package sepolicy-analyze as part of VTS
am: 67b2da4431
Change-Id: I1bbf9b95f0c38fd5f20412e4afb2251ed2c3948e
diff --git a/Android.mk b/Android.mk
index e5b244b..4cc9c31 100644
--- a/Android.mk
+++ b/Android.mk
@@ -176,6 +176,13 @@
with_asan := true
endif
+# Library extension for host-side tests
+ifeq ($(HOST_OS),darwin)
+SHAREDLIB_EXT=dylib
+else
+SHAREDLIB_EXT=so
+endif
+
include $(CLEAR_VARS)
LOCAL_MODULE := selinux_policy
LOCAL_MODULE_TAGS := optional
@@ -190,17 +197,16 @@
# Use split SELinux policy
LOCAL_REQUIRED_MODULES += \
$(platform_mapping_file) \
- 26.0.cil \
nonplat_sepolicy.cil \
plat_sepolicy.cil \
plat_and_mapping_sepolicy.cil.sha256 \
secilc \
- plat_sepolicy_vers.txt
+ plat_sepolicy_vers.txt \
ifneq ($(with_asan),true)
LOCAL_REQUIRED_MODULES += \
treble_sepolicy_tests \
- sepolicy_tests
+
endif
# Include precompiled policy, unless told otherwise
@@ -214,7 +220,34 @@
LOCAL_REQUIRED_MODULES += \
nonplat_file_contexts \
- plat_file_contexts
+ nonplat_mac_permissions.xml \
+ nonplat_property_contexts \
+ nonplat_seapp_contexts \
+ nonplat_hwservice_contexts \
+ plat_file_contexts \
+ plat_mac_permissions.xml \
+ plat_property_contexts \
+ plat_seapp_contexts \
+ plat_service_contexts \
+ plat_hwservice_contexts \
+ searchpolicy \
+ vndservice_contexts \
+
+ifneq ($(PRODUCT_FULL_TREBLE),true)
+LOCAL_REQUIRED_MODULES += nonplat_service_contexts
+endif
+
+ifneq ($(TARGET_BUILD_VARIANT), user)
+LOCAL_REQUIRED_MODULES += \
+ selinux_denial_metadata \
+
+endif
+
+ifneq ($(with_asan),true)
+LOCAL_REQUIRED_MODULES += \
+ sepolicy_tests \
+
+endif
include $(BUILD_PHONY_PACKAGE)
@@ -321,7 +354,7 @@
$(hide) $(CHECKPOLICY_ASAN_OPTIONS) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -C -c \
$(POLICYVERS) -o $@ $<
$(hide) cat $(PRIVATE_ADDITIONAL_CIL_FILES) >> $@
- $(hide) $(HOST_OUT_EXECUTABLES)/secilc -M true -G -c $(POLICYVERS) $@ -o /dev/null -f /dev/null
+ $(hide) $(HOST_OUT_EXECUTABLES)/secilc -m -M true -G -c $(POLICYVERS) $@ -o /dev/null -f /dev/null
built_plat_cil := $(LOCAL_BUILT_MODULE)
plat_policy.conf :=
@@ -379,16 +412,6 @@
#################################
include $(CLEAR_VARS)
-LOCAL_MODULE := 26.0.cil
-LOCAL_SRC_FILES := private/compat/26.0/26.0.cil
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux/mapping
-
-include $(BUILD_PREBUILT)
-#################################
-include $(CLEAR_VARS)
-
LOCAL_MODULE := plat_and_mapping_sepolicy.cil.sha256
LOCAL_MODULE_CLASS := ETC
LOCAL_MODULE_TAGS := optional
@@ -444,7 +467,7 @@
$(built_plat_cil) $(built_mapping_cil)
@mkdir -p $(dir $@)
$(HOST_OUT_EXECUTABLES)/version_policy -b $< -t $(PRIVATE_TGT_POL) -n $(PRIVATE_VERS) -o $@
- $(hide) $(HOST_OUT_EXECUTABLES)/secilc -M true -G -N -c $(POLICYVERS) \
+ $(hide) $(HOST_OUT_EXECUTABLES)/secilc -m -M true -G -N -c $(POLICYVERS) \
$(PRIVATE_DEP_CIL_FILES) $@ -o /dev/null -f /dev/null
built_nonplat_cil := $(LOCAL_BUILT_MODULE)
@@ -466,7 +489,7 @@
$(built_plat_cil) $(built_mapping_cil) $(built_nonplat_cil)
$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/secilc \
$(built_plat_cil) $(built_mapping_cil) $(built_nonplat_cil)
- $(hide) $(HOST_OUT_EXECUTABLES)/secilc -M true -G -c $(POLICYVERS) \
+ $(hide) $(HOST_OUT_EXECUTABLES)/secilc -m -M true -G -c $(POLICYVERS) \
$(PRIVATE_CIL_FILES) -o $@ -f /dev/null
built_precompiled_sepolicy := $(LOCAL_BUILT_MODULE)
@@ -507,7 +530,7 @@
$(LOCAL_BUILT_MODULE): PRIVATE_CIL_FILES := $(all_cil_files)
$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/secilc $(HOST_OUT_EXECUTABLES)/sepolicy-analyze $(all_cil_files)
@mkdir -p $(dir $@)
- $(hide) $< -M true -G -c $(POLICYVERS) $(PRIVATE_CIL_FILES) -o $@.tmp -f /dev/null
+ $(hide) $< -m -M true -G -c $(POLICYVERS) $(PRIVATE_CIL_FILES) -o $@.tmp -f /dev/null
$(hide) $(HOST_OUT_EXECUTABLES)/sepolicy-analyze $@.tmp permissive > $@.permissivedomains
$(hide) if [ "$(TARGET_BUILD_VARIANT)" = "user" -a -s $@.permissivedomains ]; then \
echo "==========" 1>&2; \
@@ -663,6 +686,24 @@
file_contexts.local.tmp :=
##################################
+ifneq ($(TARGET_BUILD_VARIANT), user)
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := selinux_denial_metadata
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+bug_files := $(call build_policy, bug_map, $(LOCAL_PATH) $(PLAT_PRIVATE_POLICY) $(PLAT_VENDOR_POLICY) $(BOARD_SEPOLICY_DIRS) $(PLAT_PUBLIC_POLICY))
+
+$(LOCAL_BUILT_MODULE) : $(bug_files)
+ @mkdir -p $(dir $@)
+ cat $^ > $@
+
+bug_files :=
+endif
+##################################
include $(CLEAR_VARS)
LOCAL_MODULE := plat_file_contexts
@@ -843,9 +884,10 @@
@mkdir -p $(dir $@)
$(hide) m4 -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_PC_FILES) > $@
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
-$(LOCAL_BUILT_MODULE): $(plat_property_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc
+$(LOCAL_BUILT_MODULE): PRIVATE_FC_SORT := $(HOST_OUT_EXECUTABLES)/fc_sort
+$(LOCAL_BUILT_MODULE): $(plat_property_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc $(HOST_OUT_EXECUTABLES)/fc_sort
@mkdir -p $(dir $@)
- $(hide) sed -e 's/#.*$$//' -e '/^$$/d' $< | sort -u -o $@
+ $(hide) $(PRIVATE_FC_SORT) $< $@
$(hide) $(HOST_OUT_EXECUTABLES)/checkfc -p $(PRIVATE_SEPOLICY) $@
built_plat_pc := $(LOCAL_BUILT_MODULE)
@@ -877,9 +919,10 @@
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
-$(LOCAL_BUILT_MODULE): $(nonplat_property_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc
+$(LOCAL_BUILT_MODULE): PRIVATE_FC_SORT := $(HOST_OUT_EXECUTABLES)/fc_sort
+$(LOCAL_BUILT_MODULE): $(nonplat_property_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc $(HOST_OUT_EXECUTABLES)/fc_sort
@mkdir -p $(dir $@)
- $(hide) sed -e 's/#.*$$//' -e '/^$$/d' $< | sort -u -o $@
+ $(hide) $(PRIVATE_FC_SORT) $< $@
$(hide) $(HOST_OUT_EXECUTABLES)/checkfc -p $(PRIVATE_SEPOLICY) $@
built_nonplat_pc := $(LOCAL_BUILT_MODULE)
@@ -947,16 +990,15 @@
plat_service_contexts.tmp :=
##################################
+# nonplat_service_contexts is only allowed on non-full-treble devices
+ifneq ($(PRODUCT_FULL_TREBLE),true)
+
include $(CLEAR_VARS)
LOCAL_MODULE := nonplat_service_contexts
LOCAL_MODULE_CLASS := ETC
LOCAL_MODULE_TAGS := optional
-ifeq ($(PRODUCT_FULL_TREBLE),true)
-LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
-else
LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
-endif
include $(BUILD_SYSTEM)/base_rules.mk
@@ -979,6 +1021,8 @@
nonplat_svcfiles :=
nonplat_service_contexts.tmp :=
+endif
+
##################################
include $(CLEAR_VARS)
@@ -1148,10 +1192,11 @@
$(sepolicy_tests): PRIVATE_PLAT_FC := $(built_plat_fc)
$(sepolicy_tests): PRIVATE_NONPLAT_FC := $(built_nonplat_fc)
$(sepolicy_tests): PRIVATE_SEPOLICY := $(built_sepolicy)
-$(sepolicy_tests): $(HOST_OUT_EXECUTABLES)/sepolicy_tests.py \
+$(sepolicy_tests): $(HOST_OUT_EXECUTABLES)/sepolicy_tests \
$(built_plat_fc) $(built_nonplat_fc) $(built_sepolicy)
@mkdir -p $(dir $@)
- $(hide) python $(HOST_OUT_EXECUTABLES)/sepolicy_tests.py -l $(HOST_OUT)/lib64 -f $(PRIVATE_PLAT_FC) -f $(PRIVATE_NONPLAT_FC) -p $(PRIVATE_SEPOLICY)
+ $(hide) $(HOST_OUT_EXECUTABLES)/sepolicy_tests -l $(HOST_OUT)/lib64/libsepolwrap.$(SHAREDLIB_EXT) \
+ -f $(PRIVATE_PLAT_FC) -f $(PRIVATE_NONPLAT_FC) -p $(PRIVATE_SEPOLICY)
$(hide) touch $@
##################################
@@ -1194,7 +1239,7 @@
$(hide) $(CHECKPOLICY_ASAN_OPTIONS) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -C -c \
$(POLICYVERS) -o $@ $<
$(hide) cat $(PRIVATE_ADDITIONAL_CIL_FILES) >> $@
- $(hide) $(HOST_OUT_EXECUTABLES)/secilc -M true -G -c $(POLICYVERS) $@ -o $@ -f /dev/null
+ $(hide) $(HOST_OUT_EXECUTABLES)/secilc -m -M true -G -c $(POLICYVERS) $@ -o $@ -f /dev/null
26.0_plat_policy.conf :=
@@ -1210,7 +1255,7 @@
$(built_plat_cil) $(26.0_mapping.cil) $(26.0_nonplat)
$(26.0_compat): $(HOST_OUT_EXECUTABLES)/secilc \
$(built_plat_cil) $(26.0_mapping.cil) $(26.0_nonplat)
- $(hide) $(HOST_OUT_EXECUTABLES)/secilc -M true -G -N -c $(POLICYVERS) \
+ $(hide) $(HOST_OUT_EXECUTABLES)/secilc -m -M true -G -N -c $(POLICYVERS) \
$(PRIVATE_CIL_FILES) -o $@ -f /dev/null
# 26.0_mapping.combined.cil - a combination of the mapping file used when
@@ -1249,7 +1294,7 @@
$(hide) $(CHECKPOLICY_ASAN_OPTIONS) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -C -c \
$(POLICYVERS) -o $@ $<
$(hide) cat $(PRIVATE_ADDITIONAL_CIL_FILES) >> $@
- $(hide) $(HOST_OUT_EXECUTABLES)/secilc -M true -G -c $(POLICYVERS) $@ -o $@ -f /dev/null
+ $(hide) $(HOST_OUT_EXECUTABLES)/secilc -m -M true -G -c $(POLICYVERS) $@ -o $@ -f /dev/null
treble_sepolicy_tests := $(intermediates)/treble_sepolicy_tests
$(treble_sepolicy_tests): PRIVATE_PLAT_FC := $(built_plat_fc)
@@ -1258,14 +1303,21 @@
$(treble_sepolicy_tests): PRIVATE_SEPOLICY_OLD := $(built_26.0_plat_sepolicy)
$(treble_sepolicy_tests): PRIVATE_COMBINED_MAPPING := $(26.0_mapping.combined.cil)
$(treble_sepolicy_tests): PRIVATE_PLAT_SEPOLICY := $(built_plat_sepolicy)
-$(treble_sepolicy_tests): $(HOST_OUT_EXECUTABLES)/treble_sepolicy_tests.py \
+ifeq ($(PRODUCT_FULL_TREBLE_OVERRIDE),true)
+$(treble_sepolicy_tests): PRIVATE_FAKE_TREBLE := --fake-treble
+else
+$(treble_sepolicy_tests): PRIVATE_FAKE_TREBLE :=
+endif
+$(treble_sepolicy_tests): $(HOST_OUT_EXECUTABLES)/treble_sepolicy_tests \
$(built_plat_fc) $(built_nonplat_fc) $(built_sepolicy) $(built_plat_sepolicy) \
$(built_26.0_plat_sepolicy) $(26.0_compat) $(26.0_mapping.combined.cil)
@mkdir -p $(dir $@)
- $(hide) python $(HOST_OUT_EXECUTABLES)/treble_sepolicy_tests.py -l \
- $(HOST_OUT)/lib64 -f $(PRIVATE_PLAT_FC) -f $(PRIVATE_NONPLAT_FC) \
+ $(hide) $(HOST_OUT_EXECUTABLES)/treble_sepolicy_tests -l \
+ $(HOST_OUT)/lib64/libsepolwrap.$(SHAREDLIB_EXT) \
+ -f $(PRIVATE_PLAT_FC) -f $(PRIVATE_NONPLAT_FC) \
-b $(PRIVATE_PLAT_SEPOLICY) -m $(PRIVATE_COMBINED_MAPPING) \
- -o $(PRIVATE_SEPOLICY_OLD) -p $(PRIVATE_SEPOLICY)
+ -o $(PRIVATE_SEPOLICY_OLD) -p $(PRIVATE_SEPOLICY) \
+ $(PRIVATE_FAKE_TREBLE)
$(hide) touch $@
26.0_PLAT_PUBLIC_POLICY :=
diff --git a/CleanSpec.mk b/CleanSpec.mk
index 0933115..42d451c 100644
--- a/CleanSpec.mk
+++ b/CleanSpec.mk
@@ -71,3 +71,6 @@
$(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/etc/selinux/plat_sepolicy.cil.sha256)
$(call add-clean-step, rm -rf $(PRODUCT_OUT)/vendor/etc/selinux/precompiled_sepolicy.plat.sha256)
$(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/etc/selinux/mapping_sepolicy.cil)
+$(call add-clean-step, rm -rf $(PRODUCT_OUT)/vendor/etc/selinux/nonplat_service_contexts)
+$(call add-clean-step, rm -rf $(PRODUCT_OUT)/obj/ETC/nonplat_service_contexts_intermediates)
+$(call add-clean-step, rm -rf $(PRODUCT_OUT)/obj/NOTICE_FILES/src/vendor/etc/selinux/nonplat_service_contexts.txt)
diff --git a/prebuilts/api/26.0/26.0.cil b/prebuilts/api/26.0/26.0.cil
new file mode 100644
index 0000000..4e35ce8
--- /dev/null
+++ b/prebuilts/api/26.0/26.0.cil
@@ -0,0 +1,693 @@
+(typeattributeset accessibility_service_26_0 (accessibility_service))
+(typeattributeset account_service_26_0 (account_service))
+(typeattributeset activity_service_26_0 (activity_service))
+(typeattributeset adbd_26_0 (adbd))
+(typeattributeset adb_data_file_26_0 (adb_data_file))
+(typeattributeset adbd_socket_26_0 (adbd_socket))
+(typeattributeset adb_keys_file_26_0 (adb_keys_file))
+(typeattributeset alarm_device_26_0 (alarm_device))
+(typeattributeset alarm_service_26_0 (alarm_service))
+(typeattributeset anr_data_file_26_0 (anr_data_file))
+(typeattributeset apk_data_file_26_0 (apk_data_file))
+(typeattributeset apk_private_data_file_26_0 (apk_private_data_file))
+(typeattributeset apk_private_tmp_file_26_0 (apk_private_tmp_file))
+(typeattributeset apk_tmp_file_26_0 (apk_tmp_file))
+(typeattributeset app_data_file_26_0 (app_data_file))
+(typeattributeset app_fuse_file_26_0 (app_fuse_file))
+(typeattributeset app_fusefs_26_0 (app_fusefs))
+(typeattributeset appops_service_26_0 (appops_service))
+(typeattributeset appwidget_service_26_0 (appwidget_service))
+(typeattributeset asan_reboot_prop_26_0 (asan_reboot_prop))
+(typeattributeset asec_apk_file_26_0 (asec_apk_file))
+(typeattributeset asec_image_file_26_0 (asec_image_file))
+(typeattributeset asec_public_file_26_0 (asec_public_file))
+(typeattributeset ashmem_device_26_0 (ashmem_device))
+(typeattributeset assetatlas_service_26_0 (assetatlas_service))
+(typeattributeset audio_data_file_26_0 (audio_data_file))
+(typeattributeset audio_device_26_0 (audio_device))
+(typeattributeset audiohal_data_file_26_0 (audiohal_data_file))
+(typeattributeset audio_prop_26_0 (audio_prop))
+(typeattributeset audio_seq_device_26_0 (audio_seq_device))
+(typeattributeset audioserver_26_0 (audioserver))
+(typeattributeset audioserver_data_file_26_0 (audioserver_data_file))
+(typeattributeset audioserver_service_26_0 (audioserver_service))
+(typeattributeset audio_service_26_0 (audio_service))
+(typeattributeset audio_timer_device_26_0 (audio_timer_device))
+(typeattributeset autofill_service_26_0 (autofill_service))
+(typeattributeset backup_data_file_26_0 (backup_data_file))
+(typeattributeset backup_service_26_0 (backup_service))
+(typeattributeset batteryproperties_service_26_0 (batteryproperties_service))
+(typeattributeset battery_service_26_0 (battery_service))
+(typeattributeset batterystats_service_26_0 (batterystats_service))
+(typeattributeset binder_device_26_0 (binder_device))
+(typeattributeset binfmt_miscfs_26_0 (binfmt_miscfs))
+(typeattributeset blkid_26_0 (blkid))
+(typeattributeset blkid_untrusted_26_0 (blkid_untrusted))
+(typeattributeset block_device_26_0 (block_device))
+(typeattributeset bluetooth_26_0 (bluetooth))
+(typeattributeset bluetooth_data_file_26_0 (bluetooth_data_file))
+(typeattributeset bluetooth_efs_file_26_0 (bluetooth_efs_file))
+(typeattributeset bluetooth_logs_data_file_26_0 (bluetooth_logs_data_file))
+(typeattributeset bluetooth_manager_service_26_0 (bluetooth_manager_service))
+(typeattributeset bluetooth_prop_26_0 (bluetooth_prop))
+(typeattributeset bluetooth_service_26_0 (bluetooth_service))
+(typeattributeset bluetooth_socket_26_0 (bluetooth_socket))
+(typeattributeset bootanim_26_0 (bootanim))
+(typeattributeset bootanim_exec_26_0 (bootanim_exec))
+(typeattributeset boot_block_device_26_0 (boot_block_device))
+(typeattributeset bootchart_data_file_26_0 (bootchart_data_file))
+(typeattributeset bootstat_26_0 (bootstat))
+(typeattributeset bootstat_data_file_26_0 (bootstat_data_file))
+(typeattributeset bootstat_exec_26_0 (bootstat_exec))
+(typeattributeset boottime_prop_26_0 (boottime_prop))
+(typeattributeset boottrace_data_file_26_0 (boottrace_data_file))
+(typeattributeset bufferhubd_26_0 (bufferhubd))
+(typeattributeset bufferhubd_exec_26_0 (bufferhubd_exec))
+(typeattributeset cache_backup_file_26_0 (cache_backup_file))
+(typeattributeset cache_block_device_26_0 (cache_block_device))
+(typeattributeset cache_file_26_0 (cache_file))
+(typeattributeset cache_private_backup_file_26_0 (cache_private_backup_file))
+(typeattributeset cache_recovery_file_26_0 (cache_recovery_file))
+(typeattributeset camera_data_file_26_0 (camera_data_file))
+(typeattributeset camera_device_26_0 (camera_device))
+(typeattributeset cameraproxy_service_26_0 (cameraproxy_service))
+(typeattributeset cameraserver_26_0 (cameraserver))
+(typeattributeset cameraserver_exec_26_0 (cameraserver_exec))
+(typeattributeset cameraserver_service_26_0 (cameraserver_service))
+(typeattributeset cgroup_26_0 (cgroup))
+(typeattributeset charger_26_0 (charger))
+(typeattributeset clatd_26_0 (clatd))
+(typeattributeset clatd_exec_26_0 (clatd_exec))
+(typeattributeset clipboard_service_26_0 (clipboard_service))
+(typeattributeset commontime_management_service_26_0 (commontime_management_service))
+(typeattributeset companion_device_service_26_0 (companion_device_service))
+(typeattributeset configfs_26_0 (configfs))
+(typeattributeset config_prop_26_0 (config_prop))
+(typeattributeset connectivity_service_26_0 (connectivity_service))
+(typeattributeset connmetrics_service_26_0 (connmetrics_service))
+(typeattributeset console_device_26_0 (console_device))
+(typeattributeset consumer_ir_service_26_0 (consumer_ir_service))
+(typeattributeset content_service_26_0 (content_service))
+(typeattributeset contexthub_service_26_0 (contexthub_service))
+(typeattributeset coredump_file_26_0 (coredump_file))
+(typeattributeset country_detector_service_26_0 (country_detector_service))
+(typeattributeset coverage_service_26_0 (coverage_service))
+(typeattributeset cppreopt_prop_26_0 (cppreopt_prop))
+(typeattributeset cppreopts_26_0 (cppreopts))
+(typeattributeset cppreopts_exec_26_0 (cppreopts_exec))
+(typeattributeset cpuctl_device_26_0 (cpuctl_device))
+(typeattributeset cpuinfo_service_26_0 (cpuinfo_service))
+(typeattributeset crash_dump_26_0 (crash_dump))
+(typeattributeset crash_dump_exec_26_0 (crash_dump_exec))
+(typeattributeset ctl_bootanim_prop_26_0 (ctl_bootanim_prop))
+(typeattributeset ctl_bugreport_prop_26_0 (ctl_bugreport_prop))
+(typeattributeset ctl_console_prop_26_0 (ctl_console_prop))
+(typeattributeset ctl_default_prop_26_0 (ctl_default_prop))
+(typeattributeset ctl_dumpstate_prop_26_0 (ctl_dumpstate_prop))
+(typeattributeset ctl_fuse_prop_26_0 (ctl_fuse_prop))
+(typeattributeset ctl_mdnsd_prop_26_0 (ctl_mdnsd_prop))
+(typeattributeset ctl_rildaemon_prop_26_0 (ctl_rildaemon_prop))
+(typeattributeset dalvikcache_data_file_26_0 (dalvikcache_data_file))
+(typeattributeset dalvik_prop_26_0 (dalvik_prop))
+(typeattributeset dbinfo_service_26_0 (dbinfo_service))
+(typeattributeset debugfs_26_0 (debugfs))
+(typeattributeset debugfs_mmc_26_0 (debugfs_mmc))
