Merge "Add sepolicy for binderfs"
diff --git a/apex/Android.bp b/apex/Android.bp
index 19a44c7..29c2518 100644
--- a/apex/Android.bp
+++ b/apex/Android.bp
@@ -133,6 +133,20 @@
}
filegroup {
+ name: "com.android.sdkext-file_contexts",
+ srcs: [
+ "com.android.sdkext-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.telephony-file_contexts",
+ srcs: [
+ "com.android.telephony-file_contexts",
+ ],
+}
+
+filegroup {
name: "com.android.tzdata-file_contexts",
srcs: [
"com.android.tzdata-file_contexts",
@@ -145,3 +159,17 @@
"com.android.vndk-file_contexts",
],
}
+
+filegroup {
+ name: "com.android.wifi-file_contexts",
+ srcs: [
+ "com.android.wifi-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.tethering-file_contexts",
+ srcs: [
+ "com.android.tethering-file_contexts",
+ ],
+}
diff --git a/apex/com.android.tethering.apex-file_contexts b/apex/com.android.tethering-file_contexts
similarity index 100%
rename from apex/com.android.tethering.apex-file_contexts
rename to apex/com.android.tethering-file_contexts
diff --git a/prebuilts/api/29.0/private/compat/28.0/28.0.ignore.cil b/prebuilts/api/29.0/private/compat/28.0/28.0.ignore.cil
index 98c4b9c..ed3671f 100644
--- a/prebuilts/api/29.0/private/compat/28.0/28.0.ignore.cil
+++ b/prebuilts/api/29.0/private/compat/28.0/28.0.ignore.cil
@@ -49,6 +49,7 @@
dynamic_system_prop
face_service
face_vendor_data_file
+ sota_prop
fastbootd
flags_health_check
flags_health_check_exec
diff --git a/prebuilts/api/29.0/public/property.te b/prebuilts/api/29.0/public/property.te
index e166c00..cea50ac 100644
--- a/prebuilts/api/29.0/public/property.te
+++ b/prebuilts/api/29.0/public/property.te
@@ -44,6 +44,7 @@
type dumpstate_prop, property_type, core_property_type;
type dynamic_system_prop, property_type;
type exported_secure_prop, property_type;
+type sota_prop, property_type;
type ffs_prop, property_type, core_property_type;
type fingerprint_prop, property_type, core_property_type;
type firstboot_prop, property_type;
@@ -412,6 +413,7 @@
-exported_vold_prop
-exported_wifi_prop
-extended_core_property_type
+ -sota_prop
-ffs_prop
-fingerprint_prop
-firstboot_prop
diff --git a/private/apexd.te b/private/apexd.te
index 31371d9..1e1ccc5 100644
--- a/private/apexd.te
+++ b/private/apexd.te
@@ -11,6 +11,10 @@
allow apexd apex_metadata_file:dir create_dir_perms;
allow apexd apex_metadata_file:file create_file_perms;
+# Allow apexd to create directories for snapshots of apex data
+allow apexd apex_rollback_data_file:dir create_dir_perms;
+allow apexd apex_rollback_data_file:file create_file_perms;
+
# allow apexd to create loop devices with /dev/loop-control
allow apexd loop_control_device:chr_file rw_file_perms;
# allow apexd to access loop devices
@@ -122,3 +126,9 @@
neverallow { domain -apexd -init -kernel } apex_data_file:file no_w_file_perms;
neverallow { domain -apexd -init -kernel } apex_metadata_file:file no_w_file_perms;
neverallow { domain -apexd } apex_mnt_dir:lnk_file no_w_file_perms;
+
+neverallow { domain -apexd -init -vold_prepare_subdirs } apex_module_data_file:dir no_w_dir_perms;
+neverallow { domain -apexd -init -vold_prepare_subdirs } apex_module_data_file:file no_w_file_perms;
+
+neverallow { domain -apexd -init -vold_prepare_subdirs } apex_rollback_data_file:dir no_w_dir_perms;
+neverallow { domain -apexd -init -vold_prepare_subdirs } apex_rollback_data_file:file no_w_file_perms;
diff --git a/private/app.te b/private/app.te
index e8397ef..5590ca5 100644
--- a/private/app.te
+++ b/private/app.te
@@ -4,6 +4,22 @@
userdebug_or_eng(`perfetto_producer({ appdomain })')
+# Prevent apps from causing presubmit failures.
+# Apps can cause selinux denials by accessing CE storage
+# and/or external storage. In either case, the selinux denial is
+# not the cause of the failure, but just a symptom that
+# storage isn't ready. Many apps handle the failure appropriately.
+#
+# Apps cannot access external storage before it becomes available.
+dontaudit appdomain storage_stub_file:dir getattr;
+# Attempts to write to system_data_file is generally a sign
+# that apps are attempting to access encrypted storage before
+# the ACTION_USER_UNLOCKED intent is delivered. Apps are not
+# allowed to write to CE storage before it's available.
+# Attempting to do so will be blocked by both selinux and unix
+# permissions.
