Merge "Allow init to configure dm_verity kernel driver."
diff --git a/apex/Android.bp b/apex/Android.bp
index 29c2518..4a860e1 100644
--- a/apex/Android.bp
+++ b/apex/Android.bp
@@ -28,6 +28,13 @@
}
filegroup {
+ name: "com.android.sdkext-file_contexts",
+ srcs: [
+ "com.android.sdkext-file_contexts",
+ ],
+}
+
+filegroup {
name: "com.android.art.debug-file_contexts",
srcs: [
"com.android.art.debug-file_contexts",
@@ -63,6 +70,13 @@
}
filegroup {
+ name: "com.android.cronet-file_contexts",
+ srcs: [
+ "com.android.cronet-file_contexts",
+ ],
+}
+
+filegroup {
name: "com.android.ipsec-file_contexts",
srcs: [
"com.android.ipsec-file_contexts",
@@ -133,13 +147,6 @@
}
filegroup {
- name: "com.android.sdkext-file_contexts",
- srcs: [
- "com.android.sdkext-file_contexts",
- ],
-}
-
-filegroup {
name: "com.android.telephony-file_contexts",
srcs: [
"com.android.telephony-file_contexts",
diff --git a/private/access_vectors b/private/access_vectors
index 66c1b79..8c6aa68 100644
--- a/private/access_vectors
+++ b/private/access_vectors
@@ -781,3 +781,13 @@
class xdp_socket
inherits socket
+
+class perf_event
+{
+ open
+ cpu
+ kernel
+ tracepoint
+ read
+ write
+}
diff --git a/private/aidl_lazy_test_server.te b/private/aidl_lazy_test_server.te
new file mode 100644
index 0000000..33efde0
--- /dev/null
+++ b/private/aidl_lazy_test_server.te
@@ -0,0 +1,5 @@
+userdebug_or_eng(`
+ typeattribute aidl_lazy_test_server coredomain;
+
+ init_daemon_domain(aidl_lazy_test_server)
+')
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index eb798e3..6248cab 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -136,8 +136,8 @@
')
}:dir_file_class_set { create unlink };
-# No untrusted component except mediaprovider should be touching /dev/fuse
-neverallow { all_untrusted_apps -mediaprovider } fuse_device:chr_file *;
+# No untrusted component should be touching /dev/fuse
+neverallow all_untrusted_apps fuse_device:chr_file *;
# Do not allow untrusted apps to directly open the tun_device
neverallow all_untrusted_apps tun_device:chr_file open;
diff --git a/private/bug_map b/private/bug_map
index c6c8278..60c2f15 100644
--- a/private/bug_map
+++ b/private/bug_map
@@ -27,6 +27,7 @@
system_server crash_dump process b/73128755
system_server overlayfs_file file b/142390309
system_server sdcardfs file b/77856826
+system_server storage_stub_file dir b/145267097
system_server zygote process b/77856826
vold system_data_file file b/124108085
zygote untrusted_app_25 process b/77925912
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index 5f40e70..d26ef89 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -5,6 +5,9 @@
(typeattribute new_objects)
(typeattributeset new_objects
( new_objects
+ aidl_lazy_test_server
+ aidl_lazy_test_server_exec
+ aidl_lazy_test_service
apex_module_data_file
apex_rollback_data_file
app_integrity_service
@@ -12,6 +15,10 @@
auth_service
ashmem_libcutils_device
blob_store_service
+ binder_cache_system_server_prop
+ binderfs
+ binderfs_logs
+ binderfs_logs_proc
boringssl_self_test
charger_prop
cold_boot_done_prop
@@ -20,6 +27,7 @@
dataloader_manager_service
device_config_storage_native_boot_prop
device_config_sys_traced_prop
+ exported_camera_prop
file_integrity_service
gmscore_app
hal_can_bus_hwservice
@@ -43,7 +51,7 @@
linker_prop
linkerconfig_file
mock_ota_prop
- module_sdkext_prop
+ module_sdkextensions_prop
ota_metadata_file
