Merge "Setup a common channel to trunk stable flags in system properties" into main
diff --git a/private/app.te b/private/app.te
index 3f8560a..59d9a5f 100644
--- a/private/app.te
+++ b/private/app.te
@@ -102,6 +102,10 @@
# Don't allow regular apps access to storage configuration properties.
neverallow { appdomain -mediaprovider_app } storage_config_prop:file no_rw_file_perms;
+# Don't allow apps reading /system/etc/font_fallback.xml
+dontaudit appdomain system_font_fallback_file:file no_rw_file_perms;
+neverallow appdomain system_font_fallback_file:file no_rw_file_perms;
+
# Allow to read sendbug.preferred.domain
get_prop(appdomain, sendbug_config_prop)
@@ -259,6 +263,7 @@
# App sandbox file accesses.
allow { appdomain -isolated_app_all -mlstrustedsubject -sdk_sandbox_all } { app_data_file privapp_data_file }:dir create_dir_perms;
allow { appdomain -isolated_app_all -mlstrustedsubject -sdk_sandbox_all } { app_data_file privapp_data_file }:file create_file_perms;
+allowxperm { appdomain -isolated_app_all -mlstrustedsubject -sdk_sandbox_all } { app_data_file privapp_data_file }:file ioctl FS_IOC_MEASURE_VERITY;
# Access via already open fds is ok even for mlstrustedsubject.
allow { appdomain -isolated_app_all -sdk_sandbox_all } { app_data_file privapp_data_file system_app_data_file }:file { getattr map read write };
diff --git a/private/file.te b/private/file.te
index 129b1ea..64b51a2 100644
--- a/private/file.te
+++ b/private/file.te
@@ -136,3 +136,6 @@
# /sys/firmware/devicetree/base/avf
type sysfs_dt_avf, fs_type, sysfs_type;
+
+# Type for /system/fonts/font_fallback.xm
+type system_font_fallback_file, system_file_type, file_type;
diff --git a/private/file_contexts b/private/file_contexts
index 544d051..6acaf9d 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -350,6 +350,7 @@
/system/etc/cgroups\.json u:object_r:cgroup_desc_file:s0
/system/etc/task_profiles/cgroups_[0-9]+\.json u:object_r:cgroup_desc_api_file:s0
/system/etc/event-log-tags u:object_r:system_event_log_tags_file:s0
+/system/etc/font_fallback.xml u:object_r:system_font_fallback_file:s0
/system/etc/group u:object_r:system_group_file:s0
/system/etc/ld\.config.* u:object_r:system_linker_config_file:s0
/system/etc/passwd u:object_r:system_passwd_file:s0
diff --git a/private/installd.te b/private/installd.te
index 7615c92..f9fb206 100644
--- a/private/installd.te
+++ b/private/installd.te
@@ -54,3 +54,7 @@
# Allow installd manage dirs in /data/misc_ce/0/sdksandbox
allow installd sdk_sandbox_system_data_file:dir { create_dir_perms relabelfrom };
+
+# Allow installd to enable fs-verity for app file passed as FD;
+allow installd { untrusted_app_all priv_app gmscore_app }:fd use;
+allowxperm installd app_data_file_type:file ioctl FS_IOC_ENABLE_VERITY;
diff --git a/private/system_server.te b/private/system_server.te
index 2e1316d..0a31493 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -1552,5 +1552,8 @@
neverallow { domain -init -system_server } font_data_file:file no_w_file_perms;
neverallow { domain -init -system_server } font_data_file:dir no_w_dir_perms;
+# Allow reading /system/etc/font_fallback.xml
+allow system_server system_font_fallback_file:file r_file_perms;
+
# Allow system server to set dynamic ART properties.
set_prop(system_server, dalvik_dynamic_config_prop)
diff --git a/private/traced.te b/private/traced.te
index fc75239..d4e5bec 100644
--- a/private/traced.te
+++ b/private/traced.te
@@ -52,6 +52,11 @@
userdebug_or_eng(`system_server_tmpfs')
}:file { getattr map read write };
+# Allow setting debug properties which guard initialization of the Perfetto SDK
+# in SurfaceFlinger and HWUI's copy of Skia.
+# Required for the android.sdk_sysprop_guard data source.
+# TODO(b/281329340): remove this when no longer needed.
+set_prop(traced, debug_prop)
# Allow traced to notify Traceur when a trace ends by setting the
# sys.trace.trace_end_signal property.
set_prop(traced, system_trace_prop)
diff --git a/private/vold_prepare_subdirs.te b/private/vold_prepare_subdirs.te
index 0dcbe50..ddb2828 100644
--- a/private/vold_prepare_subdirs.te
+++ b/private/vold_prepare_subdirs.te
@@ -53,12 +53,6 @@
allow vold_prepare_subdirs user_profile_data_file:dir { search getattr relabelfrom };
allow vold_prepare_subdirs user_profile_root_file:dir { search getattr relabelfrom relabelto };
-# vold_prepare_subdirs asks apex_service for the list of APEXes
-# to prepapre apexdata dirs.
-binder_use(vold_prepare_subdirs)
-binder_call(vold_prepare_subdirs, apexd)
-allow vold_prepare_subdirs apex_service:service_manager find;
-
# Migrate legacy labels to apex_system_server_data_file (b/217581286)
allow vold_prepare_subdirs {
apex_appsearch_data_file
diff --git a/private/zygote.te b/private/zygote.te
index c5cc73a..788dafe 100644
--- a/private/zygote.te
+++ b/private/zygote.te
@@ -265,6 +265,9 @@
# Allow zygote to query for compression/features.
r_dir_file(zygote, sysfs_fs_f2fs)
+# Allow zygote to read fonts_customization.xml for preloading font files that matches device locale.
+allow zygote system_font_fallback_file:file r_file_perms;
+
###
### neverallow rules
###
diff --git a/public/apexd.te b/public/apexd.te
index 0b8073e..53bc569 100644
--- a/public/apexd.te
+++ b/public/apexd.te
@@ -5,7 +5,7 @@
binder_use(apexd)
add_service(apexd, apex_service)
-neverallow { domain -init -apexd -system_server -update_engine -vold_prepare_subdirs} apex_service:service_manager find;
-neverallow { domain -init -apexd -system_server -servicemanager -update_engine -vold_prepare_subdirs} apexd:binder call;
+neverallow { domain -init -apexd -system_server -update_engine } apex_service:service_manager find;
+neverallow { domain -init -apexd -system_server -servicemanager -update_engine } apexd:binder call;
neverallow { domain userdebug_or_eng(`-crash_dump') } apexd:process ptrace;