+dontaudit appdomain system_data_file:dir write;
+
neverallow appdomain system_server:udp_socket {
accept append bind create ioctl listen lock name_bind
relabelfrom relabelto setattr shutdown };
diff --git a/private/audioserver.te b/private/audioserver.te
index 05e793c..067152f 100644
--- a/private/audioserver.te
+++ b/private/audioserver.te
@@ -40,6 +40,7 @@
allow audioserver scheduling_policy_service:service_manager find;
allow audioserver mediametrics_service:service_manager find;
allow audioserver sensor_privacy_service:service_manager find;
+allow audioserver soundtrigger_middleware_service:service_manager find;
# Allow read/write access to bluetooth-specific properties
set_prop(audioserver, bluetooth_a2dp_offload_prop)
diff --git a/private/bug_map b/private/bug_map
index 01b6b16..60c2f15 100644
--- a/private/bug_map
+++ b/private/bug_map
@@ -1,7 +1,6 @@
-bluetooth storage_stub_file dir b/145267097
dnsmasq netd fifo_file b/77868789
dnsmasq netd unix_stream_socket b/77868789
-gmscore_app storage_stub_file dir b/145267097
+gmscore_app system_data_file dir b/146166941
init app_data_file file b/77873135
init cache_file blk_file b/77873135
init logpersist file b/77873135
@@ -25,15 +24,10 @@
netd untrusted_app_25 unix_stream_socket b/77870037
netd untrusted_app_27 unix_stream_socket b/77870037
platform_app nfc_data_file dir b/74331887
-platform_app storage_stub_file dir b/145267097
-priv_app storage_stub_file dir b/145267097
system_server crash_dump process b/73128755
system_server overlayfs_file file b/142390309
system_server sdcardfs file b/77856826
system_server storage_stub_file dir b/145267097
system_server zygote process b/77856826
-untrusted_app storage_stub_file dir b/145267097
-untrusted_app_25 storage_stub_file dir b/145267097
-untrusted_app_27 storage_stub_file dir b/145267097
vold system_data_file file b/124108085
zygote untrusted_app_25 process b/77925912
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 15746a2..51e7b5c 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -199,6 +199,7 @@
vendor_apex_file
vendor_init
vendor_shell
+ vndk_prop
vold_metadata_file
vold_prepare_subdirs
vold_prepare_subdirs_exec
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index fa8d9fe..a8d64bd 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -177,6 +177,7 @@
vendor_init
vendor_security_patch_level_prop
vendor_shell
+ vndk_prop
vold_metadata_file
vold_prepare_subdirs
vold_prepare_subdirs_exec
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 6fc86de..de62740 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -51,6 +51,7 @@
dynamic_system_prop
face_service
face_vendor_data_file
+ sota_prop
fastbootd
flags_health_check
flags_health_check_exec
@@ -150,5 +151,6 @@
vendor_misc_writer
vendor_misc_writer_exec
vendor_task_profiles_file
+ vndk_prop
vrflinger_vsync_service
watchdogd_tmpfs))
diff --git a/private/compat/29.0/29.0.cil b/private/compat/29.0/29.0.cil
index 5eddc4e..c62edd5 100644
--- a/private/compat/29.0/29.0.cil
+++ b/private/compat/29.0/29.0.cil
@@ -1744,6 +1744,7 @@
(typeattributeset swap_block_device_29_0 (swap_block_device))
(typeattributeset sysfs_29_0
( sysfs
+ sysfs_ion
sysfs_suspend_stats
sysfs_wakeup))
(typeattributeset sysfs_android_usb_29_0 (sysfs_android_usb))
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index 882a1c7..3e3e1bf 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -5,6 +5,8 @@
(typeattribute new_objects)
(typeattributeset new_objects
( new_objects
+ apex_module_data_file
+ apex_rollback_data_file
app_integrity_service
app_search_service
auth_service
@@ -18,13 +20,19 @@
cold_boot_done_prop
platform_compat_service
ctl_apexd_prop
+ dataloader_manager_service
device_config_storage_native_boot_prop
device_config_sys_traced_prop
+ file_integrity_service
gmscore_app
hal_can_bus_hwservice
hal_can_controller_hwservice
+ hal_rebootescrow_service
hal_tv_tuner_hwservice
hal_vibrator_service
+ incfs
+ incremental_service
+ incremental_root_file
init_svc_debug_prop
iorap_prefetcherd
iorap_prefetcherd_data_file
@@ -34,18 +42,22 @@
mediatranscoding
mediatranscoding_exec
mediatranscoding_tmpfs
+ mirror_data_file
linker_prop
+ linkerconfig_file
mock_ota_prop
module_sdkext_prop
ota_metadata_file
ota_prop
art_apex_dir
service_manager_service
+ soundtrigger_middleware_service
system_group_file
system_jvmti_agent_prop
system_passwd_file
tethering_service
timezonedetector_service
+ usb_serial_device
userspace_reboot_prop
userspace_reboot_exported_prop
vehicle_hal_prop
@@ -53,4 +65,5 @@
vendor_boringssl_self_test
vendor_install_recovery
vendor_install_recovery_exec
+ vndk_prop
virtual_ab_prop))
diff --git a/private/domain.te b/private/domain.te
index 2b53563..8a0a8e5 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -147,6 +147,7 @@
-runas
-system_server
-viewcompiler
+ -zygote
} { privapp_data_file app_data_file }:dir *;
# Only apps should be modifying app data. installd is exempted for
@@ -328,3 +329,11 @@
-hal_bootctl_server
-fastbootd
} self:global_capability_class_set sys_rawio;
+
+# Limit directory operations that doesn't need to do app data isolation.
+neverallow {
+ domain
+ -init
+ -installd
+ -zygote
+} mirror_data_file:dir *;
diff --git a/private/file.te b/private/file.te
index 09bfe29..4492002 100644
--- a/private/file.te
+++ b/private/file.te
@@ -21,9 +21,6 @@
# of application data.
type rollback_data_file, file_type, data_file_type, core_data_file_type;
-# /dev/linkerconfig(/.*)?
-type linkerconfig_file, file_type;
-
# /data/gsi/ota
type ota_image_data_file, file_type, data_file_type, core_data_file_type;
diff --git a/private/file_contexts b/private/file_contexts
index 69b6c58..65d0e6f 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -24,6 +24,7 @@
/lost\+found u:object_r:rootfs:s0
/acct u:object_r:cgroup:s0
/config u:object_r:rootfs:s0
+/data_mirror u:object_r:mirror_data_file:s0
/debug_ramdisk u:object_r:tmpfs:s0
/mnt u:object_r:tmpfs:s0
/postinstall u:object_r:postinstall_mnt_dir:s0
@@ -101,7 +102,6 @@
/dev/iio:device[0-9]+ u:object_r:iio_device:s0
/dev/ion u:object_r:ion_device:s0
/dev/keychord u:object_r:keychord_device:s0
-/dev/linkerconfig(/.*)? u:object_r:linkerconfig_file:s0
/dev/loop-control u:object_r:loop_control_device:s0
/dev/modem.* u:object_r:radio_device:s0
/dev/mtp_usb u:object_r:mtp_device:s0
@@ -164,6 +164,8 @@
/dev/tty u:object_r:owntty_device:s0
/dev/tty[0-9]* u:object_r:tty_device:s0
