Merge "Allow init to write to /proc/cpu/alignment"
diff --git a/microdroid/system/private/microdroid_manager.te b/microdroid/system/private/microdroid_manager.te
index 0865727..3aa14ca 100644
--- a/microdroid/system/private/microdroid_manager.te
+++ b/microdroid/system/private/microdroid_manager.te
@@ -66,4 +66,7 @@
# need to be started or not.
get_prop(microdroid_manager, bootloader_prop)
+# Allow microdroid_manager to shutdown the device when verification fails
+set_prop(microdroid_manager, powerctl_prop)
+
neverallow microdroid_manager { file_type fs_type }:file execute_no_trans;
diff --git a/microdroid/system/private/property_contexts b/microdroid/system/private/property_contexts
index c92a595..9384a75 100644
--- a/microdroid/system/private/property_contexts
+++ b/microdroid/system/private/property_contexts
@@ -33,6 +33,7 @@
ctl. u:object_r:ctl_default_prop:s0
sys.init.perf_lsm_hooks u:object_r:init_perf_lsm_hooks_prop:s0 exact bool
+sys.powerctl u:object_r:powerctl_prop:s0
service.adb.root u:object_r:shell_prop:s0 exact bool
diff --git a/microdroid/system/public/property.te b/microdroid/system/public/property.te
index f98d87f..f92face 100644
--- a/microdroid/system/public/property.te
+++ b/microdroid/system/public/property.te
@@ -45,6 +45,7 @@
type usb_control_prop, property_type;
type vendor_default_prop, property_type;
type vmsecret_keymint_prop, property_type;
+type powerctl_prop, property_type;
allow property_type tmpfs:filesystem associate;
diff --git a/private/compat/31.0/31.0.ignore.cil b/private/compat/31.0/31.0.ignore.cil
index 179592d..5860761 100644
--- a/private/compat/31.0/31.0.ignore.cil
+++ b/private/compat/31.0/31.0.ignore.cil
@@ -32,6 +32,7 @@
untrusted_app_30
proc_vendor_sched
sysfs_vendor_sched
+ tv_iapp_service
vendor_vm_file
vendor_vm_data_file
virtual_device_service
diff --git a/private/service_contexts b/private/service_contexts
index 40977f2..4470e1c 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -292,6 +292,7 @@
tracing.proxy u:object_r:tracingproxy_service:s0
translation u:object_r:translation_service:s0
trust u:object_r:trust_service:s0
+tv_iapp u:object_r:tv_iapp_service:s0
tv_input u:object_r:tv_input_service:s0
tv_tuner_resource_mgr u:object_r:tv_tuner_resource_mgr_service:s0
uce u:object_r:uce_service:s0
diff --git a/private/simpleperf.te b/private/simpleperf.te
index 0639c11..9c70060 100644
--- a/private/simpleperf.te
+++ b/private/simpleperf.te
@@ -5,7 +5,16 @@
typeattribute simpleperf coredomain;
type simpleperf_exec, system_file_type, exec_type, file_type;
-domain_auto_trans({ untrusted_app_all -runas_app }, simpleperf_exec, simpleperf)
+# Define apps that can be marked debuggable/profileable and be profiled by simpleperf.
+define(`simpleperf_profileable_apps', `{
+ ephemeral_app
+ isolated_app
+ platform_app
+ priv_app
+ untrusted_app_all
+}')
+
+domain_auto_trans({ simpleperf_profileable_apps -runas_app }, simpleperf_exec, simpleperf)
# When running in this domain, simpleperf is scoped to profiling an individual
# app. The necessary MAC permissions for profiling are more maintainable and
@@ -16,14 +25,19 @@
# Allow ptrace attach to the target app, for reading JIT debug info (using
# process_vm_readv) during unwinding and symbolization.
-allow simpleperf untrusted_app_all:process ptrace;
+allow simpleperf simpleperf_profileable_apps:process ptrace;
# Allow using perf_event_open syscall for profiling the target app.
allow simpleperf self:perf_event { open read write kernel };
# Allow /proc/<pid> access for the target app (for example, when trying to
# discover it by cmdline).
-r_dir_file(simpleperf, untrusted_app_all)
+r_dir_file(simpleperf, simpleperf_profileable_apps)
+
+# Allow apps signalling simpleperf domain, which is the domain that the simpleperf
+# profiler runs as when executed by the app. The signals are used to control
+# the profiler (which would be profiling the app that is sending the signal).
