Merge "Allow mediaprovider to search /mnt/media_rw" into pi-dev
diff --git a/prebuilts/api/28.0/private/audioserver.te b/prebuilts/api/28.0/private/audioserver.te
index a82cfec..1d4223f 100644
--- a/prebuilts/api/28.0/private/audioserver.te
+++ b/prebuilts/api/28.0/private/audioserver.te
@@ -35,6 +35,7 @@
allow audioserver permission_service:service_manager find;
allow audioserver power_service:service_manager find;
allow audioserver scheduling_policy_service:service_manager find;
+allow audioserver mediametrics_service:service_manager find;
# Allow read/write access to bluetooth-specific properties
set_prop(audioserver, bluetooth_a2dp_offload_prop)
diff --git a/prebuilts/api/28.0/private/bug_map b/prebuilts/api/28.0/private/bug_map
index 4020c03..eefe336 100644
--- a/prebuilts/api/28.0/private/bug_map
+++ b/prebuilts/api/28.0/private/bug_map
@@ -1,3 +1,4 @@
+cppreopts cppreopts capability 79414024
dexoptanalyzer apk_data_file file 77853712
dexoptanalyzer app_data_file file 77853712
dexoptanalyzer app_data_file lnk_file 77853712
diff --git a/prebuilts/api/28.0/private/compat/26.0/26.0.ignore.cil b/prebuilts/api/28.0/private/compat/26.0/26.0.ignore.cil
index 3d243d4..9b28ab4 100644
--- a/prebuilts/api/28.0/private/compat/26.0/26.0.ignore.cil
+++ b/prebuilts/api/28.0/private/compat/26.0/26.0.ignore.cil
@@ -100,6 +100,7 @@
system_boot_reason_prop
system_net_netd_hwservice
system_update_service
+ test_boot_reason_prop
thermal_service
thermalcallback_hwservice
thermalserviced
@@ -133,6 +134,9 @@
vold_prepare_subdirs
vold_prepare_subdirs_exec
vold_service
+ wait_for_keymaster
+ wait_for_keymaster_exec
+ wait_for_keymaster_tmpfs
wpantund
wpantund_exec
wpantund_service
diff --git a/prebuilts/api/28.0/private/compat/27.0/27.0.ignore.cil b/prebuilts/api/28.0/private/compat/27.0/27.0.ignore.cil
index dbb277b..5a6509e 100644
--- a/prebuilts/api/28.0/private/compat/27.0/27.0.ignore.cil
+++ b/prebuilts/api/28.0/private/compat/27.0/27.0.ignore.cil
@@ -85,6 +85,7 @@
storaged_data_file
system_boot_reason_prop
system_update_service
+ test_boot_reason_prop
tombstone_wifi_data_file
trace_data_file
traced
@@ -111,6 +112,9 @@
vold_prepare_subdirs
vold_prepare_subdirs_exec
vold_service
+ wait_for_keymaster
+ wait_for_keymaster_exec
+ wait_for_keymaster_tmpfs
wm_trace_data_file
wpantund
wpantund_exec
diff --git a/prebuilts/api/28.0/private/file_contexts b/prebuilts/api/28.0/private/file_contexts
index 71bff73..3dfb8a6 100644
--- a/prebuilts/api/28.0/private/file_contexts
+++ b/prebuilts/api/28.0/private/file_contexts
@@ -292,6 +292,7 @@
/system/bin/stats u:object_r:stats_exec:s0
/system/bin/statsd u:object_r:statsd_exec:s0
/system/bin/bpfloader u:object_r:bpfloader_exec:s0
+/system/bin/wait_for_keymaster u:object_r:wait_for_keymaster_exec:s0
#############################
# Vendor files
diff --git a/prebuilts/api/28.0/private/platform_app.te b/prebuilts/api/28.0/private/platform_app.te
index f60597a..6d6ec98 100644
--- a/prebuilts/api/28.0/private/platform_app.te
+++ b/prebuilts/api/28.0/private/platform_app.te
@@ -74,6 +74,9 @@
allow platform_app system_server:udp_socket {
connect getattr read recvfrom sendto write getopt setopt };
+# allow platform apps to connect to the property service
+set_prop(platform_app, test_boot_reason_prop)
+
###
### Neverallow rules
###
diff --git a/prebuilts/api/28.0/private/property_contexts b/prebuilts/api/28.0/private/property_contexts
