Merge "Revert "Add vendor_property_type to vendor_default_prop""
diff --git a/apex/com.android.art.debug-file_contexts b/apex/com.android.art.debug-file_contexts
index 8007efd..e47402f 100644
--- a/apex/com.android.art.debug-file_contexts
+++ b/apex/com.android.art.debug-file_contexts
@@ -6,5 +6,3 @@
/bin/dexoptanalyzer(d)? u:object_r:dexoptanalyzer_exec:s0
/bin/profman(d)? u:object_r:profman_exec:s0
/lib(64)?(/.*)? u:object_r:system_lib_file:s0
-/bin/art_preinstall_hook(.*)? u:object_r:art_apex_preinstall_exec:s0
-/bin/art_postinstall_hook(.*)? u:object_r:art_apex_postinstall_exec:s0
diff --git a/private/access_vectors b/private/access_vectors
index 8364bc5..1420360 100644
--- a/private/access_vectors
+++ b/private/access_vectors
@@ -716,6 +716,7 @@
add_auth
clear_ns
get_state
+ list
lock
reset
unlock
@@ -727,7 +728,6 @@
gen_unique_id
get_info
grant
- list
manage_blob
rebind
req_forced_op
diff --git a/private/apexd.te b/private/apexd.te
index b7d6702..7fc1183 100644
--- a/private/apexd.te
+++ b/private/apexd.te
@@ -125,11 +125,6 @@
allow apexd system_bootstrap_lib_file:dir r_dir_perms;
allow apexd system_bootstrap_lib_file:file { execute read open getattr map };
-# Allow transition to ART APEX preinstall domain.
-domain_auto_trans(apexd, art_apex_preinstall_exec, art_apex_preinstall)
-# Allow transition to ART APEX postinstall domain.
-domain_auto_trans(apexd, art_apex_postinstall_exec, art_apex_postinstall)
-
# Allow transition to test APEX preinstall domain.
userdebug_or_eng(`
domain_auto_trans(apexd, apex_test_prepostinstall_exec, apex_test_prepostinstall)
diff --git a/private/art_apex_boot_integrity.te b/private/art_apex_boot_integrity.te
deleted file mode 100644
index ba02083..0000000
--- a/private/art_apex_boot_integrity.te
+++ /dev/null
@@ -1,28 +0,0 @@
-# This command set checks the integrity of boot classpath ART
-# artifacts in /data, potentially removing them.
-
-type art_apex_boot_integrity, domain, coredomain;
-type art_apex_boot_integrity_exec, system_file_type, exec_type, file_type;
-
-# Technically not a daemon but we do want the transition from init domain to
-# art_apex_boot_integrity to occur.
-init_daemon_domain(art_apex_boot_integrity)
-
-# Read dalvik cache directories, remove entries.
-allow art_apex_boot_integrity dalvikcache_data_file:dir { r_dir_perms write remove_name };
-# Read and possibly delete dalvik cache files.
-allow art_apex_boot_integrity dalvikcache_data_file:file { r_file_perms unlink };
-
-# Allow art_apex_boot_integrity to execute itself using #!/system/bin/sh
-allow art_apex_boot_integrity shell_exec:file rx_file_perms;
-
-# Allow running the mv and rm/rmdir commands using art_apex_boot_integrity
-# permissions.
-allow art_apex_boot_integrity toolbox_exec:file rx_file_perms;
-
-# Fsverity in the same domain.
-allow art_apex_boot_integrity system_file:file execute_no_trans;
-# Fsverity work.
-allowxperm art_apex_boot_integrity dalvikcache_data_file:file ioctl {
- FS_IOC_ENABLE_VERITY FS_IOC_MEASURE_VERITY
-};
diff --git a/private/art_apex_postinstall.te b/private/art_apex_postinstall.te
deleted file mode 100644
index 576ed20..0000000
--- a/private/art_apex_postinstall.te
+++ /dev/null
@@ -1,31 +0,0 @@
-# ART APEX postinstall.
-#
-
-type art_apex_postinstall, domain, coredomain;
-type art_apex_postinstall_exec, system_file_type, exec_type, file_type;
-
-# /system/bin/sh (see b/126787589).
-allow art_apex_postinstall apexd:fd use;
-
-# Read temp dirs and files. Move directories.