ota_prop
art_apex_dir
@@ -57,6 +65,7 @@
timezonedetector_service
usb_serial_device
userspace_reboot_prop
+ userspace_reboot_config_prop
userspace_reboot_exported_prop
vehicle_hal_prop
vendor_apex_file
diff --git a/private/derive_sdk.te b/private/derive_sdk.te
index 98cda20..1f60e34 100644
--- a/private/derive_sdk.te
+++ b/private/derive_sdk.te
@@ -8,5 +8,5 @@
allow derive_sdk apex_mnt_dir:dir r_dir_perms;
# Prop rules: writable by derive_sdk, readable by bootclasspath (apps)
-set_prop(derive_sdk, module_sdkext_prop)
-neverallow {domain -init -derive_sdk} module_sdkext_prop:property_service set;
+set_prop(derive_sdk, module_sdkextensions_prop)
+neverallow { domain -init -derive_sdk } module_sdkextensions_prop:property_service set;
diff --git a/private/domain.te b/private/domain.te
index 8a0a8e5..907d1b8 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -45,8 +45,8 @@
# Allow to read properties for linker
get_prop(domain, linker_prop);
-# Read access to sdkext props
-get_prop(domain, module_sdkext_prop)
+# Read access to sdkextensions props
+get_prop(domain, module_sdkextensions_prop)
# For now, everyone can access core property files
# Device specific properties are not granted by default
@@ -76,6 +76,7 @@
get_prop({coredomain appdomain shell}, exported3_default_prop)
get_prop({coredomain appdomain shell}, exported3_radio_prop)
get_prop({coredomain appdomain shell}, exported3_system_prop)
+ get_prop({coredomain appdomain shell}, exported_camera_prop)
get_prop({coredomain shell}, userspace_reboot_exported_prop)
get_prop({coredomain shell}, userspace_reboot_prop)
get_prop({domain -coredomain -appdomain}, vendor_default_prop)
diff --git a/private/file_contexts b/private/file_contexts
index 65d0e6f..2ab86fd 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -341,6 +341,7 @@
/system/bin/simpleperf_app_runner u:object_r:simpleperf_app_runner_exec:s0
/system/bin/notify_traceur\.sh u:object_r:notify_traceur_exec:s0
/system/bin/migrate_legacy_obb_data\.sh u:object_r:migrate_legacy_obb_data_exec:s0
+/system/bin/aidl_lazy_test_server u:object_r:aidl_lazy_test_server_exec:s0
#############################
# Vendor files
diff --git a/private/genfs_contexts b/private/genfs_contexts
index fa49dd9..92ef6a8 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -291,9 +291,15 @@
genfscon debugfs /kcov u:object_r:debugfs_kcov:s0
+genfscon binder /binder u:object_r:binder_device:s0
+genfscon binder /hwbinder u:object_r:hwbinder_device:s0
+genfscon binder /vndbinder u:object_r:vndbinder_device:s0
+genfscon binder /binder_logs u:object_r:binderfs_logs:s0
+genfscon binder /binder_logs/proc u:object_r:binderfs_logs_proc:s0
genfscon inotifyfs / u:object_r:inotify:s0
genfscon vfat / u:object_r:vfat:s0
+genfscon binder / u:object_r:binderfs:s0
genfscon exfat / u:object_r:exfat:s0
genfscon debugfs / u:object_r:debugfs:s0
genfscon fuse / u:object_r:fuse:s0
diff --git a/private/gmscore_app.te b/private/gmscore_app.te
index daca057..4ae8eff 100644
--- a/private/gmscore_app.te
+++ b/private/gmscore_app.te
@@ -3,14 +3,6 @@
###
typeattribute gmscore_app coredomain;
-# Allow everything.
-# TODO(b/142672293): remove when no selinux denials are triggered for this
-# domain
-# STOPSHIP(b/142672293): monitor http://go/sedenials for any denials around
-# `gmscore_app` and remove this line once we are confident about this having
-# the right set of permissions.