+allow simpleperf_profileable_apps simpleperf:process signal;
# Suppress denial logspam when simpleperf is trying to find a matching process
# by scanning /proc/<pid>/cmdline files. The /proc/<pid> directories are within
diff --git a/private/simpleperf_app_runner.te b/private/simpleperf_app_runner.te
index 17fd8cd..184a80a 100644
--- a/private/simpleperf_app_runner.te
+++ b/private/simpleperf_app_runner.te
@@ -21,7 +21,7 @@
# simpleperf_app_runner switches to the app security context.
selinux_check_context(simpleperf_app_runner) # validate context
allow simpleperf_app_runner self:process setcurrent;
-allow simpleperf_app_runner untrusted_app_all:process dyntransition; # setcon
+allow simpleperf_app_runner { ephemeral_app isolated_app platform_app priv_app untrusted_app_all }:process dyntransition; # setcon
# simpleperf_app_runner/libselinux needs access to seapp_contexts_file to
# determine which domain to transition to.
diff --git a/private/statsd.te b/private/statsd.te
index 444d82e..59948ff 100644
--- a/private/statsd.te
+++ b/private/statsd.te
@@ -17,7 +17,10 @@
allow statsd incidentd:fifo_file write;
# Allow StatsCompanionService to pipe data to statsd.
-allow statsd system_server:fifo_file { read getattr };
+allow statsd system_server:fifo_file { read write getattr };
+
+# Allow Statsd to pipe data to privileged apps.
+allow statsd priv_app:fifo_file { read write getattr };
# Allow statsd to retrieve SF statistics over binder
binder_call(statsd, surfaceflinger);
diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index d6f237c..ceee544 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -171,11 +171,6 @@
allow untrusted_app_all self:lockdown integrity;
')
-# Allow signalling simpleperf domain, which is the domain that the simpleperf
-# profiler runs as when executed by the app. The signals are used to control
-# the profiler (which would be profiling the app that is sending the signal).
-allow untrusted_app_all simpleperf:process signal;
-
# Allow running a VM for test/demo purposes. Note that access the service is
# still guarded with the `android.permission.MANAGE_VIRTUAL_MACHINE`
# permission. The protection level of the permission is `signature|development`
diff --git a/public/cameraserver.te b/public/cameraserver.te
index b7e555f..577a465 100644
--- a/public/cameraserver.te
+++ b/public/cameraserver.te
@@ -36,6 +36,9 @@
allow cameraserver hidl_token_hwservice:hwservice_manager find;
+# Allow to talk with surfaceflinger through unix stream socket
+allow cameraserver surfaceflinger:unix_stream_socket { read write };
+
###
### neverallow rules
###
diff --git a/public/property.te b/public/property.te
index de61748..f73a408 100644
--- a/public/property.te
+++ b/public/property.te
@@ -64,7 +64,6 @@
system_restricted_prop(bq_config_prop)
system_restricted_prop(build_bootimage_prop)
system_restricted_prop(build_prop)
-system_restricted_prop(charger_status_prop)
system_restricted_prop(device_config_nnapi_native_prop)
system_restricted_prop(device_config_runtime_native_boot_prop)
system_restricted_prop(device_config_runtime_native_prop)
@@ -180,6 +179,7 @@
system_public_prop(bluetooth_a2dp_offload_prop)
system_public_prop(bluetooth_audio_hal_prop)
system_public_prop(bluetooth_prop)
+system_public_prop(charger_status_prop)
system_public_prop(ctl_default_prop)
system_public_prop(ctl_interface_start_prop)
system_public_prop(ctl_start_prop)
diff --git a/public/service.te b/public/service.te
index 3462426..083de1d 100644
--- a/public/service.te
+++ b/public/service.te
@@ -219,6 +219,7 @@
type timezonedetector_service, app_api_service, system_server_service, service_manager_type;
type translation_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type trust_service, app_api_service, system_server_service, service_manager_type;
+type tv_iapp_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type tv_input_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type tv_tuner_resource_mgr_service, app_api_service, system_server_service, service_manager_type;
type uimode_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;