/dev/ttyS[0-9]* u:object_r:serial_device:s0
+/dev/ttyUSB[0-9]* u:object_r:usb_serial_device:s0
+/dev/ttyACM[0-9]* u:object_r:usb_serial_device:s0
/dev/tun u:object_r:tun_device:s0
/dev/uhid u:object_r:uhid_device:s0
/dev/uinput u:object_r:uhid_device:s0
@@ -179,6 +181,10 @@
/dev/__properties__ u:object_r:properties_device:s0
/dev/__properties__/property_info u:object_r:property_info:s0
#############################
+# Linker configuration
+#
+/linkerconfig(/.*)? u:object_r:linkerconfig_file:s0
+#############################
# System files
#
/system(/.*)? u:object_r:system_file:s0
@@ -475,6 +481,7 @@
/data/app-private/vmdl.*\.tmp(/.*)? u:object_r:apk_private_tmp_file:s0
/data/gsi(/.*)? u:object_r:gsi_data_file:s0
/data/gsi/ota(/.*)? u:object_r:ota_image_data_file:s0
+/data/incremental(/.*)? u:object_r:incremental_root_file:s0
/data/tombstones(/.*)? u:object_r:tombstone_data_file:s0
/data/vendor/tombstones/wifi(/.*)? u:object_r:tombstone_wifi_data_file:s0
/data/local/tmp(/.*)? u:object_r:shell_data_file:s0
@@ -495,6 +502,8 @@
# Misc data
/data/misc/adb(/.*)? u:object_r:adb_keys_file:s0
+/data/misc/apexdata(/.*)? u:object_r:apex_module_data_file:s0
+/data/misc/apexrollback(/.*)? u:object_r:apex_rollback_data_file:s0
/data/misc/apns(/.*)? u:object_r:radio_data_file:s0
/data/misc/audio(/.*)? u:object_r:audio_data_file:s0
/data/misc/audioserver(/.*)? u:object_r:audioserver_data_file:s0
@@ -578,6 +587,14 @@
/data/misc_de/[0-9]+/rollback(/.*)? u:object_r:rollback_data_file:s0
/data/misc_ce/[0-9]+/rollback(/.*)? u:object_r:rollback_data_file:s0
+# Apex data directories
+/data/misc_de/[0-9]+/apexdata(/.*)? u:object_r:apex_module_data_file:s0
+/data/misc_ce/[0-9]+/apexdata(/.*)? u:object_r:apex_module_data_file:s0
+
+# Apex rollback directories
+/data/misc_de/[0-9]+/apexrollback(/.*)? u:object_r:apex_rollback_data_file:s0
+/data/misc_ce/[0-9]+/apexrollback(/.*)? u:object_r:apex_rollback_data_file:s0
+
#############################
# Expanded data files
#
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 266ff7a..07c44ca 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -139,6 +139,7 @@
genfscon sysfs /power/wake_lock u:object_r:sysfs_wake_lock:s0
genfscon sysfs /power/wake_unlock u:object_r:sysfs_wake_lock:s0
genfscon sysfs /kernel/memory_state_time u:object_r:sysfs_power:s0
+genfscon sysfs /kernel/ion u:object_r:sysfs_ion:s0
genfscon sysfs /kernel/ipv4 u:object_r:sysfs_ipv4:s0
genfscon sysfs /kernel/mm/transparent_hugepage u:object_r:sysfs_transparent_hugepage:s0
genfscon sysfs /kernel/notes u:object_r:sysfs_kernel_notes:s0
@@ -309,3 +310,4 @@
genfscon usbfs / u:object_r:usbfs:s0
genfscon binfmt_misc / u:object_r:binfmt_miscfs:s0
genfscon bpf / u:object_r:fs_bpf:s0
+genfscon incremental-fs / u:object_r:incfs:s0
diff --git a/private/gmscore_app.te b/private/gmscore_app.te
index b2e5d16..daca057 100644
--- a/private/gmscore_app.te
+++ b/private/gmscore_app.te
@@ -63,10 +63,14 @@
dontaudit gmscore_app sysfs_loop:file r_file_perms;
dontaudit gmscore_app wifi_prop:file r_file_perms;
dontaudit gmscore_app { wifi_prop exported_wifi_prop }:file r_file_perms;
+dontaudit gmscore_app mirror_data_file:dir search;
# Access the network
net_domain(gmscore_app)
+# webview crash handling depends on self ptrace (b/27697529, b/20150694, b/19277529#comment7)
+allow gmscore_app self:process ptrace;
+
# Allow loading executable code from writable priv-app home
# directories. This is a W^X violation, however, it needs
# to be supported for now for the following reasons.
@@ -109,3 +113,21 @@
# running "adb install foo.apk".
allow gmscore_app shell_data_file:file r_file_perms;
allow gmscore_app shell_data_file:dir r_dir_perms;
+
+# Write to /cache.
+allow gmscore_app { cache_file cache_recovery_file }:dir create_dir_perms;
+allow gmscore_app { cache_file cache_recovery_file }:file create_file_perms;
+# /cache is a symlink to /data/cache on some devices. Allow reading the link.
+allow gmscore_app cache_file:lnk_file r_file_perms;
+
+# Write to /data/ota_package for OTA packages.
+allow gmscore_app ota_package_file:dir rw_dir_perms;
+allow gmscore_app ota_package_file:file create_file_perms;
+
+# Used by Finsky / Android "Verify Apps" functionality when
+# running "adb install foo.apk".
+allow gmscore_app shell_data_file:file r_file_perms;
+allow gmscore_app shell_data_file:dir r_dir_perms;
+
+# b/18504118: Allow reads from /data/anr/traces.txt
+allow gmscore_app anr_data_file:file r_file_perms;
diff --git a/private/gsid.te b/private/gsid.te
index 306efb8..4771311 100644
--- a/private/gsid.te
+++ b/private/gsid.te
@@ -36,6 +36,10 @@
# file names.
r_dir_file(gsid, sysfs_dm)
+# libfiemap_writer needs to read /sys/fs/f2fs/<dev>/features to determine
+# whether pin_file support is enabled.
+r_dir_file(gsid, sysfs_fs_f2fs)
+
# Needed to read fstab, which is used to validate that system verity does not
# use check_once_at_most for sdcard installs. (Note: proc_cmdline is needed
# to get the A/B slot suffix).
diff --git a/private/incidentd.te b/private/incidentd.te
index 26f436a..b806f6e 100644
--- a/private/incidentd.te
+++ b/private/incidentd.te
@@ -168,6 +168,7 @@
-incident
-incidentd
userdebug_or_eng(`-perfetto')
+ -permissioncontroller_app
-priv_app
-statsd
-system_app
diff --git a/private/init.te b/private/init.te
index 3edd021..116eff4 100644
--- a/private/init.te
+++ b/private/init.te
@@ -15,6 +15,7 @@
domain_trans(init, rootfs, charger)
domain_trans(init, rootfs, fastbootd)
domain_trans(init, rootfs, recovery)
+ domain_trans(init, rootfs, linkerconfig)
')
domain_trans(init, shell_exec, shell)
domain_trans(init, init_exec, ueventd)
@@ -30,6 +31,12 @@
allow init su:process { siginh rlimitinh };
')
+# Allow init to figure out name of dm-device from it's /dev/block/dm-XX path.
+# This is useful in case of remounting ext4 userdata into checkpointing mode,
+# since it potentially requires tearing down dm-devices (e.g. dm-bow, dm-crypto)
+# that userdata is mounted onto.
+allow init sysfs_dm:file read;
+
# Allow the BoringSSL self test to request a reboot upon failure
set_prop(init, powerctl_prop)
diff --git a/private/linkerconfig.te b/private/linkerconfig.te
index 01a9fbf..f82e05d 100644
--- a/private/linkerconfig.te
+++ b/private/linkerconfig.te
@@ -10,4 +10,7 @@
# Allow linkerconfig to log to the kernel.
allow linkerconfig kmsg_device:chr_file w_file_perms;
+# Allow linkerconfig to be invoked with logwrapper from init.