+(typeattributeset debugfs_trace_marker_26_0 (debugfs_trace_marker))
+(typeattributeset debugfs_tracing_26_0 (debugfs_tracing))
+(typeattributeset debugfs_tracing_instances_26_0 (debugfs_tracing_instances))
+(typeattributeset debugfs_wifi_tracing_26_0 (debugfs_wifi_tracing))
+(typeattributeset debuggerd_prop_26_0 (debuggerd_prop))
+(typeattributeset debug_prop_26_0 (debug_prop))
+(typeattributeset default_android_hwservice_26_0 (default_android_hwservice))
+(typeattributeset default_android_service_26_0 (default_android_service))
+(typeattributeset default_android_vndservice_26_0 (default_android_vndservice))
+(typeattributeset default_prop_26_0 (default_prop))
+(typeattributeset device_26_0 (device))
+(typeattributeset device_identifiers_service_26_0 (device_identifiers_service))
+(typeattributeset deviceidle_service_26_0 (deviceidle_service))
+(typeattributeset device_logging_prop_26_0 (device_logging_prop))
+(typeattributeset device_policy_service_26_0 (device_policy_service))
+(typeattributeset devicestoragemonitor_service_26_0 (devicestoragemonitor_service))
+(typeattributeset devpts_26_0 (devpts))
+(typeattributeset dex2oat_26_0 (dex2oat))
+(typeattributeset dex2oat_exec_26_0 (dex2oat_exec))
+(typeattributeset dhcp_26_0 (dhcp))
+(typeattributeset dhcp_data_file_26_0 (dhcp_data_file))
+(typeattributeset dhcp_exec_26_0 (dhcp_exec))
+(typeattributeset dhcp_prop_26_0 (dhcp_prop))
+(typeattributeset diskstats_service_26_0 (diskstats_service))
+(typeattributeset display_service_26_0 (display_service))
+(typeattributeset dm_device_26_0 (dm_device))
+(typeattributeset dnsmasq_26_0 (dnsmasq))
+(typeattributeset dnsmasq_exec_26_0 (dnsmasq_exec))
+(typeattributeset dnsproxyd_socket_26_0 (dnsproxyd_socket))
+(typeattributeset DockObserver_service_26_0 (DockObserver_service))
+(typeattributeset dreams_service_26_0 (dreams_service))
+(typeattributeset drm_data_file_26_0 (drm_data_file))
+(typeattributeset drmserver_26_0 (drmserver))
+(typeattributeset drmserver_exec_26_0 (drmserver_exec))
+(typeattributeset drmserver_service_26_0 (drmserver_service))
+(typeattributeset drmserver_socket_26_0 (drmserver_socket))
+(typeattributeset dropbox_service_26_0 (dropbox_service))
+(typeattributeset dumpstate_26_0 (dumpstate))
+(typeattributeset dumpstate_exec_26_0 (dumpstate_exec))
+(typeattributeset dumpstate_options_prop_26_0 (dumpstate_options_prop))
+(typeattributeset dumpstate_prop_26_0 (dumpstate_prop))
+(typeattributeset dumpstate_service_26_0 (dumpstate_service))
+(typeattributeset dumpstate_socket_26_0 (dumpstate_socket))
+(typeattributeset efs_file_26_0 (efs_file))
+(typeattributeset ephemeral_app_26_0 (ephemeral_app))
+(typeattributeset ethernet_service_26_0 (ethernet_service))
+(typeattributeset ffs_prop_26_0 (ffs_prop))
+(typeattributeset file_contexts_file_26_0 (file_contexts_file))
+(typeattributeset fingerprintd_26_0 (fingerprintd))
+(typeattributeset fingerprintd_data_file_26_0 (fingerprintd_data_file))
+(typeattributeset fingerprintd_exec_26_0 (fingerprintd_exec))
+(typeattributeset fingerprintd_service_26_0 (fingerprintd_service))
+(typeattributeset fingerprint_prop_26_0 (fingerprint_prop))
+(typeattributeset fingerprint_service_26_0 (fingerprint_service))
+(typeattributeset firstboot_prop_26_0 (firstboot_prop))
+(typeattributeset font_service_26_0 (font_service))
+(typeattributeset frp_block_device_26_0 (frp_block_device))
+(typeattributeset fsck_26_0 (fsck))
+(typeattributeset fsck_exec_26_0 (fsck_exec))
+(typeattributeset fscklogs_26_0 (fscklogs))
+(typeattributeset fsck_untrusted_26_0 (fsck_untrusted))
+(typeattributeset full_device_26_0 (full_device))
+(typeattributeset functionfs_26_0 (functionfs))
+(typeattributeset fuse_26_0 (fuse))
+(typeattributeset fuse_device_26_0 (fuse_device))
+(typeattributeset fwk_display_hwservice_26_0 (fwk_display_hwservice))
+(typeattributeset fwk_scheduler_hwservice_26_0 (fwk_scheduler_hwservice))
+(typeattributeset fwk_sensor_hwservice_26_0 (fwk_sensor_hwservice))
+(typeattributeset fwmarkd_socket_26_0 (fwmarkd_socket))
+(typeattributeset gatekeeperd_26_0 (gatekeeperd))
+(typeattributeset gatekeeper_data_file_26_0 (gatekeeper_data_file))
+(typeattributeset gatekeeperd_exec_26_0 (gatekeeperd_exec))
+(typeattributeset gatekeeper_service_26_0 (gatekeeper_service))
+(typeattributeset gfxinfo_service_26_0 (gfxinfo_service))
+(typeattributeset gps_control_26_0 (gps_control))
+(typeattributeset gpu_device_26_0 (gpu_device))
+(typeattributeset gpu_service_26_0 (gpu_service))
+(typeattributeset graphics_device_26_0 (graphics_device))
+(typeattributeset graphicsstats_service_26_0 (graphicsstats_service))
+(typeattributeset hal_audio_hwservice_26_0 (hal_audio_hwservice))
+(typeattributeset hal_bluetooth_hwservice_26_0 (hal_bluetooth_hwservice))
+(typeattributeset hal_bootctl_hwservice_26_0 (hal_bootctl_hwservice))
+(typeattributeset hal_camera_hwservice_26_0 (hal_camera_hwservice))
+(typeattributeset hal_configstore_ISurfaceFlingerConfigs_26_0 (hal_configstore_ISurfaceFlingerConfigs))
+(typeattributeset hal_contexthub_hwservice_26_0 (hal_contexthub_hwservice))
+(typeattributeset hal_drm_hwservice_26_0 (hal_drm_hwservice))
+(typeattributeset hal_dumpstate_hwservice_26_0 (hal_dumpstate_hwservice))
+(typeattributeset hal_fingerprint_hwservice_26_0 (hal_fingerprint_hwservice))
+(typeattributeset hal_fingerprint_service_26_0 (hal_fingerprint_service))
+(typeattributeset hal_gatekeeper_hwservice_26_0 (hal_gatekeeper_hwservice))
+(typeattributeset hal_gnss_hwservice_26_0 (hal_gnss_hwservice))
+(typeattributeset hal_graphics_allocator_hwservice_26_0 (hal_graphics_allocator_hwservice))
+(typeattributeset hal_graphics_composer_hwservice_26_0 (hal_graphics_composer_hwservice))
+(typeattributeset hal_graphics_mapper_hwservice_26_0 (hal_graphics_mapper_hwservice))
+(typeattributeset hal_health_hwservice_26_0 (hal_health_hwservice))
+(typeattributeset hal_ir_hwservice_26_0 (hal_ir_hwservice))
+(typeattributeset hal_keymaster_hwservice_26_0 (hal_keymaster_hwservice))
+(typeattributeset hal_light_hwservice_26_0 (hal_light_hwservice))
+(typeattributeset hal_memtrack_hwservice_26_0 (hal_memtrack_hwservice))
+(typeattributeset hal_nfc_hwservice_26_0 (hal_nfc_hwservice))
+(typeattributeset hal_oemlock_hwservice_26_0 (hal_oemlock_hwservice))
+(typeattributeset hal_omx_hwservice_26_0 (hal_omx_hwservice))
+(typeattributeset hal_power_hwservice_26_0 (hal_power_hwservice))
+(typeattributeset hal_renderscript_hwservice_26_0 (hal_renderscript_hwservice))
+(typeattributeset hal_sensors_hwservice_26_0 (hal_sensors_hwservice))
+(typeattributeset hal_telephony_hwservice_26_0 (hal_telephony_hwservice))
+(typeattributeset hal_thermal_hwservice_26_0 (hal_thermal_hwservice))
+(typeattributeset hal_tv_cec_hwservice_26_0 (hal_tv_cec_hwservice))
+(typeattributeset hal_tv_input_hwservice_26_0 (hal_tv_input_hwservice))
+(typeattributeset hal_usb_hwservice_26_0 (hal_usb_hwservice))
+(typeattributeset hal_vibrator_hwservice_26_0 (hal_vibrator_hwservice))
+(typeattributeset hal_vr_hwservice_26_0 (hal_vr_hwservice))
+(typeattributeset hal_weaver_hwservice_26_0 (hal_weaver_hwservice))
+(typeattributeset hal_wifi_hwservice_26_0 (hal_wifi_hwservice))
+(typeattributeset hal_wifi_supplicant_hwservice_26_0 (hal_wifi_supplicant_hwservice))
+(typeattributeset hardware_properties_service_26_0 (hardware_properties_service))
+(typeattributeset hardware_service_26_0 (hardware_service))
+(typeattributeset hci_attach_dev_26_0 (hci_attach_dev))
+(typeattributeset hdmi_control_service_26_0 (hdmi_control_service))
+(typeattributeset healthd_26_0 (healthd))
+(typeattributeset healthd_exec_26_0 (healthd_exec))
+(typeattributeset heapdump_data_file_26_0 (heapdump_data_file))
+(typeattributeset hidl_allocator_hwservice_26_0 (hidl_allocator_hwservice))
+(typeattributeset hidl_base_hwservice_26_0 (hidl_base_hwservice))
+(typeattributeset hidl_manager_hwservice_26_0 (hidl_manager_hwservice))
+(typeattributeset hidl_memory_hwservice_26_0 (hidl_memory_hwservice))
+(typeattributeset hidl_token_hwservice_26_0 (hidl_token_hwservice))
+(typeattributeset hwbinder_device_26_0 (hwbinder_device))
+(typeattributeset hw_random_device_26_0 (hw_random_device))
+(typeattributeset hwservice_contexts_file_26_0 (hwservice_contexts_file))
+(typeattributeset hwservicemanager_26_0 (hwservicemanager))
+(typeattributeset hwservicemanager_exec_26_0 (hwservicemanager_exec))
+(typeattributeset hwservicemanager_prop_26_0 (hwservicemanager_prop))
+(typeattributeset i2c_device_26_0 (i2c_device))
+(typeattributeset icon_file_26_0 (icon_file))
+(typeattributeset idmap_26_0 (idmap))
+(typeattributeset idmap_exec_26_0 (idmap_exec))
+(typeattributeset iio_device_26_0 (iio_device))
+(typeattributeset imms_service_26_0 (imms_service))
+(typeattributeset incident_26_0 (incident))
+(typeattributeset incidentd_26_0 (incidentd))
+(typeattributeset incident_data_file_26_0 (incident_data_file))
+(typeattributeset incident_service_26_0 (incident_service))
+(typeattributeset init_26_0 (init))
+(typeattributeset init_exec_26_0 (init_exec))
+(typeattributeset inotify_26_0 (inotify))
+(typeattributeset input_device_26_0 (input_device))
+(typeattributeset inputflinger_26_0 (inputflinger))
+(typeattributeset inputflinger_exec_26_0 (inputflinger_exec))
+(typeattributeset inputflinger_service_26_0 (inputflinger_service))
+(typeattributeset input_method_service_26_0 (input_method_service))
+(typeattributeset input_service_26_0 (input_service))
+(typeattributeset installd_26_0 (installd))
+(typeattributeset install_data_file_26_0 (install_data_file))
+(typeattributeset installd_exec_26_0 (installd_exec))
+(typeattributeset installd_service_26_0 (installd_service))
+(typeattributeset install_recovery_26_0 (install_recovery))
+(typeattributeset install_recovery_exec_26_0 (install_recovery_exec))
+(typeattributeset ion_device_26_0 (ion_device))
+(typeattributeset IProxyService_service_26_0 (IProxyService_service))
+(typeattributeset ipsec_service_26_0 (ipsec_service))
+(typeattributeset isolated_app_26_0 (isolated_app))
+(typeattributeset jobscheduler_service_26_0 (jobscheduler_service))
+(typeattributeset kernel_26_0 (kernel))
+(typeattributeset keychain_data_file_26_0 (keychain_data_file))
+(typeattributeset keychord_device_26_0 (keychord_device))
+(typeattributeset keystore_26_0 (keystore))
+(typeattributeset keystore_data_file_26_0 (keystore_data_file))
+(typeattributeset keystore_exec_26_0 (keystore_exec))
+(typeattributeset keystore_service_26_0 (keystore_service))
+(typeattributeset kmem_device_26_0 (kmem_device))
+(typeattributeset kmsg_device_26_0 (kmsg_device))
+(typeattributeset labeledfs_26_0 (labeledfs))
+(typeattributeset launcherapps_service_26_0 (launcherapps_service))
+(typeattributeset lmkd_26_0 (lmkd))
+(typeattributeset lmkd_exec_26_0 (lmkd_exec))
+(typeattributeset lmkd_socket_26_0 (lmkd_socket))
+(typeattributeset location_service_26_0 (location_service))
+(typeattributeset lock_settings_service_26_0 (lock_settings_service))
+(typeattributeset logcat_exec_26_0 (logcat_exec))
+(typeattributeset logd_26_0 (logd))
+(typeattributeset log_device_26_0 (log_device))
+(typeattributeset logd_exec_26_0 (logd_exec))
+(typeattributeset logd_prop_26_0 (logd_prop))
+(typeattributeset logdr_socket_26_0 (logdr_socket))
+(typeattributeset logd_socket_26_0 (logd_socket))
+(typeattributeset logdw_socket_26_0 (logdw_socket))
+(typeattributeset logpersist_26_0 (logpersist))
+(typeattributeset logpersistd_logging_prop_26_0 (logpersistd_logging_prop))
+(typeattributeset log_prop_26_0 (log_prop))
+(typeattributeset log_tag_prop_26_0 (log_tag_prop))
+(typeattributeset loop_control_device_26_0 (loop_control_device))
+(typeattributeset loop_device_26_0 (loop_device))
+(typeattributeset mac_perms_file_26_0 (mac_perms_file))
+(typeattributeset mdnsd_26_0 (mdnsd))
+(typeattributeset mdnsd_socket_26_0 (mdnsd_socket))
+(typeattributeset mdns_socket_26_0 (mdns_socket))
+(typeattributeset mediacasserver_service_26_0 (mediacasserver_service))
+(typeattributeset mediacodec_26_0 (mediacodec))
+(typeattributeset mediacodec_exec_26_0 (mediacodec_exec))
+(typeattributeset mediacodec_service_26_0 (mediacodec_service))
+(typeattributeset media_data_file_26_0 (media_data_file))
+(typeattributeset mediadrmserver_26_0 (mediadrmserver))
+(typeattributeset mediadrmserver_exec_26_0 (mediadrmserver_exec))
+(typeattributeset mediadrmserver_service_26_0 (mediadrmserver_service))
+(typeattributeset mediaextractor_26_0 (mediaextractor))
+(typeattributeset mediaextractor_exec_26_0 (mediaextractor_exec))
+(typeattributeset mediaextractor_service_26_0 (mediaextractor_service))
+(typeattributeset mediametrics_26_0 (mediametrics))
+(typeattributeset mediametrics_exec_26_0 (mediametrics_exec))
+(typeattributeset mediametrics_service_26_0 (mediametrics_service))
+(typeattributeset media_projection_service_26_0 (media_projection_service))
+(typeattributeset media_router_service_26_0 (media_router_service))
+(typeattributeset media_rw_data_file_26_0 (media_rw_data_file))
+(typeattributeset mediaserver_26_0 (mediaserver))
+(typeattributeset mediaserver_exec_26_0 (mediaserver_exec))
+(typeattributeset mediaserver_service_26_0 (mediaserver_service))
+(typeattributeset media_session_service_26_0 (media_session_service))
+(typeattributeset meminfo_service_26_0 (meminfo_service))
+(typeattributeset metadata_block_device_26_0 (metadata_block_device))
+(typeattributeset method_trace_data_file_26_0 (method_trace_data_file))
+(typeattributeset midi_service_26_0 (midi_service))
+(typeattributeset misc_block_device_26_0 (misc_block_device))
+(typeattributeset misc_logd_file_26_0 (misc_logd_file))
+(typeattributeset misc_user_data_file_26_0 (misc_user_data_file))
+(typeattributeset mmc_prop_26_0 (mmc_prop))
+(typeattributeset mnt_expand_file_26_0 (mnt_expand_file))
+(typeattributeset mnt_media_rw_file_26_0 (mnt_media_rw_file))
+(typeattributeset mnt_media_rw_stub_file_26_0 (mnt_media_rw_stub_file))
+(typeattributeset mnt_user_file_26_0 (mnt_user_file))
+(typeattributeset modprobe_26_0 (modprobe))
+(typeattributeset mount_service_26_0 (mount_service))
+(typeattributeset mqueue_26_0 (mqueue))
+(typeattributeset mtd_device_26_0 (mtd_device))
+(typeattributeset mtp_26_0 (mtp))
+(typeattributeset mtp_device_26_0 (mtp_device))
+(typeattributeset mtpd_socket_26_0 (mtpd_socket))
+(typeattributeset mtp_exec_26_0 (mtp_exec))
+(typeattributeset nativetest_data_file_26_0 (nativetest_data_file))
+(typeattributeset netd_26_0 (netd))
+(typeattributeset net_data_file_26_0 (net_data_file))
+(typeattributeset netd_exec_26_0 (netd_exec))
+(typeattributeset netd_listener_service_26_0 (netd_listener_service))
+(typeattributeset net_dns_prop_26_0 (net_dns_prop))
+(typeattributeset netd_service_26_0 (netd_service))
+(typeattributeset netd_socket_26_0 (netd_socket))
+(typeattributeset netif_26_0 (netif))
+(typeattributeset netpolicy_service_26_0 (netpolicy_service))
+(typeattributeset net_radio_prop_26_0 (net_radio_prop))
+(typeattributeset netstats_service_26_0 (netstats_service))
+(typeattributeset netutils_wrapper_26_0 (netutils_wrapper))
+(typeattributeset netutils_wrapper_exec_26_0 (netutils_wrapper_exec))
+(typeattributeset network_management_service_26_0 (network_management_service))
+(typeattributeset network_score_service_26_0 (network_score_service))
+(typeattributeset network_time_update_service_26_0 (network_time_update_service))
+(typeattributeset nfc_26_0 (nfc))
+(typeattributeset nfc_data_file_26_0 (nfc_data_file))
+(typeattributeset nfc_device_26_0 (nfc_device))
+(typeattributeset nfc_prop_26_0 (nfc_prop))
+(typeattributeset nfc_service_26_0 (nfc_service))
+(typeattributeset node_26_0 (node))
+(typeattributeset notification_service_26_0 (notification_service))
+(typeattributeset null_device_26_0 (null_device))
+(typeattributeset oemfs_26_0 (oemfs))
+(typeattributeset oem_lock_service_26_0 (oem_lock_service))
+(typeattributeset ota_data_file_26_0 (ota_data_file))
+(typeattributeset otadexopt_service_26_0 (otadexopt_service))
+(typeattributeset ota_package_file_26_0 (ota_package_file))
+(typeattributeset otapreopt_chroot_26_0 (otapreopt_chroot))
+(typeattributeset otapreopt_chroot_exec_26_0 (otapreopt_chroot_exec))
+(typeattributeset otapreopt_slot_26_0 (otapreopt_slot))
+(typeattributeset otapreopt_slot_exec_26_0 (otapreopt_slot_exec))
+(typeattributeset overlay_prop_26_0 (overlay_prop))
+(typeattributeset overlay_service_26_0 (overlay_service))
+(typeattributeset owntty_device_26_0 (owntty_device))
+(typeattributeset package_service_26_0 (package_service))
+(typeattributeset pan_result_prop_26_0 (pan_result_prop))
+(typeattributeset pdx_bufferhub_client_channel_socket_26_0 (pdx_bufferhub_client_channel_socket))
+(typeattributeset pdx_bufferhub_client_endpoint_socket_26_0 (pdx_bufferhub_client_endpoint_socket))
+(typeattributeset pdx_bufferhub_dir_26_0 (pdx_bufferhub_dir))
+(typeattributeset pdx_display_client_channel_socket_26_0 (pdx_display_client_channel_socket))
+(typeattributeset pdx_display_client_endpoint_socket_26_0 (pdx_display_client_endpoint_socket))
+(typeattributeset pdx_display_dir_26_0 (pdx_display_dir))
+(typeattributeset pdx_display_manager_channel_socket_26_0 (pdx_display_manager_channel_socket))
+(typeattributeset pdx_display_manager_endpoint_socket_26_0 (pdx_display_manager_endpoint_socket))
+(typeattributeset pdx_display_screenshot_channel_socket_26_0 (pdx_display_screenshot_channel_socket))
+(typeattributeset pdx_display_screenshot_endpoint_socket_26_0 (pdx_display_screenshot_endpoint_socket))
