Merge "Sepolicy for netutils_wrapper to use binder call"
diff --git a/Android.mk b/Android.mk
index ab88003..c311213 100644
--- a/Android.mk
+++ b/Android.mk
@@ -309,6 +309,11 @@
selinux_denial_metadata \
endif
+
+# Builds an addtional userdebug sepolicy into the debug ramdisk.
+LOCAL_REQUIRED_MODULES += \
+ userdebug_plat_sepolicy.cil \
+
include $(BUILD_PHONY_PACKAGE)
#################################
@@ -525,6 +530,47 @@
#################################
include $(CLEAR_VARS)
+LOCAL_MODULE := userdebug_plat_sepolicy.cil
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE_PATH := $(TARGET_DEBUG_RAMDISK_OUT)
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+# userdebug_plat_policy.conf - the userdebug version plat_sepolicy.cil
+userdebug_plat_policy.conf := $(intermediates)/userdebug_plat_policy.conf
+$(userdebug_plat_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
+$(userdebug_plat_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
+$(userdebug_plat_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := userdebug
+$(userdebug_plat_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
+$(userdebug_plat_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
+$(userdebug_plat_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
+$(userdebug_plat_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
+$(userdebug_plat_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
+$(userdebug_plat_policy.conf): $(call build_policy, $(sepolicy_build_files), \
+$(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY))
+ $(transform-policy-to-conf)
+ $(hide) sed '/^\s*dontaudit.*;/d' $@ | sed '/^\s*dontaudit/,/;/d' > $@.dontaudit
+
+$(LOCAL_BUILT_MODULE): PRIVATE_ADDITIONAL_CIL_FILES := \
+ $(call build_policy, $(sepolicy_build_cil_workaround_files), $(PLAT_PRIVATE_POLICY))
+$(LOCAL_BUILT_MODULE): PRIVATE_NEVERALLOW_ARG := $(NEVERALLOW_ARG)
+$(LOCAL_BUILT_MODULE): $(userdebug_plat_policy.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy \
+ $(HOST_OUT_EXECUTABLES)/secilc \
+ $(call build_policy, $(sepolicy_build_cil_workaround_files), $(PLAT_PRIVATE_POLICY)) \
+ $(built_sepolicy_neverallows)
+ @mkdir -p $(dir $@)
+ $(hide) $(CHECKPOLICY_ASAN_OPTIONS) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -C -c \
+ $(POLICYVERS) -o $@.tmp $<
+ $(hide) cat $(PRIVATE_ADDITIONAL_CIL_FILES) >> $@.tmp
+ $(hide) $(HOST_OUT_EXECUTABLES)/secilc -m -M true -G -c $(POLICYVERS) $(PRIVATE_NEVERALLOW_ARG) $@.tmp -o /dev/null -f /dev/null
+ $(hide) mv $@.tmp $@
+
+userdebug_plat_policy.conf :=
+
+#################################
+include $(CLEAR_VARS)
+
ifdef HAS_PRODUCT_SEPOLICY
LOCAL_MODULE := product_sepolicy.cil
LOCAL_MODULE_CLASS := ETC
@@ -1080,7 +1126,7 @@
$(HOST_OUT_EXECUTABLES)/fc_sort $(HOST_OUT_EXECUTABLES)/checkfc
@mkdir -p $(dir $@)
$(hide) $(HOST_OUT_EXECUTABLES)/checkfc -e $(PRIVATE_SEPOLICY) $<
- $(hide) $(HOST_OUT_EXECUTABLES)/fc_sort $< $@
+ $(hide) $(HOST_OUT_EXECUTABLES)/fc_sort -i $< -o $@
file_contexts.concat.tmp := $(intermediates)/file_contexts.concat.tmp
$(file_contexts.concat.tmp): $(file_contexts.local.tmp) $(file_contexts.device.sorted.tmp)
diff --git a/PREUPLOAD.cfg b/PREUPLOAD.cfg
index ccb3a50..b2b38ea 100644
--- a/PREUPLOAD.cfg
+++ b/PREUPLOAD.cfg
@@ -2,3 +2,6 @@
whitespace = tools/whitespace.sh ${PREUPLOAD_FILES}
aosp_hook = ${REPO_ROOT}/frameworks/base/tools/aosp/aosp_sha.sh ${PREUPLOAD_COMMIT} "."
policy_version_check = tools/policy_version_check.sh
+
+[Builtin Hooks]
+gofmt = true
diff --git a/build/soong/cil_compat_map.go b/build/soong/cil_compat_map.go
index 2402d75..9d01d93 100644
--- a/build/soong/cil_compat_map.go
+++ b/build/soong/cil_compat_map.go
@@ -22,32 +22,32 @@
"fmt"
"io"
- "github.com/google/blueprint/proptools"
"github.com/google/blueprint"
+ "github.com/google/blueprint/proptools"
)
var (
pctx = android.NewPackageContext("android/soong/selinux")
- combine_maps = pctx.HostBinToolVariable("combine_maps", "combine_maps")
- combineMapsCmd = "${combine_maps} -t ${topHalf} -b ${bottomHalf} -o $out"
+ combine_maps = pctx.HostBinToolVariable("combine_maps", "combine_maps")
+ combineMapsCmd = "${combine_maps} -t ${topHalf} -b ${bottomHalf} -o $out"
combineMapsRule = pctx.StaticRule(
"combineMapsRule",
blueprint.RuleParams{
- Command: combineMapsCmd,
+ Command: combineMapsCmd,
CommandDeps: []string{"${combine_maps}"},
},
"topHalf",
"bottomHalf",
)
- String = proptools.String
+ String = proptools.String
TopHalfDepTag = dependencyTag{name: "top"}
)
func init() {
android.RegisterModuleType("se_cil_compat_map", cilCompatMapFactory)
- pctx.Import("android/soong/common")
+ pctx.Import("android/soong/android")
}
func cilCompatMapFactory() android.Module {
@@ -140,17 +140,17 @@
})
topHalf := expandTopHalf(ctx)
- if (topHalf.Valid()) {
+ if topHalf.Valid() {
out := android.PathForModuleGen(ctx, c.Name())
ctx.ModuleBuild(pctx, android.ModuleBuildParams{
- Rule: combineMapsRule,
+ Rule: combineMapsRule,
Output: out,
Implicits: []android.Path{
topHalf.Path(),
bottomHalf,
},
Args: map[string]string{
- "topHalf": topHalf.String(),
+ "topHalf": topHalf.String(),
"bottomHalf": bottomHalf.String(),
},
})
@@ -162,7 +162,7 @@
func (c *cilCompatMap) DepsMutator(ctx android.BottomUpMutatorContext) {
android.ExtractSourcesDeps(ctx, c.properties.Bottom_half)
- if (c.properties.Top_half != nil) {
+ if c.properties.Top_half != nil {
ctx.AddDependency(c, TopHalfDepTag, String(c.properties.Top_half))
}
}
diff --git a/file_contexts.mk b/file_contexts.mk
index 267b68f..ec8d4ea 100644
--- a/file_contexts.mk
+++ b/file_contexts.mk
@@ -32,7 +32,7 @@
@mkdir -p $(dir $@)
$(hide) m4 --fatal-warnings -s $(PRIVATE_FC_FILES) > $@.tmp
$(hide) $< $(PRIVATE_SEPOLICY) $@.tmp
- $(hide) $(PRIVATE_FC_SORT) $@.tmp $@
+ $(hide) $(PRIVATE_FC_SORT) -i $@.tmp -o $@
built_plat_fc := $(LOCAL_BUILT_MODULE)
local_fc_files :=
@@ -60,7 +60,7 @@
@mkdir -p $(dir $@)
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_FC_FILES) > $@.tmp
$(hide) $< $(PRIVATE_SEPOLICY) $@.tmp
- $(hide) $(PRIVATE_FC_SORT) $@.tmp $@
+ $(hide) $(PRIVATE_FC_SORT) -i $@.tmp -o $@
built_product_fc := $(LOCAL_BUILT_MODULE)
product_fc_files :=
@@ -88,7 +88,7 @@
@mkdir -p $(dir $@)
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_FC_FILES) > $@.tmp
$(hide) $< $(PRIVATE_SEPOLICY) $@.tmp
- $(hide) $(PRIVATE_FC_SORT) $@.tmp $@
+ $(hide) $(PRIVATE_FC_SORT) -i $@.tmp -o $@
built_vendor_fc := $(LOCAL_BUILT_MODULE)
vendor_fc_files :=
@@ -116,7 +116,7 @@
@mkdir -p $(dir $@)
$(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_FC_FILES) > $@.tmp
$(hide) $< $(PRIVATE_SEPOLICY) $@.tmp
- $(hide) $(PRIVATE_FC_SORT) $@.tmp $@
+ $(hide) $(PRIVATE_FC_SORT) -i $@.tmp -o $@
built_odm_fc := $(LOCAL_BUILT_MODULE)
odm_fc_files :=
diff --git a/private/apexd.te b/private/apexd.te
index 54af86a..d0ec9f4 100644
--- a/private/apexd.te
+++ b/private/apexd.te
@@ -2,10 +2,6 @@
init_daemon_domain(apexd)
-# Read /system/etc/security/apex_debug_key
-allow apexd apex_key_file:dir { search getattr };
-allow apexd apex_key_file:file r_file_perms;
-
# Allow creating, reading and writing of APEX files/dirs in the APEX data dir
allow apexd apex_data_file:dir create_dir_perms;
allow apexd apex_data_file:file create_file_perms;
@@ -54,6 +50,10 @@
allow apexd staging_data_file:dir r_dir_perms;
allow apexd staging_data_file:file { r_file_perms link };
+# allow apexd to read files from /vendor/apex
+allow apexd vendor_apex_file:dir r_dir_perms;
+allow apexd vendor_apex_file:file r_file_perms;
+
# Unmount and mount filesystems
allow apexd labeledfs:filesystem { mount unmount };
@@ -97,6 +97,10 @@
# rule is required, thus restricted to execute and not execute_no_trans.
allow apexd shell_exec:file { r_file_perms execute };
+# apexd is using bootstrap bionic
+allow apexd system_bootstrap_lib_file:dir r_dir_perms;
+allow apexd system_bootstrap_lib_file:file { execute read open getattr map };
+
# Allow transition to ART APEX preinstall domain.
domain_auto_trans(apexd, art_apex_preinstall_exec, art_apex_preinstall)
# Allow transition to ART APEX postinstall domain.
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 17f4111..8c91561 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -339,6 +339,15 @@
# They must use ASharedMemory NDK API instead.
neverallow {
all_untrusted_apps
+ -ephemeral_app
-untrusted_app_25
-untrusted_app_27
} ashmem_device:chr_file open;
+
+# /mnt/sdcard symlink was supposed to have been removed in Gingerbread. Apps
+# must not use it.