index eeb2b65..1b27432 100644
--- a/prebuilts/api/28.0/private/property_contexts
+++ b/prebuilts/api/28.0/private/property_contexts
@@ -71,6 +71,7 @@
persist.sys.boot.reason u:object_r:last_boot_reason_prop:s0
sys.boot.reason u:object_r:system_boot_reason_prop:s0
pm. u:object_r:pm_prop:s0
+test.sys.boot.reason u:object_r:test_boot_reason_prop:s0
# Boolean property set by system server upon boot indicating
# if device owner is provisioned.
diff --git a/prebuilts/api/28.0/private/statsd.te b/prebuilts/api/28.0/private/statsd.te
index 769b4e0..74b89c2 100644
--- a/prebuilts/api/28.0/private/statsd.te
+++ b/prebuilts/api/28.0/private/statsd.te
@@ -84,6 +84,7 @@
unix_socket_send(bluetooth, statsdw, statsd)
unix_socket_send(bootstat, statsdw, statsd)
+unix_socket_send(lmkd, statsdw, statsd)
unix_socket_send(platform_app, statsdw, statsd)
unix_socket_send(radio, statsdw, statsd)
unix_socket_send(statsd, statsdw, statsd)
diff --git a/prebuilts/api/28.0/private/system_server.te b/prebuilts/api/28.0/private/system_server.te
index 5c2335e..b037fe4 100644
--- a/prebuilts/api/28.0/private/system_server.te
+++ b/prebuilts/api/28.0/private/system_server.te
@@ -772,9 +772,19 @@
# Allow system_server to open profile snapshots for read.
# System server never reads the actual content. It passes the descriptor to
# to privileged apps which acquire the permissions to inspect the profiles.
-allow system_server user_profile_data_file:dir { search };
+allow system_server user_profile_data_file:dir { getattr search };
allow system_server user_profile_data_file:file { getattr open read };
+# System server may dump profile data for debuggable apps in the /data/misc/profman.
+# As such it needs to be able create files but it should never read from them.
+allow system_server profman_dump_data_file:file { create getattr setattr w_file_perms};
+allow system_server profman_dump_data_file:dir w_dir_perms;
+
+# On userdebug build we may profile system server. Allow it to write and create its own profile.
+userdebug_or_eng(`
+ allow system_server user_profile_data_file:file create_file_perms;
+')
+
userdebug_or_eng(`
# Allow system server to notify mediaextractor of the plugin update.
allow system_server mediaextractor_update_service:service_manager find;
diff --git a/prebuilts/api/28.0/private/wait_for_keymaster.te b/prebuilts/api/28.0/private/wait_for_keymaster.te
new file mode 100644
index 0000000..8b8dd29
--- /dev/null
+++ b/prebuilts/api/28.0/private/wait_for_keymaster.te
@@ -0,0 +1,9 @@
+# wait_for_keymaster service
+type wait_for_keymaster, domain, coredomain;
+type wait_for_keymaster_exec, exec_type, file_type;
+
+init_daemon_domain(wait_for_keymaster)
+
+hal_client_domain(wait_for_keymaster, hal_keymaster)
+
+allow wait_for_keymaster kmsg_device:chr_file w_file_perms;
diff --git a/prebuilts/api/28.0/public/attributes b/prebuilts/api/28.0/public/attributes
index 6c55c41..7a0c07a 100644
--- a/prebuilts/api/28.0/public/attributes
+++ b/prebuilts/api/28.0/public/attributes
@@ -38,6 +38,7 @@
# All types used for procfs files.
attribute proc_type;
+expandattribute proc_type false;
# All types used for sysfs files.
attribute sysfs_type;
@@ -206,6 +207,12 @@
attribute halclientdomain;
expandattribute halclientdomain true;
+# Exempt for halserverdomain to access sockets. Only builds for automotive
+# device types are allowed to use this attribute (enforced by CTS).
+# Unlike phone, in a car many modules are external from Android perspective and
+# HALs should be able to communicate with those devices through sockets.
+attribute hal_automotive_socket_exemption;
+
# TODO(b/72757373): Use hal_attribute macro once expandattribute value conflicts
# can be resolve.
attribute hal_audio;
diff --git a/prebuilts/api/28.0/public/hal_audiocontrol.te b/prebuilts/api/28.0/public/hal_audiocontrol.te
index 3e5a379..438db53 100644
--- a/prebuilts/api/28.0/public/hal_audiocontrol.te
+++ b/prebuilts/api/28.0/public/hal_audiocontrol.te
@@ -3,3 +3,5 @@
binder_call(hal_audiocontrol_server, hal_audiocontrol_client)
add_hwservice(hal_audiocontrol_server, hal_audiocontrol_hwservice)
+
+allow hal_audiocontrol_client hal_audiocontrol_hwservice:hwservice_manager find;
diff --git a/prebuilts/api/28.0/public/hal_neverallows.te b/prebuilts/api/28.0/public/hal_neverallows.te
index 017fcce..0f05d8a 100644
--- a/prebuilts/api/28.0/public/hal_neverallows.te
+++ b/prebuilts/api/28.0/public/hal_neverallows.te
@@ -11,8 +11,13 @@
# Unless a HAL's job is to communicate over the network, or control network
# hardware, it should not be using network sockets.
+# NOTE: HALs for automotive devices have an exemption from this rule because in
+# a car it is common to have external modules and HALs need to communicate to
+# those modules using network. Using this exemption for non-automotive builds
+# will result in CTS failure.
