +72,6 @@
typeattribute su hal_configstore_client;
typeattribute su hal_confirmationui_client;
typeattribute su hal_contexthub_client;
- typeattribute su hal_cpu_client;
typeattribute su hal_drm_client;
typeattribute su hal_cas_client;
typeattribute su hal_dumpstate_client;
diff --git a/vendor/file_contexts b/vendor/file_contexts
index bd93f37..c69b451 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -35,7 +35,6 @@
/(vendor|sustem/vendor)/bin/hw/android\.hardware\.confirmationui@1\.0-service u:object_r:hal_confirmationui_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.contexthub@1\.[0-9]+-service u:object_r:hal_contexthub_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.contexthub-service\.example u:object_r:hal_contexthub_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.cpu\.monitor-service\.example u:object_r:hal_cpu_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.0-service u:object_r:hal_drm_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.0-service-lazy u:object_r:hal_drm_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm-service(-lazy)?\.clearkey u:object_r:hal_drm_clearkey_aidl_exec:s0
@@ -52,6 +51,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.allocator@3\.0-service u:object_r:hal_graphics_allocator_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.allocator@4\.0-service u:object_r:hal_graphics_allocator_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.allocator-V1-service u:object_r:hal_graphics_allocator_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.allocator-service u:object_r:hal_graphics_allocator_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.composer@[0-9]\.[0-9]-service u:object_r:hal_graphics_composer_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.composer3-service\.example u:object_r:hal_graphics_composer_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.health@1\.0-service u:object_r:hal_health_default_exec:s0
diff --git a/vendor/hal_cpu_default.te b/vendor/hal_cpu_default.te
deleted file mode 100644
index bda2e31..0000000
--- a/vendor/hal_cpu_default.te
+++ /dev/null
@@ -1,11 +0,0 @@
-type hal_cpu_default, domain;
-hal_server_domain(hal_cpu_default, hal_cpu)
-
-type hal_cpu_default_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(hal_cpu_default)
-
-# Allow reading /proc/stat
-allow hal_cpu_default proc_stat:file r_file_perms;
-
-# Allow reading cpuset information
-allow hal_cpu_default cgroup:dir r_dir_perms;
diff --git a/vendor/hal_fastboot_default.te b/vendor/hal_fastboot_default.te
new file mode 100644
index 0000000..4a52642
--- /dev/null
+++ b/vendor/hal_fastboot_default.te
@@ -0,0 +1,6 @@
+type hal_fastboot_default, domain;
+
+hal_server_domain(hal_fastboot_default, hal_fastboot)
+
+type hal_fastboot_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_fastboot_default)