+neverallow {
+ all_untrusted_apps
+ -untrusted_app_25
+ -untrusted_app_27
+} mnt_sdcard_file:lnk_file *;
diff --git a/private/auditctl.te b/private/auditctl.te
new file mode 100644
index 0000000..f634d3d
--- /dev/null
+++ b/private/auditctl.te
@@ -0,0 +1,18 @@
+#
+# /system/bin/auditctl executed for logd
+#
+# Performs maintenance of the kernel auditing system, including
+# setting rate limits on SELinux denials.
+#
+
+type auditctl, domain, coredomain;
+type auditctl_exec, file_type, system_file_type, exec_type;
+
+# Uncomment the line below to put this domain into permissive
+# mode. This helps speed SELinux policy development.
+# userdebug_or_eng(`permissive auditctl;')
+
+init_daemon_domain(auditctl)
+
+allow auditctl self:global_capability_class_set audit_control;
+allow auditctl self:netlink_audit_socket { create_socket_perms_no_ioctl nlmsg_write };
diff --git a/private/bug_map b/private/bug_map
index 7d932db..4b29fde 100644
--- a/private/bug_map
+++ b/private/bug_map
@@ -26,9 +26,6 @@
system_server sdcardfs file 77856826
system_server storage_stub_file dir 112609936
system_server zygote process 77856826
-untrusted_app_27 mnt_user_file dir 118185801
usbd usbd capability 72472544
vold system_data_file file 124108085
-vrcore_app mnt_user_file dir 118185801
-webview_zygote system_data_file lnk_file 123246126
zygote untrusted_app_25 process 77925912
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 13da8ec..3c6ba08 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -12,7 +12,6 @@
apex_data_file
apex_metadata_file
apex_mnt_dir
- apex_key_file
apex_service
apexd
apexd_exec
@@ -161,6 +160,7 @@
super_block_device
sysfs_fs_ext4_features
system_boot_reason_prop
+ system_bootstrap_lib_file
system_lmk_prop
system_net_netd_hwservice
system_update_service
@@ -195,6 +195,7 @@
usbd
usbd_exec
usbd_tmpfs
+ vendor_apex_file
vendor_init
vendor_shell
vold_metadata_file
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 074a75f..3b9bd52 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -11,7 +11,6 @@
apex_data_file
apex_metadata_file
apex_mnt_dir
- apex_key_file
apex_service
apexd
apexd_exec
@@ -147,6 +146,7 @@
super_block_device
staging_data_file
system_boot_reason_prop
+ system_bootstrap_lib_file
system_lmk_prop
system_update_service
test_boot_reason_prop
@@ -171,6 +171,7 @@
usbd
usbd_exec
usbd_tmpfs
+ vendor_apex_file
vendor_default_prop
vendor_init
vendor_security_patch_level_prop
diff --git a/private/compat/28.0/28.0.cil b/private/compat/28.0/28.0.cil
index a102ab0..e34cdb8 100644
--- a/private/compat/28.0/28.0.cil
+++ b/private/compat/28.0/28.0.cil
@@ -1617,7 +1617,9 @@
(typeattributeset thermalserviced_28_0 (thermalserviced))
(typeattributeset thermalserviced_exec_28_0 (thermalserviced_exec))
(typeattributeset timezone_service_28_0 (timezone_service))
-(typeattributeset tmpfs_28_0 (tmpfs))
+(typeattributeset tmpfs_28_0
+ ( mnt_sdcard_file
+ tmpfs))
(typeattributeset tombstoned_28_0 (tombstoned))
(typeattributeset tombstone_data_file_28_0 (tombstone_data_file))
(typeattributeset tombstoned_crash_socket_28_0 (tombstoned_crash_socket))
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index eea3dd5..f07103d 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -10,7 +10,6 @@
apex_data_file
apex_metadata_file
apex_mnt_dir
- apex_key_file
apex_service
apexd
apexd_exec
@@ -45,6 +44,7 @@
device_config_runtime_native_prop
device_config_media_native_prop
device_config_service
+ device_config_sys_traced_prop
dnsresolver_service
dynamic_android_service
face_service
@@ -99,6 +99,7 @@
network_stack
network_stack_service
network_stack_tmpfs
+ nnapi_ext_deny_product_prop
overlayfs_file
password_slot_metadata_file
permissionmgr_service
@@ -120,6 +121,7 @@
su_tmpfs
super_block_device
sysfs_fs_f2fs
+ system_bootstrap_lib_file
system_event_log_tags_file
system_lmk_prop
system_suspend_hwservice
@@ -135,6 +137,7 @@
traced_lazy_prop
uri_grants_service
use_memfd_prop
+ vendor_apex_file
vendor_cgroup_desc_file
vendor_idc_file
vendor_keychars_file
diff --git a/private/dumpstate.te b/private/dumpstate.te
index e33d510..4f6d96a 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -37,6 +37,7 @@
# Signal native processes to dump their stack.
allow dumpstate {
statsd
+ netd
}:process signal;
# For collecting bugreports.
diff --git a/private/ephemeral_app.te b/private/ephemeral_app.te
index a94c637..1283e21 100644
--- a/private/ephemeral_app.te
+++ b/private/ephemeral_app.te
@@ -65,7 +65,7 @@
allow ephemeral_app system_server:udp_socket {
connect getattr read recvfrom sendto write getopt setopt };
-allow ephemeral_app ashmem_device:chr_file { getattr read ioctl lock map append write };
+allow ephemeral_app ashmem_device:chr_file rw_file_perms;
###
### neverallow rules
diff --git a/private/file_contexts b/private/file_contexts
index 3e8cf19..9e7bba7 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -24,6 +24,7 @@
/lost\+found u:object_r:rootfs:s0
/acct u:object_r:cgroup:s0
/config u:object_r:rootfs:s0
+/debug_ramdisk u:object_r:tmpfs:s0
/mnt u:object_r:tmpfs:s0
/postinstall u:object_r:postinstall_mnt_dir:s0
/postinstall/apex u:object_r:postinstall_apex_mnt_dir:s0
@@ -180,8 +181,10 @@
#
/system(/.*)? u:object_r:system_file:s0
/system/lib(64)?(/.*)? u:object_r:system_lib_file:s0
+/system/lib(64)?/bootstrap(/.*)? u:object_r:system_bootstrap_lib_file:s0
/system/bin/atrace u:object_r:atrace_exec:s0
/system/bin/ashmemd u:object_r:ashmemd_exec:s0
+/system/bin/auditctl u:object_r:auditctl_exec:s0
/system/bin/bcc u:object_r:rs_exec:s0
/system/bin/blank_screen u:object_r:blank_screen_exec:s0
/system/bin/charger u:object_r:charger_exec:s0
@@ -302,7 +305,6 @@
/system/etc/ld\.config.* u:object_r:system_linker_config_file:s0
/system/etc/seccomp_policy(/.*)? u:object_r:system_seccomp_policy_file:s0
/system/etc/security/cacerts(/.*)? u:object_r:system_security_cacerts_file:s0
-/system/etc/security/apex(/.*)? u:object_r:apex_key_file:s0
/system/etc/selinux/mapping/[0-9]+\.[0-9]+\.cil u:object_r:sepolicy_file:s0
/system/etc/selinux/plat_mac_permissions\.xml u:object_r:mac_perms_file:s0
/system/etc/selinux/plat_property_contexts u:object_r:property_contexts_file:s0
@@ -350,6 +352,8 @@
/(vendor|system/vendor)/overlay(/.*)? u:object_r:vendor_overlay_file:s0
/(vendor|system/vendor)/framework(/.*)? u:object_r:vendor_framework_file:s0
+/vendor/apex(/[^/]+){0,2} u:object_r:vendor_apex_file:s0
+
# HAL location
/(vendor|system/vendor)/lib(64)?/hw u:object_r:vendor_hal_file:s0
@@ -393,7 +397,6 @@
/(product|system/product)(/.*)? u:object_r:system_file:s0
/(product|system/product)/overlay(/.*)? u:object_r:vendor_overlay_file:s0
-/(product|system/product)/etc/security/apex(/.*)? u:object_r:apex_key_file:s0
/(product|system/product)/etc/selinux/product_file_contexts u:object_r:file_contexts_file:s0
/(product|system/product)/etc/selinux/product_hwservice_contexts u:object_r:hwservice_contexts_file:s0
/(product|system/product)/etc/selinux/product_property_contexts u:object_r:property_contexts_file:s0
@@ -454,6 +457,8 @@
/data/mediadrm(/.*)? u:object_r:media_data_file:s0
/data/nativetest(/.*)? u:object_r:nativetest_data_file:s0
/data/nativetest64(/.*)? u:object_r:nativetest_data_file:s0
+# This directory was removed after Q Beta 2, but we need to preserve labels for upgrading devices.