+(typeattributeset pdx_display_vsync_channel_socket_26_0 (pdx_display_vsync_channel_socket))
+(typeattributeset pdx_display_vsync_endpoint_socket_26_0 (pdx_display_vsync_endpoint_socket))
+(typeattributeset pdx_performance_client_channel_socket_26_0 (pdx_performance_client_channel_socket))
+(typeattributeset pdx_performance_client_endpoint_socket_26_0 (pdx_performance_client_endpoint_socket))
+(typeattributeset pdx_performance_dir_26_0 (pdx_performance_dir))
+(typeattributeset performanced_26_0 (performanced))
+(typeattributeset performanced_exec_26_0 (performanced_exec))
+(typeattributeset perfprofd_26_0 (perfprofd))
+(typeattributeset perfprofd_data_file_26_0 (perfprofd_data_file))
+(typeattributeset perfprofd_exec_26_0 (perfprofd_exec))
+(typeattributeset permission_service_26_0 (permission_service))
+(typeattributeset persist_debug_prop_26_0 (persist_debug_prop))
+(typeattributeset persistent_data_block_service_26_0 (persistent_data_block_service))
+(typeattributeset persistent_properties_ready_prop_26_0 (persistent_properties_ready_prop))
+(typeattributeset pinner_service_26_0 (pinner_service))
+(typeattributeset pipefs_26_0 (pipefs))
+(typeattributeset platform_app_26_0 (platform_app))
+(typeattributeset pmsg_device_26_0 (pmsg_device))
+(typeattributeset port_26_0 (port))
+(typeattributeset port_device_26_0 (port_device))
+(typeattributeset postinstall_26_0 (postinstall))
+(typeattributeset postinstall_dexopt_26_0 (postinstall_dexopt))
+(typeattributeset postinstall_file_26_0 (postinstall_file))
+(typeattributeset postinstall_mnt_dir_26_0 (postinstall_mnt_dir))
+(typeattributeset powerctl_prop_26_0 (powerctl_prop))
+(typeattributeset power_service_26_0 (power_service))
+(typeattributeset ppp_26_0 (ppp))
+(typeattributeset ppp_device_26_0 (ppp_device))
+(typeattributeset ppp_exec_26_0 (ppp_exec))
+(typeattributeset preloads_data_file_26_0 (preloads_data_file))
+(typeattributeset preloads_media_file_26_0 (preloads_media_file))
+(typeattributeset preopt2cachename_26_0 (preopt2cachename))
+(typeattributeset preopt2cachename_exec_26_0 (preopt2cachename_exec))
+(typeattributeset print_service_26_0 (print_service))
+(typeattributeset priv_app_26_0 (priv_app))
+(typeattributeset proc_26_0 (proc))
+(typeattributeset proc_bluetooth_writable_26_0 (proc_bluetooth_writable))
+(typeattributeset proc_cpuinfo_26_0 (proc_cpuinfo))
+(typeattributeset proc_drop_caches_26_0 (proc_drop_caches))
+(typeattributeset processinfo_service_26_0 (processinfo_service))
+(typeattributeset proc_interrupts_26_0 (proc_interrupts))
+(typeattributeset proc_iomem_26_0 (proc_iomem))
+(typeattributeset proc_meminfo_26_0 (proc_meminfo))
+(typeattributeset proc_misc_26_0 (proc_misc))
+(typeattributeset proc_modules_26_0 (proc_modules))
+(typeattributeset proc_net_26_0 (proc_net))
+(typeattributeset proc_overcommit_memory_26_0 (proc_overcommit_memory))
+(typeattributeset proc_perf_26_0 (proc_perf))
+(typeattributeset proc_security_26_0 (proc_security))
+(typeattributeset proc_stat_26_0 (proc_stat))
+(typeattributeset procstats_service_26_0 (procstats_service))
+(typeattributeset proc_sysrq_26_0 (proc_sysrq))
+(typeattributeset proc_timer_26_0 (proc_timer))
+(typeattributeset proc_tty_drivers_26_0 (proc_tty_drivers))
+(typeattributeset proc_uid_cputime_removeuid_26_0 (proc_uid_cputime_removeuid))
+(typeattributeset proc_uid_cputime_showstat_26_0 (proc_uid_cputime_showstat))
+(typeattributeset proc_uid_io_stats_26_0 (proc_uid_io_stats))
+(typeattributeset proc_uid_procstat_set_26_0 (proc_uid_procstat_set))
+(typeattributeset proc_zoneinfo_26_0 (proc_zoneinfo))
+(typeattributeset profman_26_0 (profman))
+(typeattributeset profman_dump_data_file_26_0 (profman_dump_data_file))
+(typeattributeset profman_exec_26_0 (profman_exec))
+(typeattributeset properties_device_26_0 (properties_device))
+(typeattributeset properties_serial_26_0 (properties_serial))
+(typeattributeset property_contexts_file_26_0 (property_contexts_file))
+(typeattributeset property_data_file_26_0 (property_data_file))
+(typeattributeset property_socket_26_0 (property_socket))
+(typeattributeset pstorefs_26_0 (pstorefs))
+(typeattributeset ptmx_device_26_0 (ptmx_device))
+(typeattributeset qtaguid_device_26_0 (qtaguid_device))
+(typeattributeset qtaguid_proc_26_0 (qtaguid_proc))
+(typeattributeset racoon_26_0 (racoon))
+(typeattributeset racoon_exec_26_0 (racoon_exec))
+(typeattributeset racoon_socket_26_0 (racoon_socket))
+(typeattributeset radio_26_0 (radio))
+(typeattributeset radio_data_file_26_0 (radio_data_file))
+(typeattributeset radio_device_26_0 (radio_device))
+(typeattributeset radio_prop_26_0 (radio_prop))
+(typeattributeset radio_service_26_0 (radio_service))
+(typeattributeset ram_device_26_0 (ram_device))
+(typeattributeset random_device_26_0 (random_device))
+(typeattributeset reboot_data_file_26_0 (reboot_data_file))
+(typeattributeset recovery_26_0 (recovery))
+(typeattributeset recovery_block_device_26_0 (recovery_block_device))
+(typeattributeset recovery_data_file_26_0 (recovery_data_file))
+(typeattributeset recovery_persist_26_0 (recovery_persist))
+(typeattributeset recovery_persist_exec_26_0 (recovery_persist_exec))
+(typeattributeset recovery_refresh_26_0 (recovery_refresh))
+(typeattributeset recovery_refresh_exec_26_0 (recovery_refresh_exec))
+(typeattributeset recovery_service_26_0 (recovery_service))
+(typeattributeset registry_service_26_0 (registry_service))
+(typeattributeset resourcecache_data_file_26_0 (resourcecache_data_file))
+(typeattributeset restorecon_prop_26_0 (restorecon_prop))
+(typeattributeset restrictions_service_26_0 (restrictions_service))
+(typeattributeset rild_26_0 (rild))
+(typeattributeset rild_debug_socket_26_0 (rild_debug_socket))
+(typeattributeset rild_socket_26_0 (rild_socket))
+(typeattributeset ringtone_file_26_0 (ringtone_file))
+(typeattributeset root_block_device_26_0 (root_block_device))
+(typeattributeset rootfs_26_0 (rootfs))
+(typeattributeset rpmsg_device_26_0 (rpmsg_device))
+(typeattributeset rtc_device_26_0 (rtc_device))
+(typeattributeset rttmanager_service_26_0 (rttmanager_service))
+(typeattributeset runas_26_0 (runas))
+(typeattributeset runas_exec_26_0 (runas_exec))
+(typeattributeset runtime_event_log_tags_file_26_0 (runtime_event_log_tags_file))
+(typeattributeset safemode_prop_26_0 (safemode_prop))
+(typeattributeset same_process_hal_file_26_0 (same_process_hal_file))
+(typeattributeset samplingprofiler_service_26_0 (samplingprofiler_service))
+(typeattributeset scheduling_policy_service_26_0 (scheduling_policy_service))
+(typeattributeset sdcardd_26_0 (sdcardd))
+(typeattributeset sdcardd_exec_26_0 (sdcardd_exec))
+(typeattributeset sdcardfs_26_0 (sdcardfs))
+(typeattributeset seapp_contexts_file_26_0 (seapp_contexts_file))
+(typeattributeset search_service_26_0 (search_service))
+(typeattributeset sec_key_att_app_id_provider_service_26_0 (sec_key_att_app_id_provider_service))
+(typeattributeset selinuxfs_26_0 (selinuxfs))
+(typeattributeset sensors_device_26_0 (sensors_device))
+(typeattributeset sensorservice_service_26_0 (sensorservice_service))
+(typeattributeset sepolicy_file_26_0 (sepolicy_file))
+(typeattributeset serial_device_26_0 (serial_device))
+(typeattributeset serialno_prop_26_0 (serialno_prop))
+(typeattributeset serial_service_26_0 (serial_service))
+(typeattributeset service_contexts_file_26_0 (service_contexts_file))
+(typeattributeset servicediscovery_service_26_0 (servicediscovery_service))
+(typeattributeset servicemanager_26_0 (servicemanager))
+(typeattributeset servicemanager_exec_26_0 (servicemanager_exec))
+(typeattributeset settings_service_26_0 (settings_service))
+(typeattributeset sgdisk_26_0 (sgdisk))
+(typeattributeset sgdisk_exec_26_0 (sgdisk_exec))
+(typeattributeset shared_relro_26_0 (shared_relro))
+(typeattributeset shared_relro_file_26_0 (shared_relro_file))
+(typeattributeset shell_26_0 (shell))
+(typeattributeset shell_data_file_26_0 (shell_data_file))
+(typeattributeset shell_exec_26_0 (shell_exec))
+(typeattributeset shell_prop_26_0 (shell_prop))
+(typeattributeset shm_26_0 (shm))
+(typeattributeset shortcut_manager_icons_26_0 (shortcut_manager_icons))
+(typeattributeset shortcut_service_26_0 (shortcut_service))
+(typeattributeset slideshow_26_0 (slideshow))
+(typeattributeset socket_device_26_0 (socket_device))
+(typeattributeset sockfs_26_0 (sockfs))
+(typeattributeset statusbar_service_26_0 (statusbar_service))
+(typeattributeset storaged_service_26_0 (storaged_service))
+(typeattributeset storage_file_26_0 (storage_file))
+(typeattributeset storagestats_service_26_0 (storagestats_service))
+(typeattributeset storage_stub_file_26_0 (storage_stub_file))
+(typeattributeset su_26_0 (su))
+(typeattributeset su_exec_26_0 (su_exec))
+(typeattributeset surfaceflinger_26_0 (surfaceflinger))
+(typeattributeset surfaceflinger_service_26_0 (surfaceflinger_service))
+(typeattributeset swap_block_device_26_0 (swap_block_device))
+(typeattributeset sysfs_26_0 (sysfs))
+(typeattributeset sysfs_batteryinfo_26_0 (sysfs_batteryinfo))
+(typeattributeset sysfs_bluetooth_writable_26_0 (sysfs_bluetooth_writable))
+(typeattributeset sysfs_devices_system_cpu_26_0 (sysfs_devices_system_cpu))
+(typeattributeset sysfs_hwrandom_26_0 (sysfs_hwrandom))
+(typeattributeset sysfs_leds_26_0 (sysfs_leds))
+(typeattributeset sysfs_lowmemorykiller_26_0 (sysfs_lowmemorykiller))
+(typeattributeset sysfs_mac_address_26_0 (sysfs_mac_address))
+(typeattributeset sysfs_nfc_power_writable_26_0 (sysfs_nfc_power_writable))
+(typeattributeset sysfs_thermal_26_0 (sysfs_thermal))
+(typeattributeset sysfs_uio_26_0 (sysfs_uio))
+(typeattributeset sysfs_usb_26_0 (sysfs_usb))
+(typeattributeset sysfs_vibrator_26_0 (sysfs_vibrator))
+(typeattributeset sysfs_wake_lock_26_0 (sysfs_wake_lock))
+(typeattributeset sysfs_wlan_fwpath_26_0 (sysfs_wlan_fwpath))
+(typeattributeset sysfs_zram_26_0 (sysfs_zram))
+(typeattributeset sysfs_zram_uevent_26_0 (sysfs_zram_uevent))
+(typeattributeset system_app_26_0 (system_app))
+(typeattributeset system_app_data_file_26_0 (system_app_data_file))
+(typeattributeset system_app_service_26_0 (system_app_service))
+(typeattributeset system_block_device_26_0 (system_block_device))
+(typeattributeset system_data_file_26_0 (system_data_file))
+(typeattributeset system_file_26_0 (system_file))
+(typeattributeset systemkeys_data_file_26_0 (systemkeys_data_file))
+(typeattributeset system_ndebug_socket_26_0 (system_ndebug_socket))
+(typeattributeset system_prop_26_0 (system_prop))
+(typeattributeset system_radio_prop_26_0 (system_radio_prop))
+(typeattributeset system_server_26_0 (system_server))
+(typeattributeset system_wifi_keystore_hwservice_26_0 (system_wifi_keystore_hwservice))
+(typeattributeset system_wpa_socket_26_0 (system_wpa_socket))
+(typeattributeset task_service_26_0 (task_service))
+(typeattributeset tee_26_0 (tee))
+(typeattributeset tee_data_file_26_0 (tee_data_file))
+(typeattributeset tee_device_26_0 (tee_device))
+(typeattributeset telecom_service_26_0 (telecom_service))
+(typeattributeset textclassification_service_26_0 (textclassification_service))
+(typeattributeset textclassifier_data_file_26_0 (textclassifier_data_file))
+(typeattributeset textservices_service_26_0 (textservices_service))
+(typeattributeset tmpfs_26_0 (tmpfs))
+(typeattributeset tombstoned_26_0 (tombstoned))
+(typeattributeset tombstone_data_file_26_0 (tombstone_data_file))
+(typeattributeset tombstoned_crash_socket_26_0 (tombstoned_crash_socket))
+(typeattributeset tombstoned_exec_26_0 (tombstoned_exec))
+(typeattributeset tombstoned_intercept_socket_26_0 (tombstoned_intercept_socket))
+(typeattributeset toolbox_26_0 (toolbox))
+(typeattributeset toolbox_exec_26_0 (toolbox_exec))
+(typeattributeset tracing_shell_writable_26_0 (tracing_shell_writable))
+(typeattributeset tracing_shell_writable_debug_26_0 (tracing_shell_writable_debug))
+(typeattributeset trust_service_26_0 (trust_service))
+(typeattributeset tty_device_26_0 (tty_device))
+(typeattributeset tun_device_26_0 (tun_device))
+(typeattributeset tv_input_service_26_0 (tv_input_service))
+(typeattributeset tzdatacheck_26_0 (tzdatacheck))
+(typeattributeset tzdatacheck_exec_26_0 (tzdatacheck_exec))
+(typeattributeset ueventd_26_0 (ueventd))
+(typeattributeset uhid_device_26_0 (uhid_device))
+(typeattributeset uimode_service_26_0 (uimode_service))
+(typeattributeset uio_device_26_0 (uio_device))
+(typeattributeset uncrypt_26_0 (uncrypt))
+(typeattributeset uncrypt_exec_26_0 (uncrypt_exec))
+(typeattributeset uncrypt_socket_26_0 (uncrypt_socket))
+(typeattributeset unencrypted_data_file_26_0 (unencrypted_data_file))
+(typeattributeset unlabeled_26_0 (unlabeled))
+(typeattributeset untrusted_app_25_26_0 (untrusted_app_25))
+(typeattributeset untrusted_app_26_0 (untrusted_app))
+(typeattributeset untrusted_v2_app_26_0 (untrusted_v2_app))
+(typeattributeset update_engine_26_0 (update_engine))
+(typeattributeset update_engine_data_file_26_0 (update_engine_data_file))
+(typeattributeset update_engine_exec_26_0 (update_engine_exec))
+(typeattributeset update_engine_service_26_0 (update_engine_service))
+(typeattributeset updatelock_service_26_0 (updatelock_service))
+(typeattributeset update_verifier_26_0 (update_verifier))
+(typeattributeset update_verifier_exec_26_0 (update_verifier_exec))
+(typeattributeset usagestats_service_26_0 (usagestats_service))
+(typeattributeset usbaccessory_device_26_0 (usbaccessory_device))
+(typeattributeset usb_device_26_0 (usb_device))
+(typeattributeset usbfs_26_0 (usbfs))
+(typeattributeset usb_service_26_0 (usb_service))
+(typeattributeset userdata_block_device_26_0 (userdata_block_device))
+(typeattributeset usermodehelper_26_0 (usermodehelper))
+(typeattributeset user_profile_data_file_26_0 (user_profile_data_file))
+(typeattributeset user_service_26_0 (user_service))
+(typeattributeset vcs_device_26_0 (vcs_device))
+(typeattributeset vdc_26_0 (vdc))
+(typeattributeset vdc_exec_26_0 (vdc_exec))
+(typeattributeset vendor_app_file_26_0 (vendor_app_file))
+(typeattributeset vendor_configs_file_26_0 (vendor_configs_file))
+(typeattributeset vendor_file_26_0 (vendor_file))
+(typeattributeset vendor_framework_file_26_0 (vendor_framework_file))
+(typeattributeset vendor_hal_file_26_0 (vendor_hal_file))
+(typeattributeset vendor_overlay_file_26_0 (vendor_overlay_file))
+(typeattributeset vendor_shell_exec_26_0 (vendor_shell_exec))
+(typeattributeset vendor_toolbox_exec_26_0 (vendor_toolbox_exec))
+(typeattributeset vfat_26_0 (vfat))
+(typeattributeset vibrator_service_26_0 (vibrator_service))
+(typeattributeset video_device_26_0 (video_device))
+(typeattributeset virtual_touchpad_26_0 (virtual_touchpad))
+(typeattributeset virtual_touchpad_exec_26_0 (virtual_touchpad_exec))
+(typeattributeset virtual_touchpad_service_26_0 (virtual_touchpad_service))
+(typeattributeset vndbinder_device_26_0 (vndbinder_device))
+(typeattributeset vndk_sp_file_26_0 (vndk_sp_file))
+(typeattributeset vndservice_contexts_file_26_0 (vndservice_contexts_file))
+(typeattributeset vndservicemanager_26_0 (vndservicemanager))
+(typeattributeset voiceinteraction_service_26_0 (voiceinteraction_service))
+(typeattributeset vold_26_0 (vold))
+(typeattributeset vold_data_file_26_0 (vold_data_file))
+(typeattributeset vold_device_26_0 (vold_device))
+(typeattributeset vold_exec_26_0 (vold_exec))
+(typeattributeset vold_prop_26_0 (vold_prop))
+(typeattributeset vold_socket_26_0 (vold_socket))
+(typeattributeset vpn_data_file_26_0 (vpn_data_file))
+(typeattributeset vr_hwc_26_0 (vr_hwc))
+(typeattributeset vr_hwc_exec_26_0 (vr_hwc_exec))
+(typeattributeset vr_hwc_service_26_0 (vr_hwc_service))
+(typeattributeset vr_manager_service_26_0 (vr_manager_service))
+(typeattributeset wallpaper_file_26_0 (wallpaper_file))
+(typeattributeset wallpaper_service_26_0 (wallpaper_service))
+(typeattributeset watchdogd_26_0 (watchdogd))
+(typeattributeset watchdog_device_26_0 (watchdog_device))
+(typeattributeset webviewupdate_service_26_0 (webviewupdate_service))
+(typeattributeset webview_zygote_26_0 (webview_zygote))
+(typeattributeset webview_zygote_exec_26_0 (webview_zygote_exec))
+(typeattributeset webview_zygote_socket_26_0 (webview_zygote_socket))
+(typeattributeset wifiaware_service_26_0 (wifiaware_service))
+(typeattributeset wificond_26_0 (wificond))
+(typeattributeset wificond_exec_26_0 (wificond_exec))
+(typeattributeset wificond_service_26_0 (wificond_service))
+(typeattributeset wifi_data_file_26_0 (wifi_data_file))
+(typeattributeset wifi_log_prop_26_0 (wifi_log_prop))
+(typeattributeset wifip2p_service_26_0 (wifip2p_service))
+(typeattributeset wifi_prop_26_0 (wifi_prop))
+(typeattributeset wifiscanner_service_26_0 (wifiscanner_service))
+(typeattributeset wifi_service_26_0 (wifi_service))
+(typeattributeset window_service_26_0 (window_service))
+(typeattributeset wpa_socket_26_0 (wpa_socket))
+(typeattributeset zero_device_26_0 (zero_device))
+(typeattributeset zoneinfo_data_file_26_0 (zoneinfo_data_file))
+(typeattributeset zygote_26_0 (zygote))
+(typeattributeset zygote_exec_26_0 (zygote_exec))
+(typeattributeset zygote_socket_26_0 (zygote_socket))
diff --git a/prebuilts/api/26.0/26.0.ignore.cil b/prebuilts/api/26.0/26.0.ignore.cil
new file mode 100644
index 0000000..990c3ff
--- /dev/null
+++ b/prebuilts/api/26.0/26.0.ignore.cil
@@ -0,0 +1,5 @@
+;; new_objects - a collection of types that have been introduced that have no
+;; analogue in older policy. Thus, we do not need to map these types to
+;; previous ones. Add here to pass checkapi tests.