-userdebug_or_eng(`permissive gmscore_app;')
-
app_domain(gmscore_app)
allow gmscore_app sysfs_type:dir search;
diff --git a/private/mediaprovider.te b/private/mediaprovider.te
index 5050e1a..249fee1 100644
--- a/private/mediaprovider.te
+++ b/private/mediaprovider.te
@@ -34,9 +34,6 @@
# MtpServer uses /dev/mtp_usb
allow mediaprovider mtp_device:chr_file rw_file_perms;
-# Fuse daemon
-allow mediaprovider fuse_device:chr_file { read write ioctl getattr };
-
# MtpServer uses /dev/usb-ffs/mtp
allow mediaprovider functionfs:dir search;
allow mediaprovider functionfs:file rw_file_perms;
diff --git a/private/permissioncontroller_app.te b/private/permissioncontroller_app.te
index 0fa2dea..8a6f6aa 100644
--- a/private/permissioncontroller_app.te
+++ b/private/permissioncontroller_app.te
@@ -3,14 +3,6 @@
###
type permissioncontroller_app, domain, coredomain;
-# Allow everything.
-# TODO(b/142672293): remove when no selinux denials are triggered for this
-# domain
-# STOPSHIP(b/142672293): monitor http://go/sedenials for any denials around
-# `permissioncontroller_app` and remove this line once we are confident about
-# this having the right set of permissions.
-userdebug_or_eng(`permissive permissioncontroller_app;')
-
app_domain(permissioncontroller_app)
# Allow interaction with gpuservice
diff --git a/private/platform_app.te b/private/platform_app.te
index 9e26d7a..76eaae6 100644
--- a/private/platform_app.te
+++ b/private/platform_app.te
@@ -68,9 +68,7 @@
allow platform_app vr_manager_service:service_manager find;
allow platform_app gpu_service:service_manager find;
allow platform_app stats_service:service_manager find;
-userdebug_or_eng(`
- allow platform_app platform_compat_service:service_manager find;
-')
+allow platform_app platform_compat_service:service_manager find;
# Allow platform apps to interact with gpuservice
binder_call(platform_app, gpuservice)
diff --git a/private/priv_app.te b/private/priv_app.te
index e180b1d..161b245 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -14,13 +14,6 @@
# Used by: https://play.privileged.com/store/apps/details?id=jackpal.androidterm
create_pty(priv_app)
-# webview crash handling depends on self ptrace (b/27697529, b/20150694, b/19277529#comment7)
-allow priv_app self:process ptrace;
-# b/142672293: No other priv-app should need this allow rule now that GMS core runs in its own domain.
-userdebug_or_eng(`
- auditallow priv_app self:process ptrace;
-')
-
# Allow loading executable code from writable priv-app home
# directories. This is a W^X violation, however, it needs
# to be supported for now for the following reasons.
@@ -80,11 +73,6 @@
# running "adb install foo.apk".
allow priv_app shell_data_file:file r_file_perms;
allow priv_app shell_data_file:dir r_dir_perms;
-# b/142672293: No other priv-app should need this allow rule now that GMS core runs in its own domain.
-userdebug_or_eng(`
- auditallow priv_app shell_data_file:file r_file_perms;
- auditallow priv_app shell_data_file:dir r_dir_perms;
-')
# Allow traceur to pass file descriptors through a content provider to betterbug
allow priv_app trace_data_file:file { getattr read };
@@ -127,37 +115,6 @@
# access the mac address
allowxperm priv_app self:udp_socket ioctl SIOCGIFHWADDR;
-# Allow GMS core to communicate with update_engine for A/B update.
-binder_call(priv_app, update_engine)
-allow priv_app update_engine_service:service_manager find;
-# b/142672293: No other priv-app should need this allow rule now that GMS core runs in its own domain.
-userdebug_or_eng(`
- auditallow priv_app update_engine:binder { call transfer };
- auditallow update_engine priv_app:binder transfer;
- auditallow priv_app update_engine:fd use;
- auditallow priv_app update_engine_service:service_manager find;
-')
-
-# Allow GMS core to communicate with dumpsys storaged.
-binder_call(priv_app, storaged)
-allow priv_app storaged_service:service_manager find;
-# b/142672293: No other priv-app should need this allow rule now that GMS core runs in its own domain.
-userdebug_or_eng(`
- auditallow priv_app storaged:binder { call transfer };
- auditallow storaged priv_app:binder transfer;
- auditallow priv_app storaged:fd use;
- auditallow priv_app storaged_service:service_manager find;
-')
-
-
-# Allow GMS core to access system_update_service (e.g. to publish pending
-# system update info).