+/data/pkg_staging(/.*)? u:object_r:staging_data_file:s0
/data/property(/.*)? u:object_r:property_data_file:s0
/data/preloads(/.*)? u:object_r:preloads_data_file:s0
/data/preloads/media(/.*)? u:object_r:preloads_media_file:s0
@@ -635,6 +640,7 @@
# external storage
/mnt/media_rw(/.*)? u:object_r:mnt_media_rw_file:s0
/mnt/user(/.*)? u:object_r:mnt_user_file:s0
+/mnt/sdcard u:object_r:mnt_sdcard_file:s0
/mnt/runtime(/.*)? u:object_r:storage_file:s0
/storage(/.*)? u:object_r:storage_file:s0
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 656c2e3..af3d8b9 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -123,6 +123,7 @@
genfscon sysfs /devices/virtual/block/zram0/uevent u:object_r:sysfs_zram_uevent:s0
genfscon sysfs /devices/virtual/block/zram1/uevent u:object_r:sysfs_zram_uevent:s0
genfscon sysfs /devices/virtual/misc/hw_random u:object_r:sysfs_hwrandom:s0
+genfscon sysfs /devices/virtual/net u:object_r:sysfs_net:s0
genfscon sysfs /devices/virtual/switch u:object_r:sysfs_switch:s0
genfscon sysfs /firmware/devicetree/base/firmware/android u:object_r:sysfs_dt_firmware_android:s0
genfscon sysfs /fs/ext4/features u:object_r:sysfs_fs_ext4_features:s0
@@ -139,6 +140,7 @@
genfscon sysfs /kernel/uevent_helper u:object_r:sysfs_usermodehelper:s0
genfscon sysfs /kernel/wakeup_reasons u:object_r:sysfs_wakeup_reasons:s0
genfscon sysfs /module/lowmemorykiller u:object_r:sysfs_lowmemorykiller:s0
+genfscon sysfs /module/tcp_cubic/parameters u:object_r:sysfs_net:s0
genfscon sysfs /module/wlan/parameters/fwpath u:object_r:sysfs_wlan_fwpath:s0
genfscon sysfs /devices/virtual/timed_output/vibrator/enable u:object_r:sysfs_vibrator:s0
diff --git a/private/netd.te b/private/netd.te
index 0421d4a..4c129b7 100644
--- a/private/netd.te
+++ b/private/netd.te
@@ -12,6 +12,10 @@
# the map created by bpfloader
allow netd bpfloader:bpf { prog_run map_read map_write };
+# in order to invoke side effect of close() on such a socket calling synchronize_rcu()
+# TODO: Remove this permission when 4.9 kernel is deprecated.
+allow netd self:key_socket create;
+
get_prop(netd, bpf_progs_loaded_prop)
# Allow netd to write to statsd.
@@ -20,3 +24,6 @@
# Allow netd to send callbacks to network_stack
binder_call(netd, network_stack)
+# Allow netd to send dump info to dumpstate
+allow netd dumpstate:fd use;
+allow netd dumpstate:fifo_file { getattr write };
diff --git a/private/perfetto.te b/private/perfetto.te
index 128205b..28ea868 100644
--- a/private/perfetto.te
+++ b/private/perfetto.te
@@ -11,6 +11,13 @@
# Allow to access traced's privileged consumer socket.
unix_socket_connect(perfetto, traced_consumer, traced)
+# Connect to the Perfetto traced daemon as a producer. This requires
+# connecting to its producer socket and obtaining a (per-process) tmpfs fd.
+allow perfetto traced:fd use;
+allow perfetto traced_tmpfs:file { read write getattr map };
+unix_socket_connect(perfetto, traced_producer, traced)
+
+
# Allow to write and unlink traces into /data/misc/perfetto-traces.
allow perfetto perfetto_traces_data_file:dir rw_dir_perms;
allow perfetto perfetto_traces_data_file:file create_file_perms;
diff --git a/private/property_contexts b/private/property_contexts
index 3622d12..da09b82 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -184,6 +184,9 @@
persist.device_config.runtime_native_boot. u:object_r:device_config_runtime_native_boot_prop:s0
persist.device_config.media_native. u:object_r:device_config_media_native_prop:s0
+# Properties that relate to legacy server configurable flags
+persist.device_config.global_settings.sys_traced u:object_r:device_config_sys_traced_prop:s0
+
apexd. u:object_r:apexd_prop:s0
persist.apexd. u:object_r:apexd_prop:s0
@@ -191,3 +194,7 @@
gsid. u:object_r:gsid_prop:s0
ro.gsid. u:object_r:gsid_prop:s0
+
+# Property for disabling NNAPI vendor extensions on product image (used on GSI /product image,
+# which can't use NNAPI vendor extensions).
+ro.nnapi.extensions.deny_on_product u:object_r:nnapi_ext_deny_product_prop:s0
diff --git a/private/seapp_contexts b/private/seapp_contexts
index cbbdd64..ad8a76c 100644
--- a/private/seapp_contexts
+++ b/private/seapp_contexts
@@ -5,7 +5,6 @@
# Input selectors:
# isSystemServer (boolean)
# isEphemeralApp (boolean)
-# isV2App (boolean)
# isOwner (boolean)
# user (string)
# seinfo (string)
@@ -27,7 +26,6 @@
# isSystemServer=true only matches the system server.
# An unspecified isSystemServer defaults to false.
# isEphemeralApp=true will match apps marked by PackageManager as Ephemeral
-# isV2App=true will match apps in the v2 app sandbox.
# isOwner=true will only match for the owner/primary user.
# user=_app will match any regular app process.
# user=_isolated will match any isolated service process.
@@ -52,20 +50,19 @@
# (1) isSystemServer=true before isSystemServer=false.
# (2) Specified isEphemeralApp= before unspecified isEphemeralApp=
# boolean.
-# (3) Specified isV2App= before unspecified isV2App= boolean.
-# (4) Specified isOwner= before unspecified isOwner= boolean.
-# (5) Specified user= string before unspecified user= string;
+# (3) Specified isOwner= before unspecified isOwner= boolean.
+# (4) Specified user= string before unspecified user= string;
# more specific user= string before less specific user= string.
-# (6) Specified seinfo= string before unspecified seinfo= string.
-# (7) Specified name= string before unspecified name= string;
+# (5) Specified seinfo= string before unspecified seinfo= string.
+# (6) Specified name= string before unspecified name= string;
# more specific name= string before less specific name= string.
-# (8) Specified path= string before unspecified path= string.
+# (7) Specified path= string before unspecified path= string.
# more specific name= string before less specific name= string.
-# (9) Specified isPrivApp= before unspecified isPrivApp= boolean.
-# (10) Higher value of minTargetSdkVersion= before lower value of
+# (8) Specified isPrivApp= before unspecified isPrivApp= boolean.
+# (9) Higher value of minTargetSdkVersion= before lower value of
# minTargetSdkVersion= integer. Note that minTargetSdkVersion=
# defaults to 0 if unspecified.
-# (11) fromRunAs=true before fromRunAs=false.
+# (10) fromRunAs=true before fromRunAs=false.
# (A fixed selector is more specific than a prefix, i.e. ending in *, and a
# longer prefix is more specific than a shorter prefix.)
# Apps are checked against entries in precedence order until the first match,
@@ -89,7 +86,7 @@
# levelFrom=app determines the level from the process UID.
# levelFrom=user determines the level from the user ID.
# levelFrom=all determines the level from both UID and user ID.
-#
+#
# levelFrom=user is only supported for _app or _isolated UIDs.
# levelFrom=app or levelFrom=all is only supported for _app UIDs.
# level may be used to specify a fixed level for any UID.
@@ -157,7 +154,7 @@
user=_app seinfo=app_zygote domain=app_zygote levelFrom=all
user=_app seinfo=media domain=mediaprovider name=android.process.media type=app_data_file levelFrom=user
user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user
-user=_app isV2App=true isEphemeralApp=true domain=ephemeral_app type=app_data_file levelFrom=all
+user=_app isEphemeralApp=true domain=ephemeral_app type=app_data_file levelFrom=all
user=_app isPrivApp=true domain=priv_app type=privapp_data_file levelFrom=user
user=_app minTargetSdkVersion=29 domain=untrusted_app type=app_data_file levelFrom=all
user=_app minTargetSdkVersion=28 domain=untrusted_app_27 type=app_data_file levelFrom=all
diff --git a/private/statsd.te b/private/statsd.te
index 16d3aeb..99548a0 100644
--- a/private/statsd.te
+++ b/private/statsd.te
@@ -1,4 +1,5 @@
typeattribute statsd coredomain;
+typeattribute statsd stats_service_server;
init_daemon_domain(statsd)
diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index b1aa775..de9c4f1 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@@ -18,6 +18,7 @@
hal_client_domain(surfaceflinger, hal_omx)
hal_client_domain(surfaceflinger, hal_configstore)
hal_client_domain(surfaceflinger, hal_power)
+hal_client_domain(surfaceflinger, hal_bufferhub)
allow surfaceflinger hidl_token_hwservice:hwservice_manager find;
# Perform Binder IPC.
diff --git a/private/system_server.te b/private/system_server.te
index 6dcecad..14c6dd6 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -5,6 +5,8 @@
typeattribute system_server coredomain;
typeattribute system_server mlstrustedsubject;
+typeattribute system_server scheduler_service_server;
+typeattribute system_server sensor_service_server;