+(typeattribute new_objects)
+(typeattributeset new_objects (kmsg_debug_device))
diff --git a/private/app.te b/private/app.te
index 9251ed9..70b42b9 100644
--- a/private/app.te
+++ b/private/app.te
@@ -402,8 +402,10 @@
# ptrace access to non-app domains.
neverallow appdomain { domain -appdomain }:process ptrace;
-# Write access to /proc/pid entries for any non-app domain.
-neverallow appdomain { domain -appdomain }:file write;
+# Read or write access to /proc/pid entries for any non-app domain.
+# A different form of hidepid=2 like protections
+neverallow appdomain { domain -appdomain }:file no_w_file_perms;
+neverallow { appdomain -shell } { domain -appdomain }:file no_rw_file_perms;
# signal access to non-app domains.
# sigchld allowed for parent death notification.
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index a3d7d49..53638f7 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -57,6 +57,9 @@
# Do not allow untrusted apps to access network MAC address file
neverallow all_untrusted_apps sysfs_mac_address:file no_rw_file_perms;
+# Do not allow any write access to files in /sys
+neverallow all_untrusted_apps sysfs_type:file no_w_file_perms;
+
# Restrict socket ioctls. Either 1. disallow privileged ioctls, 2. disallow the
# ioctl permission, or 3. disallow the socket class.
neverallowxperm all_untrusted_apps domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
@@ -108,11 +111,25 @@
# Avoid reads from generically labeled /proc files
# Create a more specific label if needed
-neverallow all_untrusted_apps proc:file { no_rw_file_perms no_x_file_perms };
+neverallow all_untrusted_apps {
+ proc
+ proc_asound
+ proc_filesystems
+ proc_kmsg
+ proc_loadavg
+ proc_mounts
+ proc_pagetypeinfo
+ proc_swaps
+ proc_version
+ proc_vmallocinfo
+}:file { no_rw_file_perms no_x_file_perms };
# Avoid all access to kernel configuration
neverallow all_untrusted_apps config_gz:file { no_rw_file_perms no_x_file_perms };
+# Only system_server can access proc_uid_time_in_state
+neverallow { domain -init -system_server } proc_uid_time_in_state:file *;
+
# Do not allow untrusted apps access to preloads data files
neverallow all_untrusted_apps preloads_data_file:file no_rw_file_perms;
diff --git a/private/atrace.te b/private/atrace.te
index 5de9f99..fc27517 100644
--- a/private/atrace.te
+++ b/private/atrace.te
@@ -3,7 +3,7 @@
type atrace_exec, exec_type, file_type;
userdebug_or_eng(`
- type atrace, domain, coredomain, domain_deprecated;
+ type atrace, domain, coredomain;
init_daemon_domain(atrace)
diff --git a/private/attributes b/private/attributes
deleted file mode 100644
index fcbfecf..0000000
--- a/private/attributes
+++ /dev/null
@@ -1,9 +0,0 @@
-# Temporary attribute used for migrating permissions out of domain.
-# Motivation: Domain is overly permissive. Start removing permissions
-# from domain and assign them to the domain_deprecated attribute.
-# Domain_deprecated and domain can initially be assigned to all
-# domains. The goal is to not assign domain_deprecated to new domains
-# and to start removing domain_deprecated where it's not required or
-# reassigning the appropriate permissions to the inheriting domain
-# when necessary.
-attribute domain_deprecated;
diff --git a/private/bug_map b/private/bug_map
new file mode 100644
index 0000000..8f28a66
--- /dev/null
+++ b/private/bug_map
@@ -0,0 +1 @@
+priv_app firstboot_prop file 63801215
diff --git a/private/clatd.te b/private/clatd.te
index c09398d..5ba0fc5 100644
--- a/private/clatd.te
+++ b/private/clatd.te
@@ -1,2 +1 @@
typeattribute clatd coredomain;
-typeattribute clatd domain_deprecated;
diff --git a/private/compat/26.0/26.0.cil b/private/compat/26.0/26.0.cil
index 40bec84..a791009 100644
--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@@ -1,6 +1,3 @@
-;; private attributes removed from public types
-(typeattributeset domain_deprecated (bluetooth_26_0))
-
;; attributes removed from current policy
(typeattribute hal_wifi_keystore)
(typeattribute hal_wifi_keystore_client)
@@ -10,6 +7,7 @@
(type asan_reboot_prop)
(type log_device)
(type mediacasserver_service)
+(type reboot_data_file)
(type tracing_shell_writable)
(type tracing_shell_writable_debug)
@@ -449,7 +447,7 @@
(typeattributeset preopt2cachename_exec_26_0 (preopt2cachename_exec))
(typeattributeset print_service_26_0 (print_service))
(typeattributeset priv_app_26_0 (mediaprovider priv_app))
-(typeattributeset proc_26_0 (proc proc_uid_time_in_state))
+(typeattributeset proc_26_0 (proc proc_asound proc_cmdline proc_filesystems proc_kmsg proc_loadavg proc_mounts proc_pagetypeinfo proc_swaps proc_uid_time_in_state proc_version proc_vmallocinfo))
(typeattributeset proc_bluetooth_writable_26_0 (proc_bluetooth_writable))
(typeattributeset proc_cpuinfo_26_0 (proc_cpuinfo))
(typeattributeset proc_drop_caches_26_0 (proc_drop_caches))
@@ -566,7 +564,15 @@
(typeattributeset surfaceflinger_26_0 (surfaceflinger))
(typeattributeset surfaceflinger_service_26_0 (surfaceflinger_service))
(typeattributeset swap_block_device_26_0 (swap_block_device))
-(typeattributeset sysfs_26_0 (sysfs))
+(typeattributeset sysfs_26_0
+ ( sysfs
+ sysfs_android_usb
+ sysfs_dm
+ sysfs_ipv4
+ sysfs_power
+ sysfs_rtc
+ sysfs_switch
+ sysfs_wakeup_reasons))
(typeattributeset sysfs_batteryinfo_26_0 (sysfs_batteryinfo))
(typeattributeset sysfs_bluetooth_writable_26_0 (sysfs_bluetooth_writable))
(typeattributeset sysfs_devices_system_cpu_26_0 (sysfs_devices_system_cpu))
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 9e1eb97..f3f462d 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -4,19 +4,30 @@
(typeattribute new_objects)
(typeattributeset new_objects
( adbd_exec
+ bootloader_boot_reason_prop
broadcastradio_service
e2fs
e2fs_exec
hal_broadcastradio_hwservice
hal_cas_hwservice
+ hal_lowpan_hwservice
hal_neuralnetworks_hwservice
hal_tetheroffload_hwservice
hal_wifi_offload_hwservice
kmsg_debug_device
+ last_boot_reason_prop
mediaprovider_tmpfs
netd_stable_secret_prop
package_native_service
+ lowpan_device
+ lowpan_prop
+ lowpan_service
+ mediaprovider_tmpfs
+ netd_stable_secret_prop
+ package_native_service
+ storaged_data_file
sysfs_fs_ext4_features
+ system_boot_reason_prop
system_net_netd_hwservice
thermal_service
thermalcallback_hwservice
@@ -24,7 +35,9 @@
thermalserviced_exec
thermalserviced_tmpfs
timezone_service
- tombstoned_java_trace_socket))
+ tombstoned_java_trace_socket
+ tombstoned_java_trace_socket
+ vold_service))
;; private_objects - a collection of types that were labeled differently in
;; older policy, but that should not remain accessible to vendor policy.
diff --git a/private/dex2oat.te b/private/dex2oat.te
index 89c3970..fd45484 100644
--- a/private/dex2oat.te
+++ b/private/dex2oat.te
@@ -1,2 +1 @@
typeattribute dex2oat coredomain;
-typeattribute dex2oat domain_deprecated;
diff --git a/private/dhcp.te b/private/dhcp.te
index 6a6a139..b2f8ac7 100644
--- a/private/dhcp.te
+++ b/private/dhcp.te
@@ -1,5 +1,4 @@
typeattribute dhcp coredomain;
-typeattribute dhcp domain_deprecated;
init_daemon_domain(dhcp)
type_transition dhcp system_data_file:{ dir file } dhcp_data_file;
diff --git a/private/domain_deprecated.te b/private/domain_deprecated.te
deleted file mode 100644
index 65fd9c7..0000000
--- a/private/domain_deprecated.te
+++ /dev/null
@@ -1,14 +0,0 @@
-# rules removed from the domain attribute
-
-# Read files already opened under /data.
-allow domain_deprecated system_data_file:file { getattr read };
-allow domain_deprecated system_data_file:lnk_file r_file_perms;
-
-# Read apk files under /data/app.
-allow domain_deprecated apk_data_file:dir { getattr search };
-allow domain_deprecated apk_data_file:file r_file_perms;
-allow domain_deprecated apk_data_file:lnk_file r_file_perms;
-
-# Read access to pseudo filesystems.
-r_dir_file(domain_deprecated, proc)
-r_dir_file(domain_deprecated, sysfs)
diff --git a/private/dumpstate.te b/private/dumpstate.te
index 0fe2adf..b8f8152 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -1,5 +1,4 @@
typeattribute dumpstate coredomain;
-typeattribute dumpstate domain_deprecated;
init_daemon_domain(dumpstate)
diff --git a/private/ephemeral_app.te b/private/ephemeral_app.te
index de5c53c..1693736 100644
--- a/private/ephemeral_app.te
+++ b/private/ephemeral_app.te
@@ -27,6 +27,7 @@
allow ephemeral_app mediacodec_service:service_manager find;
allow ephemeral_app mediametrics_service:service_manager find;
allow ephemeral_app mediadrmserver_service:service_manager find;
+allow ephemeral_app drmserver_service:service_manager find;
allow ephemeral_app surfaceflinger_service:service_manager find;
allow ephemeral_app radio_service:service_manager find;
allow ephemeral_app ephemeral_app_api_service:service_manager find;
diff --git a/private/file.te b/private/file.te
index da5f9ad..7bd83f2 100644
--- a/private/file.te
+++ b/private/file.te
@@ -5,3 +5,6 @@
# /proc/config.gz
type config_gz, fs_type;
+
+# /data/misc/storaged
+type storaged_data_file, file_type, data_file_type, core_data_file_type;
diff --git a/private/file_contexts b/private/file_contexts
index 5369758..d5a0bb1 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -28,7 +28,6 @@
/mnt u:object_r:tmpfs:s0
/postinstall u:object_r:postinstall_mnt_dir:s0
/proc u:object_r:rootfs:s0
-/root u:object_r:rootfs:s0
/sys u:object_r:sysfs:s0
# Symlinks
@@ -246,10 +245,10 @@
/system/bin/preopt2cachename u:object_r:preopt2cachename_exec:s0
/system/bin/install-recovery.sh u:object_r:install_recovery_exec:s0
/system/bin/dex2oat(d)? u:object_r:dex2oat_exec:s0
-/system/bin/dexoptanalyzer u:object_r:dexoptanalyzer_exec:s0
+/system/bin/dexoptanalyzer(d)? u:object_r:dexoptanalyzer_exec:s0
# patchoat executable has (essentially) the same requirements as dex2oat.
/system/bin/patchoat(d)? u:object_r:dex2oat_exec:s0
-/system/bin/profman u:object_r:profman_exec:s0
+/system/bin/profman(d)? u:object_r:profman_exec:s0
/system/bin/sgdisk u:object_r:sgdisk_exec:s0
/system/bin/blkid u:object_r:blkid_exec:s0
/system/bin/tzdatacheck u:object_r:tzdatacheck_exec:s0
@@ -372,10 +371,10 @@
/data/misc/logd(/.*)? u:object_r:misc_logd_file:s0
/data/misc/media(/.*)? u:object_r:media_data_file:s0
/data/misc/net(/.*)? u:object_r:net_data_file:s0
-/data/misc/reboot(/.*)? u:object_r:reboot_data_file:s0
/data/misc/recovery(/.*)? u:object_r:recovery_data_file:s0
/data/misc/shared_relro(/.*)? u:object_r:shared_relro_file:s0
/data/misc/sms(/.*)? u:object_r:radio_data_file:s0
+/data/misc/storaged(/.*)? u:object_r:storaged_data_file:s0
/data/misc/systemkeys(/.*)? u:object_r:systemkeys_data_file:s0
/data/misc/textclassifier(/.*)? u:object_r:textclassifier_data_file:s0
/data/misc/user(/.*)? u:object_r:misc_user_data_file:s0
diff --git a/private/fingerprintd.te b/private/fingerprintd.te
index 0c1dfaa..eb73ef8 100644
--- a/private/fingerprintd.te
+++ b/private/fingerprintd.te
@@ -1,4 +1,3 @@
typeattribute fingerprintd coredomain;
-typeattribute fingerprintd domain_deprecated;
init_daemon_domain(fingerprintd)
diff --git a/private/fsck.te b/private/fsck.te
index e846797..3a36329 100644
--- a/private/fsck.te
+++ b/private/fsck.te
@@ -1,4 +1,3 @@
typeattribute fsck coredomain;
-typeattribute fsck domain_deprecated;
init_daemon_domain(fsck)
diff --git a/private/fsck_untrusted.te b/private/fsck_untrusted.te
index 2a1a39f..9a57bf0 100644
--- a/private/fsck_untrusted.te
+++ b/private/fsck_untrusted.te
@@ -1,2 +1 @@
typeattribute fsck_untrusted coredomain;
-typeattribute fsck_untrusted domain_deprecated;
diff --git a/private/genfs_contexts b/private/genfs_contexts
index e77a39b..2cc6f70 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -2,17 +2,26 @@
genfscon rootfs / u:object_r:rootfs:s0
# proc labeling can be further refined (longest matching prefix).
genfscon proc / u:object_r:proc:s0
+genfscon proc /asound/cards u:object_r:proc_asound:s0
+genfscon proc /asound/devices u:object_r:proc_asound:s0
+genfscon proc /cmdline u:object_r:proc_cmdline:s0
genfscon proc /config.gz u:object_r:config_gz:s0
+genfscon proc /filesystems u:object_r:proc_filesystems:s0
genfscon proc /interrupts u:object_r:proc_interrupts:s0
genfscon proc /iomem u:object_r:proc_iomem:s0
+genfscon proc /kmsg u:object_r:proc_kmsg:s0
+genfscon proc /loadavg u:object_r:proc_loadavg:s0
genfscon proc /meminfo u:object_r:proc_meminfo:s0
genfscon proc /misc u:object_r:proc_misc:s0
genfscon proc /modules u:object_r:proc_modules:s0
+genfscon proc /mounts u:object_r:proc_mounts:s0
genfscon proc /net u:object_r:proc_net:s0
genfscon proc /net/xt_qtaguid/ctrl u:object_r:qtaguid_proc:s0
genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
+genfscon proc /pagetypeinfo u:object_r:proc_pagetypeinfo:s0
genfscon proc /softirqs u:object_r:proc_timer:s0
genfscon proc /stat u:object_r:proc_stat:s0
+genfscon proc /swaps u:object_r:proc_swaps:s0
genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
@@ -41,6 +50,8 @@
genfscon proc /uid_io/stats u:object_r:proc_uid_io_stats:s0
genfscon proc /uid_procstat/set u:object_r:proc_uid_procstat_set:s0
genfscon proc /uid_time_in_state u:object_r:proc_uid_time_in_state:s0
+genfscon proc /version u:object_r:proc_version:s0
+genfscon proc /vmallocinfo u:object_r:proc_vmallocinfo:s0
genfscon proc /zoneinfo u:object_r:proc_zoneinfo:s0
# selinuxfs booleans can be individually labeled.
@@ -49,17 +60,27 @@
# sysfs labels can be set by userspace.
genfscon sysfs / u:object_r:sysfs:s0
genfscon sysfs /devices/system/cpu u:object_r:sysfs_devices_system_cpu:s0
+genfscon sysfs /class/android_usb u:object_r:sysfs_android_usb:s0
genfscon sysfs /class/leds u:object_r:sysfs_leds:s0
+genfscon sysfs /class/rtc u:object_r:sysfs_rtc:s0
+genfscon sysfs /class/switch u:object_r:sysfs_switch:s0
genfscon sysfs /devices/platform/nfc-power/nfc_power u:object_r:sysfs_nfc_power_writable:s0
+genfscon sysfs /devices/virtual/android_usb u:object_r:sysfs_android_usb:s0
+genfscon sysfs /devices/virtual/block/dm- u:object_r:sysfs_dm:s0
genfscon sysfs /devices/virtual/block/zram0 u:object_r:sysfs_zram:s0
genfscon sysfs /devices/virtual/block/zram1 u:object_r:sysfs_zram:s0
genfscon sysfs /devices/virtual/block/zram0/uevent u:object_r:sysfs_zram_uevent:s0
genfscon sysfs /devices/virtual/block/zram1/uevent u:object_r:sysfs_zram_uevent:s0
genfscon sysfs /devices/virtual/misc/hw_random u:object_r:sysfs_hwrandom:s0
+genfscon sysfs /devices/virtual/switch u:object_r:sysfs_switch:s0
genfscon sysfs /fs/ext4/features u:object_r:sysfs_fs_ext4_features:s0
+genfscon sysfs /power/state u:object_r:sysfs_power:s0
+genfscon sysfs /power/wakeup_count u:object_r:sysfs_power:s0
genfscon sysfs /power/wake_lock u:object_r:sysfs_wake_lock:s0
genfscon sysfs /power/wake_unlock u:object_r:sysfs_wake_lock:s0
+genfscon sysfs /kernel/ipv4 u:object_r:sysfs_ipv4:s0
genfscon sysfs /kernel/uevent_helper u:object_r:sysfs_usermodehelper:s0
+genfscon sysfs /kernel/wakeup_reasons u:object_r:sysfs_wakeup_reasons:s0
genfscon sysfs /module/lowmemorykiller u:object_r:sysfs_lowmemorykiller:s0
genfscon sysfs /module/wlan/parameters/fwpath u:object_r:sysfs_wlan_fwpath:s0
genfscon sysfs /devices/virtual/timed_output/vibrator/enable u:object_r:sysfs_vibrator:s0
diff --git a/private/hwservice_contexts b/private/hwservice_contexts
index e304495..9da38a6 100644
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts
@@ -23,6 +23,7 @@
android.hardware.ir::IConsumerIr u:object_r:hal_ir_hwservice:s0
android.hardware.keymaster::IKeymasterDevice u:object_r:hal_keymaster_hwservice:s0
android.hardware.light::ILight u:object_r:hal_light_hwservice:s0
+android.hardware.lowpan::ILowpanDevice u:object_r:hal_lowpan_hwservice:s0
android.hardware.media.omx::IOmx u:object_r:hal_omx_hwservice:s0
android.hardware.media.omx::IOmxStore u:object_r:hal_omx_hwservice:s0
android.hardware.memtrack::IMemtrack u:object_r:hal_memtrack_hwservice:s0
diff --git a/private/installd.te b/private/installd.te
index d726e7d..f74843d 100644
--- a/private/installd.te
+++ b/private/installd.te
@@ -1,5 +1,4 @@
typeattribute installd coredomain;
-typeattribute installd domain_deprecated;
init_daemon_domain(installd)
diff --git a/private/isolated_app.te b/private/isolated_app.te
index 37935c3..30253af 100644
--- a/private/isolated_app.te
+++ b/private/isolated_app.te
@@ -27,12 +27,9 @@
# b/32896414: Allow accessing sdcard file descriptors passed to isolated_apps
# by other processes. Open should never be allowed, and is blocked by
# neverallow rules below.
-# TODO: consider removing write/append. We want to limit isolated_apps
-# ability to mutate files of any type.
# media_rw_data_file is included for sdcardfs, and can be removed if sdcardfs
# is modified to change the secontext when accessing the lower filesystem.
allow isolated_app { sdcard_type media_rw_data_file }:file { read write append getattr lock };
-auditallow isolated_app { sdcard_type media_rw_data_file }:file { write append };
# For webviews, isolated_app processes can be forked from the webview_zygote
# in addition to the zygote. Allow access to resources inherited from the
@@ -106,3 +103,11 @@
# Restrict the webview_zygote control socket.
neverallow isolated_app webview_zygote_socket:sock_file write;
+
+# Limit the /sys files which isolated_app can access. This is important
+# for controlling isolated_app attack surface.