+allow linkerconfig devpts:chr_file { read write };
+
neverallow { domain -init -linkerconfig } linkerconfig_exec:file no_x_file_perms;
diff --git a/private/lpdumpd.te b/private/lpdumpd.te
index 458a8f1..3bcd761 100644
--- a/private/lpdumpd.te
+++ b/private/lpdumpd.te
@@ -38,4 +38,5 @@
-dumpstate
-lpdumpd
-shell
+ -servicemanager
} lpdumpd:binder call;
diff --git a/private/network_stack.te b/private/network_stack.te
index a1d97b7..1295a07 100644
--- a/private/network_stack.te
+++ b/private/network_stack.te
@@ -35,3 +35,4 @@
hal_client_domain(network_stack, hal_tetheroffload)
# Create and share netlink_netfilter_sockets for tetheroffload.
allow network_stack self:netlink_netfilter_socket create_socket_perms_no_ioctl;
+allow network_stack network_stack_service:service_manager find;
diff --git a/private/permissioncontroller_app.te b/private/permissioncontroller_app.te
index 9d88248..0fa2dea 100644
--- a/private/permissioncontroller_app.te
+++ b/private/permissioncontroller_app.te
@@ -32,8 +32,15 @@
allow permissioncontroller_app content_capture_service:service_manager find;
allow permissioncontroller_app device_policy_service:service_manager find;
allow permissioncontroller_app incidentcompanion_service:service_manager find;
+allow permissioncontroller_app IProxyService_service:service_manager find;
allow permissioncontroller_app location_service:service_manager find;
allow permissioncontroller_app media_session_service:service_manager find;
allow permissioncontroller_app surfaceflinger_service:service_manager find;
allow permissioncontroller_app telecom_service:service_manager find;
allow permissioncontroller_app trust_service:service_manager find;
+
+# Allow the app to request and collect incident reports.
+# (Also requires DUMP and PACKAGE_USAGE_STATS permissions)
+allow permissioncontroller_app incident_service:service_manager find;
+binder_call(permissioncontroller_app, incidentd)
+allow permissioncontroller_app incidentd:fifo_file { read write };
diff --git a/private/platform_app.te b/private/platform_app.te
index 72bfe71..9e26d7a 100644
--- a/private/platform_app.te
+++ b/private/platform_app.te
@@ -68,7 +68,6 @@
allow platform_app vr_manager_service:service_manager find;
allow platform_app gpu_service:service_manager find;
allow platform_app stats_service:service_manager find;
-allow platform_app tethering_service:service_manager find;
userdebug_or_eng(`
allow platform_app platform_compat_service:service_manager find;
')
@@ -77,7 +76,7 @@
binder_call(platform_app, gpuservice)
# Allow platform apps to log via statsd.
-binder_call(platform_app statsd)
+binder_call(platform_app, statsd)
# Access to /data/preloads
allow platform_app preloads_data_file:file r_file_perms;
diff --git a/private/priv_app.te b/private/priv_app.te
index c776907..e180b1d 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -16,6 +16,10 @@
# webview crash handling depends on self ptrace (b/27697529, b/20150694, b/19277529#comment7)
allow priv_app self:process ptrace;
+# b/142672293: No other priv-app should need this allow rule now that GMS core runs in its own domain.
+userdebug_or_eng(`
+ auditallow priv_app self:process ptrace;
+')
# Allow loading executable code from writable priv-app home
# directories. This is a W^X violation, however, it needs
@@ -27,10 +31,6 @@
# * /data/user_de/0/com.google.android.gms/app_chimera
# TODO: Tighten (b/112357170)
allow priv_app privapp_data_file:file execute;
-# b/142672293: No other priv-app should need this allow rule now that GMS core runs in its own domain.
-userdebug_or_eng(`
- auditallow priv_app privapp_data_file:file execute;
-')
allow priv_app privapp_data_file:lnk_file create_file_perms;
@@ -52,7 +52,6 @@
allow priv_app radio_service:service_manager find;
allow priv_app recovery_service:service_manager find;
allow priv_app stats_service:service_manager find;
-allow priv_app tethering_service:service_manager find;
# Allow privileged apps to interact with gpuservice
binder_call(priv_app, gpuservice)
@@ -67,6 +66,11 @@
# Write to /data/ota_package for OTA packages.
allow priv_app ota_package_file:dir rw_dir_perms;
allow priv_app ota_package_file:file create_file_perms;
+# b/142672293: No other priv-app should need this allow rule now that GMS core runs in its own domain.
+userdebug_or_eng(`
+ auditallow priv_app ota_package_file:dir rw_dir_perms;
+ auditallow priv_app ota_package_file:file create_file_perms;
+')
# Access to /data/media.
allow priv_app media_rw_data_file:dir create_dir_perms;
@@ -76,6 +80,11 @@
# running "adb install foo.apk".
allow priv_app shell_data_file:file r_file_perms;
allow priv_app shell_data_file:dir r_dir_perms;
+# b/142672293: No other priv-app should need this allow rule now that GMS core runs in its own domain.
+userdebug_or_eng(`
+ auditallow priv_app shell_data_file:file r_file_perms;
+ auditallow priv_app shell_data_file:dir r_dir_perms;
+')
# Allow traceur to pass file descriptors through a content provider to betterbug
allow priv_app trace_data_file:file { getattr read };
@@ -86,6 +95,10 @@
# b/18504118: Allow reads from /data/anr/traces.txt
allow priv_app anr_data_file:file r_file_perms;
+# b/142672293: No other priv-app should need this allow rule now that GMS core runs in its own domain.
+userdebug_or_eng(`
+ auditallow priv_app anr_data_file:file r_file_perms;
+')
# For AppFuse.
allow priv_app vold:fd use;
@@ -145,14 +158,8 @@
auditallow priv_app system_update_service:service_manager find;
')
-# Allow GMS core to communicate with statsd.
+# Allow com.android.vending to communicate with statsd.
binder_call(priv_app, statsd)
-# b/142672293: No other priv-app should need this allow rule now that GMS core runs in its own domain.
-userdebug_or_eng(`
- auditallow priv_app statsd:binder { call transfer };
- auditallow statsd priv_app:binder transfer;
- auditallow priv_app statsd:fd use;
-')
# Allow Phone to read/write cached ringtones (opened by system).
allow priv_app ringtone_file:file { getattr read write };
@@ -219,12 +226,6 @@
allow priv_app system_server:udp_socket {
connect getattr read recvfrom sendto write getopt setopt };
-# Attempts to write to system_data_file is generally a sign
-# that apps are attempting to access encrypted storage before
-# the ACTION_USER_UNLOCKED intent is delivered. Suppress this
-# denial to prevent apps from spamming the logs.