# Define a type for tmpfs-backed ashmem regions.
tmpfs_domain(system_server)
@@ -115,6 +117,7 @@
allow system_server hal_audio:process { getsched setsched };
allow system_server hal_bluetooth:process { getsched setsched };
allow system_server hal_omx_server:process { getsched setsched };
+allow system_server mediaswcodec:process { getsched setsched };
allow system_server cameraserver:process { getsched setsched };
allow system_server hal_camera:process { getsched setsched };
allow system_server mediaserver:process { getsched setsched };
@@ -243,10 +246,6 @@
allow system_server hal_renderscript_hwservice:hwservice_manager find;
allow system_server same_process_hal_file:file { execute read open getattr map };
-# Offer HwBinder services
-add_hwservice(system_server, fwk_scheduler_hwservice)
-add_hwservice(system_server, fwk_sensor_hwservice)
-
# Talk to tombstoned to get ANR traces.
unix_socket_connect(system_server, tombstoned_intercept, tombstoned)
@@ -265,8 +264,9 @@
inputflinger
mediadrmserver
mediaextractor
- mediaserver
mediametrics
+ mediaserver
+ mediaswcodec
sdcardd
statsd
surfaceflinger
@@ -602,6 +602,7 @@
set_prop(system_server, device_config_runtime_native_boot_prop)
set_prop(system_server, device_config_runtime_native_prop)
set_prop(system_server, device_config_media_native_prop)
+set_prop(system_server, device_config_sys_traced_prop)
# BootReceiver to read ro.boot.bootreason
get_prop(system_server, bootloader_boot_reason_prop)
@@ -878,10 +879,6 @@
allow system_server fs_bpf:dir search;
allow system_server fs_bpf:file { read write };
allow system_server bpfloader:bpf { map_read map_write };
-# in order to invoke side effect of close() on such a socket calling synchronize_rcu()
-# TODO: Remove this permission when 4.9 kernel is deprecated.
-allow system_server self:key_socket create;
-
# ART Profiles.
# Allow system_server to open profile snapshots for read.
@@ -967,6 +964,7 @@
device_config_runtime_native_boot_prop
device_config_runtime_native_prop
device_config_media_native_prop
+ device_config_sys_traced_prop
}:property_service set;
# system_server should never be executing dex2oat. This is either
diff --git a/private/system_server_startup.te b/private/system_server_startup.te
index ad9fb44..f1427a9 100644
--- a/private/system_server_startup.te
+++ b/private/system_server_startup.te
@@ -18,3 +18,6 @@
# system_server domain
allow system_server_startup self:process setcurrent;
allow system_server_startup system_server:process dyntransition;
+
+# Child of the zygote.
+allow system_server_startup zygote:process sigchld;
diff --git a/private/traced_probes.te b/private/traced_probes.te
index 689ff5c..d8d573a 100644
--- a/private/traced_probes.te
+++ b/private/traced_probes.te
@@ -29,6 +29,9 @@
# Allow procfs access
r_dir_file(traced_probes, domain)
+# Allow to read packages.list file.
+allow traced_probes packages_list_file:file r_file_perms;
+
# Allow to log to kernel dmesg when starting / stopping ftrace.
allow traced_probes kmsg_device:chr_file write;
@@ -41,7 +44,8 @@
allow traced_probes apk_data_file:dir { getattr open read search };
allow traced_probes dalvikcache_data_file:dir { getattr open read search };
userdebug_or_eng(`
-allow traced_probes system_data_file:dir { getattr open read search };
+# search and getattr are granted via domain and coredomain, respectively.
+allow traced_probes system_data_file:dir { open read };
')
allow traced_probes system_app_data_file:dir { getattr open read search };
allow traced_probes backup_data_file:dir { getattr open read search };
@@ -70,6 +74,9 @@
hal_client_domain(traced_probes, hal_health)
hal_client_domain(traced_probes, hal_power_stats)
+# Allow access to Atrace HAL for enabling vendor/device specific tracing categories.
+hal_client_domain(traced_probes, hal_atrace)
+
# On debug builds allow to ingest system logs into the trace.
userdebug_or_eng(`read_logd(traced_probes)')
@@ -108,7 +115,7 @@
neverallow traced_probes system_data_file:dir ~{ getattr userdebug_or_eng(`open read') search };
neverallow traced_probes zoneinfo_data_file:dir ~r_dir_perms;
neverallow traced_probes { data_file_type -zoneinfo_data_file }:lnk_file *;
-neverallow traced_probes { data_file_type -zoneinfo_data_file }:file *;
+neverallow traced_probes { data_file_type -zoneinfo_data_file -packages_list_file }:file *;
# Only init is allowed to enter the traced_probes domain via exec()
neverallow { domain -init } traced_probes:process transition;
diff --git a/private/untrusted_app_25.te b/private/untrusted_app_25.te
index a35d81b..45aeddc 100644
--- a/private/untrusted_app_25.te
+++ b/private/untrusted_app_25.te
@@ -26,10 +26,9 @@
net_domain(untrusted_app_25)
bluetooth_domain(untrusted_app_25)
-# b/34115651, b/33308258 - net.dns* properties read
+# b/34115651 - net.dns* properties read
# This will go away in a future Android release
get_prop(untrusted_app_25, net_dns_prop)
-auditallow untrusted_app_25 net_dns_prop:file read;
# b/35917228 - /proc/misc access
# This will go away in a future Android release
@@ -61,3 +60,6 @@
# ASharedMemory instead.
allow untrusted_app_25 ashmem_device:chr_file rw_file_perms;
auditallow untrusted_app_25 ashmem_device:chr_file open;
+
+# Read /mnt/sdcard symlink.
+allow untrusted_app_25 mnt_sdcard_file:lnk_file r_file_perms;
diff --git a/private/untrusted_app_27.te b/private/untrusted_app_27.te
index eaa1791..03b3013 100644
--- a/private/untrusted_app_27.te
+++ b/private/untrusted_app_27.te
@@ -45,3 +45,6 @@
# ASharedMemory instead.
allow untrusted_app_27 ashmem_device:chr_file rw_file_perms;
auditallow untrusted_app_27 ashmem_device:chr_file open;
+
+# Read /mnt/sdcard symlink.
+allow untrusted_app_27 mnt_sdcard_file:lnk_file r_file_perms;
diff --git a/private/webview_zygote.te b/private/webview_zygote.te
index 4630c35..2f5007a 100644
--- a/private/webview_zygote.te
+++ b/private/webview_zygote.te
@@ -75,6 +75,8 @@
allow webview_zygote same_process_hal_file:file { execute read open getattr map };
+allow webview_zygote system_data_file:lnk_file r_file_perms;
+
#####
##### Neverallow
#####
diff --git a/private/zygote.te b/private/zygote.te
index 759fc34..0466372 100644
--- a/private/zygote.te
+++ b/private/zygote.te
@@ -118,6 +118,9 @@
# System file accesses.
r_dir_file(zygote, system_file)
+# /oem accesses.
+allow zygote oemfs:dir search;
+
userdebug_or_eng(`
# Allow zygote to create and write method traces in /data/misc/trace.
allow zygote method_trace_data_file:dir w_dir_perms;
diff --git a/public/adbd.te b/public/adbd.te
index 68a176c..4a1f633 100644
--- a/public/adbd.te
+++ b/public/adbd.te
@@ -6,3 +6,6 @@
# Only init is allowed to enter the adbd domain via exec()
neverallow { domain -init } adbd:process transition;
neverallow * adbd:process dyntransition;
+
+# Allow adbd start/stop mdnsd via ctl.start
+set_prop(adbd, ctl_mdnsd_prop)
diff --git a/public/app.te b/public/app.te
index e26ec0a..5c48e71 100644
--- a/public/app.te
+++ b/public/app.te
@@ -582,3 +582,13 @@
# application boundary. VPN apps may use the ConnectivityManager.getConnectionOwnerUid() API to
# perform UID lookups.
neverallow { appdomain -shell } proc_net_tcp_udp:file *;
+
+# Apps cannot access bootstrap files. The bootstrap files are only for
+# extremely early processes (like init, etc.) which are started before
+# the runtime APEX is activated and Bionic libs are provided from there.
+# If app process accesses (or even load/execute) the bootstrap files,
+# it might cause problems such as ODR violation, etc.
+neverallow appdomain system_bootstrap_lib_file:file
+ { open read write append execute execute_no_trans map };
+neverallow appdomain system_bootstrap_lib_file:dir
+ { open read getattr search };