neverallow {
halserverdomain
+ -hal_automotive_socket_exemption
-hal_tetheroffload_server
-hal_wifi_server
-hal_wifi_hostapd_server
diff --git a/prebuilts/api/28.0/public/hal_vehicle.te b/prebuilts/api/28.0/public/hal_vehicle.te
index f49f5e6..a59f8d2 100644
--- a/prebuilts/api/28.0/public/hal_vehicle.te
+++ b/prebuilts/api/28.0/public/hal_vehicle.te
@@ -3,3 +3,5 @@
binder_call(hal_vehicle_server, hal_vehicle_client)
add_hwservice(hal_vehicle_server, hal_vehicle_hwservice)
+
+allow hal_vehicle_client hal_vehicle_hwservice:hwservice_manager find;
diff --git a/prebuilts/api/28.0/public/mediaextractor.te b/prebuilts/api/28.0/public/mediaextractor.te
index 44387fd..b055462 100644
--- a/prebuilts/api/28.0/public/mediaextractor.te
+++ b/prebuilts/api/28.0/public/mediaextractor.te
@@ -22,10 +22,8 @@
crash_dump_fallback(mediaextractor)
-# Suppress denials from sdcardfs (b/67454004)
-dontaudit mediaextractor sdcardfs:file read;
-
# allow mediaextractor read permissions for file sources
+allow mediaextractor sdcardfs:file { getattr read };
allow mediaextractor media_rw_data_file:file { getattr read };
allow mediaextractor app_data_file:file { getattr read };
diff --git a/prebuilts/api/28.0/public/postinstall_dexopt.te b/prebuilts/api/28.0/public/postinstall_dexopt.te
index 8221530..ffd8bc5 100644
--- a/prebuilts/api/28.0/public/postinstall_dexopt.te
+++ b/prebuilts/api/28.0/public/postinstall_dexopt.te
@@ -5,7 +5,7 @@
type postinstall_dexopt, domain;
-allow postinstall_dexopt self:global_capability_class_set { chown dac_override fowner setgid setuid };
+allow postinstall_dexopt self:global_capability_class_set { chown dac_override fowner fsetid setgid setuid };
allow postinstall_dexopt postinstall_file:filesystem getattr;
allow postinstall_dexopt postinstall_file:dir { getattr search };
@@ -26,6 +26,8 @@
# Read profile data.
allow postinstall_dexopt user_profile_data_file:dir { getattr search };
allow postinstall_dexopt user_profile_data_file:file r_file_perms;
+# Suppress deletion denial (we do not want to update the profile).
+dontaudit postinstall_dexopt user_profile_data_file:file { write };
# Write to /data/ota(/*). Create symlinks in /data/ota(/*)
allow postinstall_dexopt ota_data_file:dir create_dir_perms;
diff --git a/prebuilts/api/28.0/public/property.te b/prebuilts/api/28.0/public/property.te
index 5dd88dc..de8e4be 100644
--- a/prebuilts/api/28.0/public/property.te
+++ b/prebuilts/api/28.0/public/property.te
@@ -51,6 +51,7 @@
type system_boot_reason_prop, property_type;
type system_prop, property_type, core_property_type;
type system_radio_prop, property_type, core_property_type;
+type test_boot_reason_prop, property_type;
type traced_enabled_prop, property_type;
type vold_prop, property_type, core_property_type;
type wifi_log_prop, property_type, log_property_type;
diff --git a/prebuilts/api/28.0/public/property_contexts b/prebuilts/api/28.0/public/property_contexts
index c644181..500dca6 100644
--- a/prebuilts/api/28.0/public/property_contexts
+++ b/prebuilts/api/28.0/public/property_contexts
@@ -55,6 +55,7 @@
dalvik.vm.method-trace-file-siz u:object_r:exported_dalvik_prop:s0 exact int
dalvik.vm.method-trace-stream u:object_r:exported_dalvik_prop:s0 exact bool
dalvik.vm.profilesystemserver u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.profilebootimage u:object_r:exported_dalvik_prop:s0 exact bool
dalvik.vm.stack-trace-dir u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.usejit u:object_r:exported_dalvik_prop:s0 exact bool
dalvik.vm.usejitprofiles u:object_r:exported_dalvik_prop:s0 exact bool
@@ -62,6 +63,7 @@
drm.service.enabled u:object_r:exported3_default_prop:s0 exact bool
keyguard.no_require_sim u:object_r:exported3_default_prop:s0 exact bool
media.recorder.show_manufacturer_and_model u:object_r:exported3_default_prop:s0 exact bool
+media.stagefright.cache-params u:object_r:exported3_default_prop:s0 exact string
persist.bluetooth.a2dp_offload.cap u:object_r:bluetooth_a2dp_offload_prop:s0 exact string
