Merge "Property context update for audio.timestamp.corrected_output_device" into main
diff --git a/OWNERS b/OWNERS
index 488be27..6a2b611 100644
--- a/OWNERS
+++ b/OWNERS
@@ -6,3 +6,5 @@
jiyong@google.com
smoreland@google.com
tweek@google.com
+
+per-file service_fuzzer_bindings.go = waghpawan@google.com
diff --git a/flagging/Android.bp b/flagging/Android.bp
index 2d0bb68..26e8989 100644
--- a/flagging/Android.bp
+++ b/flagging/Android.bp
@@ -21,6 +21,7 @@
"RELEASE_AVF_ENABLE_DEVICE_ASSIGNMENT",
"RELEASE_AVF_ENABLE_LLPVM_CHANGES",
"RELEASE_AVF_ENABLE_NETWORK",
+ "RELEASE_READ_FROM_NEW_STORAGE",
"RELEASE_HARDWARE_BLUETOOTH_RANGING_SERVICE",
"RELEASE_UNLOCKED_STORAGE_API",
],
diff --git a/private/app.te b/private/app.te
index 30931e4..1dd7fda 100644
--- a/private/app.te
+++ b/private/app.te
@@ -643,7 +643,7 @@
{ apk_tmp_file apk_private_tmp_file }:dir_file_class_set *;
neverallow { untrusted_app_all isolated_app_all } { apk_tmp_file apk_private_tmp_file }:{ devfile_class_set dir fifo_file lnk_file sock_file } *;
-neverallow { untrusted_app_all isolated_app_all } { apk_tmp_file apk_private_tmp_file }:file ~{ getattr read };
+neverallow { untrusted_app_all isolated_app_all } { apk_tmp_file apk_private_tmp_file }:file ~{ getattr read map };
# Access to factory files.
neverallow appdomain efs_file:dir_file_class_set write;
diff --git a/private/dexopt_chroot_setup.te b/private/dexopt_chroot_setup.te
index 4267d09..4a964fd 100644
--- a/private/dexopt_chroot_setup.te
+++ b/private/dexopt_chroot_setup.te
@@ -52,6 +52,7 @@
apex_mnt_dir
apk_data_file
binderfs
+ binfmt_miscfs
cgroup
cgroup_v2
userdebug_or_eng(debugfs)
@@ -81,6 +82,7 @@
allow dexopt_chroot_setup {
binderfs
+ binfmt_miscfs
cgroup
cgroup_v2
userdebug_or_eng(debugfs)
diff --git a/private/domain.te b/private/domain.te
index c92830f..4cf9138 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -570,13 +570,15 @@
-hal_omx_server
} {shell_exec toolbox_exec}:file rx_file_perms;
-# Allow all to read from flag value boot snapshot storage files and general pb files
-# The boot snapshot of storage files serves flag read traffic for all processes, thus
-# needs to be readable by everybody.
-r_dir_file(domain, aconfig_storage_metadata_file);
+# Allow all processes to read aconfig flag storage files. The format is hidden behind
+# code-generated APIs, but since the libraries are executed in the context of the caller,
+# all processes need access to the underlying files.
+is_flag_enabled(RELEASE_READ_FROM_NEW_STORAGE, `
+ r_dir_file(domain, aconfig_storage_metadata_file);
+ r_dir_file(domain, aconfig_test_mission_files);
+')
r_dir_file({ coredomain appdomain }, system_aconfig_storage_file);
-r_dir_file({ coredomain appdomain }, aconfig_test_mission_files);
# processes needs to access storage file stored at /metadata/aconfig/boot, require search
# permission on /metadata dir
diff --git a/private/dumpstate.te b/private/dumpstate.te
index 38ea999..20341e4 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -33,6 +33,9 @@
allow dumpstate dropbox_data_file:file r_file_perms;
')
+r_dir_file(dumpstate, aconfig_storage_metadata_file);
+r_dir_file(dumpstate, aconfig_test_mission_files);
+
# Allow dumpstate to make binder calls to incidentd
binder_call(dumpstate, incidentd)
diff --git a/private/isolated_app_all.te b/private/isolated_app_all.te
index 8c1fdcb..12b1794 100644
--- a/private/isolated_app_all.te
+++ b/private/isolated_app_all.te
@@ -32,8 +32,8 @@
# suppress denials to /data/local/tmp
dontaudit isolated_app_all shell_data_file:dir search;
-# Allow to read (but not open) staged apks.
-allow isolated_app_all { apk_tmp_file apk_private_tmp_file }:file { read getattr };
+# Allow to read, map (but not open) staged apks.
+allow isolated_app_all { apk_tmp_file apk_private_tmp_file }:file { read getattr map };
#####
##### Neverallow
diff --git a/private/seapp_contexts b/private/seapp_contexts
index a07d272..291e097 100644
--- a/private/seapp_contexts
+++ b/private/seapp_contexts
@@ -121,9 +121,6 @@
# levelFrom=app or levelFrom=all is only supported for _app UIDs.
# level may be used to specify a fixed level for any UID.
#
-# For backwards compatibility levelFromUid=true is equivalent to levelFrom=app
-# and levelFromUid=false is equivalent to levelFrom=none.
-#
#
# Neverallow Assertions
# Additional compile time assertion checks for the rules in this file can be
diff --git a/tools/check_seapp.c b/tools/check_seapp.c
index 02882af..f19b0f1 100644
--- a/tools/check_seapp.c
+++ b/tools/check_seapp.c
@@ -233,7 +233,6 @@
/*Outputs*/
{ .name = "domain", .dir = dir_out, .fn_validate = validate_domain },
{ .name = "type", .dir = dir_out, .fn_validate = validate_type },
- { .name = "levelFromUid", .dir = dir_out, .fn_validate = validate_bool },
{ .name = "levelFrom", .dir = dir_out, .fn_validate = validate_levelFrom },
{ .name = "level", .dir = dir_out, .fn_validate = validate_selinux_level },
};