-allow priv_app system_update_service:service_manager find;
-# b/142672293: No other priv-app should need this allow rule now that GMS core runs in its own domain.
-userdebug_or_eng(`
- auditallow priv_app system_update_service:service_manager find;
-')
-
# Allow com.android.vending to communicate with statsd.
binder_call(priv_app, statsd)
@@ -170,13 +127,6 @@
allow priv_app preloads_media_file:file r_file_perms;
allow priv_app preloads_media_file:dir r_dir_perms;
-# Allow privileged apps (e.g. GMS core) to generate unique hardware IDs
-allow priv_app keystore:keystore_key gen_unique_id;
-# b/142672293: No other priv-app should need this allow rule now that GMS core runs in its own domain.
-userdebug_or_eng(`
- auditallow priv_app keystore:keystore_key gen_unique_id;
-')
-
# Allow GMS core to access /sys/fs/selinux/policyvers for compatibility check
allow priv_app selinuxfs:file r_file_perms;
# b/142672293: No other priv-app should need this allow rule now that GMS core runs in its own domain.
diff --git a/private/property_contexts b/private/property_contexts
index b2b6abc..faa425b 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -226,5 +226,5 @@
ota.warm_reset u:object_r:ota_prop:s0
# Module properties
-com.android.sdkext. u:object_r:module_sdkext_prop:s0
-persist.com.android.sdkext. u:object_r:module_sdkext_prop:s0
+com.android.sdkext. u:object_r:module_sdkextensions_prop:s0
+persist.com.android.sdkext. u:object_r:module_sdkextensions_prop:s0
diff --git a/private/security_classes b/private/security_classes
index 25b4cba..c0631e9 100644
--- a/private/security_classes
+++ b/private/security_classes
@@ -139,6 +139,8 @@
class xdp_socket
+class perf_event
+
# Property service
class property_service # userspace
diff --git a/private/service_contexts b/private/service_contexts
index 849717a..26d9f5c 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -6,6 +6,8 @@
activity u:object_r:activity_service:s0
activity_task u:object_r:activity_task_service:s0
adb u:object_r:adb_service:s0
+aidl_lazy_test_1 u:object_r:aidl_lazy_test_service:s0
+aidl_lazy_test_2 u:object_r:aidl_lazy_test_service:s0
alarm u:object_r:alarm_service:s0
android.os.UpdateEngineService u:object_r:update_engine_service:s0
android.security.keystore u:object_r:keystore_service:s0
diff --git a/private/system_server.te b/private/system_server.te
index c1342d8..ec79319 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -1090,3 +1090,8 @@
-system_server
} password_slot_metadata_file:notdevfile_class_set ~{ relabelto getattr };
neverallow { domain -init -system_server } password_slot_metadata_file:notdevfile_class_set *;
+
+# Allow systemserver to read/write the invalidation property
+set_prop(system_server, binder_cache_system_server_prop)
+neverallow { domain -system_server -init }
+ binder_cache_system_server_prop:property_service set;
diff --git a/private/zygote.te b/private/zygote.te
index e6c1db9..6ad6db4 100644
--- a/private/zygote.te
+++ b/private/zygote.te
@@ -53,6 +53,16 @@
# Bind mount on /data/data and mounted volumes
allow zygote { system_data_file mnt_expand_file }:dir mounton;
+# Relabel /data/user /data/user_de and /data/data
+allow zygote tmpfs:{ dir lnk_file } relabelfrom;
+allow zygote system_data_file:{ dir lnk_file } relabelto;
+
+# Zygote opens /mnt/expand to mount CE DE storage on each vol
+allow zygote mnt_expand_file:dir { open read search relabelto };
+
+# Bind mount subdirectories on /data/misc/profiles/cur
+allow zygote { user_profile_data_file }:dir { mounton search };
+
# Create and bind dirs on /data/data
allow zygote tmpfs:dir { create_dir_perms mounton };
@@ -61,7 +71,7 @@
allow zygote mirror_data_file:dir r_dir_perms;
-# Get and set data directories
+# Get inode of data directories
allow zygote {
system_data_file
radio_data_file
@@ -126,9 +136,6 @@
allow zygote { sdcard_type }:dir { create_dir_perms mounton };
allow zygote { sdcard_type }:file { create_file_perms };
-# Allow zygote to expand app files while preloading libraries
-allow zygote mnt_expand_file:dir getattr;
-
# Handle --invoke-with command when launching Zygote with a wrapper command.
allow zygote zygote_exec:file rx_file_perms;
@@ -201,7 +208,7 @@
exported_bluetooth_prop
}:file create_file_perms;
-# Do not allow zygote to access app data except getting attributes and relabeling to.