-dontaudit priv_app system_data_file:dir write;
-
###
### neverallow rules
###
diff --git a/private/radio.te b/private/radio.te
index a86403e..4d48c93 100644
--- a/private/radio.te
+++ b/private/radio.te
@@ -7,6 +7,9 @@
# Telephony code contains time / time zone detection logic so it reads the associated properties.
get_prop(radio, time_prop)
+# allow telephony to access platform compat to log permission denials
+allow radio platform_compat_service:service_manager find;
+
allow radio uce_service:service_manager find;
# Manage /data/misc/emergencynumberdb
diff --git a/private/service.te b/private/service.te
index 7ac7988..6c17521 100644
--- a/private/service.te
+++ b/private/service.te
@@ -4,4 +4,5 @@
type incidentcompanion_service, system_api_service, system_server_service, service_manager_type;
type stats_service, service_manager_type;
type statscompanion_service, system_server_service, service_manager_type;
+type statsmanager_service, system_api_service, system_server_service, service_manager_type;
type uce_service, service_manager_type;
diff --git a/private/service_contexts b/private/service_contexts
index bb486e8..849717a 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -1,3 +1,4 @@
+android.hardware.rebootescrow.IRebootEscrow/default u:object_r:hal_rebootescrow_service:s0
android.hardware.vibrator.IVibrator/default u:object_r:hal_vibrator_service:s0
accessibility u:object_r:accessibility_service:s0
@@ -50,6 +51,7 @@
coverage u:object_r:coverage_service:s0
cpuinfo u:object_r:cpuinfo_service:s0
crossprofileapps u:object_r:crossprofileapps_service:s0
+dataloader_manager u:object_r:dataloader_manager_service:s0
dbinfo u:object_r:dbinfo_service:s0
device_config u:object_r:device_config_service:s0
device_policy u:object_r:device_policy_service:s0
@@ -74,6 +76,7 @@
lowpan u:object_r:lowpan_service:s0
ethernet u:object_r:ethernet_service:s0
face u:object_r:face_service:s0
+file_integrity u:object_r:file_integrity_service:s0
fingerprint u:object_r:fingerprint_service:s0
font u:object_r:font_service:s0
android.hardware.fingerprint.IFingerprintDaemon u:object_r:fingerprintd_service:s0
@@ -97,6 +100,8 @@
iphonesubinfo u:object_r:radio_service:s0
ims u:object_r:radio_service:s0
imms u:object_r:imms_service:s0
+incremental u:object_r:incremental_service:s0
+incremental_service u:object_r:incremental_service:s0
ipsec u:object_r:ipsec_service:s0
ircsmessage u:object_r:radio_service:s0
iris u:object_r:iris_service:s0
@@ -185,7 +190,9 @@
slice u:object_r:slice_service:s0
stats u:object_r:stats_service:s0
statscompanion u:object_r:statscompanion_service:s0
+statsmanager u:object_r:statsmanager_service:s0
soundtrigger u:object_r:voiceinteraction_service:s0
+soundtrigger_middleware u:object_r:soundtrigger_middleware_service:s0
statusbar u:object_r:statusbar_service:s0
storaged u:object_r:storaged_service:s0
storaged_pri u:object_r:storaged_service:s0
diff --git a/private/statsd.te b/private/statsd.te
index 9d250bd..a55c42d 100644
--- a/private/statsd.te
+++ b/private/statsd.te
@@ -3,8 +3,6 @@
init_daemon_domain(statsd)
-binder_call(statsd, statscompanion_service)
-
# Allow to exec the perfetto cmdline client and pass it the trace config on
# stdint through a pipe. It allows statsd to capture traces and hand them
# to Android dropbox.
diff --git a/private/storaged.te b/private/storaged.te
index 3ed24b2..b7d4ae9 100644
--- a/private/storaged.te
+++ b/private/storaged.te
@@ -30,6 +30,12 @@
# Needed for GMScore to call dumpsys storaged
allow storaged priv_app:fd use;
+# b/142672293: No other priv-app should need this allow rule now that GMS core runs in its own domain.
+# Remove after no logs are seen for this rule.
+userdebug_or_eng(`
+ auditallow storaged priv_app:fd use;
+')
+allow storaged gmscore_app:fd use;
allow storaged { privapp_data_file app_data_file }:file write;
allow storaged permission_service:service_manager find;
diff --git a/private/system_server.te b/private/system_server.te
index 89a185d..c1342d8 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -17,6 +17,9 @@
allow system_server zygote_tmpfs:file read;
allow system_server appdomain_tmpfs:file { getattr map read write };
+# For Incremental Service to check if incfs is available
+allow system_server proc_filesystems:file r_file_perms;
+
# For art.
allow system_server dalvikcache_data_file:dir r_dir_perms;
allow system_server dalvikcache_data_file:file r_file_perms;
@@ -37,10 +40,12 @@
allow system_server zygote:process sigchld;
# May kill zygote on crashes.
-allow system_server zygote:process sigkill;
-allow system_server crash_dump:process sigkill;
-allow system_server webview_zygote:process sigkill;
-allow system_server app_zygote:process sigkill;
+allow system_server {
+ app_zygote
+ crash_dump
+ webview_zygote
+ zygote
+}:process { sigkill signull };
# Read /system/bin/app_process.
allow system_server zygote_exec:file r_file_perms;
@@ -155,6 +160,9 @@
# Read /sys/kernel/debug/wakeup_sources.
allow system_server debugfs_wakeup_sources:file r_file_perms;
+# Read /sys/kernel/ion/*.
+allow system_server sysfs_ion:file r_file_perms;
+
# The DhcpClient and WifiWatchdog use packet_sockets
allow system_server self:packet_socket create_socket_perms_no_ioctl;
@@ -205,6 +213,7 @@
# Use HALs
hal_client_domain(system_server, hal_allocator)
+hal_client_domain(system_server, hal_audio)
hal_client_domain(system_server, hal_authsecret)
hal_client_domain(system_server, hal_broadcastradio)
hal_client_domain(system_server, hal_codec2)
@@ -224,6 +233,7 @@
hal_client_domain(system_server, hal_omx)
hal_client_domain(system_server, hal_power)
hal_client_domain(system_server, hal_power_stats)
+hal_client_domain(system_server, hal_rebootescrow)
hal_client_domain(system_server, hal_sensors)
hal_client_domain(system_server, hal_tetheroffload)
hal_client_domain(system_server, hal_thermal)
@@ -713,6 +723,7 @@
allow system_server audioserver_service:service_manager find;
allow system_server batteryproperties_service:service_manager find;
allow system_server cameraserver_service:service_manager find;
+allow system_server dataloader_manager_service:service_manager find;
allow system_server dnsresolver_service:service_manager find;
allow system_server drmserver_service:service_manager find;
allow system_server dumpstate_service:service_manager find;
@@ -723,6 +734,7 @@
allow system_server hal_fingerprint_service:service_manager find;
allow system_server idmap_service:service_manager find;
allow system_server incident_service:service_manager find;
+allow system_server incremental_service:service_manager find;
allow system_server installd_service:service_manager find;
allow system_server iorapd_service:service_manager find;
allow system_server keystore_service:service_manager find;
diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index f37cadc..d8e0b14 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -162,12 +162,6 @@
# Used by: https://play.google.com/store/apps/details?id=jackpal.androidterm
create_pty(untrusted_app_all)
-# Attempts to write to system_data_file is generally a sign
-# that apps are attempting to access encrypted storage before
-# the ACTION_USER_UNLOCKED intent is delivered. Suppress this
-# denial to prevent third party apps from spamming the logs.