persist.bluetooth.a2dp_offload.disabled u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool
persist.config.calibration_fac u:object_r:exported3_default_prop:s0 exact string
@@ -70,6 +72,8 @@
persist.dbg.wfc_avail_ovr u:object_r:exported3_default_prop:s0 exact int
persist.radio.multisim.config u:object_r:exported3_radio_prop:s0 exact string
persist.sys.dalvik.vm.lib.2 u:object_r:exported2_system_prop:s0 exact string
+persist.sys.media.avsync u:object_r:exported2_system_prop:s0 exact bool
+persist.sys.hdmi.keep_awake u:object_r:exported2_system_prop:s0 exact bool
persist.sys.sf.color_saturation u:object_r:exported2_system_prop:s0 exact string
persist.sys.sf.native_mode u:object_r:exported2_system_prop:s0 exact int
pm.dexopt.ab-ota u:object_r:exported_pm_prop:s0 exact string
@@ -96,10 +100,13 @@
ro.dalvik.vm.native.bridge u:object_r:exported_dalvik_prop:s0 exact string
ro.enable_boot_charger_mode u:object_r:exported3_default_prop:s0 exact bool
ro.gfx.driver.0 u:object_r:exported3_default_prop:s0 exact string
+ro.hdmi.device_type u:object_r:exported3_default_prop:s0 exact string
+ro.hdmi.wake_on_hotplug u:object_r:exported3_default_prop:s0 exact bool
ro.oem_unlock_supported u:object_r:exported3_default_prop:s0 exact int
ro.opengles.version u:object_r:exported3_default_prop:s0 exact int
ro.radio.noril u:object_r:exported3_default_prop:s0 exact string
ro.retaildemo.video_path u:object_r:exported3_default_prop:s0 exact string
+ro.sf.disable_triple_buffer u:object_r:exported3_default_prop:s0 exact bool
ro.sf.lcd_density u:object_r:exported3_default_prop:s0 exact int
ro.storage_manager.enabled u:object_r:exported3_default_prop:s0 exact bool
ro.telephony.call_ring.multiple u:object_r:exported3_default_prop:s0 exact bool
@@ -137,6 +144,7 @@
aac_drc_enc_target_level u:object_r:exported2_default_prop:s0 exact int
aac_drc_heavy u:object_r:exported2_default_prop:s0 exact int
aac_drc_reference_level u:object_r:exported2_default_prop:s0 exact int
+ro.aac_drc_effect_type u:object_r:exported2_default_prop:s0 exact int
drm.64bit.enabled u:object_r:exported2_default_prop:s0 exact bool
dumpstate.dry_run u:object_r:exported_dumpstate_prop:s0 exact bool
hal.instrumentation.enable u:object_r:exported2_default_prop:s0 exact bool
@@ -266,6 +274,7 @@
ro.odm.build.date u:object_r:exported_default_prop:s0 exact string
ro.odm.build.date.utc u:object_r:exported_default_prop:s0 exact int
ro.odm.build.fingerprint u:object_r:exported_default_prop:s0 exact string
+ro.oem.key1 u:object_r:exported_default_prop:s0 exact string
ro.product.board u:object_r:exported_default_prop:s0 exact string
ro.product.cpu.abilist32 u:object_r:exported_default_prop:s0 exact string
ro.product.cpu.abilist64 u:object_r:exported_default_prop:s0 exact string
diff --git a/prebuilts/api/28.0/public/shell.te b/prebuilts/api/28.0/public/shell.te
index 2c6ce44..307e103 100644
--- a/prebuilts/api/28.0/public/shell.te
+++ b/prebuilts/api/28.0/public/shell.te
@@ -30,8 +30,8 @@
allow shell trace_data_file:dir { r_dir_perms remove_name write };
# Access /data/misc/profman.
-allow shell profman_dump_data_file:dir { search getattr write remove_name };
-allow shell profman_dump_data_file:file { getattr unlink };
+allow shell profman_dump_data_file:dir { write remove_name r_dir_perms };
+allow shell profman_dump_data_file:file { unlink r_file_perms };
# Read/execute files in /data/nativetest
userdebug_or_eng(`
diff --git a/prebuilts/api/28.0/public/tombstoned.te b/prebuilts/api/28.0/public/tombstoned.te
index 1dfcf50..0e585b6 100644
--- a/prebuilts/api/28.0/public/tombstoned.te
+++ b/prebuilts/api/28.0/public/tombstoned.te
@@ -9,7 +9,7 @@
allow tombstoned domain:dir r_dir_perms;
allow tombstoned domain:file r_file_perms;
allow tombstoned tombstone_data_file:dir rw_dir_perms;
-allow tombstoned tombstone_data_file:file create_file_perms;
+allow tombstoned tombstone_data_file:file { create_file_perms link };