+# Zygote should not be able to access app private data.
neverallow zygote {
privapp_data_file
app_data_file
diff --git a/public/aidl_lazy_test_server.te b/public/aidl_lazy_test_server.te
new file mode 100644
index 0000000..626d008
--- /dev/null
+++ b/public/aidl_lazy_test_server.te
@@ -0,0 +1,9 @@
+type aidl_lazy_test_server, domain;
+type aidl_lazy_test_server_exec, exec_type, file_type, system_file_type;
+
+userdebug_or_eng(`
+ binder_use(aidl_lazy_test_server)
+ binder_call(aidl_lazy_test_server, binderservicedomain)
+
+ add_service(aidl_lazy_test_server, aidl_lazy_test_service)
+')
diff --git a/public/app.te b/public/app.te
index b771b5f..e4eee82 100644
--- a/public/app.te
+++ b/public/app.te
@@ -50,6 +50,9 @@
# child shell or gdbserver pty access for runas.
allow appdomain devpts:chr_file { getattr read write ioctl };
+# Allow appdomain to access app_api_service
+allow { appdomain -isolated_app } app_api_service:service_manager find;
+
# Use pipes and sockets provided by system_server via binder or local socket.
allow appdomain system_server:fd use;
allow appdomain system_server:fifo_file rw_file_perms;
diff --git a/public/domain.te b/public/domain.te
index 4ae6c9a..863c167 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -80,6 +80,10 @@
# /dev/binder can be accessed by ... everyone! :)
allow { domain -hwservicemanager -vndservicemanager } binder_device:chr_file rw_file_perms;
+# /dev/binderfs needs to be accessed by everyone too!
+allow domain binderfs:dir { getattr search };
+allow domain binderfs_logs_proc:dir search;
+
allow { domain -servicemanager -vndservicemanager -isolated_app } hwbinder_device:chr_file rw_file_perms;
allow domain ptmx_device:chr_file rw_file_perms;
allow domain random_device:chr_file rw_file_perms;
@@ -103,6 +107,9 @@
get_prop(domain, logd_prop)
get_prop(domain, vndk_prop)
+# Allow every to read binder cache properties
+get_prop(domain, binder_cache_system_server_prop)
+
# Let everyone read log properties, so that liblog can avoid sending unloggable
# messages to logd.
get_prop(domain, log_property_type)
diff --git a/public/fastbootd.te b/public/fastbootd.te
index f08885a..3ab489b 100644
--- a/public/fastbootd.te
+++ b/public/fastbootd.te
@@ -53,12 +53,13 @@
userdata_block_device
}:blk_file { w_file_perms getattr ioctl };
- # For disabling/wiping GSI.
+ # For disabling/wiping GSI, and for modifying/deleting files created via
+ # libfiemap.
allow fastbootd metadata_block_device:blk_file r_file_perms;
allow fastbootd {rootfs tmpfs}:dir mounton;
- allow fastbootd metadata_file:dir search;
- allow fastbootd gsi_metadata_file:dir r_dir_perms;
- allow fastbootd gsi_metadata_file:file rw_file_perms;
+ allow fastbootd metadata_file:dir { search getattr };
+ allow fastbootd gsi_metadata_file:dir rw_dir_perms;
+ allow fastbootd gsi_metadata_file:file create_file_perms;
allowxperm fastbootd super_block_device_type:blk_file ioctl { BLKIOMIN BLKALIGNOFF };
diff --git a/public/file.te b/public/file.te
index 71ff897..3348fd4 100644
--- a/public/file.te
+++ b/public/file.te
@@ -4,6 +4,9 @@
type sockfs, fs_type;
type rootfs, fs_type;
type proc, fs_type, proc_type;
+type binderfs, fs_type;
+type binderfs_logs, fs_type;
+type binderfs_logs_proc, fs_type;
# Security-sensitive proc nodes that should not be writable to most.
type proc_security, fs_type, proc_type;
type proc_drop_caches, fs_type, proc_type;
diff --git a/public/iorapd.te b/public/iorapd.te
index abf7adb..4c08c72 100644
--- a/public/iorapd.te
+++ b/public/iorapd.te
@@ -36,6 +36,9 @@
# tracing sessions and read trace data.
unix_socket_connect(iorapd, traced_consumer, traced)
+# Allow iorapd to execute compilation (iorap.cmd.compiler) in idle time.