-dontaudit untrusted_app_all system_data_file:dir write;
-
# Allow access to kcov via its ioctl interface for coverage
# guided kernel fuzzing.
userdebug_or_eng(`
diff --git a/private/vold_prepare_subdirs.te b/private/vold_prepare_subdirs.te
index 348d3ce..b287bdc 100644
--- a/private/vold_prepare_subdirs.te
+++ b/private/vold_prepare_subdirs.te
@@ -14,6 +14,8 @@
vendor_data_file
}:dir { open read write add_name remove_name rmdir relabelfrom };
allow vold_prepare_subdirs {
+ apex_module_data_file
+ apex_rollback_data_file
backup_data_file
face_vendor_data_file
fingerprint_vendor_data_file
@@ -23,6 +25,8 @@
vold_data_file
}:dir { create_dir_perms relabelto };
allow vold_prepare_subdirs {
+ apex_module_data_file
+ apex_rollback_data_file
backup_data_file
face_vendor_data_file
fingerprint_vendor_data_file
@@ -32,5 +36,6 @@
system_data_file
vold_data_file
}:file { getattr unlink };
+allow vold_prepare_subdirs apex_mnt_dir:dir { open read };
dontaudit vold_prepare_subdirs { proc unlabeled }:file r_file_perms;
diff --git a/private/zygote.te b/private/zygote.te
index 5d7ecac..e6c1db9 100644
--- a/private/zygote.te
+++ b/private/zygote.te
@@ -50,6 +50,29 @@
# is ensured by fsverity protection (checked in art_apex_boot_integrity).
allow zygote dalvikcache_data_file:file execute;
+# Bind mount on /data/data and mounted volumes
+allow zygote { system_data_file mnt_expand_file }:dir mounton;
+
+# Create and bind dirs on /data/data
+allow zygote tmpfs:dir { create_dir_perms mounton };
+
+# Create symlink for /data/user/0
+allow zygote tmpfs:lnk_file create;
+
+allow zygote mirror_data_file:dir r_dir_perms;
+
+# Get and set data directories
+allow zygote {
+ system_data_file
+ radio_data_file
+ app_data_file
+ shell_data_file
+ bluetooth_data_file
+ privapp_data_file
+ nfc_data_file
+ mnt_expand_file
+}:dir getattr;
+
# Allow zygote to create JIT memory.
allow zygote self:process execmem;
allow zygote zygote_tmpfs:file execute;
@@ -177,3 +200,9 @@
bluetooth_prop
exported_bluetooth_prop
}:file create_file_perms;
+
+# Do not allow zygote to access app data except getting attributes and relabeling to.
+neverallow zygote {
+ privapp_data_file
+ app_data_file
+}:dir ~getattr;
diff --git a/public/apexd.te b/public/apexd.te
index 3957ed6..93c257f 100644
--- a/public/apexd.te
+++ b/public/apexd.te
@@ -7,7 +7,7 @@
set_prop(apexd, apexd_prop)
neverallow { domain -init -apexd -system_server } apex_service:service_manager find;
-neverallow { domain -init -apexd -system_server } apexd:binder call;
+neverallow { domain -init -apexd -system_server -servicemanager } apexd:binder call;
neverallow { domain userdebug_or_eng(`-crash_dump') } apexd:process ptrace;
diff --git a/public/attributes b/public/attributes
index b600ea4..0fd2be2 100644
--- a/public/attributes
+++ b/public/attributes
@@ -325,6 +325,7 @@
hal_attribute(omx);
hal_attribute(power);
hal_attribute(power_stats);
+hal_attribute(rebootescrow);
hal_attribute(secure_element);
hal_attribute(sensors);
hal_attribute(telephony);
diff --git a/public/device.te b/public/device.te
index fad0f61..32563d6 100644
--- a/public/device.te
+++ b/public/device.te
@@ -51,6 +51,7 @@
type tun_device, dev_type, mlstrustedobject;
type usbaccessory_device, dev_type, mlstrustedobject;
type usb_device, dev_type, mlstrustedobject;
+type usb_serial_device, dev_type;
type properties_device, dev_type;
type properties_serial, dev_type;
type property_info, dev_type;
diff --git a/public/domain.te b/public/domain.te
index ddfaa82..88093f9 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -105,6 +105,7 @@
get_prop(domain, exported_vold_prop)
get_prop(domain, exported2_default_prop)
get_prop(domain, logd_prop)
+get_prop(domain, vndk_prop)
# Let everyone read log properties, so that liblog can avoid sending unloggable
# messages to logd.
@@ -513,6 +514,7 @@
# anyone but init to modify unknown properties.
neverallow { domain -init -vendor_init } default_prop:property_service set;
neverallow { domain -init -vendor_init } mmc_prop:property_service set;
+neverallow { domain -init -vendor_init } vndk_prop:property_service set;
compatible_property_only(`
neverallow { domain -init } default_prop:property_service set;
diff --git a/public/dumpstate.te b/public/dumpstate.te
index a35c312..7342856 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -295,8 +295,14 @@
allow dumpstate { domain pdx_channel_socket_type pdx_endpoint_socket_type }:socket_class_set getattr;
# For when dumpstate runs df
-dontaudit dumpstate mnt_vendor_file:dir search;
-dontaudit dumpstate apex_mnt_dir:dir getattr;
+dontaudit dumpstate {
+ mnt_vendor_file
+ mirror_data_file
+}:dir search;
+dontaudit dumpstate {
+ apex_mnt_dir
+ mirror_data_file
+}:dir getattr;
# Allow dumpstate to talk to bufferhubd over binder
binder_call(dumpstate, bufferhubd);
diff --git a/public/file.te b/public/file.te
index 11f5b08..9573ad0 100644
--- a/public/file.te
+++ b/public/file.te
@@ -86,6 +86,7 @@
type sysfs_dm, fs_type, sysfs_type;
type sysfs_dt_firmware_android, fs_type, sysfs_type;
type sysfs_extcon, fs_type, sysfs_type;
+type sysfs_ion, fs_type, sysfs_type;
type sysfs_ipv4, fs_type, sysfs_type;
type sysfs_kernel_notes, fs_type, sysfs_type, mlstrustedobject;
type sysfs_leds, fs_type, sysfs_type;
@@ -143,6 +144,8 @@
type binfmt_miscfs, fs_type;
type app_fusefs, fs_type, contextmount_type;
+type incfs, fs_type;
+
# File types
type unlabeled, file_type;
@@ -182,6 +185,8 @@
type vendor_task_profiles_file, vendor_file_type, file_type;
# Type for /system/apex/com.android.art
type art_apex_dir, system_file_type, file_type;
+# /linkerconfig(/.*)?