# TODO: Remove append / write permissions. They were temporarily
# granted due to a bug which appears to have been fixed.
@@ -19,4 +19,4 @@
# Changes for the new stack dumping mechanism. Each trace goes into a
# separate file, and these files are managed by tombstoned.
allow tombstoned anr_data_file:dir rw_dir_perms;
-allow tombstoned anr_data_file:file { create getattr open unlink };
+allow tombstoned anr_data_file:file { create getattr open link unlink };
diff --git a/prebuilts/api/28.0/public/vold.te b/prebuilts/api/28.0/public/vold.te
index 0b0c766..131f555 100644
--- a/prebuilts/api/28.0/public/vold.te
+++ b/prebuilts/api/28.0/public/vold.te
@@ -244,6 +244,7 @@
domain
-init
-kernel
+ -vendor_init
-vold
-vold_prepare_subdirs
} { vold_data_file vold_metadata_file }:notdevfile_class_set *;
diff --git a/private/audioserver.te b/private/audioserver.te
index a82cfec..1d4223f 100644
--- a/private/audioserver.te
+++ b/private/audioserver.te
@@ -35,6 +35,7 @@
allow audioserver permission_service:service_manager find;
allow audioserver power_service:service_manager find;
allow audioserver scheduling_policy_service:service_manager find;
+allow audioserver mediametrics_service:service_manager find;
# Allow read/write access to bluetooth-specific properties
set_prop(audioserver, bluetooth_a2dp_offload_prop)
diff --git a/private/bug_map b/private/bug_map
index 4020c03..eefe336 100644
--- a/private/bug_map
+++ b/private/bug_map
@@ -1,3 +1,4 @@
+cppreopts cppreopts capability 79414024
dexoptanalyzer apk_data_file file 77853712
dexoptanalyzer app_data_file file 77853712
dexoptanalyzer app_data_file lnk_file 77853712
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 3d243d4..9b28ab4 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -100,6 +100,7 @@
system_boot_reason_prop
system_net_netd_hwservice
system_update_service
+ test_boot_reason_prop
thermal_service
thermalcallback_hwservice
thermalserviced
@@ -133,6 +134,9 @@
vold_prepare_subdirs
vold_prepare_subdirs_exec
vold_service
+ wait_for_keymaster
+ wait_for_keymaster_exec
+ wait_for_keymaster_tmpfs
wpantund
wpantund_exec
wpantund_service
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index dbb277b..5a6509e 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -85,6 +85,7 @@
storaged_data_file
system_boot_reason_prop
system_update_service
+ test_boot_reason_prop
tombstone_wifi_data_file
trace_data_file
traced
@@ -111,6 +112,9 @@
vold_prepare_subdirs
vold_prepare_subdirs_exec
vold_service
+ wait_for_keymaster
+ wait_for_keymaster_exec
+ wait_for_keymaster_tmpfs
wm_trace_data_file
wpantund
wpantund_exec
diff --git a/private/file_contexts b/private/file_contexts
index 71bff73..3dfb8a6 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -292,6 +292,7 @@
/system/bin/stats u:object_r:stats_exec:s0
/system/bin/statsd u:object_r:statsd_exec:s0
/system/bin/bpfloader u:object_r:bpfloader_exec:s0
+/system/bin/wait_for_keymaster u:object_r:wait_for_keymaster_exec:s0
#############################
# Vendor files
diff --git a/private/platform_app.te b/private/platform_app.te
index f60597a..6d6ec98 100644
--- a/private/platform_app.te
+++ b/private/platform_app.te
@@ -74,6 +74,9 @@
allow platform_app system_server:udp_socket {
connect getattr read recvfrom sendto write getopt setopt };
+# allow platform apps to connect to the property service
+set_prop(platform_app, test_boot_reason_prop)
+
###
### Neverallow rules
###
diff --git a/private/property_contexts b/private/property_contexts
index eeb2b65..1b27432 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -71,6 +71,7 @@
persist.sys.boot.reason u:object_r:last_boot_reason_prop:s0
sys.boot.reason u:object_r:system_boot_reason_prop:s0
pm. u:object_r:pm_prop:s0
+test.sys.boot.reason u:object_r:test_boot_reason_prop:s0
# Boolean property set by system server upon boot indicating
# if device owner is provisioned.
diff --git a/private/statsd.te b/private/statsd.te
index 769b4e0..74b89c2 100644
--- a/private/statsd.te
+++ b/private/statsd.te
@@ -84,6 +84,7 @@
unix_socket_send(bluetooth, statsdw, statsd)
unix_socket_send(bootstat, statsdw, statsd)
+unix_socket_send(lmkd, statsdw, statsd)
unix_socket_send(platform_app, statsdw, statsd)
unix_socket_send(radio, statsdw, statsd)
unix_socket_send(statsd, statsdw, statsd)
diff --git a/private/system_server.te b/private/system_server.te
index 5c2335e..b037fe4 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -772,9 +772,19 @@
# Allow system_server to open profile snapshots for read.
# System server never reads the actual content. It passes the descriptor to
# to privileged apps which acquire the permissions to inspect the profiles.
-allow system_server user_profile_data_file:dir { search };
+allow system_server user_profile_data_file:dir { getattr search };
allow system_server user_profile_data_file:file { getattr open read };
+# System server may dump profile data for debuggable apps in the /data/misc/profman.