+allow iorapd system_file:file rx_file_perms;
+
###
### neverallow rules
###
diff --git a/public/property.te b/public/property.te
index 188178a..2cf043a 100644
--- a/public/property.te
+++ b/public/property.te
@@ -60,7 +60,7 @@
# Properties which can't be written outside system
system_restricted_prop(linker_prop)
-system_restricted_prop(module_sdkext_prop)
+system_restricted_prop(module_sdkextensions_prop)
system_restricted_prop(nnapi_ext_deny_product_prop)
system_restricted_prop(restorecon_prop)
system_restricted_prop(system_boot_reason_prop)
@@ -120,6 +120,7 @@
system_public_prop(exported3_radio_prop)
system_public_prop(exported_audio_prop)
system_public_prop(exported_bluetooth_prop)
+system_public_prop(exported_camera_prop)
system_public_prop(exported_config_prop)
system_public_prop(exported_dalvik_prop)
system_public_prop(exported_default_prop)
@@ -142,11 +143,15 @@
system_public_prop(radio_prop)
system_public_prop(serialno_prop)
system_public_prop(system_prop)
+system_public_prop(userspace_reboot_config_prop)
system_public_prop(vehicle_hal_prop)
system_public_prop(vendor_security_patch_level_prop)
system_public_prop(wifi_log_prop)
system_public_prop(wifi_prop)
+# Properties used by binder caches
+system_public_prop(binder_cache_system_server_prop)
+
# Properties which are public for devices launching with Android O or earlier
# This should not be used for any new properties.
not_compatible_property(`
@@ -453,6 +458,16 @@
neverallow {
domain
-coredomain
+ -hal_camera_server
+ -cameraserver
+ -vendor_init
+ } {
+ exported_camera_prop
+ }:property_service set;
+
+ neverallow {
+ domain
+ -coredomain
-hal_wifi_server
-wificond
} {
@@ -543,6 +558,7 @@
-bluetooth_a2dp_offload_prop
-bluetooth_audio_hal_prop
-bluetooth_prop
+ -binder_cache_system_server_prop
-bootloader_boot_reason_prop
-boottime_prop
-bpf_progs_loaded_prop
@@ -619,7 +635,7 @@
-heapprofd_prop
-hwservicemanager_prop
-last_boot_reason_prop
- -module_sdkext_prop
+ -module_sdkextensions_prop
-system_lmk_prop
-linker_prop
-log_prop
diff --git a/public/property_contexts b/public/property_contexts
index 7e49e9c..8414e87 100644
--- a/public/property_contexts
+++ b/public/property_contexts
@@ -253,10 +253,10 @@
ro.build.user u:object_r:exported2_default_prop:s0 exact string
ro.build.version.base_os u:object_r:exported2_default_prop:s0 exact string
ro.build.version.codename u:object_r:exported2_default_prop:s0 exact string
+ro.build.version.extensions. u:object_r:module_sdkextensions_prop:s0 prefix int
ro.build.version.incremental u:object_r:exported2_default_prop:s0 exact string
ro.build.version.preview_sdk u:object_r:exported2_default_prop:s0 exact int
ro.build.version.release u:object_r:exported2_default_prop:s0 exact string
-ro.build.version.extensions. u:object_r:module_sdkext_prop:s0 prefix int
ro.build.version.sdk u:object_r:exported2_default_prop:s0 exact int
ro.build.version.security_patch u:object_r:exported2_default_prop:s0 exact string
ro.crypto.state u:object_r:exported_vold_prop:s0 exact string
@@ -298,6 +298,7 @@
aaudio.mmap_exclusive_policy u:object_r:exported_default_prop:s0 exact int
aaudio.mmap_policy u:object_r:exported_default_prop:s0 exact int
aaudio.wakeup_delay_usec u:object_r:exported_default_prop:s0 exact int
+config.disable_cameraservice u:object_r:exported_camera_prop:s0 exact bool
