Merge "Allow dumpstate to kill dumpstate vendor HAL in timeout case"

commit: 5deb7f4e203852b4a4a4f460bf04b626d697e352 [log] [tgz]
author: Treehugger Robot <treehugger-gerrit@google.com> Thu May 17 16:41:11 2018 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Thu May 17 16:41:11 2018 +0000
tree: 03d641fc283e8d06c3dcb44e848a5b4d81d4b9ff
parent: bf94b0204dbc6035d394119fa004dec2e8fb1431 [diff]
parent: a1db36e1c098d44b0c9718634812f5c43e7b8759 [diff]
diff --git a/Android.mk b/Android.mk
index d0daff4..583aa1e 100644
--- a/Android.mk
+++ b/Android.mk

@@ -61,20 +61,12 @@
 
 PLAT_PUBLIC_POLICY := $(LOCAL_PATH)/public
 ifneq ( ,$(BOARD_PLAT_PUBLIC_SEPOLICY_DIR))
-ifneq (1, $(words $(BOARD_PLAT_PUBLIC_SEPOLICY_DIR)))
-$(error BOARD_PLAT_PUBLIC_SEPOLICY_DIR must only contain one directory)
-else
 PLAT_PUBLIC_POLICY += $(BOARD_PLAT_PUBLIC_SEPOLICY_DIR)
 endif
-endif
 PLAT_PRIVATE_POLICY := $(LOCAL_PATH)/private
 ifneq ( ,$(BOARD_PLAT_PRIVATE_SEPOLICY_DIR))
-ifneq (1, $(words $(BOARD_PLAT_PRIVATE_SEPOLICY_DIR)))
-$(error BOARD_PLAT_PRIVATE_SEPOLICY_DIR must only contain one directory)
-else
 PLAT_PRIVATE_POLICY += $(BOARD_PLAT_PRIVATE_SEPOLICY_DIR)
 endif
-endif
 PLAT_VENDOR_POLICY := $(LOCAL_PATH)/vendor
 REQD_MASK_POLICY := $(LOCAL_PATH)/reqd_mask
 

diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index b0b5f19..8b4d69c 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil

@@ -43,6 +43,7 @@
     exported3_default_prop
     exported3_radio_prop
     exported3_system_prop
+    fingerprint_vendor_data_file
     fs_bpf
     hal_audiocontrol_hwservice
     hal_authsecret_hwservice

diff --git a/private/file_contexts b/private/file_contexts
index b55fb9d..4381f91 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -455,6 +455,9 @@
 # Fingerprint data
 /data/system/users/[0-9]+/fpdata(/.*)? u:object_r:fingerprintd_data_file:s0
 
+# Fingerprint vendor data file
+/data/vendor_de/[0-9]+/fpdata(/.*)? u:object_r:fingerprint_vendor_data_file:s0
+
 # Bootchart data
 /data/bootchart(/.*)?		u:object_r:bootchart_data_file:s0
 

diff --git a/private/vold_prepare_subdirs.te b/private/vold_prepare_subdirs.te
index 4e89d64..0a11558 100644
--- a/private/vold_prepare_subdirs.te
+++ b/private/vold_prepare_subdirs.te

@@ -14,10 +14,12 @@
   vendor_data_file
 }:dir { open read write add_name remove_name rmdir relabelfrom };
 allow vold_prepare_subdirs {
+    fingerprint_vendor_data_file
     storaged_data_file
     vold_data_file
 }:dir { create_dir_perms relabelto };
 allow vold_prepare_subdirs {
+    fingerprint_vendor_data_file
     storaged_data_file
     system_data_file
     vold_data_file

diff --git a/private/webview_zygote.te b/private/webview_zygote.te
index c41f9cb..55b268a 100644
--- a/private/webview_zygote.te
+++ b/private/webview_zygote.te

@@ -6,6 +6,8 @@
 # The webview_zygote needs to be able to transition domains.
 typeattribute webview_zygote mlstrustedsubject;
 
+# Allow access to temporary files, which is normally permitted through
+# a domain macro.
 tmpfs_domain(webview_zygote);
 
 # Allow reading/executing installed binaries to enable preloading the

diff --git a/public/attributes b/public/attributes
index ed6b97f..f833943 100644
--- a/public/attributes
+++ b/public/attributes

@@ -214,6 +214,12 @@
 attribute halclientdomain;
 expandattribute halclientdomain true;
 
+# Exempt for halserverdomain to access sockets. Only builds for automotive
+# device types are allowed to use this attribute (enforced by CTS).
+# Unlike phone, in a car many modules are external from Android perspective and
+# HALs should be able to communicate with those devices through sockets.
+attribute hal_automotive_socket_exemption;
+
 # TODO(b/72757373): Use hal_attribute macro once expandattribute value conflicts
 # can be resolve.
 attribute hal_audio;

diff --git a/public/domain.te b/public/domain.te
index cef538f..f58b456 100644
--- a/public/domain.te
+++ b/public/domain.te