diff --git a/public/attributes b/public/attributes
index dbb9356..67979da 100644
--- a/public/attributes
+++ b/public/attributes
@@ -303,11 +303,14 @@
# from one core domain to another, without having to update the vendor image
# which contains clients of this service.
-attribute display_service_server;
-attribute wifi_keystore_service_server;
-attribute mediaswcodec_server;
-attribute system_suspend_server;
attribute camera_service_server;
+attribute display_service_server;
+attribute mediaswcodec_server;
+attribute scheduler_service_server;
+attribute sensor_service_server;
+attribute stats_service_server;
+attribute system_suspend_server;
+attribute wifi_keystore_service_server;
# All types used for super partition block devices.
attribute super_block_device_type;
diff --git a/public/domain.te b/public/domain.te
index 634a5c5..a415646 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -1003,6 +1003,7 @@
vendor_file_type
-same_process_hal_file
-vendor_app_file
+ -vendor_apex_file
-vendor_configs_file
-vendor_framework_file
-vendor_idc_file
diff --git a/public/dumpstate.te b/public/dumpstate.te
index 2d5e240..2906b5b 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -56,7 +56,7 @@
allow dumpstate domain:process getattr;
# Signal java processes to dump their stack
-allow dumpstate { appdomain system_server }:process signal;
+allow dumpstate { appdomain system_server zygote }:process signal;
# Signal native processes to dump their stack.
allow dumpstate {
@@ -69,6 +69,7 @@
mediaextractor
mediametrics
mediaserver
+ mediaswcodec
sdcardd
surfaceflinger
@@ -81,7 +82,10 @@
hal_graphics_composer_server
hal_health_server
hal_omx_server
+ hal_power_server
+ hal_power_stats_server
hal_sensors_server
+ hal_thermal_server
hal_vr_server
}:process signal;
diff --git a/public/file.te b/public/file.te
index ccf6d85..d906b7f 100644
--- a/public/file.te
+++ b/public/file.te
@@ -148,14 +148,14 @@
type system_event_log_tags_file, system_file_type, file_type;
# Default type for anything under /system/lib[64].
type system_lib_file, system_file_type, file_type;
+# system libraries that are available only to bootstrap processes
+type system_bootstrap_lib_file, system_file_type, file_type;
# Default type for linker executable /system/bin/linker[64].
type system_linker_exec, system_file_type, file_type;
# Default type for linker config /system/etc/ld.config.*.
type system_linker_config_file, system_file_type, file_type;
# Default type for linker config /system/etc/seccomp_policy/*.
type system_seccomp_policy_file, system_file_type, file_type;
-# Default type for APEX keys in /system/etc/security/apex/*
-type apex_key_file, system_file_type, file_type;
# Default type for cacerts in /system/etc/security/cacerts/*.
type system_security_cacerts_file, system_file_type, file_type;
# Default type for /system/bin/tcpdump.
@@ -286,11 +286,14 @@
type server_configurable_flags_data_file, file_type, data_file_type, core_data_file_type;
# /data/app-staging
type staging_data_file, file_type, data_file_type, core_data_file_type;
+# /vendor/apex
+type vendor_apex_file, vendor_file_type, file_type;
# Mount locations managed by vold
type mnt_media_rw_file, file_type;
type mnt_user_file, file_type;
type mnt_expand_file, file_type;
+type mnt_sdcard_file, file_type;
type storage_file, file_type;
# Label for storage dirs which are just mount stubs
diff --git a/public/flags_health_check.te b/public/flags_health_check.te
index 151c7c0..b42005a 100644
--- a/public/flags_health_check.te
+++ b/public/flags_health_check.te
@@ -10,6 +10,7 @@
set_prop(flags_health_check, device_config_netd_native_prop)
set_prop(flags_health_check, device_config_activity_manager_native_boot_prop)
set_prop(flags_health_check, device_config_media_native_prop)
+set_prop(flags_health_check, device_config_sys_traced_prop)
allow flags_health_check server_configurable_flags_data_file:dir rw_dir_perms;
allow flags_health_check server_configurable_flags_data_file:file create_file_perms;
diff --git a/public/hal_audio.te b/public/hal_audio.te
index a1c098f..bb9eec4 100644
--- a/public/hal_audio.te
+++ b/public/hal_audio.te
@@ -32,7 +32,7 @@
neverallow hal_audio_server domain:{ tcp_socket udp_socket rawip_socket } *;
# Only audio HAL may directly access the audio hardware
-neverallow { halserverdomain -hal_audio_server } audio_device:chr_file *;
+neverallow { halserverdomain -hal_audio_server -hal_omx_server } audio_device:chr_file *;
get_prop(hal_audio, bluetooth_a2dp_offload_prop)
get_prop(hal_audio, bluetooth_audio_hal_prop)
diff --git a/public/hal_neuralnetworks.te b/public/hal_neuralnetworks.te
index 21374bc..c2549ff 100644
--- a/public/hal_neuralnetworks.te
+++ b/public/hal_neuralnetworks.te
@@ -11,3 +11,11 @@
# Allow NN HAL service to use a client-provided fd residing in /data/local/tmp/.
allow hal_neuralnetworks_server shell_data_file:file { read write getattr map };
+
+# Allow NN HAL client to check the ro.nnapi.extensions.deny_on_product
+# property to determine whether to deny NNAPI extensions use for apps
+# on product partition (apps in GSI are not allowed to use NNAPI extensions).
+get_prop(hal_neuralnetworks_client, nnapi_ext_deny_product_prop);
+# This property is only expected to be found in /product/build.prop,
+# allow to be set only by init.
+neverallow { domain -init } nnapi_ext_deny_product_prop:property_service set;
diff --git a/public/idmap.te b/public/idmap.te
index d76558a..92c649c 100644
--- a/public/idmap.te
+++ b/public/idmap.te
@@ -2,7 +2,7 @@
type idmap, domain;
type idmap_exec, system_file_type, exec_type, file_type;
-# STOPSHIP remove /system/bin/idmap and the link between idmap and installd (b/118711077)
+# TODO remove /system/bin/idmap and the link between idmap and installd (b/118711077)
# Use open file to /data/resource-cache file inherited from installd.
allow idmap installd:fd use;
allow idmap resourcecache_data_file:file create_file_perms;
@@ -15,6 +15,10 @@
allow idmap apk_data_file:file r_file_perms;
allow idmap apk_data_file:dir search;
+# Allow /data/app/vmdl*.tmp, /data/app-private/vmdl*.tmp files
+allow idmap { apk_tmp_file apk_private_tmp_file }:file r_file_perms;
+allow idmap { apk_tmp_file apk_private_tmp_file }:dir search;
+
# Allow apps access to /vendor/app
r_dir_file(idmap, vendor_app_file)
diff --git a/public/init.te b/public/init.te
index f0f9835..c5b88d2 100644
--- a/public/init.te
+++ b/public/init.te
@@ -46,11 +46,14 @@
userdata_block_device
}:{ blk_file lnk_file } relabelto;
+# Create /mnt/sdcard -> /storage/self/primary symlink.
+allow init mnt_sdcard_file:lnk_file create;
+
# setrlimit
allow init self:global_capability_class_set sys_resource;
-# Remove /dev/.booting, created before initial policy load or restorecon /dev.
-allow init tmpfs:file unlink;
+# Remove /dev/.booting and load /debug_ramdisk/* files
+allow init tmpfs:file { getattr unlink };
# Access pty created for fsck.
allow init devpts:chr_file { read write open };
@@ -557,6 +560,10 @@
# Allow init to touch PSI monitors
allow init proc_pressure_mem:file { rw_file_perms setattr };
+# init is using bootstrap bionic
+allow init system_bootstrap_lib_file:dir r_dir_perms;
+allow init system_bootstrap_lib_file:file { execute read open getattr map };
+
###
### neverallow rules
###
diff --git a/public/kernel.te b/public/kernel.te
index 50e72c2..99ad014 100644
--- a/public/kernel.te
+++ b/public/kernel.te
@@ -85,8 +85,11 @@
# Needed because APEX uses the loopback driver, which issues requests from
# a kernel thread in earlier kernel version.
allow kernel apexd:fd use;
-allow kernel apex_data_file:file read;
-allow kernel staging_data_file:file read;
+allow kernel {
+ apex_data_file
+ staging_data_file
+ vendor_apex_file
+}:file read;
# Allow the first-stage init (which is running in the kernel domain) to execute the
# dynamic linker when it re-executes /init to switch into the second stage.
diff --git a/public/mediaserver.te b/public/mediaserver.te
index 77aefe1..dbdb051 100644
--- a/public/mediaserver.te
+++ b/public/mediaserver.te
@@ -68,6 +68,7 @@
add_service(mediaserver, mediaserver_service)
allow mediaserver activity_service:service_manager find;
allow mediaserver appops_service:service_manager find;
+allow mediaserver audio_service:service_manager find;
allow mediaserver audioserver_service:service_manager find;
allow mediaserver cameraserver_service:service_manager find;
allow mediaserver batterystats_service:service_manager find;
diff --git a/public/property.te b/public/property.te
index 473baa2..a5b5e95 100644
--- a/public/property.te
+++ b/public/property.te
@@ -38,6 +38,7 @@
type device_config_runtime_native_boot_prop, property_type;
type device_config_runtime_native_prop, property_type;
type device_config_media_native_prop, property_type;
+type device_config_sys_traced_prop, property_type;
type device_logging_prop, property_type;
type dhcp_prop, property_type, core_property_type;
type dumpstate_options_prop, property_type;
@@ -64,6 +65,7 @@
type net_radio_prop, property_type, core_property_type;
type netd_stable_secret_prop, property_type;
type nfc_prop, property_type, core_property_type;
+type nnapi_ext_deny_product_prop, property_type;
type overlay_prop, property_type;
type pan_result_prop, property_type, core_property_type;
type persist_debug_prop, property_type, core_property_type;
@@ -420,6 +422,7 @@
-device_config_runtime_native_boot_prop
-device_config_runtime_native_prop
-device_config_media_native_prop
+ -device_config_sys_traced_prop
-gsid_prop
-heapprofd_enabled_prop
-heapprofd_prop
diff --git a/public/property_contexts b/public/property_contexts
index 3ac4673..0884f87 100644
--- a/public/property_contexts
+++ b/public/property_contexts
@@ -270,6 +270,7 @@
ro.boot.hardware.revision u:object_r:exported_default_prop:s0 exact string
ro.boot.product.hardware.sku u:object_r:exported_default_prop:s0 exact string
ro.boot.slot_suffix u:object_r:exported_default_prop:s0 exact string
+ro.build.ab_update u:object_r:exported_default_prop:s0 exact string
ro.carrier u:object_r:exported_default_prop:s0 exact string
ro.config.low_ram u:object_r:exported_config_prop:s0 exact bool
ro.config.vc_call_vol_steps u:object_r:exported_config_prop:s0 exact int
@@ -343,6 +344,7 @@
ro.vndk.lite u:object_r:exported_default_prop:s0 exact bool
ro.vndk.version u:object_r:exported_default_prop:s0 exact string
ro.vts.coverage u:object_r:exported_default_prop:s0 exact int
+wifi.active.interface u:object_r:exported_wifi_prop:s0 exact string
wifi.concurrent.interface u:object_r:exported_default_prop:s0 exact string
wifi.direct.interface u:object_r:exported_default_prop:s0 exact string
wifi.interface u:object_r:exported_default_prop:s0 exact string
diff --git a/public/scheduler_service_server.te b/public/scheduler_service_server.te
new file mode 100644
index 0000000..b3cede1
--- /dev/null
+++ b/public/scheduler_service_server.te
@@ -0,0 +1 @@
+add_hwservice(scheduler_service_server, fwk_scheduler_hwservice)
diff --git a/public/sensor_service_server.te b/public/sensor_service_server.te
new file mode 100644
index 0000000..7c526a5
--- /dev/null
+++ b/public/sensor_service_server.te
@@ -0,0 +1 @@
+add_hwservice(sensor_service_server, fwk_sensor_hwservice)
diff --git a/public/stats_service_server.te b/public/stats_service_server.te
new file mode 100644
index 0000000..564ae23
--- /dev/null
+++ b/public/stats_service_server.te
@@ -0,0 +1 @@
+add_hwservice(stats_service_server, fwk_stats_hwservice)
diff --git a/public/statsd.te b/public/statsd.te
index 8ba7f63..089cae9 100644
--- a/public/statsd.te
+++ b/public/statsd.te
@@ -50,9 +50,6 @@
system_api_service
}:service_manager find;
-# Allow statsd to add as HIDL service.