+# As such it needs to be able create files but it should never read from them.
+allow system_server profman_dump_data_file:file { create getattr setattr w_file_perms};
+allow system_server profman_dump_data_file:dir w_dir_perms;
+
+# On userdebug build we may profile system server. Allow it to write and create its own profile.
+userdebug_or_eng(`
+ allow system_server user_profile_data_file:file create_file_perms;
+')
+
userdebug_or_eng(`
# Allow system server to notify mediaextractor of the plugin update.
allow system_server mediaextractor_update_service:service_manager find;
diff --git a/private/wait_for_keymaster.te b/private/wait_for_keymaster.te
new file mode 100644
index 0000000..8b8dd29
--- /dev/null
+++ b/private/wait_for_keymaster.te
@@ -0,0 +1,9 @@
+# wait_for_keymaster service
+type wait_for_keymaster, domain, coredomain;
+type wait_for_keymaster_exec, exec_type, file_type;
+
+init_daemon_domain(wait_for_keymaster)
+
+hal_client_domain(wait_for_keymaster, hal_keymaster)
+
+allow wait_for_keymaster kmsg_device:chr_file w_file_perms;
diff --git a/public/attributes b/public/attributes
index 6c55c41..7a0c07a 100644
--- a/public/attributes
+++ b/public/attributes
@@ -38,6 +38,7 @@
# All types used for procfs files.
attribute proc_type;
+expandattribute proc_type false;
# All types used for sysfs files.
attribute sysfs_type;
@@ -206,6 +207,12 @@
attribute halclientdomain;
expandattribute halclientdomain true;
+# Exempt for halserverdomain to access sockets. Only builds for automotive
+# device types are allowed to use this attribute (enforced by CTS).
+# Unlike phone, in a car many modules are external from Android perspective and
+# HALs should be able to communicate with those devices through sockets.
+attribute hal_automotive_socket_exemption;
+
# TODO(b/72757373): Use hal_attribute macro once expandattribute value conflicts
# can be resolve.
attribute hal_audio;
diff --git a/public/hal_audiocontrol.te b/public/hal_audiocontrol.te
index 3e5a379..438db53 100644
--- a/public/hal_audiocontrol.te
+++ b/public/hal_audiocontrol.te
@@ -3,3 +3,5 @@
binder_call(hal_audiocontrol_server, hal_audiocontrol_client)
add_hwservice(hal_audiocontrol_server, hal_audiocontrol_hwservice)
+
+allow hal_audiocontrol_client hal_audiocontrol_hwservice:hwservice_manager find;
diff --git a/public/hal_neverallows.te b/public/hal_neverallows.te
index 017fcce..0f05d8a 100644
--- a/public/hal_neverallows.te
+++ b/public/hal_neverallows.te
@@ -11,8 +11,13 @@
# Unless a HAL's job is to communicate over the network, or control network
# hardware, it should not be using network sockets.
+# NOTE: HALs for automotive devices have an exemption from this rule because in
+# a car it is common to have external modules and HALs need to communicate to
+# those modules using network. Using this exemption for non-automotive builds
+# will result in CTS failure.
neverallow {
halserverdomain
+ -hal_automotive_socket_exemption
-hal_tetheroffload_server
-hal_wifi_server
-hal_wifi_hostapd_server
diff --git a/public/hal_vehicle.te b/public/hal_vehicle.te
index f49f5e6..a59f8d2 100644
--- a/public/hal_vehicle.te
+++ b/public/hal_vehicle.te
@@ -3,3 +3,5 @@
binder_call(hal_vehicle_server, hal_vehicle_client)
add_hwservice(hal_vehicle_server, hal_vehicle_hwservice)
+
+allow hal_vehicle_client hal_vehicle_hwservice:hwservice_manager find;
diff --git a/public/mediaextractor.te b/public/mediaextractor.te
index 44387fd..b055462 100644
--- a/public/mediaextractor.te
+++ b/public/mediaextractor.te
@@ -22,10 +22,8 @@
crash_dump_fallback(mediaextractor)
-# Suppress denials from sdcardfs (b/67454004)
-dontaudit mediaextractor sdcardfs:file read;
-
# allow mediaextractor read permissions for file sources
+allow mediaextractor sdcardfs:file { getattr read };
allow mediaextractor media_rw_data_file:file { getattr read };
allow mediaextractor app_data_file:file { getattr read };
diff --git a/public/postinstall_dexopt.te b/public/postinstall_dexopt.te
index 8221530..ffd8bc5 100644
--- a/public/postinstall_dexopt.te
+++ b/public/postinstall_dexopt.te
@@ -5,7 +5,7 @@
type postinstall_dexopt, domain;
-allow postinstall_dexopt self:global_capability_class_set { chown dac_override fowner setgid setuid };
+allow postinstall_dexopt self:global_capability_class_set { chown dac_override fowner fsetid setgid setuid };
allow postinstall_dexopt postinstall_file:filesystem getattr;
allow postinstall_dexopt postinstall_file:dir { getattr search };
@@ -26,6 +26,8 @@
# Read profile data.
allow postinstall_dexopt user_profile_data_file:dir { getattr search };
allow postinstall_dexopt user_profile_data_file:file r_file_perms;
+# Suppress deletion denial (we do not want to update the profile).