+neverallow isolated_app {
+ sysfs_type
+ -sysfs_devices_system_cpu
+ -sysfs_usb # TODO: check with audio team if needed for isolated_app (b/28417852)
+}:file no_rw_file_perms;
diff --git a/private/keystore.te b/private/keystore.te
index 1e56338..a9647c6 100644
--- a/private/keystore.te
+++ b/private/keystore.te
@@ -1,5 +1,4 @@
typeattribute keystore coredomain;
-typeattribute keystore domain_deprecated;
init_daemon_domain(keystore)
diff --git a/private/mtp.te b/private/mtp.te
index 3cfda0b..732e111 100644
--- a/private/mtp.te
+++ b/private/mtp.te
@@ -1,4 +1,3 @@
typeattribute mtp coredomain;
-typeattribute mtp domain_deprecated;
init_daemon_domain(mtp)
diff --git a/private/netd.te b/private/netd.te
index 3a824af..f501f25 100644
--- a/private/netd.te
+++ b/private/netd.te
@@ -1,5 +1,4 @@
typeattribute netd coredomain;
-typeattribute netd domain_deprecated;
init_daemon_domain(netd)
diff --git a/private/perfprofd.te b/private/perfprofd.te
index a655f1d..9c249fd 100644
--- a/private/perfprofd.te
+++ b/private/perfprofd.te
@@ -1,5 +1,4 @@
userdebug_or_eng(`
typeattribute perfprofd coredomain;
- typeattribute perfprofd domain_deprecated;
init_daemon_domain(perfprofd)
')
diff --git a/private/platform_app.te b/private/platform_app.te
index 2aa7dc9..884c436 100644
--- a/private/platform_app.te
+++ b/private/platform_app.te
@@ -3,7 +3,6 @@
###
typeattribute platform_app coredomain;
-typeattribute platform_app domain_deprecated;
app_domain(platform_app)
@@ -41,6 +40,9 @@
# com.android.systemui
allow platform_app rootfs:dir getattr;
+# com.android.captiveportallogin reads /proc/vmstat
+allow platform_app proc:file r_file_perms;
+
allow platform_app audioserver_service:service_manager find;
allow platform_app cameraserver_service:service_manager find;
allow platform_app drmserver_service:service_manager find;
@@ -52,6 +54,7 @@
allow platform_app persistent_data_block_service:service_manager find;
allow platform_app radio_service:service_manager find;
allow platform_app surfaceflinger_service:service_manager find;
+allow platform_app thermal_service:service_manager find;
allow platform_app timezone_service:service_manager find;
allow platform_app app_api_service:service_manager find;
allow platform_app system_api_service:service_manager find;
diff --git a/private/ppp.te b/private/ppp.te
index 9b301f4..968b221 100644
--- a/private/ppp.te
+++ b/private/ppp.te
@@ -1,4 +1,3 @@
typeattribute ppp coredomain;
-typeattribute ppp domain_deprecated;
domain_auto_trans(mtp, ppp_exec, ppp)
diff --git a/private/property_contexts b/private/property_contexts
index 8eb2f28..55974c0 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -65,6 +65,9 @@
ro.boot.btmacaddr u:object_r:bluetooth_prop:s0
ro.boot.serialno u:object_r:serialno_prop:s0
ro.bt. u:object_r:bluetooth_prop:s0
+ro.boot.bootreason u:object_r:bootloader_boot_reason_prop:s0
+persist.sys.boot.reason u:object_r:last_boot_reason_prop:s0
+sys.boot.reason u:object_r:system_boot_reason_prop:s0
# Boolean property set by system server upon boot indicating
# if device owner is provisioned.
@@ -110,5 +113,9 @@
# Shared between system server and wificond
wlan. u:object_r:wifi_prop:s0
+# Lowpan properties
+lowpan. u:object_r:lowpan_prop:s0
+ro.lowpan. u:object_r:lowpan_prop:s0
+
# hwservicemanager properties
hwservicemanager. u:object_r:hwservicemanager_prop:s0
diff --git a/private/radio.te b/private/radio.te
index 83b5b41..b4f5390 100644
--- a/private/radio.te
+++ b/private/radio.te
@@ -1,5 +1,4 @@
typeattribute radio coredomain;
-typeattribute radio domain_deprecated;
app_domain(radio)
diff --git a/private/recovery.te b/private/recovery.te
index b7b2847..2a7fdc7 100644
--- a/private/recovery.te
+++ b/private/recovery.te
@@ -1,2 +1 @@
typeattribute recovery coredomain;
-typeattribute recovery domain_deprecated;
diff --git a/private/runas.te b/private/runas.te
index 73a91ff..ef31aac 100644
--- a/private/runas.te
+++ b/private/runas.te
@@ -1,5 +1,4 @@
typeattribute runas coredomain;
-typeattribute runas domain_deprecated;
# ndk-gdb invokes adb shell run-as.
domain_auto_trans(shell, runas_exec, runas)
diff --git a/private/sdcardd.te b/private/sdcardd.te
index ac6bb4e..126d643 100644
--- a/private/sdcardd.te
+++ b/private/sdcardd.te
@@ -1,4 +1,3 @@
typeattribute sdcardd coredomain;
-typeattribute sdcardd domain_deprecated;
type_transition sdcardd system_data_file:{ dir file } media_rw_data_file;
diff --git a/private/service_contexts b/private/service_contexts
index a82243f..86a6032 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -38,7 +38,6 @@
deviceidle u:object_r:deviceidle_service:s0
devicestoragemonitor u:object_r:devicestoragemonitor_service:s0
diskstats u:object_r:diskstats_service:s0
-display.qservice u:object_r:surfaceflinger_service:s0
display u:object_r:display_service:s0
netd_listener u:object_r:netd_listener_service:s0
DockObserver u:object_r:DockObserver_service:s0
@@ -47,6 +46,7 @@
dropbox u:object_r:dropbox_service:s0
dumpstate u:object_r:dumpstate_service:s0
econtroller u:object_r:radio_service:s0
+lowpan u:object_r:lowpan_service:s0
ethernet u:object_r:ethernet_service:s0
fingerprint u:object_r:fingerprint_service:s0
font u:object_r:font_service:s0
@@ -126,6 +126,7 @@
recovery u:object_r:recovery_service:s0
restrictions u:object_r:restrictions_service:s0
rttmanager u:object_r:rttmanager_service:s0
+rttmanager2 u:object_r:rttmanager_service:s0
samplingprofiler u:object_r:samplingprofiler_service:s0
scheduling_policy u:object_r:scheduling_policy_service:s0
search u:object_r:search_service:s0
@@ -161,6 +162,7 @@
vibrator u:object_r:vibrator_service:s0
virtual_touchpad u:object_r:virtual_touchpad_service:s0
voiceinteraction u:object_r:voiceinteraction_service:s0
+vold u:object_r:vold_service:s0
vr_hwc u:object_r:vr_hwc_service:s0
vrmanager u:object_r:vr_manager_service:s0
wallpaper u:object_r:wallpaper_service:s0
diff --git a/private/shared_relro.te b/private/shared_relro.te
index 8d06294..02f7206 100644
--- a/private/shared_relro.te
+++ b/private/shared_relro.te
@@ -1,5 +1,4 @@
typeattribute shared_relro coredomain;
-typeattribute shared_relro domain_deprecated;
# The shared relro process is a Java program forked from the zygote, so it
# inherits from app to get basic permissions it needs to run.
diff --git a/private/storaged.te b/private/storaged.te
index 20377e0..8da1f26 100644
--- a/private/storaged.te
+++ b/private/storaged.te
@@ -15,6 +15,10 @@
# Read /data/system/packages.list
allow storaged system_data_file:file r_file_perms;
+# Store storaged proto file
+allow storaged storaged_data_file:dir rw_dir_perms;
+allow storaged storaged_data_file:file create_file_perms;
+
userdebug_or_eng(`
# Read access to debugfs
allow storaged debugfs_mmc:dir search;
diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index b33035e..ed67597 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@@ -84,7 +84,6 @@
allow surfaceflinger self:capability sys_nice;
allow surfaceflinger proc_meminfo:file r_file_perms;
r_dir_file(surfaceflinger, cgroup)
-r_dir_file(surfaceflinger, sysfs_type)
r_dir_file(surfaceflinger, system_file)
allow surfaceflinger tmpfs:dir r_dir_perms;
allow surfaceflinger system_server:fd use;
diff --git a/private/system_app.te b/private/system_app.te
index 4741479..0381c4f 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -5,7 +5,6 @@
###
typeattribute system_app coredomain;
-typeattribute system_app domain_deprecated;
app_domain(system_app)
net_domain(system_app)
@@ -59,7 +58,24 @@
allow system_app servicemanager:service_manager list;
# TODO: scope this down? Too broad?
-allow system_app { service_manager_type -netd_service -dumpstate_service -installd_service -virtual_touchpad_service -vr_hwc_service }:service_manager find;
+allow system_app {
+ service_manager_type
+ -dumpstate_service
+ -installd_service
+ -netd_service
+ -virtual_touchpad_service
+ -vold_service
+ -vr_hwc_service
+}:service_manager find;
+# suppress denials for services system_app should not be accessing.
+dontaudit system_app {
+ dumpstate_service
+ installd_service
+ netd_service
+ virtual_touchpad_service
+ vold_service
+ vr_hwc_service
+}:service_manager find;
allow system_app keystore:keystore_key {
get_state
@@ -84,6 +100,12 @@
# /sys access
r_dir_file(system_app, sysfs_type)
+# settings app reads /proc/version and /proc/pagetypeinfo
+allow system_app {
+ proc
+ proc_version
+}:file r_file_perms;
+
control_logd(system_app)
read_runtime_log_tags(system_app)
diff --git a/private/system_server.te b/private/system_server.te
index 40c5382..260d6ce 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -4,7 +4,6 @@
#
typeattribute system_server coredomain;
-typeattribute system_server domain_deprecated;
typeattribute system_server mlstrustedsubject;
# Define a type for tmpfs-backed ashmem regions.
@@ -30,10 +29,6 @@
# ptrace to processes in the same domain for debugging crashes.
allow system_server self:process ptrace;
-# Read and delete last_reboot_reason file
-allow system_server reboot_data_file:file { rename r_file_perms unlink };
-allow system_server reboot_data_file:dir { write search open remove_name };
-
# Child of the zygote.
allow system_server zygote:fd use;
allow system_server zygote:process sigchld;
@@ -114,7 +109,9 @@
allow system_server mediaserver:process { getsched setsched };
allow system_server bootanim:process { getsched setsched };
-# Allow system_server to write to cameraserver's /proc/<pid>/timerslack_ns
+# Allow system_server to write to /proc/<pid>/timerslack_ns
+allow system_server appdomain:file w_file_perms;
+allow system_server audioserver:file w_file_perms;
allow system_server cameraserver:file w_file_perms;
# Read /proc/pid data for all domains. This is used by ProcessCpuTracker
@@ -181,6 +178,7 @@
binder_call(system_server, installd)
binder_call(system_server, incidentd)
binder_call(system_server, netd)
+binder_call(system_server, vold)
binder_call(system_server, wificond)
binder_service(system_server)
@@ -275,11 +273,20 @@
# Check SELinux permissions.
selinux_check_access(system_server)
-# XXX Label sysfs files with a specific type?
-allow system_server sysfs:file rw_file_perms;
+r_dir_file(system_server, sysfs_android_usb)
+allow system_server sysfs_android_usb:file w_file_perms;
+
+r_dir_file(system_server, sysfs_ipv4)
+allow system_server sysfs_ipv4:file w_file_perms;
+
+r_dir_file(system_server, sysfs_rtc)
+r_dir_file(system_server, sysfs_switch)
+r_dir_file(system_server, sysfs_wakeup_reasons)
+
allow system_server sysfs_nfc_power_writable:file rw_file_perms;
allow system_server sysfs_devices_system_cpu:file w_file_perms;
allow system_server sysfs_mac_address:file r_file_perms;
+allow system_server sysfs_power:file rw_file_perms;
allow system_server sysfs_thermal:dir search;
allow system_server sysfs_thermal:file r_file_perms;
@@ -480,6 +487,11 @@
# cppreopt property
set_prop(system_server, cppreopt_prop)
+# BootReceiver to read ro.boot.bootreason
+get_prop(system_server, bootloader_boot_reason_prop)
+# PowerManager to read persist.sys.boot.reason
+get_prop(system_server, last_boot_reason_prop)
+
# Collect metrics on boot time created by init
get_prop(system_server, boottime_prop)
@@ -572,6 +584,7 @@
allow system_server nfc_service:service_manager find;
allow system_server radio_service:service_manager find;
allow system_server surfaceflinger_service:service_manager find;
+allow system_server vold_service:service_manager find;
allow system_server wificond_service:service_manager find;
allow system_server keystore:keystore_key {
@@ -671,11 +684,14 @@
r_dir_file(system_server, cgroup)
allow system_server ion_device:chr_file r_file_perms;
-r_dir_file(system_server, proc)
+r_dir_file(system_server, proc_asound)
+r_dir_file(system_server, proc_loadavg)
r_dir_file(system_server, proc_meminfo)
r_dir_file(system_server, proc_net)
+r_dir_file(system_server, proc_pagetypeinfo)
+r_dir_file(system_server, proc_version)
+r_dir_file(system_server, proc_vmallocinfo)
r_dir_file(system_server, rootfs)
-r_dir_file(system_server, sysfs_type)
### Rules needed when Light HAL runs inside system_server process.
### These rules should eventually be granted only when needed.
diff --git a/private/ueventd.te b/private/ueventd.te
index 0df587f..1bd6773 100644
--- a/private/ueventd.te
+++ b/private/ueventd.te
@@ -1,4 +1,3 @@
typeattribute ueventd coredomain;
-typeattribute ueventd domain_deprecated;
tmpfs_domain(ueventd)
diff --git a/private/uncrypt.te b/private/uncrypt.te
index fde686b..e4e9224 100644
--- a/private/uncrypt.te
+++ b/private/uncrypt.te
@@ -1,4 +1,3 @@
typeattribute uncrypt coredomain;
-typeattribute uncrypt domain_deprecated;
init_daemon_domain(uncrypt)
diff --git a/private/update_engine.te b/private/update_engine.te
index f460272..5af7db6 100644
--- a/private/update_engine.te
+++ b/private/update_engine.te
@@ -1,4 +1,3 @@
typeattribute update_engine coredomain;
-typeattribute update_engine domain_deprecated;
init_daemon_domain(update_engine);
diff --git a/private/vold.te b/private/vold.te
index f2416f8..a6d1001 100644
--- a/private/vold.te
+++ b/private/vold.te
@@ -1,5 +1,4 @@
typeattribute vold coredomain;
-typeattribute vold domain_deprecated;
init_daemon_domain(vold)
diff --git a/private/zygote.te b/private/zygote.te
index daabbc0..7fe79ef 100644
--- a/private/zygote.te
+++ b/private/zygote.te
@@ -1,6 +1,5 @@
# zygote
typeattribute zygote coredomain;
-typeattribute zygote domain_deprecated;
typeattribute zygote mlstrustedsubject;
init_daemon_domain(zygote)
diff --git a/public/attributes b/public/attributes
index fa8a6a6..986b0ed 100644
--- a/public/attributes
+++ b/public/attributes
@@ -190,234 +190,45 @@
expandattribute halclientdomain true;
# HALs
-attribute hal_allocator;
-expandattribute hal_allocator true;
-attribute hal_allocator_client;
-expandattribute hal_allocator_client true;
-attribute hal_allocator_server;
-expandattribute hal_allocator_server false;
-attribute hal_audio;
-expandattribute hal_audio false;
-attribute hal_audio_client;
-expandattribute hal_audio_client true;
-attribute hal_audio_server;
-expandattribute hal_audio_server false;
-attribute hal_bluetooth;
-expandattribute hal_bluetooth true;
-attribute hal_bluetooth_client;
-expandattribute hal_bluetooth_client true;
-attribute hal_bluetooth_server;
-expandattribute hal_bluetooth_server false;
-attribute hal_bootctl;
-expandattribute hal_bootctl false;
-attribute hal_bootctl_client;
-expandattribute hal_bootctl_client true;
-attribute hal_bootctl_server;
-expandattribute hal_bootctl_server false;
-attribute hal_broadcastradio;
-expandattribute hal_broadcastradio true;
-attribute hal_broadcastradio_client;
-expandattribute hal_broadcastradio_client true;
-attribute hal_broadcastradio_server;
-expandattribute hal_broadcastradio_server false;
-attribute hal_camera;
-expandattribute hal_camera false;
-attribute hal_camera_client;
-expandattribute hal_camera_client true;
-attribute hal_camera_server;
-expandattribute hal_camera_server false;
-attribute hal_configstore;
-expandattribute hal_configstore true;
-attribute hal_configstore_client;
-expandattribute hal_configstore_client true;
-attribute hal_configstore_server;
-expandattribute hal_configstore_server false;
-attribute hal_contexthub;
-expandattribute hal_contexthub true;
-attribute hal_contexthub_client;
-expandattribute hal_contexthub_client true;
-attribute hal_contexthub_server;
-expandattribute hal_contexthub_server false;
-attribute hal_drm;
-expandattribute hal_drm false;
-attribute hal_drm_client;
-expandattribute hal_drm_client true;
-attribute hal_drm_server;
-expandattribute hal_drm_server false;
-attribute hal_cas;
-expandattribute hal_cas false;
-attribute hal_cas_client;
-expandattribute hal_cas_client true;
-attribute hal_cas_server;
-expandattribute hal_cas_server false;
-attribute hal_dumpstate;
-expandattribute hal_dumpstate true;
-attribute hal_dumpstate_client;
-expandattribute hal_dumpstate_client true;
-attribute hal_dumpstate_server;
-expandattribute hal_dumpstate_server false;
-attribute hal_fingerprint;
-expandattribute hal_fingerprint true;
-attribute hal_fingerprint_client;
-expandattribute hal_fingerprint_client true;
-attribute hal_fingerprint_server;
-expandattribute hal_fingerprint_server false;
-attribute hal_gatekeeper;
-expandattribute hal_gatekeeper true;
-attribute hal_gatekeeper_client;
-expandattribute hal_gatekeeper_client true;
-attribute hal_gatekeeper_server;
-expandattribute hal_gatekeeper_server false;
-attribute hal_gnss;
-expandattribute hal_gnss true;
-attribute hal_gnss_client;
-expandattribute hal_gnss_client true;
-attribute hal_gnss_server;
-expandattribute hal_gnss_server false;
-attribute hal_graphics_allocator;
-expandattribute hal_graphics_allocator true;
-attribute hal_graphics_allocator_client;
-expandattribute hal_graphics_allocator_client true;
-attribute hal_graphics_allocator_server;
-expandattribute hal_graphics_allocator_server false;
-attribute hal_graphics_composer;
-expandattribute hal_graphics_composer true;
-attribute hal_graphics_composer_client;
-expandattribute hal_graphics_composer_client true;
-attribute hal_graphics_composer_server;
-expandattribute hal_graphics_composer_server false;
-attribute hal_health;
-expandattribute hal_health true;
-attribute hal_health_client;
-expandattribute hal_health_client true;
-attribute hal_health_server;
-expandattribute hal_health_server false;
-attribute hal_ir;
-expandattribute hal_ir true;
-attribute hal_ir_client;
-expandattribute hal_ir_client true;
-attribute hal_ir_server;
-expandattribute hal_ir_server false;
-attribute hal_keymaster;
-expandattribute hal_keymaster true;
-attribute hal_keymaster_client;
-expandattribute hal_keymaster_client true;
-attribute hal_keymaster_server;
-expandattribute hal_keymaster_server false;
-attribute hal_light;
-expandattribute hal_light true;
-attribute hal_light_client;
-expandattribute hal_light_client true;
-attribute hal_light_server;
-expandattribute hal_light_server false;
-attribute hal_memtrack;
-expandattribute hal_memtrack true;
-attribute hal_memtrack_client;
-expandattribute hal_memtrack_client true;
-attribute hal_memtrack_server;
-expandattribute hal_memtrack_server false;
-attribute hal_neuralnetworks;
-expandattribute hal_neuralnetworks true;
-attribute hal_neuralnetworks_client;
-expandattribute hal_neuralnetworks_client true;
-attribute hal_neuralnetworks_server;
-expandattribute hal_neuralnetworks_server false;
-attribute hal_nfc;
-expandattribute hal_nfc true;
-attribute hal_nfc_client;
-expandattribute hal_nfc_client true;
-attribute hal_nfc_server;
-expandattribute hal_nfc_server false;
-attribute hal_oemlock;
-expandattribute hal_oemlock true;
-attribute hal_oemlock_client;
-expandattribute hal_oemlock_client true;
-attribute hal_oemlock_server;
-expandattribute hal_oemlock_server false;
-attribute hal_power;
-expandattribute hal_power true;
-attribute hal_power_client;
-expandattribute hal_power_client true;
-attribute hal_power_server;
-expandattribute hal_power_server false;
-attribute hal_sensors;
-expandattribute hal_sensors true;
-attribute hal_sensors_client;
-expandattribute hal_sensors_client true;
-attribute hal_sensors_server;
-expandattribute hal_sensors_server false;
-attribute hal_telephony;
-expandattribute hal_telephony true;
-attribute hal_telephony_client;
-expandattribute hal_telephony_client true;
-attribute hal_telephony_server;
-expandattribute hal_telephony_server false;
-attribute hal_tetheroffload;
-expandattribute hal_tetheroffload true;
-attribute hal_tetheroffload_client;
-expandattribute hal_tetheroffload_client true;
-attribute hal_tetheroffload_server;
-expandattribute hal_tetheroffload_server false;
-attribute hal_thermal;
-expandattribute hal_thermal true;
-attribute hal_thermal_client;
-expandattribute hal_thermal_client true;
-attribute hal_thermal_server;
-expandattribute hal_thermal_server false;
-attribute hal_tv_cec;
-expandattribute hal_tv_cec true;
-attribute hal_tv_cec_client;
-expandattribute hal_tv_cec_client true;
-attribute hal_tv_cec_server;
-expandattribute hal_tv_cec_server false;
-attribute hal_tv_input;
-expandattribute hal_tv_input true;
-attribute hal_tv_input_client;
-expandattribute hal_tv_input_client true;
-attribute hal_tv_input_server;
-expandattribute hal_tv_input_server false;
-attribute hal_usb;
-expandattribute hal_usb true;
-attribute hal_usb_client;
-expandattribute hal_usb_client true;
-attribute hal_usb_server;
-expandattribute hal_usb_server false;
-attribute hal_vibrator;
-expandattribute hal_vibrator true;
-attribute hal_vibrator_client;
-expandattribute hal_vibrator_client true;
-attribute hal_vibrator_server;
-expandattribute hal_vibrator_server false;
-attribute hal_vr;
-expandattribute hal_vr true;
-attribute hal_vr_client;
-expandattribute hal_vr_client true;
-attribute hal_vr_server;
-expandattribute hal_vr_server false;
-attribute hal_weaver;
-expandattribute hal_weaver true;
-attribute hal_weaver_client;
-expandattribute hal_weaver_client true;
-attribute hal_weaver_server;
-expandattribute hal_weaver_server false;
-attribute hal_wifi;
-expandattribute hal_wifi true;
-attribute hal_wifi_client;
-expandattribute hal_wifi_client true;
-attribute hal_wifi_server;
-expandattribute hal_wifi_server false;
-attribute hal_wifi_offload;
-expandattribute hal_wifi_offload true;
-attribute hal_wifi_offload_client;
-expandattribute hal_wifi_offload_client true;
-attribute hal_wifi_offload_server;
-expandattribute hal_wifi_offload_server false;
-attribute hal_wifi_supplicant;
-expandattribute hal_wifi_supplicant true;
-attribute hal_wifi_supplicant_client;
-expandattribute hal_wifi_supplicant_client true;
-attribute hal_wifi_supplicant_server;
-expandattribute hal_wifi_supplicant_server false;
+hal_attribute(allocator);
+hal_attribute(audio);
+hal_attribute(bluetooth);
+hal_attribute(bootctl);
+hal_attribute(broadcastradio);
+hal_attribute(camera);
+hal_attribute(configstore);
+hal_attribute(contexthub);
+hal_attribute(drm);
+hal_attribute(cas);
+hal_attribute(dumpstate);
+hal_attribute(fingerprint);
+hal_attribute(gatekeeper);
+hal_attribute(gnss);
+hal_attribute(graphics_allocator);
+hal_attribute(graphics_composer);
+hal_attribute(health);
+hal_attribute(ir);
+hal_attribute(keymaster);
+hal_attribute(light);
+hal_attribute(lowpan);
+hal_attribute(memtrack);
+hal_attribute(neuralnetworks);
+hal_attribute(nfc);
+hal_attribute(oemlock);
+hal_attribute(power);
+hal_attribute(sensors);
+hal_attribute(telephony);
+hal_attribute(tetheroffload);
+hal_attribute(thermal);
+hal_attribute(tv_cec);
+hal_attribute(tv_input);
+hal_attribute(usb);
+hal_attribute(vibrator);
+hal_attribute(vr);
+hal_attribute(weaver);
+hal_attribute(wifi);
+hal_attribute(wifi_offload);
+hal_attribute(wifi_supplicant);
# HwBinder services offered across the core-vendor boundary
#
diff --git a/public/bootanim.te b/public/bootanim.te
index 1a265f9..3260227 100644
--- a/public/bootanim.te
+++ b/public/bootanim.te
@@ -32,10 +32,11 @@
allow bootanim hal_graphics_composer:fd use;
# Read access to pseudo filesystems.
-r_dir_file(bootanim, proc)
allow bootanim proc_meminfo:file r_file_perms;
-r_dir_file(bootanim, sysfs)
-r_dir_file(bootanim, cgroup)
# System file accesses.
allow bootanim system_file:dir r_dir_perms;
+
+# Read ro.boot.bootreason b/30654343
+get_prop(bootanim, bootloader_boot_reason_prop)
+
diff --git a/public/bootstat.te b/public/bootstat.te
index f5c7268..7ba0238 100644
--- a/public/bootstat.te
+++ b/public/bootstat.te
@@ -8,8 +8,50 @@
allow bootstat bootstat_data_file:dir rw_dir_perms;
allow bootstat bootstat_data_file:file create_file_perms;
-# Read access to pseudo filesystems (for /proc/uptime).