@@ -814,6 +814,7 @@
     -appdomain # TODO(b/34980020) remove exemption for appdomain
     -data_between_core_and_vendor_violators
     -init
+    -vold_prepare_subdirs
   } {
     data_file_type
     -core_data_file_type
@@ -825,6 +826,7 @@
     -appdomain # TODO(b/34980020) remove exemption for appdomain
     -data_between_core_and_vendor_violators
     -init
+    -vold_prepare_subdirs
     } {
       data_file_type
       -core_data_file_type

diff --git a/public/file.te b/public/file.te
index 47beab6..8c33bed 100644
--- a/public/file.te
+++ b/public/file.te

@@ -312,6 +312,8 @@
 type bluetooth_efs_file, file_type;
 # Type for fingerprint template file
 type fingerprintd_data_file, file_type, data_file_type, core_data_file_type;
+# Type for _new_ fingerprint template file
+type fingerprint_vendor_data_file, file_type, data_file_type;
 # Type for appfuse file.
 type app_fuse_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
 

diff --git a/public/hal_audiocontrol.te b/public/hal_audiocontrol.te
index 3e5a379..438db53 100644
--- a/public/hal_audiocontrol.te
+++ b/public/hal_audiocontrol.te

@@ -3,3 +3,5 @@
 binder_call(hal_audiocontrol_server, hal_audiocontrol_client)
 
 add_hwservice(hal_audiocontrol_server, hal_audiocontrol_hwservice)
+
+allow hal_audiocontrol_client hal_audiocontrol_hwservice:hwservice_manager find;

diff --git a/public/hal_fingerprint.te b/public/hal_fingerprint.te
index 36de761..ebe0b0c 100644
--- a/public/hal_fingerprint.te
+++ b/public/hal_fingerprint.te

@@ -8,5 +8,10 @@
 # For memory allocation
 allow hal_fingerprint ion_device:chr_file r_file_perms;
 
+allow hal_fingerprint fingerprint_vendor_data_file:file { create_file_perms };
+allow hal_fingerprint fingerprint_vendor_data_file:dir rw_dir_perms;
+
 r_dir_file(hal_fingerprint, cgroup)
 r_dir_file(hal_fingerprint, sysfs)
+
+

diff --git a/public/hal_neverallows.te b/public/hal_neverallows.te
index 017fcce..0f05d8a 100644
--- a/public/hal_neverallows.te
+++ b/public/hal_neverallows.te

@@ -11,8 +11,13 @@
 
 # Unless a HAL's job is to communicate over the network, or control network
 # hardware, it should not be using network sockets.
+# NOTE: HALs for automotive devices have an exemption from this rule because in
+# a car it is common to have external modules and HALs need to communicate to
+# those modules using network.  Using this exemption for non-automotive builds
+# will result in CTS failure.
 neverallow {
   halserverdomain
+  -hal_automotive_socket_exemption
   -hal_tetheroffload_server
   -hal_wifi_server
   -hal_wifi_hostapd_server

diff --git a/public/hal_vehicle.te b/public/hal_vehicle.te
index f49f5e6..a59f8d2 100644
--- a/public/hal_vehicle.te
+++ b/public/hal_vehicle.te

@@ -3,3 +3,5 @@
 binder_call(hal_vehicle_server, hal_vehicle_client)
 
 add_hwservice(hal_vehicle_server, hal_vehicle_hwservice)
+
+allow hal_vehicle_client hal_vehicle_hwservice:hwservice_manager find;

diff --git a/public/tee.te b/public/tee.te
index f023d5c..0f9b32d 100644
--- a/public/tee.te
+++ b/public/tee.te

@@ -5,3 +5,7 @@
 
 # Device(s) for communicating with the TEE
 type tee_device, dev_type;
+
+allow tee fingerprint_vendor_data_file:dir rw_dir_perms;
+allow tee fingerprint_vendor_data_file:file create_file_perms;
+
commit	5deb7f4e203852b4a4a4f460bf04b626d697e352	[log] [tgz]
author	Treehugger Robot <treehugger-gerrit@google.com>	Thu May 17 16:41:11 2018 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Thu May 17 16:41:11 2018 +0000
tree	03d641fc283e8d06c3dcb44e848a5b4d81d4b9ff
parent	bf94b0204dbc6035d394119fa004dec2e8fb1431 [diff]
parent	a1db36e1c098d44b0c9718634812f5c43e7b8759 [diff]