+dontaudit postinstall_dexopt user_profile_data_file:file { write };
# Write to /data/ota(/*). Create symlinks in /data/ota(/*)
allow postinstall_dexopt ota_data_file:dir create_dir_perms;
diff --git a/public/property.te b/public/property.te
index 5dd88dc..de8e4be 100644
--- a/public/property.te
+++ b/public/property.te
@@ -51,6 +51,7 @@
type system_boot_reason_prop, property_type;
type system_prop, property_type, core_property_type;
type system_radio_prop, property_type, core_property_type;
+type test_boot_reason_prop, property_type;
type traced_enabled_prop, property_type;
type vold_prop, property_type, core_property_type;
type wifi_log_prop, property_type, log_property_type;
diff --git a/public/property_contexts b/public/property_contexts
index c644181..500dca6 100644
--- a/public/property_contexts
+++ b/public/property_contexts
@@ -55,6 +55,7 @@
dalvik.vm.method-trace-file-siz u:object_r:exported_dalvik_prop:s0 exact int
dalvik.vm.method-trace-stream u:object_r:exported_dalvik_prop:s0 exact bool
dalvik.vm.profilesystemserver u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.profilebootimage u:object_r:exported_dalvik_prop:s0 exact bool
dalvik.vm.stack-trace-dir u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.usejit u:object_r:exported_dalvik_prop:s0 exact bool
dalvik.vm.usejitprofiles u:object_r:exported_dalvik_prop:s0 exact bool
@@ -62,6 +63,7 @@
drm.service.enabled u:object_r:exported3_default_prop:s0 exact bool
keyguard.no_require_sim u:object_r:exported3_default_prop:s0 exact bool
media.recorder.show_manufacturer_and_model u:object_r:exported3_default_prop:s0 exact bool
+media.stagefright.cache-params u:object_r:exported3_default_prop:s0 exact string
persist.bluetooth.a2dp_offload.cap u:object_r:bluetooth_a2dp_offload_prop:s0 exact string
persist.bluetooth.a2dp_offload.disabled u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool
persist.config.calibration_fac u:object_r:exported3_default_prop:s0 exact string
@@ -70,6 +72,8 @@
persist.dbg.wfc_avail_ovr u:object_r:exported3_default_prop:s0 exact int
persist.radio.multisim.config u:object_r:exported3_radio_prop:s0 exact string
persist.sys.dalvik.vm.lib.2 u:object_r:exported2_system_prop:s0 exact string
+persist.sys.media.avsync u:object_r:exported2_system_prop:s0 exact bool
+persist.sys.hdmi.keep_awake u:object_r:exported2_system_prop:s0 exact bool
persist.sys.sf.color_saturation u:object_r:exported2_system_prop:s0 exact string
persist.sys.sf.native_mode u:object_r:exported2_system_prop:s0 exact int
pm.dexopt.ab-ota u:object_r:exported_pm_prop:s0 exact string
@@ -96,10 +100,13 @@
ro.dalvik.vm.native.bridge u:object_r:exported_dalvik_prop:s0 exact string
ro.enable_boot_charger_mode u:object_r:exported3_default_prop:s0 exact bool
ro.gfx.driver.0 u:object_r:exported3_default_prop:s0 exact string
+ro.hdmi.device_type u:object_r:exported3_default_prop:s0 exact string
+ro.hdmi.wake_on_hotplug u:object_r:exported3_default_prop:s0 exact bool
ro.oem_unlock_supported u:object_r:exported3_default_prop:s0 exact int
ro.opengles.version u:object_r:exported3_default_prop:s0 exact int
ro.radio.noril u:object_r:exported3_default_prop:s0 exact string
ro.retaildemo.video_path u:object_r:exported3_default_prop:s0 exact string
+ro.sf.disable_triple_buffer u:object_r:exported3_default_prop:s0 exact bool
ro.sf.lcd_density u:object_r:exported3_default_prop:s0 exact int
ro.storage_manager.enabled u:object_r:exported3_default_prop:s0 exact bool
ro.telephony.call_ring.multiple u:object_r:exported3_default_prop:s0 exact bool
@@ -137,6 +144,7 @@
aac_drc_enc_target_level u:object_r:exported2_default_prop:s0 exact int
aac_drc_heavy u:object_r:exported2_default_prop:s0 exact int
aac_drc_reference_level u:object_r:exported2_default_prop:s0 exact int
+ro.aac_drc_effect_type u:object_r:exported2_default_prop:s0 exact int
drm.64bit.enabled u:object_r:exported2_default_prop:s0 exact bool
dumpstate.dry_run u:object_r:exported_dumpstate_prop:s0 exact bool
hal.instrumentation.enable u:object_r:exported2_default_prop:s0 exact bool
@@ -266,6 +274,7 @@
ro.odm.build.date u:object_r:exported_default_prop:s0 exact string
ro.odm.build.date.utc u:object_r:exported_default_prop:s0 exact int
ro.odm.build.fingerprint u:object_r:exported_default_prop:s0 exact string
+ro.oem.key1 u:object_r:exported_default_prop:s0 exact string
ro.product.board u:object_r:exported_default_prop:s0 exact string
ro.product.cpu.abilist32 u:object_r:exported_default_prop:s0 exact string
ro.product.cpu.abilist64 u:object_r:exported_default_prop:s0 exact string
diff --git a/public/shell.te b/public/shell.te
index 2c6ce44..307e103 100644
--- a/public/shell.te
+++ b/public/shell.te
@@ -30,8 +30,8 @@
allow shell trace_data_file:dir { r_dir_perms remove_name write };