-r_dir_file(bootstat, proc)
-
# Collect metrics on boot time created by init
get_prop(bootstat, boottime_prop)
+
+# Read/Write [persist.]sys.boot.reason and ro.boot.bootreason (write if empty)
+set_prop(bootstat, bootloader_boot_reason_prop)
+set_prop(bootstat, system_boot_reason_prop)
+set_prop(bootstat, last_boot_reason_prop)
+
+# ToDo: TBI move access for the following to a system health HAL
+
+# Allow access to /sys/fs/pstore/ and syslog
+allow bootstat pstorefs:dir search;
+allow bootstat pstorefs:file r_file_perms;
+allow bootstat kernel:system syslog_read;
+
+# Allow access to reading the logs to read aspects of system health
+read_logd(bootstat)
+
+# ToDo: end
+
+neverallow {
+ domain
+ -bootanim
+ -bootstat
+ -dumpstate
+ -init
+ -recovery
+ -shell
+ -system_server
+} { bootloader_boot_reason_prop last_boot_reason_prop }:file r_file_perms;
+# ... and refine, as these components should not set the last boot reason
+neverallow { bootanim recovery } last_boot_reason_prop:file r_file_perms;
+
+neverallow {
+ domain
+ -bootstat
+ -init
+ -system_server
+} { bootloader_boot_reason_prop last_boot_reason_prop }:property_service set;
+# ... and refine ... for a ro propertly no less ... keep this _tight_
+neverallow system_server bootloader_boot_reason_prop:property_service set;
+
+neverallow {
+ domain
+ -bootstat
+ -init
+} system_boot_reason_prop:property_service set;
diff --git a/public/cppreopts.te b/public/cppreopts.te
index 8cbf801..fb9855e 100644
--- a/public/cppreopts.te
+++ b/public/cppreopts.te
@@ -9,7 +9,7 @@
# Allow cppreopts copy files into the dalvik-cache
allow cppreopts dalvikcache_data_file:dir { add_name remove_name search write };
-allow cppreopts dalvikcache_data_file:file { create getattr open read rename write };
+allow cppreopts dalvikcache_data_file:file { create getattr open read rename write unlink };
# Allow cppreopts to execute itself using #!/system/bin/sh
allow cppreopts shell_exec:file rx_file_perms;
diff --git a/public/device.te b/public/device.te
index 475948d..1d01045 100644
--- a/public/device.te
+++ b/public/device.te
@@ -30,6 +30,7 @@
type input_device, dev_type;
type kmem_device, dev_type;
type port_device, dev_type;
+type lowpan_device, dev_type;
type mtd_device, dev_type;
type mtp_device, dev_type, mlstrustedobject;
type nfc_device, dev_type;
diff --git a/public/domain.te b/public/domain.te
index f5c72cc..f28da11 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -39,7 +39,6 @@
allow domain su:unix_stream_socket { getattr getopt read write shutdown };
allow { domain -init } su:binder { call transfer };
- allow { domain -init } su:fd use;
# Running something like "pm dump com.android.bluetooth" requires
# fifo writes
@@ -369,6 +368,7 @@
neverallow {
domain
-appdomain # for oemfs
+ -bootanim # for oemfs
-recovery # for /tmp/update_binary in tmpfs
} { fs_type -rootfs }:file execute;
# Files from cache should never be executed
@@ -481,10 +481,10 @@
{ append link rename write open read ioctl lock };
# No domain other than recovery and update_engine can write to system partition(s).
-neverallow { domain -recovery -update_engine } system_block_device:blk_file write;
+neverallow { domain -recovery -update_engine } system_block_device:blk_file { write append };
# No domains other than install_recovery or recovery can write to recovery.
-neverallow { domain -install_recovery -recovery } recovery_block_device:blk_file write;
+neverallow { domain -install_recovery -recovery } recovery_block_device:blk_file { write append };
# No domains other than a select few can access the misc_block_device. This
# block device is reserved for OTA use.
diff --git a/public/dumpstate.te b/public/dumpstate.te
index f6d6a0a..42d9290 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -153,6 +153,9 @@
# Read files in /proc
allow dumpstate proc_meminfo:file r_file_perms;
allow dumpstate proc_net:file r_file_perms;
+allow dumpstate proc_pagetypeinfo:file r_file_perms;
+allow dumpstate proc_version:file r_file_perms;
+allow dumpstate proc_vmallocinfo:file r_file_perms;
r_dir_file(dumpstate, proc)
# Read network state info files.
@@ -186,7 +189,15 @@
allow dumpstate misc_logd_file:file r_file_perms;
')
-allow dumpstate { service_manager_type -gatekeeper_service -dumpstate_service -incident_service -virtual_touchpad_service -vr_hwc_service }:service_manager find;
+allow dumpstate {
+ service_manager_type
+ -dumpstate_service
+ -gatekeeper_service
+ -incident_service
+ -virtual_touchpad_service
+ -vold_service
+ -vr_hwc_service
+}:service_manager find;
allow dumpstate servicemanager:service_manager list;
allow dumpstate hwservicemanager:hwservice_manager list;
@@ -204,6 +215,11 @@
# Read state of logging-related properties
get_prop(dumpstate, device_logging_prop)
+# Read state of boot reason properties
+get_prop(dumpstate, bootloader_boot_reason_prop)
+get_prop(dumpstate, last_boot_reason_prop)
+get_prop(dumpstate, system_boot_reason_prop)
+
# Access to /data/media.
# This should be removed if sdcardfs is modified to alter the secontext for its
# accesses to the underlying FS.
@@ -234,6 +250,9 @@
# Allow dumpstate to run ip xfrm policy
allow dumpstate self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_read };
+# Allow dumpstate to run iotop
+allow dumpstate self:netlink_socket create_socket_perms_no_ioctl;
+
###
### neverallow rules
###
diff --git a/public/e2fs.te b/public/e2fs.te
index 30a815a..a955121 100644
--- a/public/e2fs.te
+++ b/public/e2fs.te
@@ -5,8 +5,11 @@
allow e2fs block_device:dir search;
allow e2fs userdata_block_device:blk_file rw_file_perms;
-# access /proc/filesystems
-allow e2fs proc:file r_file_perms;
+allow e2fs {
+ proc_filesystems
+ proc_mounts
+ proc_swaps
+}:file r_file_perms;
# access /sys/fs/ext4/features
allow e2fs sysfs_fs_ext4_features:file r_file_perms;
diff --git a/public/file.te b/public/file.te
index bcdc461..435b852 100644
--- a/public/file.te
+++ b/public/file.te
@@ -13,15 +13,23 @@
type sysfs_usermodehelper, fs_type, sysfs_type;
type qtaguid_proc, fs_type, mlstrustedobject;
type proc_bluetooth_writable, fs_type;
+type proc_asound, fs_type;
+type proc_cmdline, fs_type;
type proc_cpuinfo, fs_type;
+type proc_filesystems, fs_type;
type proc_interrupts, fs_type;
type proc_iomem, fs_type;
+type proc_kmsg, fs_type;
+type proc_loadavg, fs_type;
type proc_meminfo, fs_type;
type proc_misc, fs_type;
type proc_modules, fs_type;
+type proc_mounts, fs_type;
type proc_net, fs_type;
+type proc_pagetypeinfo, fs_type;
type proc_perf, fs_type;
type proc_stat, fs_type;
+type proc_swaps, fs_type;
type proc_sysrq, fs_type;
type proc_timer, fs_type;
type proc_tty_drivers, fs_type;
@@ -30,19 +38,28 @@
type proc_uid_io_stats, fs_type;
type proc_uid_procstat_set, fs_type;
type proc_uid_time_in_state, fs_type;
+type proc_version, fs_type;
+type proc_vmallocinfo, fs_type;
type proc_zoneinfo, fs_type;
type selinuxfs, fs_type, mlstrustedobject;
type cgroup, fs_type, mlstrustedobject;
type sysfs, fs_type, sysfs_type, mlstrustedobject;
+type sysfs_android_usb, fs_type, sysfs_type;
type sysfs_uio, sysfs_type, fs_type;
type sysfs_batteryinfo, fs_type, sysfs_type;
type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject;
+type sysfs_dm, fs_type, sysfs_type;
+type sysfs_ipv4, fs_type, sysfs_type;
type sysfs_leds, fs_type, sysfs_type;
type sysfs_hwrandom, fs_type, sysfs_type;
type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject;
type sysfs_wake_lock, fs_type, sysfs_type;
type sysfs_mac_address, fs_type, sysfs_type;
+type sysfs_power, fs_type, sysfs_type;
+type sysfs_rtc, fs_type, sysfs_type;
+type sysfs_switch, fs_type, sysfs_type;
type sysfs_usb, sysfs_type, file_type, mlstrustedobject;
+type sysfs_wakeup_reasons, fs_type, sysfs_type;
type sysfs_fs_ext4_features, sysfs_type, fs_type;
type configfs, fs_type;
# /sys/devices/system/cpu
@@ -198,7 +215,6 @@
type net_data_file, file_type, data_file_type, core_data_file_type;
type nfc_data_file, file_type, data_file_type, core_data_file_type;
type radio_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
-type reboot_data_file, file_type, data_file_type, core_data_file_type;
type recovery_data_file, file_type, data_file_type, core_data_file_type;
type shared_relro_file, file_type, data_file_type, core_data_file_type;
type systemkeys_data_file, file_type, data_file_type, core_data_file_type;
diff --git a/public/fsck.te b/public/fsck.te
index b682a87..7cc7e8b 100644
--- a/public/fsck.te
+++ b/public/fsck.te
@@ -30,7 +30,10 @@
# major/minor values.
allow fsck dev_type:blk_file getattr;
-r_dir_file(fsck, proc)
+allow fsck {
+ proc_mounts
+ proc_swaps
+}:file r_file_perms;
allow fsck rootfs:dir r_dir_perms;
###
diff --git a/public/fsck_untrusted.te b/public/fsck_untrusted.te
index e2aceb8..8510c94 100644
--- a/public/fsck_untrusted.te
+++ b/public/fsck_untrusted.te
@@ -12,7 +12,7 @@
allow fsck_untrusted block_device:dir search;
allow fsck_untrusted vold_device:blk_file rw_file_perms;
-r_dir_file(fsck_untrusted, proc)
+allow fsck_untrusted proc_mounts:file r_file_perms;
# To determine if it is safe to run fsck on a filesystem, e2fsck
# must first determine if the filesystem is mounted. To do that,
diff --git a/public/hal_audio.te b/public/hal_audio.te
index 33330bf..6a436bd 100644
--- a/public/hal_audio.te
+++ b/public/hal_audio.te
@@ -14,6 +14,7 @@
')
r_dir_file(hal_audio, proc)
+r_dir_file(hal_audio, proc_asound)
allow hal_audio audio_device:dir r_dir_perms;
allow hal_audio audio_device:chr_file rw_file_perms;
diff --git a/public/hal_cas.te b/public/hal_cas.te
index fd5d63b..b4801c5 100644
--- a/public/hal_cas.te
+++ b/public/hal_cas.te
@@ -10,9 +10,7 @@
get_prop(hal_cas, serialno_prop)
# Read files already opened under /data
-allow hal_cas system_data_file:dir { search getattr };
allow hal_cas system_data_file:file { getattr read };
-allow hal_cas system_data_file:lnk_file r_file_perms;
# Read access to pseudo filesystems
r_dir_file(hal_cas, cgroup)
diff --git a/public/hal_drm.te b/public/hal_drm.te
index 5a6bf5c..666b1ba 100644
--- a/public/hal_drm.te
+++ b/public/hal_drm.te
@@ -19,9 +19,7 @@
allow hal_drm system_file:lnk_file r_file_perms;
# Read files already opened under /data
-allow hal_drm system_data_file:dir { search getattr };
allow hal_drm system_data_file:file { getattr read };
-allow hal_drm system_data_file:lnk_file r_file_perms;
# Read access to pseudo filesystems
r_dir_file(hal_drm, cgroup)
diff --git a/public/hal_lowpan.te b/public/hal_lowpan.te
new file mode 100644
index 0000000..af491b1
--- /dev/null
+++ b/public/hal_lowpan.te
@@ -0,0 +1,21 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_lowpan_client, hal_lowpan_server)
+binder_call(hal_lowpan_server, hal_lowpan_client)
+
+add_hwservice(hal_lowpan_server, hal_lowpan_hwservice)
+
+# Allow hal_lowpan_client to be able to find the hal_lowpan_server
+allow hal_lowpan_client hal_lowpan_hwservice:hwservice_manager find;
+
+# hal_lowpan domain can write/read to/from lowpan_prop
+set_prop(hal_lowpan_server, lowpan_prop)
+
+# Allow hal_lowpan_server to open lowpan_devices
+allow hal_lowpan_server lowpan_device:chr_file rw_file_perms;
+
+###
+### neverallow rules
+###
+
+# Only LoWPAN HAL may directly access LoWPAN hardware
+neverallow { domain -hal_lowpan_server -init -ueventd } lowpan_device:chr_file ~getattr;
diff --git a/public/hwservice.te b/public/hwservice.te
index 97b9b8d..19a7205 100644
--- a/public/hwservice.te
+++ b/public/hwservice.te
@@ -22,6 +22,7 @@
type hal_ir_hwservice, hwservice_manager_type;
type hal_keymaster_hwservice, hwservice_manager_type;
type hal_light_hwservice, hwservice_manager_type;
+type hal_lowpan_hwservice, hwservice_manager_type;
type hal_memtrack_hwservice, hwservice_manager_type;
type hal_neuralnetworks_hwservice, hwservice_manager_type;
type hal_nfc_hwservice, hwservice_manager_type;
diff --git a/public/init.te b/public/init.te
index e6162a9..db2ce43 100644
--- a/public/init.te
+++ b/public/init.te
@@ -37,6 +37,7 @@
# restorecon for early mount device symlinks
allow init tmpfs:lnk_file { getattr read relabelfrom };
allow init system_block_device:{ blk_file lnk_file } relabelto;
+allow init misc_block_device:{ blk_file lnk_file } relabelto;
# setrlimit
allow init self:capability sys_resource;
@@ -270,6 +271,12 @@
# Read /proc/stat for bootchart.
allow init proc_stat:file r_file_perms;
+# Read /proc/version.
+allow init proc_version:file r_file_perms;
+
+# Read /proc/cmdline
+allow init proc_cmdline:file r_file_perms;
+
# Reboot.
allow init self:capability sys_boot;
diff --git a/public/installd.te b/public/installd.te
index 939a481..1ef1225 100644
--- a/public/installd.te
+++ b/public/installd.te
@@ -45,7 +45,7 @@
# and lib symlinks before the setfilecon call. May want to
# move symlink creation after setfilecon in installd.
allow installd system_data_file:dir create_dir_perms;
-allow installd system_data_file:lnk_file { create setattr unlink };
+allow installd system_data_file:lnk_file { create getattr setattr unlink };
# Upgrade /data/media for multi-user if necessary.
allow installd media_rw_data_file:dir create_dir_perms;
diff --git a/public/ioctl_defines b/public/ioctl_defines
index a1cd0b9..4097fb9 100644
--- a/public/ioctl_defines
+++ b/public/ioctl_defines
@@ -405,7 +405,7 @@
define(`TCFLSH', `0x0000540b')
define(`TIOCEXCL', `0x0000540c')
define(`TIOCNXCL', `0x0000540d')
-define(`TIOCSCTTY', `0x0000540e')
+define(`TIOCSCTTY', ifelse(target_arch, mips, 0x00005480, 0x0000540e))
define(`TIOCGPGRP', `0x0000540f')
define(`TIOCSPGRP', `0x00005410')
define(`TIOCOUTQ', ifelse(target_arch, mips, 0x00007472, 0x00005411))
diff --git a/public/kernel.te b/public/kernel.te
index 7f5d224..74c77a9 100644
--- a/public/kernel.te
+++ b/public/kernel.te
@@ -5,7 +5,7 @@
# Root fs.
r_dir_file(kernel, rootfs)
-r_dir_file(kernel, proc)
+allow kernel proc_cmdline:file r_file_perms;
# Get SELinux enforcing status.
allow kernel selinuxfs:dir r_dir_perms;
diff --git a/public/lmkd.te b/public/lmkd.te
index 208720c..0ff9518 100644
--- a/public/lmkd.te
+++ b/public/lmkd.te
@@ -18,7 +18,7 @@
allow lmkd system_server:file write;
## Writes to /sys/module/lowmemorykiller/parameters/minfree
-r_dir_file(lmkd, sysfs_type)
+r_dir_file(lmkd, sysfs_lowmemorykiller)
allow lmkd sysfs_lowmemorykiller:file w_file_perms;
# Send kill signals
diff --git a/public/logd.te b/public/logd.te
index 62bff97..c47bfd7 100644
--- a/public/logd.te
+++ b/public/logd.te
@@ -4,7 +4,7 @@
# Read access to pseudo filesystems.
r_dir_file(logd, cgroup)
-r_dir_file(logd, proc)
+r_dir_file(logd, proc_kmsg)
r_dir_file(logd, proc_meminfo)
r_dir_file(logd, proc_net)
diff --git a/public/mediaextractor.te b/public/mediaextractor.te
index 05e65bf..f8e8a6b 100644
--- a/public/mediaextractor.te
+++ b/public/mediaextractor.te
@@ -22,6 +22,9 @@
crash_dump_fallback(mediaextractor)
+# Suppress denials from sdcardfs (b/67454004)
+dontaudit mediaextractor sdcardfs:file read;
+
# allow mediaextractor read permissions for file sources
allow mediaextractor media_rw_data_file:file { getattr read };
allow mediaextractor app_data_file:file { getattr read };
@@ -50,3 +53,11 @@
# Lengthier explanation here:
# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
neverallow mediaextractor domain:{ tcp_socket udp_socket rawip_socket } *;
+
+# mediaextractor should not be opening /data files directly. Any files
+# it touches (with a few exceptions) need to be passed to it via a file
+# descriptor opened outside the process.