+type linkerconfig_file, file_type;
# Default type for directories search for
# HAL implementations
@@ -303,6 +308,8 @@
type staging_data_file, file_type, data_file_type, core_data_file_type;
# /vendor/apex
type vendor_apex_file, vendor_file_type, file_type;
+# /data/incremental
+type incremental_root_file, file_type, data_file_type, core_data_file_type;
# Mount locations managed by vold
type mnt_media_rw_file, file_type;
@@ -331,8 +338,13 @@
# /postinstall/apex: Mount point used for APEX images within /postinstall.
type postinstall_apex_mnt_dir, file_type;
+# /data_mirror: Contains mirror directory for storing all apps data.
+type mirror_data_file, file_type, core_data_file_type;
+
# /data/misc subdirectories
type adb_keys_file, file_type, data_file_type, core_data_file_type;
+type apex_module_data_file, file_type, data_file_type, core_data_file_type;
+type apex_rollback_data_file, file_type, data_file_type, core_data_file_type;
type audio_data_file, file_type, data_file_type, core_data_file_type;
type audioserver_data_file, file_type, data_file_type, core_data_file_type;
type bluetooth_data_file, file_type, data_file_type, core_data_file_type;
diff --git a/public/hal_rebootescrow.te b/public/hal_rebootescrow.te
new file mode 100644
index 0000000..4352630
--- /dev/null
+++ b/public/hal_rebootescrow.te
@@ -0,0 +1,7 @@
+# HwBinder IPC from client to server
+binder_call(hal_rebootescrow_client, hal_rebootescrow_server)
+
+add_service(hal_rebootescrow_server, hal_rebootescrow_service)
+binder_use(hal_rebootescrow_server)
+
+allow hal_rebootescrow_client hal_rebootescrow_service:service_manager find;
diff --git a/public/hal_vibrator.te b/public/hal_vibrator.te
index 40d9c6b..a34621d 100644
--- a/public/hal_vibrator.te
+++ b/public/hal_vibrator.te
@@ -9,6 +9,8 @@
allow hal_vibrator_client hal_vibrator_service:service_manager find;
+allow hal_vibrator_server dumpstate:fifo_file write;
+
# vibrator sysfs rw access
allow hal_vibrator sysfs_vibrator:file rw_file_perms;
allow hal_vibrator sysfs_vibrator:dir search;
diff --git a/public/init.te b/public/init.te
index 8031809..56ed703 100644
--- a/public/init.te
+++ b/public/init.te
@@ -86,6 +86,7 @@
rootfs
cache_file
cgroup
+ linkerconfig_file
storage_file
mnt_user_file
system_data_file
@@ -93,6 +94,7 @@
system_file
vendor_file
postinstall_mnt_dir
+ mirror_data_file
}:dir mounton;
allow init cgroup_bpf:dir { create mounton };
diff --git a/public/installd.te b/public/installd.te
index 40b151e..10277d2 100644
--- a/public/installd.te
+++ b/public/installd.te
@@ -70,6 +70,9 @@
allow installd sdcard_type:dir { search open read write remove_name getattr rmdir };
allow installd sdcard_type:file { getattr unlink };
+# Create app's mirror data directory in /data_mirror, and bind mount the real directory to it
+allow installd mirror_data_file:dir { create_dir_perms mounton };
+
# Upgrade /data/misc/keychain for multi-user if necessary.
allow installd misc_user_data_file:dir create_dir_perms;
allow installd misc_user_data_file:file create_file_perms;
@@ -105,6 +108,7 @@
# upon creation via setfilecon or running restorecon_recursive,
# setting owner/mode, creating symlinks within them, and deleting them
# upon package uninstall.
+
# Types extracted from seapp_contexts type= fields.
allow installd {
system_app_data_file
@@ -126,6 +130,9 @@
privapp_data_file
}:notdevfile_class_set { create_file_perms relabelfrom relabelto };
+# Allow zygote to unmount mirror directories
+allow installd labeledfs:filesystem unmount;
+
# Similar for the files under /data/misc/profiles/
allow installd user_profile_data_file:dir create_dir_perms;
allow installd user_profile_data_file:file create_file_perms;
@@ -166,9 +173,9 @@
### Neverallow rules
###
-# only system_server, installd and dumpstate may interact with installd over binder
+# only system_server, installd, dumpstate, and servicemanager may interact with installd over binder
neverallow { domain -system_server -dumpstate -installd } installd_service:service_manager find;
-neverallow { domain -system_server -dumpstate } installd:binder call;
+neverallow { domain -system_server -dumpstate -servicemanager } installd:binder call;
neverallow installd {
domain
-system_server
diff --git a/public/property.te b/public/property.te
index 6716332..188178a 100644
--- a/public/property.te
+++ b/public/property.te
@@ -66,6 +66,7 @@
system_restricted_prop(system_boot_reason_prop)
system_restricted_prop(system_jvmti_agent_prop)
system_restricted_prop(userspace_reboot_exported_prop)
+system_restricted_prop(vndk_prop)
compatible_property_only(`
# DO NOT ADD ANY PROPERTIES HERE
@@ -128,6 +129,7 @@
system_public_prop(exported_radio_prop)
system_public_prop(exported_system_radio_prop)
system_public_prop(exported_wifi_prop)
+system_public_prop(sota_prop)
system_public_prop(hwservicemanager_prop)
system_public_prop(logd_prop)
system_public_prop(logpersistd_logging_prop)
@@ -597,6 +599,7 @@
-exported_vold_prop
-exported_wifi_prop
-extended_core_property_type
+ -sota_prop
-ffs_prop
-fingerprint_prop
-firstboot_prop
diff --git a/public/property_contexts b/public/property_contexts
index 6eb2d70..7e49e9c 100644
--- a/public/property_contexts
+++ b/public/property_contexts
@@ -256,6 +256,7 @@
ro.build.version.incremental u:object_r:exported2_default_prop:s0 exact string
ro.build.version.preview_sdk u:object_r:exported2_default_prop:s0 exact int
ro.build.version.release u:object_r:exported2_default_prop:s0 exact string
+ro.build.version.extensions. u:object_r:module_sdkext_prop:s0 prefix int
ro.build.version.sdk u:object_r:exported2_default_prop:s0 exact int
ro.build.version.security_patch u:object_r:exported2_default_prop:s0 exact string
ro.crypto.state u:object_r:exported_vold_prop:s0 exact string
@@ -368,6 +369,7 @@
ro.odm.build.date u:object_r:exported_default_prop:s0 exact string
ro.odm.build.date.utc u:object_r:exported_default_prop:s0 exact int
ro.odm.build.fingerprint u:object_r:exported_default_prop:s0 exact string
+ro.odm.build.version.incremental u:object_r:exported_default_prop:s0 exact string
ro.oem.key1 u:object_r:exported_default_prop:s0 exact string
ro.product.board u:object_r:exported_default_prop:s0 exact string
ro.product.cpu.abilist32 u:object_r:exported_default_prop:s0 exact string
@@ -383,10 +385,12 @@
ro.product.vendor.manufacturer u:object_r:exported_default_prop:s0 exact string
ro.product.vendor.model u:object_r:exported_default_prop:s0 exact string
ro.product.vendor.name u:object_r:exported_default_prop:s0 exact string