-add_hwservice(statsd, fwk_stats_hwservice)
-
# Grant statsd to access health hal to access battery metrics.
allow statsd hal_health_hwservice:hwservice_manager find;
diff --git a/public/ueventd.te b/public/ueventd.te
index db02d3f..98e3bda 100644
--- a/public/ueventd.te
+++ b/public/ueventd.te
@@ -55,6 +55,10 @@
allow ueventd vendor_file:system module_load;
allow ueventd kernel:key search;
+# ueventd is using bootstrap bionic
+allow ueventd system_bootstrap_lib_file:dir r_dir_perms;
+allow ueventd system_bootstrap_lib_file:file { execute read open getattr map };
+
#####
##### neverallow rules
#####
diff --git a/public/vendor_init.te b/public/vendor_init.te
index 5a3e918..7114a02 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -180,6 +180,10 @@
# Raw writes to misc block device
allow vendor_init misc_block_device:blk_file w_file_perms;
+# vendor_init is using bootstrap bionic
+allow vendor_init system_bootstrap_lib_file:dir r_dir_perms;
+allow vendor_init system_bootstrap_lib_file:file { execute read open getattr map };
+
# Everything is labeled as rootfs in recovery mode. Vendor init has to execute
# the dynamic linker and shared libraries.
recovery_only(`
@@ -197,6 +201,7 @@
-device_config_runtime_native_boot_prop
-device_config_runtime_native_prop
-device_config_media_native_prop
+ -device_config_sys_traced_prop
-restorecon_prop
-netd_stable_secret_prop
-firstboot_prop
@@ -206,6 +211,7 @@
-last_boot_reason_prop
-apexd_prop
-gsid_prop
+ -nnapi_ext_deny_product_prop
})
')
diff --git a/tests/Android.bp b/tests/Android.bp
index a7d7023..d27f333 100644
--- a/tests/Android.bp
+++ b/tests/Android.bp
@@ -33,7 +33,7 @@
python_binary_host {
name: "treble_sepolicy_tests",
srcs: [
- "FcSort.py",
+ "fc_sort.py",
"mini_parser.py",
"policy.py",
"treble_sepolicy_tests.py",
@@ -45,7 +45,7 @@
python_binary_host {
name: "sepolicy_tests",
srcs: [
- "FcSort.py",
+ "fc_sort.py",
"policy.py",
"sepolicy_tests.py",
],
@@ -56,7 +56,7 @@
python_binary_host {
name: "searchpolicy",
srcs: [
- "FcSort.py",
+ "fc_sort.py",
"policy.py",
"searchpolicy.py",
],
@@ -72,3 +72,11 @@
],
defaults: ["py2_only"],
}
+
+python_binary_host {
+ name: "fc_sort",
+ srcs: [
+ "fc_sort.py",
+ ],
+ defaults: ["py2_only"],
+}
diff --git a/tests/FcSort.py b/tests/fc_sort.py
similarity index 80%
rename from tests/FcSort.py
rename to tests/fc_sort.py
index 7cf1998..cbb0e5e 100755
--- a/tests/FcSort.py
+++ b/tests/fc_sort.py
@@ -1,6 +1,7 @@
#!/usr/bin/env python
import sys
import os
+import argparse
class FileContextsNode:
path = None
@@ -11,7 +12,8 @@
stemLen = None
strLen = None
Type = None
- def __init__(self, path, fileType, context, meta, stemLen, strLen):
+ line = None
+ def __init__(self, path, fileType, context, meta, stemLen, strLen, line):
self.path = path
self.fileType = fileType
self.context = context
@@ -19,6 +21,7 @@
self.stemLen = stemLen
self.strlen = strLen
self.Type = context.split(":")[2]
+ self.line = line
metaChars = frozenset(['.', '^', '$', '?', '*', '+', '|', '[', '(', '{'])
escapedMetaChars = frozenset(['\.', '\^', '\$', '\?', '\*', '\+', '\|', '\[', '\(', '\{'])
@@ -65,7 +68,7 @@
stemLen = getStemLen(path)
strLen = len(path.replace("\\", ""))
- return FileContextsNode(path, fileType, context, meta, stemLen, strLen)
+ return FileContextsNode(path, fileType, context, meta, stemLen, strLen, line)
def ReadFileContexts(files):
fc = []
@@ -118,8 +121,22 @@
return Fc
-if __name__ == '__main__':
- if len(sys.argv) < 2:
- sys.exit("Usage: fc_sort.py <file_contexts 1> <file_contexts 2> <file_contexts 3>")
+def PrintFc(Fc, out):
+ if not out:
+ f = sys.stdout
+ else:
+ f = open(out, "w")
+ for node in Fc:
+ f.write(node.line + "\n")
- FcSorted = FcSort(sys.argv[1:])
+if __name__ == '__main__':
+ parser = argparse.ArgumentParser(description="SELinux file_contexts sorting tool.")
+ parser.add_argument("-i", dest="input", help="Path to the file_contexts file(s).", nargs="?", action='append')
+ parser.add_argument("-o", dest="output", help="Path to the output file", nargs=1)
+ args = parser.parse_args()
+ if not args.input:
+ parser.error("Must include path to policy")
+ if not not args.output:
+ args.output = args.output[0]
+
+ PrintFc(FcSort(args.input),args.output)
diff --git a/tests/policy.py b/tests/policy.py
index 90e387f..0f51e2f 100644
--- a/tests/policy.py
+++ b/tests/policy.py
@@ -3,7 +3,7 @@
import os
import sys
import platform
-import FcSort
+import fc_sort
###
# Check whether the regex will match a file path starting with the provided
@@ -413,7 +413,7 @@
self.__FcDict[t] = [rec[0]]
except:
pass
- self.__FcSorted = FcSort.FcSort(FcPaths)
+ self.__FcSorted = fc_sort.FcSort(FcPaths)
# load policy
def __InitPolicy(self, PolicyPath):
diff --git a/tools/check_seapp.c b/tools/check_seapp.c
index fe404b1..6d60a12 100644
--- a/tools/check_seapp.c
+++ b/tools/check_seapp.c
@@ -204,7 +204,6 @@
/*Inputs*/
{ .name = "isSystemServer", .dir = dir_in, .fn_validate = validate_bool },
{ .name = "isEphemeralApp", .dir = dir_in, .fn_validate = validate_bool },
- { .name = "isV2App", .dir = dir_in, .fn_validate = validate_bool },
{ .name = "isOwner", .dir = dir_in, .fn_validate = validate_bool },
{ .name = "user", .dir = dir_in, },
{ .name = "seinfo", .dir = dir_in, },
diff --git a/tools/fc_sort/Android.bp b/tools/fc_sort/Android.bp
deleted file mode 100644
index d0a391b..0000000
--- a/tools/fc_sort/Android.bp
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
- * Copyright (C) 2018 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-cc_binary_host {
- name: "fc_sort",
- srcs: ["fc_sort.c"],
- stl: "none",
- cflags: [
- "-Wall",
- "-Werror",
- ],
-}
diff --git a/tools/fc_sort/MODULE_LICENSE_GPL b/tools/fc_sort/MODULE_LICENSE_GPL
deleted file mode 100644
index e69de29..0000000
--- a/tools/fc_sort/MODULE_LICENSE_GPL
+++ /dev/null
diff --git a/tools/fc_sort/NOTICE b/tools/fc_sort/NOTICE
deleted file mode 100644
index 5b6e7c6..0000000
--- a/tools/fc_sort/NOTICE
+++ /dev/null
@@ -1,340 +0,0 @@
- GNU GENERAL PUBLIC LICENSE
- Version 2, June 1991
-
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.
- 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
- Preamble
-
- The licenses for most software are designed to take away your
-freedom to share and change it. By contrast, the GNU General Public
-License is intended to guarantee your freedom to share and change free
-software--to make sure the software is free for all its users. This
-General Public License applies to most of the Free Software
-Foundation's software and to any other program whose authors commit to
-using it. (Some other Free Software Foundation software is covered by
-the GNU Library General Public License instead.) You can apply it to
-your programs, too.