+neverallow mediaextractor {
+ data_file_type
+ -zoneinfo_data_file # time zone data from /data/misc/zoneinfo
+}:file open;
diff --git a/public/property.te b/public/property.te
index 95efcaa..713dc83 100644
--- a/public/property.te
+++ b/public/property.te
@@ -1,6 +1,7 @@
type audio_prop, property_type, core_property_type;
type boottime_prop, property_type;
type bluetooth_prop, property_type;
+type bootloader_boot_reason_prop, property_type;
type config_prop, property_type, core_property_type;
type cppreopt_prop, property_type, core_property_type;
type ctl_bootanim_prop, property_type;
@@ -23,10 +24,12 @@
type fingerprint_prop, property_type, core_property_type;
type firstboot_prop, property_type;
type hwservicemanager_prop, property_type;
+type last_boot_reason_prop, property_type;
type logd_prop, property_type, core_property_type;
type logpersistd_logging_prop, property_type;
type log_prop, property_type, log_property_type;
type log_tag_prop, property_type, log_property_type;
+type lowpan_prop, property_type;
type mmc_prop, property_type;
type net_dns_prop, property_type;
type net_radio_prop, property_type, core_property_type;
@@ -42,6 +45,7 @@
type safemode_prop, property_type;
type serialno_prop, property_type;
type shell_prop, property_type, core_property_type;
+type system_boot_reason_prop, property_type;
type system_prop, property_type, core_property_type;
type system_radio_prop, property_type, core_property_type;
type vold_prop, property_type, core_property_type;
diff --git a/public/recovery.te b/public/recovery.te
index fe0b20e..5f7a475 100644
--- a/public/recovery.te
+++ b/public/recovery.te
@@ -118,6 +118,9 @@
# Set sys.usb.ffs.ready when starting minadbd for sideload.
set_prop(recovery, ffs_prop)
+ # Read ro.boot.bootreason
+ get_prop(recovery, bootloader_boot_reason_prop)
+
# Use setfscreatecon() to label files for OTA updates.
allow recovery self:process setfscreate;
@@ -131,6 +134,8 @@
# This line seems suspect, as it should not really need to
# set scheduling parameters for a kernel domain task.
allow recovery kernel:process setsched;
+
+ allow recovery proc_cmdline:file r_file_perms;
')
###
diff --git a/public/rild.te b/public/rild.te
index 59cfd90..4244ff3 100644
--- a/public/rild.te
+++ b/public/rild.te
@@ -34,7 +34,6 @@
# Access to wake locks
wakelock_use(rild)
-r_dir_file(rild, proc)
r_dir_file(rild, proc_net)
r_dir_file(rild, sysfs_type)
r_dir_file(rild, system_file)
diff --git a/public/runas.te b/public/runas.te
index 12c4181..ca6f4f6 100644
--- a/public/runas.te
+++ b/public/runas.te
@@ -12,6 +12,10 @@
# run-as reads package information.
allow runas system_data_file:file r_file_perms;
+allow runas system_data_file:lnk_file getattr;
+
+# The app's data dir may be accessed through a symlink.
+allow runas system_data_file:lnk_file read;
# run-as checks and changes to the app data dir.
dontaudit runas self:capability dac_override;
diff --git a/public/sdcardd.te b/public/sdcardd.te
index 47a2f80..2af6410 100644
--- a/public/sdcardd.te
+++ b/public/sdcardd.te
@@ -32,7 +32,7 @@
allow sdcardd mnt_expand_file:dir search;
# access /proc/filesystems
-allow sdcardd proc:file r_file_perms;
+allow sdcardd proc_filesystems:file r_file_perms;
###
### neverallow rules
diff --git a/public/service.te b/public/service.te
index e97b864..068ea4e 100644
--- a/public/service.te
+++ b/public/service.te
@@ -27,6 +27,7 @@
type thermal_service, service_manager_type;
type update_engine_service, service_manager_type;
type virtual_touchpad_service, service_manager_type;
+type vold_service, service_manager_type;
type vr_hwc_service, service_manager_type;
# system_server_services broken down
@@ -71,6 +72,7 @@
type DockObserver_service, system_server_service, service_manager_type;
type dreams_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type dropbox_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type lowpan_service, system_api_service, system_server_service, service_manager_type;
type ethernet_service, app_api_service, system_server_service, service_manager_type;
type fingerprint_service, app_api_service, system_server_service, service_manager_type;
type gfxinfo_service, system_api_service, system_server_service, service_manager_type;
diff --git a/public/shared_relro.te b/public/shared_relro.te
index 91cf44d..8fe1fea 100644
--- a/public/shared_relro.te
+++ b/public/shared_relro.te
@@ -6,4 +6,5 @@
allow shared_relro shared_relro_file:file create_file_perms;
# Needs to contact the "webviewupdate" and "activity" services
+allow shared_relro activity_service:service_manager find;
allow shared_relro webviewupdate_service:service_manager find;
diff --git a/public/shell.te b/public/shell.te
index 9540cca..4ac6638 100644
--- a/public/shell.te
+++ b/public/shell.te
@@ -79,12 +79,26 @@
# Read state of logging-related properties
get_prop(shell, device_logging_prop)
+# Read state of boot reason properties
+get_prop(shell, bootloader_boot_reason_prop)
+get_prop(shell, last_boot_reason_prop)
+get_prop(shell, system_boot_reason_prop)
+
# allow shell access to services
allow shell servicemanager:service_manager list;
# don't allow shell to access GateKeeper service
# TODO: why is this so broad? Tightening candidate? It needs at list:
# - dumpstate_service (so it can receive dumpstate progress updates)
-allow shell { service_manager_type -gatekeeper_service -incident_service -installd_service -netd_service -virtual_touchpad_service -vr_hwc_service }:service_manager find;
+allow shell {
+ service_manager_type
+ -gatekeeper_service
+ -incident_service
+ -installd_service
+ -netd_service
+ -virtual_touchpad_service
+ -vold_service
+ -vr_hwc_service
+}:service_manager find;
allow shell dumpstate:binder call;
# allow shell to get information from hwservicemanager
@@ -128,8 +142,9 @@
allow shell self:process ptrace;
# allow shell to get battery info
-allow shell sysfs_batteryinfo:file r_file_perms;
allow shell sysfs:dir r_dir_perms;
+allow shell sysfs_batteryinfo:dir r_dir_perms;
+allow shell sysfs_batteryinfo:file r_file_perms;
# Allow access to ion memory allocation device.
allow shell ion_device:chr_file rw_file_perms;
diff --git a/public/su.te b/public/su.te
index 8ddd162..88065f6 100644
--- a/public/su.te
+++ b/public/su.te
@@ -50,4 +50,47 @@
dontaudit su domain:drmservice *;
dontaudit su unlabeled:filesystem *;
dontaudit su postinstall_file:filesystem *;
+
+ # VTS tests run in the permissive su domain on debug builds, but the HALs
+ # being tested run in enforcing mode. Because hal_foo_server is enforcing
+ # su needs to be declared as hal_foo_client to grant hal_foo_server
+ # permission to interact with it.
+ typeattribute su halclientdomain;
+ typeattribute su hal_allocator_client;
+ typeattribute su hal_audio_client;
+ typeattribute su hal_bluetooth_client;
+ typeattribute su hal_bootctl_client;
+ typeattribute su hal_camera_client;
+ typeattribute su hal_configstore_client;
+ typeattribute su hal_contexthub_client;
+ typeattribute su hal_drm_client;
+ typeattribute su hal_cas_client;
+ typeattribute su hal_dumpstate_client;
+ typeattribute su hal_fingerprint_client;
+ typeattribute su hal_gatekeeper_client;
+ typeattribute su hal_gnss_client;
+ typeattribute su hal_graphics_allocator_client;
+ typeattribute su hal_graphics_composer_client;
+ typeattribute su hal_health_client;
+ typeattribute su hal_ir_client;
+ typeattribute su hal_keymaster_client;
+ typeattribute su hal_light_client;
+ typeattribute su hal_memtrack_client;
+ typeattribute su hal_neuralnetworks_client;
+ typeattribute su hal_nfc_client;
+ typeattribute su hal_oemlock_client;
+ typeattribute su hal_power_client;
+ typeattribute su hal_sensors_client;
+ typeattribute su hal_telephony_client;
+ typeattribute su hal_tetheroffload_client;
+ typeattribute su hal_thermal_client;
+ typeattribute su hal_tv_cec_client;
+ typeattribute su hal_tv_input_client;
+ typeattribute su hal_usb_client;
+ typeattribute su hal_vibrator_client;
+ typeattribute su hal_vr_client;
+ typeattribute su hal_weaver_client;
+ typeattribute su hal_wifi_client;
+ typeattribute su hal_wifi_offload_client;
+ typeattribute su hal_wifi_supplicant_client;
')
diff --git a/public/te_macros b/public/te_macros
index cac977b..0fdd9be 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -176,6 +176,8 @@
tmpfs_domain($1)
# Map with PROT_EXEC.
allow $1 $1_tmpfs:file execute;
+neverallow { $1 -shell } { domain -$1 }:file no_rw_file_perms;
+neverallow { appdomain -shell -$1 } $1:file no_rw_file_perms;
')
#####################################
@@ -200,6 +202,22 @@
')
#####################################
+# hal_attribute(hal_name)
+# Add an attribute for hal implementations along with necessary
+# restrictions.
+define(`hal_attribute', `
+attribute hal_$1;
+expandattribute hal_$1 true;
+attribute hal_$1_client;
+expandattribute hal_$1_client true;
+attribute hal_$1_server;
+expandattribute hal_$1_server false;
+
+neverallow { hal_$1_client -halclientdomain } domain:process fork;
+neverallow { hal_$1_server -halserverdomain } domain:process fork;
+')
+
+#####################################
# hal_server_domain(domain, hal_type)
# Allow a base set of permissions required for a domain to offer a
# HAL implementation of the specified type over HwBinder.
diff --git a/public/thermalserviced.te b/public/thermalserviced.te
index 5b6025c..00e0071 100644
--- a/public/thermalserviced.te
+++ b/public/thermalserviced.te
@@ -9,3 +9,5 @@
hwbinder_use(thermalserviced)
hal_client_domain(thermalserviced, hal_thermal)
add_hwservice(thermalserviced, thermalcallback_hwservice)
+
+binder_call(thermalserviced, platform_app)
diff --git a/public/uncrypt.te b/public/uncrypt.te
index d10eb39..4437ab7 100644
--- a/public/uncrypt.te
+++ b/public/uncrypt.te
@@ -37,3 +37,9 @@
allow uncrypt userdata_block_device:blk_file w_file_perms;
r_dir_file(uncrypt, rootfs)
+
+# uncrypt reads /proc/cmdline
+allow uncrypt proc_cmdline:file r_file_perms;
+
+# Read files in /sys
+r_dir_file(uncrypt, sysfs)
diff --git a/public/update_engine.te b/public/update_engine.te
index b8f0035..f67afc2 100644
--- a/public/update_engine.te
+++ b/public/update_engine.te
@@ -39,3 +39,13 @@
# Use Boot Control HAL
hal_client_domain(update_engine, hal_bootctl)
+
+# access /proc/misc and /proc/sys/kernel/random/boot_id
+allow update_engine proc:file r_file_perms;
+allow update_engine proc_misc:file r_file_perms;
+
+# read directories on /system and /vendor
+allow update_engine system_file:dir r_dir_perms;
+
+# Read files in /sys
+r_dir_file(update_engine, sysfs)
diff --git a/public/update_engine_common.te b/public/update_engine_common.te
index e9bf24f..61d393a 100644
--- a/public/update_engine_common.te
+++ b/public/update_engine_common.te
@@ -37,12 +37,3 @@
# Allow update_engine_common to suspend, resume and kill the postinstall program.
allow update_engine_common postinstall:process { signal sigstop sigkill };
-
-# access /proc/misc
-# Access is also granted to proc:file, but it is likely unneeded
-# due to the more specific grant to proc_misc immediately below.
-allow update_engine proc:file r_file_perms; # delete candidate
-allow update_engine proc_misc:file r_file_perms;
-
-# read directories on /system and /vendor
-allow update_engine system_file:dir r_dir_perms;
diff --git a/public/update_verifier.te b/public/update_verifier.te
index 4d4e1f9..5d20eca 100644
--- a/public/update_verifier.te
+++ b/public/update_verifier.te
@@ -9,9 +9,21 @@
allow update_verifier ota_package_file:dir r_dir_perms;
allow update_verifier ota_package_file:file r_file_perms;
-# Read all blocks in dm wrapped system partition.
+# Read /sys/block to find all the DM directories like (/sys/block/dm-X).
+allow update_verifier sysfs:dir r_dir_perms;
+
+# Read /sys/block/dm-X/dm/name (which is a symlink to
+# /sys/devices/virtual/block/dm-X/dm/name) to identify the mapping between
+# dm-X and system/vendor partitions.
+allow update_verifier sysfs_dm:dir r_dir_perms;
+allow update_verifier sysfs_dm:file r_file_perms;
+
+# Read all blocks in DM wrapped system partition.
allow update_verifier dm_device:blk_file r_file_perms;
+# Write to kernel message.
+allow update_verifier kmsg_device:chr_file w_file_perms;
+
# Allow update_verifier to reboot the device.
set_prop(update_verifier, powerctl_prop)
diff --git a/public/vdc.te b/public/vdc.te
index 53d7bbe..75a5d1b 100644
--- a/public/vdc.te
+++ b/public/vdc.te
@@ -8,16 +8,20 @@
type vdc, domain;
type vdc_exec, exec_type, file_type;
+# TODO: remove as part of 13758960
unix_socket_connect(vdc, vold, vold)
# vdc sends information back to dumpstate when "adb bugreport" is used
+# TODO: remove as part of 13758960
allow vdc dumpstate:fd use;
allow vdc dumpstate:unix_stream_socket { read write getattr };
# vdc information is written to shell owned bugreport files
+# TODO: remove as part of 13758960
allow vdc shell_data_file:file { write getattr };
# Why?
+# TODO: remove as part of 13758960
allow vdc dumpstate:unix_dgram_socket { read write };
# vdc can be invoked with logwrapper, so let it write to pty
@@ -25,3 +29,8 @@
# vdc writes directly to kmsg during the boot process
allow vdc kmsg_device:chr_file w_file_perms;
+
+# vdc talks to vold over Binder
+binder_use(vdc)
+binder_call(vdc, vold)
+allow vdc vold_service:service_manager find;
diff --git a/public/vold.te b/public/vold.te
index 836db5f..71932df 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -8,16 +8,23 @@
allow vold cache_file:lnk_file r_file_perms;
# Read access to pseudo filesystems.
-r_dir_file(vold, proc)
r_dir_file(vold, proc_net)
r_dir_file(vold, sysfs_type)
# XXX Label sysfs files with a specific type?
allow vold sysfs:file w_file_perms;
+allow vold sysfs_dm:file w_file_perms;
allow vold sysfs_usb:file w_file_perms;
allow vold sysfs_zram_uevent:file w_file_perms;
r_dir_file(vold, rootfs)
-allow vold proc_meminfo:file r_file_perms;
+allow vold {
+ proc # b/67049235 processes /proc/<pid>/* files are mislabeled.
+ proc_cmdline
+ proc_drop_caches
+ proc_filesystems
+ proc_meminfo
+ proc_mounts
+}:file r_file_perms;
#Get file contexts
allow vold file_contexts_file:file r_file_perms;
@@ -107,6 +114,10 @@
# Create and mount on /data/tmp_mnt and management of expansion mounts
allow vold system_data_file:dir { create rw_dir_perms mounton setattr rmdir };
+allow vold system_data_file:lnk_file getattr;
+
+# for secdiscard
+allow vold system_data_file:file read;
# Set scheduling policy of kernel processes
allow vold kernel:process setsched;
@@ -131,8 +142,15 @@
# Handle wake locks (used for device encryption)
wakelock_use(vold)
-# talk to batteryservice
+# Allow vold to publish a binder service and make binder calls.
binder_use(vold)
+add_service(vold, vold_service)
+
+# Allow vold to call into the system server so it can check permissions.
+binder_call(vold, system_server)
+allow vold permission_service:service_manager find;
+
+# talk to batteryservice
binder_call(vold, healthd)
# talk to keymaster
@@ -187,4 +205,19 @@
neverallow { domain -vold -init -kernel } vold_data_file:notdevfile_class_set *;
neverallow { domain -vold -init } restorecon_prop:property_service set;
+# Only system_server and vdc can interact with vold over binder
+neverallow { domain -system_server -vdc -vold } vold_service:service_manager find;
+neverallow vold {
+ domain
+ -hal_keymaster
+ -healthd
+ -hwservicemanager
+ -servicemanager
+ -system_server
+ userdebug_or_eng(`-su')
+}:binder call;
+
neverallow vold fsck_exec:file execute_no_trans;
+neverallow { domain -init } vold:process { transition dyntransition };
+neverallow vold *:process ptrace;
+neverallow vold *:rawip_socket *;
diff --git a/tests/Android.bp b/tests/Android.bp
index 19aca9c..144b995 100644
--- a/tests/Android.bp
+++ b/tests/Android.bp
@@ -1,34 +1,62 @@
cc_library_host_shared {
name: "libsepolwrap",
srcs: ["sepol_wrap.cpp"],
- shared_libs: ["libbase", "libsepol"],
cflags: ["-Wall", "-Werror",],
export_include_dirs: ["include"],
+
+ // libsepolwrap gets loaded from the system python, which does not have the
+ // ASAN runtime. So turn off sanitization for ourself, and use static
+ // libraries, since the shared libraries will use ASAN.
+ static_libs: [
+ "libbase",
+ "libsepol",
+ ],
+ stl: "libc++_static",
+ sanitize: {
+ never: true,
+ },
}
-cc_prebuilt_binary {
- name: "mini_parser.py",
- srcs: ["mini_parser.py"],
- host_supported: true,
+python_defaults {
+ name: "py2_only",
+ version: {
+ py2: {
+ embedded_launcher: true,
+ enabled: true,
+ },
+ py3: {
+ enabled: false,
+ },
+ },
}
-cc_prebuilt_binary {
- name: "policy.py",
- srcs: ["policy.py"],
- host_supported: true,
+python_binary_host {
+ name: "treble_sepolicy_tests",
+ srcs: [
+ "treble_sepolicy_tests.py",
+ "mini_parser.py",
+ "policy.py",
+ ],
required: ["libsepolwrap"],
+ defaults: ["py2_only"],
}
-cc_prebuilt_binary {
- name: "treble_sepolicy_tests.py",
- srcs: ["treble_sepolicy_tests.py"],
- host_supported: true,
- required: ["mini_parser.py", "policy.py"],
+python_binary_host {
+ name: "sepolicy_tests",
+ srcs: [
+ "sepolicy_tests.py",
+ "policy.py",
+ ],
+ required: ["libsepolwrap"],
+ defaults: ["py2_only"],
}
-cc_prebuilt_binary {
- name: "sepolicy_tests.py",
- srcs: ["sepolicy_tests.py"],
- host_supported: true,
- required: ["policy.py"],
+python_binary_host {
+ name: "searchpolicy",
+ srcs: [
+ "searchpolicy.py",
+ "policy.py",
+ ],
+ required: ["libsepolwrap"],
+ defaults: ["py2_only"],
}
diff --git a/tests/include/sepol_wrap.h b/tests/include/sepol_wrap.h
index 5615913..2357421 100644
--- a/tests/include/sepol_wrap.h
+++ b/tests/include/sepol_wrap.h
@@ -9,6 +9,9 @@
void *init_avtab(void *policydbp);
void *init_cond_avtab(void *policydbp);
void destroy_avtab(void *avtab_iterp);
+void *init_expanded_avtab(void *policydbp);
+void *init_expanded_cond_avtab(void *policydbp);
+void destroy_expanded_avtab(void *avtab_iterp);
int get_type(char *out, size_t max_size, void *policydbp, void *type_iterp);
void *init_type_iter(void *policydbp, const char *type, bool is_attr);
void destroy_type_iter(void *type_iterp);
diff --git a/tests/policy.py b/tests/policy.py
index b8a3621..2c4b0a6 100644
--- a/tests/policy.py
+++ b/tests/policy.py
@@ -2,6 +2,7 @@
import re
import os
import sys
+import platform
###
# Check whether the regex will match a file path starting with the provided
@@ -41,7 +42,8 @@
self.rule = rule
class Policy:
- __Rules = None
+ __ExpandedRules = set()
+ __Rules = set()
__FcDict = None
__libsepolwrap = None
__policydbP = None
@@ -97,6 +99,50 @@
self.__libsepolwrap.destroy_type_iter(TypeIterP)
return TypeAttr
+ def __TERuleMatch(self, Rule, **kwargs):
+ # Match source type
+ if ("scontext" in kwargs and
+ len(kwargs['scontext']) > 0 and
+ Rule.sctx not in kwargs['scontext']):
+ return False
+ # Match target type
+ if ("tcontext" in kwargs and
+ len(kwargs['tcontext']) > 0 and
+ Rule.tctx not in kwargs['tcontext']):
+ return False
+ # Match target class
+ if ("tclass" in kwargs and
+ len(kwargs['tclass']) > 0 and
+ not bool(set([Rule.tclass]) & kwargs['tclass'])):
+ return False
+ # Match any perms
+ if ("perms" in kwargs and
+ len(kwargs['perms']) > 0 and
+ not bool(Rule.perms & kwargs['perms'])):
+ return False
+ return True
+
+ # resolve a type to its attributes or
+ # resolve an attribute to its types and attributes
+ # For example if scontext is the domain attribute, then we need to
+ # include all types with the domain attribute such as untrusted_app and
+ # priv_app and all the attributes of those types such as appdomain.
+ def ResolveTypeAttribute(self, Type):
+ types = self.GetAllTypes(False)
+ attributes = self.GetAllTypes(True)
+
+ if Type in types:
+ return self.QueryTypeAttribute(Type, False)
+ elif Type in attributes:
+ TypesAndAttributes = set()
+ Types = self.QueryTypeAttribute(Type, True)
+ TypesAndAttributes |= Types
+ for T in Types:
+ TypesAndAttributes |= self.QueryTypeAttribute(T, False)
+ return TypesAndAttributes
+ else:
+ return set()
+
# Return all TERules that match:
# (any scontext) or (any tcontext) or (any tclass) or (any perms),
# perms.
@@ -106,23 +152,32 @@
# Will return any rule with:
# (tcontext="foo" or tcontext="bar") and ("entrypoint" in perms)
def QueryTERule(self, **kwargs):
- if self.__Rules is None:
+ if len(self.__Rules) == 0:
self.__InitTERules()
- for Rule in self.__Rules:
- # Match source type
- if "scontext" in kwargs and Rule.sctx not in kwargs['scontext']:
- continue
- # Match target type
- if "tcontext" in kwargs and Rule.tctx not in kwargs['tcontext']:
- continue
- # Match target class
- if "tclass" in kwargs and Rule.tclass not in kwargs['tclass']:
- continue
- # Match any perms
- if "perms" in kwargs and not bool(Rule.perms & set(kwargs['perms'])):
- continue
- yield Rule
+ # add any matching types and attributes for scontext and tcontext
+ if ("scontext" in kwargs and len(kwargs['scontext']) > 0):
+ scontext = set()
+ for sctx in kwargs['scontext']:
+ scontext |= self.ResolveTypeAttribute(sctx)
+ kwargs['scontext'] = scontext
+ if ("tcontext" in kwargs and len(kwargs['tcontext']) > 0):
+ tcontext = set()
+ for tctx in kwargs['tcontext']:
+ tcontext |= self.ResolveTypeAttribute(tctx)
+ kwargs['tcontext'] = tcontext
+ for Rule in self.__Rules:
+ if self.__TERuleMatch(Rule, **kwargs):
+ yield Rule
+
+ # Same as QueryTERule but only using the expanded ruleset.