+ro.product.vndk.version u:object_r:vndk_prop:s0 exact string
ro.telephony.iwlan_operation_mode u:object_r:exported_radio_prop:s0 exact enum default legacy AP-assisted
ro.vendor.build.date u:object_r:exported_default_prop:s0 exact string
ro.vendor.build.date.utc u:object_r:exported_default_prop:s0 exact int
ro.vendor.build.fingerprint u:object_r:exported_default_prop:s0 exact string
+ro.vendor.build.version.incremental u:object_r:exported_default_prop:s0 exact string
ro.vndk.lite u:object_r:exported_default_prop:s0 exact bool
ro.vndk.version u:object_r:exported_default_prop:s0 exact string
ro.vts.coverage u:object_r:exported_default_prop:s0 exact int
@@ -395,6 +399,7 @@
wifi.direct.interface u:object_r:exported_default_prop:s0 exact string
wifi.interface u:object_r:exported_default_prop:s0 exact string
ro.apex.updatable u:object_r:exported_default_prop:s0 exact bool
+ro.init.userspace_reboot.is_supported u:object_r:userspace_reboot_prop:s0 exact bool
# public-readable
ro.boot.revision u:object_r:exported2_default_prop:s0 exact string
diff --git a/public/service.te b/public/service.te
index dfae57b..8d56fb9 100644
--- a/public/service.te
+++ b/public/service.te
@@ -78,6 +78,7 @@
# with EMMA_INSTRUMENT=true. We should consider locking this down in the future.
type coverage_service, system_server_service, service_manager_type;
type cpuinfo_service, system_api_service, system_server_service, service_manager_type;
+type dataloader_manager_service, system_server_service, service_manager_type;
type dbinfo_service, system_api_service, system_server_service, service_manager_type;
type device_config_service, system_server_service, service_manager_type;
type device_policy_service, app_api_service, system_server_service, service_manager_type;
@@ -88,6 +89,7 @@
type display_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type color_display_service, system_api_service, system_server_service, service_manager_type;
type external_vibrator_service, system_server_service, service_manager_type;
+type file_integrity_service, app_api_service, system_server_service, service_manager_type;
type font_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type netd_listener_service, system_server_service, service_manager_type;
type network_watchlist_service, system_server_service, service_manager_type;
@@ -107,6 +109,7 @@
type hardware_properties_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type hdmi_control_service, system_api_service, system_server_service, service_manager_type;
type imms_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type incremental_service, system_server_service, service_manager_type;
type input_method_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type input_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type ipsec_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
@@ -163,6 +166,7 @@
type statusbar_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type storagestats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type system_update_service, system_server_service, service_manager_type;
+type soundtrigger_middleware_service, system_server_service, service_manager_type;
type task_service, system_server_service, service_manager_type;
type testharness_service, system_server_service, service_manager_type;
type textclassification_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
@@ -193,12 +197,13 @@
type window_service, system_api_service, system_server_service, service_manager_type;
type inputflinger_service, system_api_service, system_server_service, service_manager_type;
type wpantund_service, system_api_service, service_manager_type;
-type tethering_service, system_server_service, service_manager_type;
+type tethering_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
###
### HAL Services
###
+type hal_rebootescrow_service, vendor_service, service_manager_type;
type hal_vibrator_service, vendor_service, service_manager_type;
###
diff --git a/public/su.te b/public/su.te
index f76a2a8..fa32a4b 100644
--- a/public/su.te
+++ b/public/su.te
@@ -86,6 +86,7 @@
typeattribute su hal_nfc_client;
typeattribute su hal_oemlock_client;
typeattribute su hal_power_client;
+ typeattribute su hal_rebootescrow_client;
typeattribute su hal_secure_element_client;
typeattribute su hal_sensors_client;
typeattribute su hal_telephony_client;
diff --git a/public/te_macros b/public/te_macros
index 9672227..f065a21 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -337,6 +337,8 @@
define(`binder_use', `
# Call the servicemanager and transfer references to it.
allow $1 servicemanager:binder { call transfer };
+# Allow servicemanager to send out callbacks
+allow servicemanager $1:binder { call transfer };
# servicemanager performs getpidcon on clients.
allow servicemanager $1:dir search;
allow servicemanager $1:file { read open };
diff --git a/public/vendor_init.te b/public/vendor_init.te
index a756dc1..8230957 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -224,6 +224,7 @@
-module_sdkext_prop
-userspace_reboot_exported_prop
-userspace_reboot_prop
+ -vndk_prop
})
')
diff --git a/vendor/hal_can_socketcan.te b/vendor/hal_can_socketcan.te
index 9ee37fd..afa1311 100644
--- a/vendor/hal_can_socketcan.te
+++ b/vendor/hal_can_socketcan.te
@@ -16,7 +16,7 @@
};
# Communicating with SocketCAN interfaces and bringing them up/down
-allow hal_can_socketcan self:can_socket { bind create read write ioctl };
+allow hal_can_socketcan self:can_socket { bind create read write ioctl setopt };
allowxperm hal_can_socketcan self:can_socket ioctl {
SIOCGIFFLAGS
SIOCSIFFLAGS
@@ -24,3 +24,13 @@
# Un-publishing ICanBus interfaces
allow hal_can_socketcan hidl_manager_hwservice:hwservice_manager find;
+
+allow hal_can_socketcan usb_serial_device:chr_file { ioctl read write open };
+allowxperm hal_can_socketcan usb_serial_device:chr_file ioctl {
+ TCGETS
+ TCSETSW
+ TIOCGSERIAL
+ TIOCSSERIAL
+ TIOCSETD
+ SIOCGIFNAME
+};
diff --git a/vendor/hal_rebootescrow_default.te b/vendor/hal_rebootescrow_default.te
new file mode 100644
index 0000000..99fadde
--- /dev/null
+++ b/vendor/hal_rebootescrow_default.te
@@ -0,0 +1,8 @@
+type hal_rebootescrow_default, domain;
+hal_server_domain(hal_rebootescrow_default, hal_rebootescrow)
+
+type hal_rebootescrow_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_rebootescrow_default)
+
+type rebootescrow_device, dev_type;
+allow hal_rebootescrow_default rebootescrow_device:chr_file rw_file_perms;