gsm.sim.operator.numeric u:object_r:exported_radio_prop:s0 exact string
media.mediadrmservice.enable u:object_r:exported_default_prop:s0 exact bool
persist.rcs.supported u:object_r:exported_default_prop:s0 exact int
@@ -399,7 +400,7 @@
wifi.direct.interface u:object_r:exported_default_prop:s0 exact string
wifi.interface u:object_r:exported_default_prop:s0 exact string
ro.apex.updatable u:object_r:exported_default_prop:s0 exact bool
-ro.init.userspace_reboot.is_supported u:object_r:userspace_reboot_prop:s0 exact bool
+ro.init.userspace_reboot.is_supported u:object_r:userspace_reboot_config_prop:s0 exact bool
# public-readable
ro.boot.revision u:object_r:exported2_default_prop:s0 exact string
@@ -438,3 +439,6 @@
ro.surface_flinger.use_smart_90_for_video u:object_r:exported_default_prop:s0 exact bool
ro.surface_flinger.color_space_agnostic_dataspace u:object_r:exported_default_prop:s0 exact int
ro.surface_flinger.refresh_rate_switching u:object_r:exported_default_prop:s0 exact bool
+
+# Binder cache properties. These are world-readable
+binder.cache_key.has_system_feature u:object_r:binder_cache_system_server_prop:s0
diff --git a/public/service.te b/public/service.te
index 8d56fb9..67128d2 100644
--- a/public/service.te
+++ b/public/service.te
@@ -1,3 +1,4 @@
+type aidl_lazy_test_service, service_manager_type;
type apex_service, service_manager_type;
type audioserver_service, service_manager_type;
type batteryproperties_service, app_api_service, ephemeral_app_api_service, service_manager_type;
diff --git a/public/vendor_init.te b/public/vendor_init.te
index 8230957..eb93d13 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -198,6 +198,7 @@
not_compatible_property(`
set_prop(vendor_init, {
property_type
+ -binder_cache_system_server_prop
-device_config_activity_manager_native_boot_prop
-device_config_boot_count_prop
-device_config_reset_performed_prop
@@ -221,7 +222,7 @@
-nnapi_ext_deny_product_prop
-init_svc_debug_prop
-linker_prop
- -module_sdkext_prop
+ -module_sdkextensions_prop
-userspace_reboot_exported_prop
-userspace_reboot_prop
-vndk_prop
@@ -238,6 +239,7 @@
set_prop(vendor_init, debug_prop)
set_prop(vendor_init, exported_audio_prop)
set_prop(vendor_init, exported_bluetooth_prop)
+set_prop(vendor_init, exported_camera_prop)
set_prop(vendor_init, exported_config_prop)
set_prop(vendor_init, exported_dalvik_prop)
set_prop(vendor_init, exported_default_prop)
@@ -256,6 +258,7 @@
set_prop(vendor_init, log_tag_prop)
set_prop(vendor_init, log_prop)
set_prop(vendor_init, serialno_prop)
+set_prop(vendor_init, userspace_reboot_config_prop)
set_prop(vendor_init, vehicle_hal_prop)
set_prop(vendor_init, vendor_default_prop)
set_prop(vendor_init, vendor_security_patch_level_prop)
diff --git a/tests/combine_maps.py b/tests/combine_maps.py
index d592b17..1a7dfaa 100644
--- a/tests/combine_maps.py
+++ b/tests/combine_maps.py
@@ -45,6 +45,11 @@
# Typeattributes in V.v.cil have _V_v suffix, but not in V.v.ignore.cil
bottom_type = m.group(1) if m else top_ta
+ # If type doesn't exist in bottom map, no need to maintain mappings to
+ # that type.
+ if bottom_type not in bottom.rTypeattributesets.keys():
+ continue
+
for bottom_ta in bottom.rTypeattributesets[bottom_type]:
bottom.typeattributesets[bottom_ta].update(top_type_set)