-
- When we speak of free software, we are referring to freedom, not
-price. Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-this service if you wish), that you receive source code or can get it
-if you want it, that you can change the software or use pieces of it
-in new free programs; and that you know you can do these things.
-
- To protect your rights, we need to make restrictions that forbid
-anyone to deny you these rights or to ask you to surrender the rights.
-These restrictions translate to certain responsibilities for you if you
-distribute copies of the software, or if you modify it.
-
- For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must give the recipients all the rights that
-you have. You must make sure that they, too, receive or can get the
-source code. And you must show them these terms so they know their
-rights.
-
- We protect your rights with two steps: (1) copyright the software, and
-(2) offer you this license which gives you legal permission to copy,
-distribute and/or modify the software.
-
- Also, for each author's protection and ours, we want to make certain
-that everyone understands that there is no warranty for this free
-software. If the software is modified by someone else and passed on, we
-want its recipients to know that what they have is not the original, so
-that any problems introduced by others will not reflect on the original
-authors' reputations.
-
- Finally, any free program is threatened constantly by software
-patents. We wish to avoid the danger that redistributors of a free
-program will individually obtain patent licenses, in effect making the
-program proprietary. To prevent this, we have made it clear that any
-patent must be licensed for everyone's free use or not licensed at all.
-
- The precise terms and conditions for copying, distribution and
-modification follow.
-�
- GNU GENERAL PUBLIC LICENSE
- TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-
- 0. This License applies to any program or other work which contains
-a notice placed by the copyright holder saying it may be distributed
-under the terms of this General Public License. The "Program", below,
-refers to any such program or work, and a "work based on the Program"
-means either the Program or any derivative work under copyright law:
-that is to say, a work containing the Program or a portion of it,
-either verbatim or with modifications and/or translated into another
-language. (Hereinafter, translation is included without limitation in
-the term "modification".) Each licensee is addressed as "you".
-
-Activities other than copying, distribution and modification are not
-covered by this License; they are outside its scope. The act of
-running the Program is not restricted, and the output from the Program
-is covered only if its contents constitute a work based on the
-Program (independent of having been made by running the Program).
-Whether that is true depends on what the Program does.
-
- 1. You may copy and distribute verbatim copies of the Program's
-source code as you receive it, in any medium, provided that you
-conspicuously and appropriately publish on each copy an appropriate
-copyright notice and disclaimer of warranty; keep intact all the
-notices that refer to this License and to the absence of any warranty;
-and give any other recipients of the Program a copy of this License
-along with the Program.
-
-You may charge a fee for the physical act of transferring a copy, and
-you may at your option offer warranty protection in exchange for a fee.
-
- 2. You may modify your copy or copies of the Program or any portion
-of it, thus forming a work based on the Program, and copy and
-distribute such modifications or work under the terms of Section 1
-above, provided that you also meet all of these conditions:
-
- a) You must cause the modified files to carry prominent notices
- stating that you changed the files and the date of any change.
-
- b) You must cause any work that you distribute or publish, that in
- whole or in part contains or is derived from the Program or any
- part thereof, to be licensed as a whole at no charge to all third
- parties under the terms of this License.
-
- c) If the modified program normally reads commands interactively
- when run, you must cause it, when started running for such
- interactive use in the most ordinary way, to print or display an
- announcement including an appropriate copyright notice and a
- notice that there is no warranty (or else, saying that you provide
- a warranty) and that users may redistribute the program under
- these conditions, and telling the user how to view a copy of this
- License. (Exception: if the Program itself is interactive but
- does not normally print such an announcement, your work based on
- the Program is not required to print an announcement.)
-�
-These requirements apply to the modified work as a whole. If
-identifiable sections of that work are not derived from the Program,
-and can be reasonably considered independent and separate works in
-themselves, then this License, and its terms, do not apply to those
-sections when you distribute them as separate works. But when you
-distribute the same sections as part of a whole which is a work based
-on the Program, the distribution of the whole must be on the terms of
-this License, whose permissions for other licensees extend to the
-entire whole, and thus to each and every part regardless of who wrote it.
-
-Thus, it is not the intent of this section to claim rights or contest
-your rights to work written entirely by you; rather, the intent is to
-exercise the right to control the distribution of derivative or
-collective works based on the Program.
-
-In addition, mere aggregation of another work not based on the Program
-with the Program (or with a work based on the Program) on a volume of
-a storage or distribution medium does not bring the other work under
-the scope of this License.
-
- 3. You may copy and distribute the Program (or a work based on it,
-under Section 2) in object code or executable form under the terms of
-Sections 1 and 2 above provided that you also do one of the following:
-
- a) Accompany it with the complete corresponding machine-readable
- source code, which must be distributed under the terms of Sections
- 1 and 2 above on a medium customarily used for software interchange; or,
-
- b) Accompany it with a written offer, valid for at least three
- years, to give any third party, for a charge no more than your
- cost of physically performing source distribution, a complete
- machine-readable copy of the corresponding source code, to be
- distributed under the terms of Sections 1 and 2 above on a medium
- customarily used for software interchange; or,
-
- c) Accompany it with the information you received as to the offer
- to distribute corresponding source code. (This alternative is
- allowed only for noncommercial distribution and only if you
- received the program in object code or executable form with such
- an offer, in accord with Subsection b above.)
-
-The source code for a work means the preferred form of the work for
-making modifications to it. For an executable work, complete source
-code means all the source code for all modules it contains, plus any
-associated interface definition files, plus the scripts used to
-control compilation and installation of the executable. However, as a
-special exception, the source code distributed need not include
-anything that is normally distributed (in either source or binary
-form) with the major components (compiler, kernel, and so on) of the
-operating system on which the executable runs, unless that component
-itself accompanies the executable.
-
-If distribution of executable or object code is made by offering
-access to copy from a designated place, then offering equivalent
-access to copy the source code from the same place counts as
-distribution of the source code, even though third parties are not
-compelled to copy the source along with the object code.
-�
- 4. You may not copy, modify, sublicense, or distribute the Program
-except as expressly provided under this License. Any attempt
-otherwise to copy, modify, sublicense or distribute the Program is
-void, and will automatically terminate your rights under this License.
-However, parties who have received copies, or rights, from you under
-this License will not have their licenses terminated so long as such
-parties remain in full compliance.
-
- 5. You are not required to accept this License, since you have not
-signed it. However, nothing else grants you permission to modify or
-distribute the Program or its derivative works. These actions are
-prohibited by law if you do not accept this License. Therefore, by
-modifying or distributing the Program (or any work based on the
-Program), you indicate your acceptance of this License to do so, and
-all its terms and conditions for copying, distributing or modifying
-the Program or works based on it.
-
- 6. Each time you redistribute the Program (or any work based on the
-Program), the recipient automatically receives a license from the
-original licensor to copy, distribute or modify the Program subject to
-these terms and conditions. You may not impose any further
-restrictions on the recipients' exercise of the rights granted herein.
-You are not responsible for enforcing compliance by third parties to
-this License.
-
- 7. If, as a consequence of a court judgment or allegation of patent
-infringement or for any other reason (not limited to patent issues),
-conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License. If you cannot
-distribute so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you
-may not distribute the Program at all. For example, if a patent
-license would not permit royalty-free redistribution of the Program by
-all those who receive copies directly or indirectly through you, then
-the only way you could satisfy both it and this License would be to
-refrain entirely from distribution of the Program.
-
-If any portion of this section is held invalid or unenforceable under
-any particular circumstance, the balance of the section is intended to
-apply and the section as a whole is intended to apply in other
-circumstances.
-
-It is not the purpose of this section to induce you to infringe any
-patents or other property right claims or to contest validity of any
-such claims; this section has the sole purpose of protecting the
-integrity of the free software distribution system, which is
-implemented by public license practices. Many people have made
-generous contributions to the wide range of software distributed
-through that system in reliance on consistent application of that
-system; it is up to the author/donor to decide if he or she is willing
-to distribute software through any other system and a licensee cannot
-impose that choice.
-
-This section is intended to make thoroughly clear what is believed to
-be a consequence of the rest of this License.
-�
- 8. If the distribution and/or use of the Program is restricted in
-certain countries either by patents or by copyrighted interfaces, the
-original copyright holder who places the Program under this License
-may add an explicit geographical distribution limitation excluding
-those countries, so that distribution is permitted only in or among
-countries not thus excluded. In such case, this License incorporates
-the limitation as if written in the body of this License.
-
- 9. The Free Software Foundation may publish revised and/or new versions
-of the General Public License from time to time. Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-Each version is given a distinguishing version number. If the Program
-specifies a version number of this License which applies to it and "any
-later version", you have the option of following the terms and conditions
-either of that version or of any later version published by the Free
-Software Foundation. If the Program does not specify a version number of
-this License, you may choose any version ever published by the Free Software
-Foundation.
-
- 10. If you wish to incorporate parts of the Program into other free
-programs whose distribution conditions are different, write to the author
-to ask for permission. For software which is copyrighted by the Free
-Software Foundation, write to the Free Software Foundation; we sometimes
-make exceptions for this. Our decision will be guided by the two goals
-of preserving the free status of all derivatives of our free software and
-of promoting the sharing and reuse of software generally.
-
- NO WARRANTY
-
- 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
-FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
-OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
-PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
-OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
-TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
-PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
-REPAIR OR CORRECTION.
-
- 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
-REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
-INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
-OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
-TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
-YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
-PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGES.
-
- END OF TERMS AND CONDITIONS
-�
- How to Apply These Terms to Your New Programs
-
- If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
- To do so, attach the following notices to the program. It is safest
-to attach them to the start of each source file to most effectively
-convey the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
- <one line to give the program's name and a brief idea of what it does.>
- Copyright (C) <year> <name of author>
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-
-
-Also add information on how to contact you by electronic and paper mail.