# Access /data/misc/profman.
-allow shell profman_dump_data_file:dir { search getattr write remove_name };
-allow shell profman_dump_data_file:file { getattr unlink };
+allow shell profman_dump_data_file:dir { write remove_name r_dir_perms };
+allow shell profman_dump_data_file:file { unlink r_file_perms };
# Read/execute files in /data/nativetest
userdebug_or_eng(`
diff --git a/public/tombstoned.te b/public/tombstoned.te
index 1dfcf50..0e585b6 100644
--- a/public/tombstoned.te
+++ b/public/tombstoned.te
@@ -9,7 +9,7 @@
allow tombstoned domain:dir r_dir_perms;
allow tombstoned domain:file r_file_perms;
allow tombstoned tombstone_data_file:dir rw_dir_perms;
-allow tombstoned tombstone_data_file:file create_file_perms;
+allow tombstoned tombstone_data_file:file { create_file_perms link };
# TODO: Remove append / write permissions. They were temporarily
# granted due to a bug which appears to have been fixed.
@@ -19,4 +19,4 @@
# Changes for the new stack dumping mechanism. Each trace goes into a
# separate file, and these files are managed by tombstoned.
allow tombstoned anr_data_file:dir rw_dir_perms;
-allow tombstoned anr_data_file:file { create getattr open unlink };
+allow tombstoned anr_data_file:file { create getattr open link unlink };
diff --git a/public/vold.te b/public/vold.te
index 0b0c766..131f555 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -244,6 +244,7 @@
domain
-init
-kernel
+ -vendor_init
-vold
-vold_prepare_subdirs
} { vold_data_file vold_metadata_file }:notdevfile_class_set *;
diff --git a/vendor/file_contexts b/vendor/file_contexts
index b3ba88b..22f0dbb 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -9,6 +9,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service u:object_r:hal_fingerprint_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.boot@1\.0-service u:object_r:hal_bootctl_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.broadcastradio@\d+\.\d+-service u:object_r:hal_broadcastradio_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider@2\.4-service_64 u:object_r:hal_camera_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider@2\.4-service u:object_r:hal_camera_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider@2\.4-external-service u:object_r:hal_camera_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.configstore@1\.[0-9]+-service u:object_r:hal_configstore_default_exec:s0
diff --git a/vendor/hal_keymaster_default.te b/vendor/hal_keymaster_default.te
index 82a5a20..6f0d82a 100644
--- a/vendor/hal_keymaster_default.te
+++ b/vendor/hal_keymaster_default.te
@@ -3,3 +3,5 @@
type hal_keymaster_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_keymaster_default)
+
+get_prop(hal_keymaster_default, vendor_security_patch_level_prop);
diff --git a/vendor/hal_wifi_supplicant_default.te b/vendor/hal_wifi_supplicant_default.te
index 2e04dcf..a446721 100644
--- a/vendor/hal_wifi_supplicant_default.te
+++ b/vendor/hal_wifi_supplicant_default.te
@@ -8,6 +8,9 @@
# Create a socket for receiving info from wpa
type_transition hal_wifi_supplicant_default wifi_data_file:dir wpa_socket "sockets";
+# Allow wpa_supplicant to configure nl80211
+allow hal_wifi_supplicant_default proc_net:file write;
+
# Allow wpa_supplicant to talk to Wifi Keystore HwBinder service.
hwbinder_use(hal_wifi_supplicant_default)
allow hal_wifi_supplicant_default system_wifi_keystore_hwservice:hwservice_manager find;