Merge "Allow traced_probes to read packages.list."
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index eea3dd5..6267922 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -99,6 +99,7 @@
network_stack
network_stack_service
network_stack_tmpfs
+ nnapi_ext_deny_product_prop
overlayfs_file
password_slot_metadata_file
permissionmgr_service
diff --git a/private/property_contexts b/private/property_contexts
index 3622d12..c1f1228 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -191,3 +191,7 @@
gsid. u:object_r:gsid_prop:s0
ro.gsid. u:object_r:gsid_prop:s0
+
+# Property for disabling NNAPI vendor extensions on product image (used on GSI /product image,
+# which can't use NNAPI vendor extensions).
+ro.nnapi.extensions.deny_on_product u:object_r:nnapi_ext_deny_product_prop:s0
diff --git a/private/rs.te b/private/rs.te
index 7fbea8c..bf10841 100644
--- a/private/rs.te
+++ b/private/rs.te
@@ -27,7 +27,7 @@
allow rs same_process_hal_file:file { r_file_perms execute };
# File descriptors passed from app to renderscript
-allow rs untrusted_app_all:fd use;
+allow rs { untrusted_app_all ephemeral_app }:fd use;
# rs can access app data, so ensure it can only be entered via an app domain and cannot have
# CAP_DAC_OVERRIDE.
diff --git a/private/untrusted_app_25.te b/private/untrusted_app_25.te
index 96ae0e8..a35d81b 100644
--- a/private/untrusted_app_25.te
+++ b/private/untrusted_app_25.te
@@ -42,7 +42,7 @@
# This will go away in a future Android release
allow untrusted_app_25 proc_tty_drivers:file r_file_perms;
-# Text relocation support for API < 23
+# Text relocation support for API < 23. This is now disallowed for targetSdkVersion>=Q.
# https://android.googlesource.com/platform/bionic/+/master/android-changes-for-ndk-developers.md#text-relocations-enforced-for-api-level-23
allow untrusted_app_25 { apk_data_file app_data_file asec_public_file }:file execmod;
diff --git a/private/untrusted_app_27.te b/private/untrusted_app_27.te
index f9cd460..eaa1791 100644
--- a/private/untrusted_app_27.te
+++ b/private/untrusted_app_27.te
@@ -27,6 +27,10 @@
net_domain(untrusted_app_27)
bluetooth_domain(untrusted_app_27)
+# Text relocation support for API < 23. This is now disallowed for targetSdkVersion>=Q.
+# https://android.googlesource.com/platform/bionic/+/master/android-changes-for-ndk-developers.md#text-relocations-enforced-for-api-level-23
+allow untrusted_app_27 { apk_data_file app_data_file asec_public_file }:file execmod;
+
# The ability to call exec() on files in the apps home directories
# for targetApi 26, 27, and 28.
allow untrusted_app_27 app_data_file:file execute_no_trans;
diff --git a/public/domain.te b/public/domain.te
index 5a964c9..634a5c5 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -1118,7 +1118,7 @@
# Do not allow the introduction of new execmod rules. Text relocations
# and modification of executable pages are unsafe.
-neverallow { domain -untrusted_app_25 } file_type:file execmod;
+neverallow { domain -untrusted_app_25 -untrusted_app_27 } file_type:file execmod;
neverallow { domain -init } proc:{ file dir } mounton;
diff --git a/public/hal_neuralnetworks.te b/public/hal_neuralnetworks.te
index 21374bc..c2549ff 100644
--- a/public/hal_neuralnetworks.te
+++ b/public/hal_neuralnetworks.te
@@ -11,3 +11,11 @@
# Allow NN HAL service to use a client-provided fd residing in /data/local/tmp/.
allow hal_neuralnetworks_server shell_data_file:file { read write getattr map };
+
+# Allow NN HAL client to check the ro.nnapi.extensions.deny_on_product
+# property to determine whether to deny NNAPI extensions use for apps
+# on product partition (apps in GSI are not allowed to use NNAPI extensions).
+get_prop(hal_neuralnetworks_client, nnapi_ext_deny_product_prop);
+# This property is only expected to be found in /product/build.prop,
+# allow to be set only by init.
+neverallow { domain -init } nnapi_ext_deny_product_prop:property_service set;
diff --git a/public/property.te b/public/property.te
index 473baa2..12f0425 100644
--- a/public/property.te
+++ b/public/property.te
@@ -64,6 +64,7 @@
type net_radio_prop, property_type, core_property_type;
type netd_stable_secret_prop, property_type;
type nfc_prop, property_type, core_property_type;
+type nnapi_ext_deny_product_prop, property_type;
type overlay_prop, property_type;
type pan_result_prop, property_type, core_property_type;
type persist_debug_prop, property_type, core_property_type;
diff --git a/public/vendor_init.te b/public/vendor_init.te
index 5a3e918..de60312 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -206,6 +206,7 @@
-last_boot_reason_prop
-apexd_prop
-gsid_prop
+ -nnapi_ext_deny_product_prop
})
')