+ # i.e. all attributes have been expanded to their various types.
+ def QueryExpandedTERule(self, **kwargs):
+ if len(self.__ExpandedRules) == 0:
+ self.__InitExpandedTERules()
+ for Rule in self.__ExpandedRules:
+ if self.__TERuleMatch(Rule, **kwargs):
+ yield Rule
def GetAllTypes(self, isAttr):
TypeIterP = self.__libsepolwrap.init_type_iter(self.__policydbP, None, isAttr)
@@ -155,9 +210,9 @@
return Types
- def __GetTERules(self, policydbP, avtabIterP):
- if self.__Rules is None:
- self.__Rules = set()
+ def __GetTERules(self, policydbP, avtabIterP, Rules):
+ if Rules is None:
+ Rules = set()
buf = create_string_buffer(self.__BUFSIZE)
ret = 0
while True:
@@ -165,7 +220,7 @@
policydbP, avtabIterP)
if ret == 0:
Rule = TERule(buf.value)
- self.__Rules.add(Rule)
+ Rules.add(Rule)
continue
if ret == 1:
break;
@@ -176,22 +231,29 @@
avtabIterP = self.__libsepolwrap.init_avtab(self.__policydbP)
if (avtabIterP == None):
sys.exit("Failed to initialize avtab")
- self.__GetTERules(self.__policydbP, avtabIterP)
+ self.__GetTERules(self.__policydbP, avtabIterP, self.__Rules)
self.__libsepolwrap.destroy_avtab(avtabIterP)
avtabIterP = self.__libsepolwrap.init_cond_avtab(self.__policydbP)
if (avtabIterP == None):
sys.exit("Failed to initialize conditional avtab")
- self.__GetTERules(self.__policydbP, avtabIterP)
+ self.__GetTERules(self.__policydbP, avtabIterP, self.__Rules)
self.__libsepolwrap.destroy_avtab(avtabIterP)
+ def __InitExpandedTERules(self):
+ avtabIterP = self.__libsepolwrap.init_expanded_avtab(self.__policydbP)
+ if (avtabIterP == None):
+ sys.exit("Failed to initialize avtab")
+ self.__GetTERules(self.__policydbP, avtabIterP, self.__ExpandedRules)
+ self.__libsepolwrap.destroy_expanded_avtab(avtabIterP)
+ avtabIterP = self.__libsepolwrap.init_expanded_cond_avtab(self.__policydbP)
+ if (avtabIterP == None):
+ sys.exit("Failed to initialize conditional avtab")
+ self.__GetTERules(self.__policydbP, avtabIterP, self.__ExpandedRules)
+ self.__libsepolwrap.destroy_expanded_avtab(avtabIterP)
+
# load ctypes-ified libsepol wrapper
def __InitLibsepolwrap(self, LibPath):
- if "linux" in sys.platform:
- lib = CDLL(LibPath + "/libsepolwrap.so")
- elif "darwin" in sys.platform:
- lib = CDLL(LibPath + "/libsepolwrap.dylib")
- else:
- sys.exit("only Linux and Mac currrently supported")
+ lib = CDLL(LibPath)
# int get_allow_rule(char *out, size_t len, void *policydbp, void *avtab_iterp);
lib.get_allow_rule.restype = c_int
@@ -201,6 +263,14 @@
lib.load_policy.argtypes = [c_char_p]
# void destroy_policy(void *policydbp);
lib.destroy_policy.argtypes = [c_void_p]
+ # void *init_expanded_avtab(void *policydbp);
+ lib.init_expanded_avtab.restype = c_void_p
+ lib.init_expanded_avtab.argtypes = [c_void_p]
+ # void *init_expanded_cond_avtab(void *policydbp);
+ lib.init_expanded_cond_avtab.restype = c_void_p
+ lib.init_expanded_cond_avtab.argtypes = [c_void_p]
+ # void destroy_expanded_avtab(void *avtab_iterp);
+ lib.destroy_expanded_avtab.argtypes = [c_void_p]
# void *init_avtab(void *policydbp);
lib.init_avtab.restype = c_void_p
lib.init_avtab.argtypes = [c_void_p]
diff --git a/tests/searchpolicy.py b/tests/searchpolicy.py
new file mode 100644
index 0000000..ff9318b
--- /dev/null
+++ b/tests/searchpolicy.py
@@ -0,0 +1,73 @@
+#!/usr/bin/env python
+
+import argparse
+import policy
+
+parser = argparse.ArgumentParser(
+ description="SELinux policy rule search tool. Intended to have a similar "
+ + "API as sesearch, but simplified to use only code availabe in AOSP")
+parser.add_argument("policy", help="Path to the SELinux policy to search.", nargs="?")
+parser.add_argument("--libpath", dest="libpath", help="Path to the libsepolwrap.so", nargs="?")
+tertypes = parser.add_argument_group("TE Rule Types")
+tertypes.add_argument("--allow", action="append_const",
+ const="allow", dest="tertypes",
+ help="Search allow rules.")
+expr = parser.add_argument_group("Expressions")
+expr.add_argument("-s", "--source",
+ help="Source type/role of the TE/RBAC rule.")
+expr.add_argument("-t", "--target",
+ help="Target type/role of the TE/RBAC rule.")
+expr.add_argument("-c", "--class", dest="tclass",
+ help="Comma separated list of object classes")
+expr.add_argument("-p", "--perms", metavar="PERMS",
+ help="Comma separated list of permissions.")
+
+args = parser.parse_args()
+
+if not args.tertypes:
+ parser.error("Must specify \"--allow\"")
+
+if not args.policy:
+ parser.error("Must include path to policy")
+if not args.libpath:
+ parser.error("Must include path to libsepolwrap library")
+
+if not (args.source or args.target or args.tclass or args.perms):
+ parser.error("Must something to filter on, e.g. --source, --target, etc.")
+
+pol = policy.Policy(args.policy, None, args.libpath)
+
+if args.source:
+ scontext = {args.source}
+else:
+ scontext = set()
+if args.target:
+ tcontext = {args.target}
+else:
+ tcontext = set()
+if args.tclass:
+ tclass = set(args.tclass.split(","))
+else:
+ tclass = set()
+if args.perms:
+ perms = set(args.perms.split(","))
+else:
+ perms = set()
+
+TERules = pol.QueryTERule(scontext=scontext,
+ tcontext=tcontext,
+ tclass=tclass,
+ perms=perms)
+
+# format rules for printing
+rules = []
+for r in TERules:
+ if len(r.perms) > 1:
+ rules.append("allow " + r.sctx + " " + r.tctx + ":" + r.tclass + " { " +
+ " ".join(r.perms) + " };")
+ else:
+ rules.append("allow " + r.sctx + " " + r.tctx + ":" + r.tclass + " " +
+ " ".join(r.perms) + ";")
+
+for r in sorted(rules):
+ print r
diff --git a/tests/sepol_wrap.cpp b/tests/sepol_wrap.cpp
index 8fea2d5..d537b7e 100644
--- a/tests/sepol_wrap.cpp
+++ b/tests/sepol_wrap.cpp
@@ -181,7 +181,7 @@
/* items needed to iterate over the avtab */
struct avtab_iter {
- avtab_t avtab;
+ avtab_t *avtab;
uint32_t i;
avtab_ptr_t cur;
};
@@ -198,9 +198,9 @@
{
size_t len;
- for (; avtab_i->i < avtab_i->avtab.nslot; (avtab_i->i)++) {
+ for (; avtab_i->i < avtab_i->avtab->nslot; (avtab_i->i)++) {
if (avtab_i->cur == NULL) {
- avtab_i->cur = avtab_i->avtab.htable[avtab_i->i];
+ avtab_i->cur = avtab_i->avtab->htable[avtab_i->i];
}
for (; avtab_i->cur; avtab_i->cur = (avtab_i->cur)->next) {
if (!((avtab_i->cur)->key.specified & AVTAB_ALLOWED)) continue;
@@ -233,6 +233,37 @@
return get_avtab_allow_rule(out, len, db, avtab_i);
}
+static avtab_iter *init_avtab_common(avtab_t *in)
+{
+ struct avtab_iter *out = (struct avtab_iter *)
+ calloc(1, sizeof(struct avtab_iter));
+ if (!out) {
+ std::cerr << "Failed to allocate avtab iterator" << std::endl;
+ return NULL;
+ }
+
+ out->avtab = in;
+ return out;
+}
+
+void *init_avtab(void *policydbp)
+{
+ policydb_t *p = static_cast<policydb_t *>(policydbp);
+ return static_cast<void *>(init_avtab_common(&p->te_avtab));
+}
+
+void *init_cond_avtab(void *policydbp)
+{
+ policydb_t *p = static_cast<policydb_t *>(policydbp);
+ return static_cast<void *>(init_avtab_common(&p->te_cond_avtab));
+}
+
+void destroy_avtab(void *avtab_iterp)
+{
+ struct avtab_iter *avtab_i = static_cast<struct avtab_iter *>(avtab_iterp);
+ free(avtab_i);
+}
+
/*
* <sepol/policydb/expand.h->conditional.h> uses 'bool' as a variable name
* inside extern "C" { .. } construct, which clang doesn't like.
@@ -240,45 +271,57 @@
*/
extern "C" int expand_avtab(policydb_t *p, avtab_t *a, avtab_t *expa);
-static avtab_iter *init_avtab_common(avtab_t *in, policydb_t *p)
+static avtab_iter *init_expanded_avtab_common(avtab_t *in, policydb_t *p)
{
struct avtab_iter *out = (struct avtab_iter *)
calloc(1, sizeof(struct avtab_iter));
if (!out) {
- std::cerr << "Failed to allocate avtab" << std::endl;
+ std::cerr << "Failed to allocate avtab iterator" << std::endl;
return NULL;
}
- if (avtab_init(&out->avtab)) {
- std::cerr << "Failed to initialize avtab" << std::endl;
+ avtab_t *avtab = (avtab_t *) calloc(1, sizeof(avtab_t));
+
+ if (!avtab) {
+ std::cerr << "Failed to allocate avtab" << std::endl;
free(out);
return NULL;
}
- if (expand_avtab(p, in, &out->avtab)) {
+ out->avtab = avtab;
+ if (avtab_init(out->avtab)) {
+ std::cerr << "Failed to initialize avtab" << std::endl;
+ free(avtab);
+ free(out);
+ return NULL;
+ }
+
+ if (expand_avtab(p, in, out->avtab)) {
std::cerr << "Failed to expand avtab" << std::endl;
+ free(avtab);
free(out);
return NULL;
}
return out;
}
-void *init_avtab(void *policydbp)
+void *init_expanded_avtab(void *policydbp)
{
policydb_t *p = static_cast<policydb_t *>(policydbp);
- return static_cast<void *>(init_avtab_common(&p->te_avtab, p));
+ return static_cast<void *>(init_expanded_avtab_common(&p->te_avtab, p));
}
-void *init_cond_avtab(void *policydbp)
+void *init_expanded_cond_avtab(void *policydbp)
{
policydb_t *p = static_cast<policydb_t *>(policydbp);
- return static_cast<void *>(init_avtab_common(&p->te_cond_avtab, p));
+ return static_cast<void *>(init_expanded_avtab_common(&p->te_cond_avtab, p));
}
-void destroy_avtab(void *avtab_iterp)
+void destroy_expanded_avtab(void *avtab_iterp)
{
struct avtab_iter *avtab_i = static_cast<struct avtab_iter *>(avtab_iterp);
- avtab_destroy(&avtab_i->avtab);
+ avtab_destroy(avtab_i->avtab);
+ free(avtab_i->avtab);
free(avtab_i);
}
diff --git a/tests/sepolicy_tests.py b/tests/sepolicy_tests.py
index 3f93ff4..3edf1f2 100644
--- a/tests/sepolicy_tests.py
+++ b/tests/sepolicy_tests.py
@@ -39,7 +39,8 @@
Tests = ["TestDataTypeViolators"]
if __name__ == '__main__':
- usage = "sepolicy_tests.py -f nonplat_file_contexts -f "
+ usage = "sepolicy_tests -l $(ANDROID_HOST_OUT)/lib64/libsepolwrap.so "
+ usage += "-f nonplat_file_contexts -f "
usage +="plat_file_contexts -p policy [--test test] [--help]"
parser = OptionParser(option_class=MultipleOption, usage=usage)
parser.add_option("-f", "--file_contexts", dest="file_contexts",
@@ -52,7 +53,7 @@
(options, args) = parser.parse_args()
if not options.libpath:
- sys.exit("Must specify path to host libraries\n" + parser.usage)
+ sys.exit("Must specify path to libsepolwrap library\n" + parser.usage)
if not os.path.exists(options.libpath):
sys.exit("Error: library-path " + options.libpath + " does not exist\n"
+ parser.usage)
@@ -74,11 +75,11 @@
results = ""
# If an individual test is not specified, run all tests.
- if options.test is None or "TestDataTypeViolations" in options.tests:
+ if options.test is None or "TestDataTypeViolations" in options.test:
results += TestDataTypeViolations(pol)
- if options.test is None or "TestSysfsTypeViolations" in options.tests:
+ if options.test is None or "TestSysfsTypeViolations" in options.test:
results += TestSysfsTypeViolations(pol)
- if options.test is None or "TestDebugfsTypeViolations" in options.tests:
+ if options.test is None or "TestDebugfsTypeViolations" in options.test:
results += TestDebugfsTypeViolations(pol)
if len(results) > 0:
diff --git a/tests/treble_sepolicy_tests.py b/tests/treble_sepolicy_tests.py
index 58fd85b..ea03731 100644
--- a/tests/treble_sepolicy_tests.py
+++ b/tests/treble_sepolicy_tests.py
@@ -76,6 +76,9 @@
oldalltypes = set()
compatMapping = None
+# Distinguish between PRODUCT_FULL_TREBLE and PRODUCT_FULL_TREBLE_OVERRIDE
+FakeTreble = False
+
def GetAllDomains(pol):
global alldomains
for result in pol.QueryTypeAttribute("domain", True):
@@ -129,7 +132,7 @@
#
def GetDomainEntrypoints(pol):
global alldomains
- for x in pol.QueryTERule(tclass="file", perms=["entrypoint"]):
+ for x in pol.QueryExpandedTERule(tclass=set(["file"]), perms=set(["entrypoint"])):
if not x.sctx in alldomains:
continue
alldomains[x.sctx].entrypoints.append(str(x.tctx))
@@ -172,6 +175,14 @@
GetAllTypes(pol, oldpol)
compatMapping = mapping
+def DomainsWithAttribute(attr):
+ global alldomains
+ domains = []
+ for domain in alldomains:
+ if attr in alldomains[domain].attributes:
+ domains.append(domain)
+ return domains
+
#############################################################
# Tests
#############################################################
@@ -255,6 +266,26 @@
ret = TestNoUnmappedNewTypes()
ret += TestNoUnmappedRmTypes()
return ret
+
+def TestViolatorAttribute(attribute):
+ global FakeTreble
+ ret = ""
+ if FakeTreble:
+ return ret
+
+ violators = DomainsWithAttribute(attribute)
+ if len(violators) > 0:
+ ret += "SELinux: The following domains violate the Treble ban "
+ ret += "against use of the " + attribute + " attribute: "
+ ret += " ".join(str(x) for x in sorted(violators)) + "\n"
+ return ret
+
+def TestViolatorAttributes():
+ ret = TestViolatorAttribute("binder_in_vendor_violators")
+ ret += TestViolatorAttribute("socket_between_core_and_vendor_violators")
+ ret += TestViolatorAttribute("vendor_executes_system_violators")
+ return ret
+
###
# extend OptionParser to allow the same option flag to be used multiple times.
# This is used to allow multiple file_contexts files and tests to be
@@ -273,11 +304,13 @@
Option.take_action(self, action, dest, opt, value, values, parser)
Tests = {"CoredomainViolations": TestCoredomainViolations,
- "TrebleCompatMapping": TestTrebleCompatMapping }
+ "TrebleCompatMapping": TestTrebleCompatMapping,
+ "ViolatorAttributes": TestViolatorAttributes}
if __name__ == '__main__':
- usage = "treble_sepolicy_tests.py -f nonplat_file_contexts -f "
- usage +="plat_file_contexts -p curr_policy -b base_policy -o old_policy "
+ usage = "treble_sepolicy_tests -l $(ANDROID_HOST_OUT)/lib64/libsepolwrap.so "
+ usage += "-f nonplat_file_contexts -f plat_file_contexts "
+ usage += "-p curr_policy -b base_policy -o old_policy "
usage +="-m mapping file [--test test] [--help]"
parser = OptionParser(option_class=MultipleOption, usage=usage)
parser.add_option("-b", "--basepolicy", dest="basepolicy", metavar="FILE")
@@ -288,13 +321,14 @@
parser.add_option("-o", "--oldpolicy", dest="oldpolicy", metavar="FILE")
parser.add_option("-p", "--policy", dest="policy", metavar="FILE")
parser.add_option("-t", "--test", dest="tests", action="extend",
-
help="Test options include "+str(Tests))
+ parser.add_option("--fake-treble", action="store_true", dest="faketreble",
+ default=False)
(options, args) = parser.parse_args()
if not options.libpath:
- sys.exit("Must specify path to host libraries\n" + parser.usage)
+ sys.exit("Must specify path to libsepolwrap library\n" + parser.usage)
if not os.path.exists(options.libpath):
sys.exit("Error: library-path " + options.libpath + " does not exist\n"
+ parser.usage)
@@ -317,6 +351,9 @@
sys.exit("Error: File_contexts file " + f + " does not exist\n" +
parser.usage)
+ if options.faketreble:
+ FakeTreble = True
+
pol = policy.Policy(options.policy, options.file_contexts, options.libpath)
setup(pol)
basepol = policy.Policy(options.basepolicy, None, options.libpath)
diff --git a/tools/fc_sort/fc_sort.c b/tools/fc_sort/fc_sort.c
index 9a3a3ee..fcd62eb 100644
--- a/tools/fc_sort/fc_sort.c
+++ b/tools/fc_sort/fc_sort.c
@@ -507,9 +507,17 @@
(file_context_bucket_t *)
malloc(sizeof(file_context_bucket_t));
if (!(bcurrent->next)) {
- printf
- ("Error: failure allocating memory.\n");
- return -1;
+ // Static analyzer complains about a
+ // memory leak of the memory used by the
+ // list created with bcurrent. We could
+ // try to deallocate it before returning
+ // it but since this is the "main"
+ // routine, it is not worth doing
+ // that. Just silence the static analyzer.
+ // NOLINTNEXTLINE
+ printf
+ ("Error: failure allocating memory.\n");
+ return -1;
}
/* Make sure the new bucket thinks it's the end of the
diff --git a/tools/sepolicy-analyze/neverallow.c b/tools/sepolicy-analyze/neverallow.c
index 26ce144..25e6a0c 100644
--- a/tools/sepolicy-analyze/neverallow.c
+++ b/tools/sepolicy-analyze/neverallow.c
@@ -258,6 +258,7 @@
node->next = classperms;
classperms = node;
free(id);
+ id = NULL;
} while (p < end && openparens);
if (p == end)
@@ -325,6 +326,8 @@
if (!strcmp(id, "*")) {
for (node = classperms; node; node = node->next)
node->data = ~0;
+ free(id);
+ id = NULL;
continue;
}
@@ -341,6 +344,7 @@
node->data |= 1U << (perm->s.value - 1);
}
free(id);
+ id = NULL;
} while (p < end && openparens);
if (p == end)
@@ -361,6 +365,12 @@
*ptr = p;
return 0;
err:
+ // free classperms memory
+ for (node = classperms; node; ) {
+ class_perm_node_t *freeptr = node;
+ node = node->next;
+ free(freeptr);
+ }
return -1;
}
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 522e4bf..1efbe73 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -5,7 +5,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.0-service u:object_r:hal_bluetooth_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service u:object_r:hal_fingerprint_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.boot@1\.0-service u:object_r:hal_bootctl_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.broadcastradio@1\.1-service u:object_r:hal_broadcastradio_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.broadcastradio@1\.\d+-service u:object_r:hal_broadcastradio_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider@2\.4-service u:object_r:hal_camera_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.configstore@1\.[0-9]+-service u:object_r:hal_configstore_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.contexthub@1\.0-service u:object_r:hal_contexthub_default_exec:s0
@@ -20,6 +20,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.ir@1\.0-service u:object_r:hal_ir_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@3\.0-service u:object_r:hal_keymaster_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.light@2\.0-service u:object_r:hal_light_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.lowpan@1\.0-service u:object_r:hal_lowpan_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.memtrack@1\.0-service u:object_r:hal_memtrack_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.0-service u:object_r:hal_nfc_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.media\.omx@1\.0-service u:object_r:mediacodec_exec:s0
diff --git a/vendor/hal_cas_default.te b/vendor/hal_cas_default.te
index c7a858c..fc548bf 100644
--- a/vendor/hal_cas_default.te
+++ b/vendor/hal_cas_default.te
@@ -4,3 +4,5 @@
type hal_cas_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_cas_default)
+# Allow CAS HAL's default implementation to use vendor-binder service
+vndbinder_use(hal_cas_default);
diff --git a/vendor/hal_lowpan_default.te b/vendor/hal_lowpan_default.te
new file mode 100644
index 0000000..a49bf24
--- /dev/null
+++ b/vendor/hal_lowpan_default.te
@@ -0,0 +1,5 @@
+type hal_lowpan_default, domain;
+type hal_lowpan_default_exec, exec_type, vendor_file_type, file_type;
+
+hal_server_domain(hal_lowpan_default, hal_lowpan)
+init_daemon_domain(hal_lowpan_default)