-allow art_apex_postinstall ota_data_file:dir { r_dir_perms write rename remove_name relabelfrom reparent };
-allow art_apex_postinstall ota_data_file:file { r_file_perms relabelfrom };
-# We're deleting the old /data/dalvik-cache/* and move the new ones
-# over.
-allow art_apex_postinstall dalvikcache_data_file:dir { create_dir_perms relabelto };
-allow art_apex_postinstall dalvikcache_data_file:file { r_file_perms unlink relabelto };
-
-# Required for relabel.
-allow art_apex_postinstall file_contexts_file:file r_file_perms;
-allow art_apex_postinstall self:global_capability_class_set sys_admin;
-
-# Script helpers.
-allow art_apex_postinstall shell_exec:file rx_file_perms;
-allow art_apex_postinstall toolbox_exec:file rx_file_perms;
-
-# Fsverity in the same domain.
-allow art_apex_postinstall system_file:file execute_no_trans;
-# Fsverity work.
-allowxperm art_apex_postinstall ota_data_file:file ioctl {
- FS_IOC_ENABLE_VERITY FS_IOC_MEASURE_VERITY
-};
diff --git a/private/art_apex_preinstall.te b/private/art_apex_preinstall.te
deleted file mode 100644
index 12b1020..0000000
--- a/private/art_apex_preinstall.te
+++ /dev/null
@@ -1,33 +0,0 @@
-# ART APEX preinstall.
-#
-
-type art_apex_preinstall, domain, coredomain;
-type art_apex_preinstall_exec, system_file_type, exec_type, file_type;
-
-# /system/bin/sh (see b/126787589).
-allow art_apex_preinstall apexd:fd use;
-
-# Create temp dirs and files under /data/ota.
-allow art_apex_preinstall ota_data_file:dir create_dir_perms;
-allow art_apex_preinstall ota_data_file:file create_file_perms;
-# We mount /data/ota/dalvik-cache over /data/dalvik-cache in our
-# mount namespace.
-allow art_apex_preinstall dalvikcache_data_file:dir { r_dir_perms mounton };
-allow art_apex_preinstall self:capability sys_admin;
-
-# Script helpers.
-allow art_apex_preinstall shell_exec:file rx_file_perms;
-allow art_apex_preinstall toolbox_exec:file rx_file_perms;
-
-# Execute subscripts in the same domain.
-allow art_apex_preinstall art_apex_preinstall_exec:file execute_no_trans;
-
-# Run dex2oat.
-domain_auto_trans(art_apex_preinstall, dex2oat_exec, dex2oat)
-
-# Fsverity in the same domain.
-allow art_apex_preinstall system_file:file execute_no_trans;
-# Fsverity work.
-allowxperm art_apex_preinstall ota_data_file:file ioctl {
- FS_IOC_ENABLE_VERITY FS_IOC_MEASURE_VERITY
-};
diff --git a/private/binderservicedomain.te b/private/binderservicedomain.te
index cbe8ed7..7275954 100644
--- a/private/binderservicedomain.te
+++ b/private/binderservicedomain.te
@@ -19,6 +19,6 @@
allow binderservicedomain keystore:keystore_key { get_state get insert delete exist list sign verify };
allow binderservicedomain keystore:keystore2 { get_state };
-allow binderservicedomain keystore:keystore2_key { delete get_info list rebind use };
+allow binderservicedomain keystore:keystore2_key { delete get_info rebind use };
use_keystore(binderservicedomain)
diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index 2e33524..7db303c 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -13,6 +13,7 @@
dmabuf_system_heap_device
gki_apex_prepostinstall
gki_apex_prepostinstall_exec
+ hal_face_service
hal_fingerprint_service
gnss_device
hal_dumpstate_config_prop
diff --git a/private/dex2oat.te b/private/dex2oat.te
index c257f1a..50e43ad 100644
--- a/private/dex2oat.te
+++ b/private/dex2oat.te
@@ -72,7 +72,6 @@
allow dex2oat apexd:fd use;
# Allow dex2oat to use file descriptors from preinstall.
-allow dex2oat art_apex_preinstall:fd use;
##############
# Neverallow #
diff --git a/private/domain.te b/private/domain.te
index 3669d76..5cc313a 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -257,8 +257,6 @@
-cppreopts
-dex2oat
-otapreopt_slot
- -art_apex_postinstall
- -art_apex_boot_integrity
} dalvikcache_data_file:file no_w_file_perms;
neverallow {
@@ -270,8 +268,6 @@
-dex2oat
-zygote
-otapreopt_slot
- -art_apex_boot_integrity
- -art_apex_postinstall
} dalvikcache_data_file:dir no_w_dir_perms;
# Minimize dac_override and dac_read_search.
diff --git a/private/file_contexts b/private/file_contexts
index efb2c14..84fb2a7 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -258,7 +258,6 @@
/system/bin/installd u:object_r:installd_exec:s0
/system/bin/otapreopt_chroot u:object_r:otapreopt_chroot_exec:s0
/system/bin/otapreopt_slot u:object_r:otapreopt_slot_exec:s0
-/system/bin/art_apex_boot_integrity u:object_r:art_apex_boot_integrity_exec:s0
/system/bin/credstore u:object_r:credstore_exec:s0
/system/bin/keystore u:object_r:keystore_exec:s0
/system/bin/keystore2 u:object_r:keystore_exec:s0
diff --git a/private/property_contexts b/private/property_contexts
index 1fe3e0c..4f7a1dc 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -115,6 +115,9 @@
vold. u:object_r:vold_prop:s0
ro.crypto. u:object_r:vold_prop:s0
+# TODO(b/141677108): Remove once true everywhere
+ro.vold.level_from_user u:object_r:vold_config_prop:s0
+
# ro.build.fingerprint is either set in /system/build.prop, or is
# set at runtime by system_server.
ro.build.fingerprint u:object_r:fingerprint_prop:s0 exact string
diff --git a/private/service_contexts b/private/service_contexts
index c422bc7..f5cd873 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -1,3 +1,4 @@
+android.hardware.biometrics.face.IFace/default u:object_r:hal_face_service:s0
android.hardware.biometrics.fingerprint.IFingerprint/default u:object_r:hal_fingerprint_service:s0
android.hardware.gnss.IGnss/default u:object_r:hal_gnss_service:s0
android.hardware.identity.IIdentityCredentialStore/default u:object_r:hal_identity_service:s0
diff --git a/private/shell.te b/private/shell.te
index a392665..dff6a9f 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -152,4 +152,4 @@
allow shell keystore2_key_contexts_file:file r_file_perms;
# Allow shell to access the keystore2_key namespace shell_key. Mainly used for native tests.
-allow shell shell_key:keystore2_key { delete rebind use get_info list update };
+allow shell shell_key:keystore2_key { delete rebind use get_info update };
diff --git a/private/system_app.te b/private/system_app.te
index 9298937..8fafce0 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -139,7 +139,6 @@
delete
get_info
grant
- list
rebind
update
use
diff --git a/private/system_server.te b/private/system_server.te
index f344bbb..dcdf501 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -837,7 +837,6 @@
use_dev_id
grant
get_info
- list
rebind
update
use
diff --git a/private/vold.te b/private/vold.te
index ce451ac..0f464a9 100644
--- a/private/vold.te
+++ b/private/vold.te
@@ -37,7 +37,6 @@
allow vold vold_key:keystore2_key {
delete
get_info
- list
manage_blob
rebind
req_forced_op
diff --git a/private/vold_prepare_subdirs.te b/private/vold_prepare_subdirs.te
index f3ec058..4197ddd 100644
--- a/private/vold_prepare_subdirs.te
+++ b/private/vold_prepare_subdirs.te
@@ -1,5 +1,7 @@
domain_auto_trans(vold, vold_prepare_subdirs_exec, vold_prepare_subdirs)
+typeattribute vold_prepare_subdirs mlstrustedsubject;
+
allow vold_prepare_subdirs system_file:file execute_no_trans;
allow vold_prepare_subdirs shell_exec:file rx_file_perms;
allow vold_prepare_subdirs toolbox_exec:file rx_file_perms;
@@ -24,6 +26,7 @@
iris_vendor_data_file
rollback_data_file
storaged_data_file
+ system_data_file
vold_data_file
}:dir { create_dir_perms relabelto };
allow vold_prepare_subdirs {
@@ -41,5 +44,9 @@
vold_data_file
}:file { getattr unlink };
allow vold_prepare_subdirs apex_mnt_dir:dir { open read };
+allow vold_prepare_subdirs mnt_expand_file:dir search;
+allow vold_prepare_subdirs user_profile_data_file:dir { search getattr relabelfrom relabelto };
+# /data/misc is unlabeled during early boot.
+allow vold_prepare_subdirs unlabeled:dir search;
dontaudit vold_prepare_subdirs { proc unlabeled }:file r_file_perms;
diff --git a/public/app.te b/public/app.te
index ad1696f..5e12fbb 100644
--- a/public/app.te
+++ b/public/app.te
@@ -295,7 +295,7 @@
allow appdomain zygote:unix_dgram_socket write;
allow { appdomain -isolated_app -ephemeral_app } keystore:keystore_key { get_state get insert delete exist list sign verify };
-allow { appdomain -isolated_app -ephemeral_app } keystore:keystore2_key { delete use get_info list rebind update };
+allow { appdomain -isolated_app -ephemeral_app } keystore:keystore2_key { delete use get_info rebind update };
use_keystore({ appdomain -isolated_app -ephemeral_app })
diff --git a/public/attributes b/public/attributes
index 3582a09..45900a9 100644
--- a/public/attributes
+++ b/public/attributes
@@ -204,6 +204,9 @@
# All core domains (as opposed to vendor/device-specific domains)
attribute coredomain;
+# All vendor hwservice.
+attribute vendor_hwservice_type;
+
# All socket devices owned by core domain components
attribute coredomain_socket;
expandattribute coredomain_socket false;
diff --git a/public/domain.te b/public/domain.te
index d955c5e..931a045 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -684,6 +684,7 @@
-virtual_touchpad_service
-vr_hwc_service
-vr_manager_service
+ userdebug_or_eng(`-hal_face_service')
}:service_manager find;
')
diff --git a/public/hal_face.te b/public/hal_face.te
index b250586..0134576 100644
--- a/public/hal_face.te
+++ b/public/hal_face.te
@@ -3,6 +3,9 @@
binder_call(hal_face_server, hal_face_client)
hal_attribute_hwservice(hal_face, hal_face_hwservice)
+hal_attribute_service(hal_face, hal_face_service)
+
+binder_call(hal_face_server, servicemanager)
# Allow access to the ion memory allocation device.
allow hal_face ion_device:chr_file r_file_perms;
diff --git a/public/service.te b/public/service.te
index af19eb4..b7a287b 100644
--- a/public/service.te
+++ b/public/service.te
@@ -183,7 +183,7 @@
type thermal_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type timedetector_service, system_server_service, service_manager_type;
type timezone_service, system_server_service, service_manager_type;
-type timezonedetector_service, system_server_service, service_manager_type;
+type timezonedetector_service, app_api_service, system_server_service, service_manager_type;
type trust_service, app_api_service, system_server_service, service_manager_type;
type tv_input_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type tv_tuner_resource_mgr_service, app_api_service, system_server_service, service_manager_type;
@@ -213,6 +213,7 @@
### HAL Services
###
+type hal_face_service, vendor_service, service_manager_type;
type hal_fingerprint_service, vendor_service, service_manager_type;
type hal_gnss_service, vendor_service, service_manager_type;
type hal_identity_service, vendor_service, service_manager_type;
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 08a76c2..3668b12 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -3,6 +3,7 @@
#
/(vendor|system/vendor)/bin/hw/android\.hardware\.atrace@1\.0-service u:object_r:hal_atrace_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.audio(@2\.0-|\.)service u:object_r:hal_audio_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.audio@7\.0-service\.example u:object_r:hal_audio_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.audiocontrol@1\.0-service u:object_r:hal_audiocontrol_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.audiocontrol@2\.0-service u:object_r:hal_audiocontrol_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.can@1\.0-service u:object_r:hal_can_socketcan_exec:s0
@@ -11,6 +12,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.[0-9]+-service u:object_r:hal_bluetooth_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.[0-9]+-service\.btlinux u:object_r:hal_bluetooth_btlinux_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.face@1\.[0-9]+-service\.example u:object_r:hal_face_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.face-service\.example u:object_r:hal_face_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service u:object_r:hal_fingerprint_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.example u:object_r:hal_fingerprint_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.boot@1\.[0-9]+-service u:object_r:hal_bootctl_default_exec:s0