-
-If the program is interactive, make it output a short notice like this
-when it starts in an interactive mode:
-
- Gnomovision version 69, Copyright (C) year name of author
- Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
- This is free software, and you are welcome to redistribute it
- under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License. Of course, the commands you use may
-be called something other than `show w' and `show c'; they could even be
-mouse-clicks or menu items--whatever suits your program.
-
-You should also get your employer (if you work as a programmer) or your
-school, if any, to sign a "copyright disclaimer" for the program, if
-necessary. Here is a sample; alter the names:
-
- Yoyodyne, Inc., hereby disclaims all copyright interest in the program
- `Gnomovision' (which makes passes at compilers) written by James Hacker.
-
- <signature of Ty Coon>, 1 April 1989
- Ty Coon, President of Vice
-
-This General Public License does not permit incorporating your program into
-proprietary programs. If your program is a subroutine library, you may
-consider it more useful to permit linking proprietary applications with the
-library. If this is what you want to do, use the GNU Library General
-Public License instead of this License.
diff --git a/tools/fc_sort/README b/tools/fc_sort/README
deleted file mode 100644
index 0210dc7..0000000
--- a/tools/fc_sort/README
+++ /dev/null
@@ -1,9 +0,0 @@
-fc_sort is a tool used for sorting the file_contexts entries based on a heuristic that is
- covered by a Fedora document. That document can be found here:
- * https://fedoraproject.org/wiki/SELinux/ManagingFileContext
-
-The tool itself originates from:
- * https://github.com/TresysTechnology/refpolicy
-
-It can be updated to the current tip of master branch with the below command:
-$ wget https://raw.githubusercontent.com/TresysTechnology/refpolicy/master/support/fc_sort.c
diff --git a/tools/fc_sort/fc_sort.c b/tools/fc_sort/fc_sort.c
deleted file mode 100644
index c7a4c90..0000000
--- a/tools/fc_sort/fc_sort.c
+++ /dev/null
@@ -1,625 +0,0 @@
-/* Copyright 2005,2013 Tresys Technology
- *
- * Some parts of this came from matchpathcon.c in libselinux
- */
-
-/* PURPOSE OF THIS PROGRAM
- * The original setfiles sorting algorithm did not take into
- * account regular expression specificity. With the current
- * strict and targeted policies this is not an issue because
- * the file contexts are partially hand sorted and concatenated
- * in the right order so that the matches are generally correct.
- * The way reference policy and loadable policy modules handle
- * file contexts makes them come out in an unpredictable order
- * and therefore setfiles (or this standalone tool) need to sort
- * the regular expressions in a deterministic and stable way.
- */
-
-#define BUF_SIZE 4096;
-#define _GNU_SOURCE
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-
-typedef unsigned char bool_t;
-
-/* file_context_node
- * A node used in a linked list of file contexts.c
- * Each node contains the regular expression, the type and
- * the context, as well as information about the regular
- * expression. The regular expression data (meta, stem_len
- * and str_len) can be filled in by using the fc_fill_data
- * function after the regular expression has been loaded.
- * next points to the next node in the linked list.
- */
-typedef struct file_context_node {
- char *path;
- char *file_type;
- char *context;
- char *extra;
- bool_t meta;
- int stem_len;
- int str_len;
- struct file_context_node *next;
-} file_context_node_t;
-
-void file_context_node_destroy(file_context_node_t *x)
-{
- if (!x)
- return;
-
- free(x->path);
- free(x->file_type);
- free(x->context);
-}
-
-
-
-/* file_context_bucket
- * A node used in a linked list of buckets that contain
- * file_context_node's.
- * Each node contains a pointer to a file_context_node which
- * is the header of its linked list. This linked list is the
- * content of this bucket.
- * next points to the next bucket in the linked list.
- */
-typedef struct file_context_bucket {
- file_context_node_t *data;
- struct file_context_bucket *next;
-} file_context_bucket_t;
-
-
-
-/* fc_compare
- * Compares two file contexts' regular expressions and returns:
- * -1 if a is less specific than b
- * 0 if a and be are equally specific
- * 1 if a is more specific than b
- * The comparison is based on the following statements,
- * in order from most important to least important, given a and b:
- * If a is a regular expression and b is not,
- * -> a is less specific than b.
- * If a's stem length is shorter than b's stem length,
- * -> a is less specific than b.
- * If a's string length is shorter than b's string length,
- * -> a is less specific than b.
- * If a does not have a specified type and b does,
- * -> a is less specific than b.
- */
-int fc_compare(file_context_node_t *a, file_context_node_t *b)
-{
- /* Check to see if either a or b have meta characters
- * and the other doesn't. */
- if (a->meta && !b->meta)
- return -1;
- if (b->meta && !a->meta)
- return 1;
-
- /* Check to see if either a or b have a shorter stem
- * length than the other. */
- if (a->stem_len < b->stem_len)
- return -1;
- if (b->stem_len < a->stem_len)
- return 1;
-
- /* Check to see if either a or b have a shorter string
- * length than the other. */
- if (a->str_len < b->str_len)
- return -1;
- if (b->str_len < a->str_len)
- return 1;
-
- /* Check to see if either a or b has a specified type
- * and the other doesn't. */
- if (!a->file_type && b->file_type)
- return -1;
- if (!b->file_type && a->file_type)
- return 1;
-
- /* If none of the above conditions were satisfied,
- * then a and b are equally specific. */
- return 0;
-}
-
-
-
-/* fc_merge
- * Merges two sorted file context linked lists into one
- * sorted one.
- * Pass two lists a and b, and after the completion of fc_merge,
- * the final list is contained in a, and b is empty.
- */
-file_context_node_t *fc_merge(file_context_node_t *a,
- file_context_node_t *b)
-{
- file_context_node_t *a_current;
- file_context_node_t *b_current;
- file_context_node_t *temp;
- file_context_node_t *jumpto;
-
- /* If a is a empty list, and b is not,
- * set a as b and proceed to the end. */
- if (!a && b)
- a = b;
- /* If b is an empty list, leave a as it is. */
- else if (!b) {
- } else {
- /* Make it so the list a has the lesser
- * first element always. */
- if (fc_compare(a, b) == 1) {
- temp = a;
- a = b;
- b = temp;
- }
- a_current = a;
- b_current = b;
-
- /* Merge by inserting b's nodes in between a's nodes. */
- while (a_current->next && b_current) {
- jumpto = a_current->next;
-
- /* Insert b's nodes in between the current a node
- * and the next a node.*/
- while (b_current && a_current->next &&
- fc_compare(a_current->next,
- b_current) != -1) {
-
- temp = a_current->next;
- a_current->next = b_current;
- b_current = b_current->next;
- a_current->next->next = temp;
- a_current = a_current->next;
- }
-
- /* Skip all the inserted node from b to the
- * next node in the original a. */
- a_current = jumpto;
- }
-
- /* if there is anything left in b to be inserted,
- put it on the end */
- if (b_current) {
- a_current->next = b_current;
- }
- }
-
- return a;
-}
-
-
-
-/* fc_merge_sort
- * Sorts file contexts from least specific to more specific.
- * The bucket linked list is passed and after the completion
- * of the fc_merge_sort function, there is only one bucket
- * (pointed to by master) that contains a linked list
- * of all the file contexts, in sorted order.
- * Explanation of the algorithm:
- * The algorithm implemented in fc_merge_sort is an iterative
- * implementation of merge sort.
- * At first, each bucket has a linked list of file contexts
- * that are 1 element each.
- * Each pass, each odd numbered bucket is merged into the bucket
- * before it. This halves the number of buckets each pass.
- * It will continue passing over the buckets (as described above)
- * until there is only one bucket left, containing the list of
- * file contexts, sorted.
- */
-void fc_merge_sort(file_context_bucket_t *master)
-{
- file_context_bucket_t *current;
- file_context_bucket_t *temp;
-
- if (!master)
- return;
-
- /* Loop until master is the only bucket left
- * so that this will stop when master contains
- * the sorted list. */
- while (master->next) {
- current = master;
-
- /* This loop merges buckets two-by-two. */
- while (current) {
- if (current->next) {
- current->data =
- fc_merge(current->data,
- current->next->data);
-
- temp = current->next;
- current->next = current->next->next;
-
- free(temp);
- }
-
- current = current->next;
- }
- }
-}
-
-
-
-/* fc_fill_data
- * This processes a regular expression in a file context
- * and sets the data held in file_context_node, namely
- * meta, str_len and stem_len.
- * The following changes are made to fc_node after the
- * the completion of the function:
- * fc_node->meta = 1 if path has a meta character, 0 if not.
- * fc_node->str_len = The string length of the entire path
- * fc_node->stem_len = The number of characters up until
- * the first meta character.
- */
-void fc_fill_data(file_context_node_t *fc_node)
-{
- int c = 0;
-
- fc_node->meta = 0;
- fc_node->stem_len = 0;
- fc_node->str_len = 0;
-
- /* Process until the string termination character
- * has been reached.
- * Note: this while loop has been adapted from
- * spec_hasMetaChars in matchpathcon.c from
- * libselinux-1.22. */
- while (fc_node->path[c] != '\0') {
- switch (fc_node->path[c]) {
- case '.':
- case '^':
- case '$':
- case '?':
- case '*':
- case '+':
- case '|':
- case '[':
- case '(':
- case '{':
- /* If a meta character is found,
- * set meta to one */
- fc_node->meta = 1;
- break;
- case '\\':
- /* If a escape character is found,
- * skip the next character. */
- c++;
- break;
- default:
- break;
- }
-
- /* If no meta character has been found yet,
- * add one to the stem length. */
- if (!fc_node->meta)
- fc_node->stem_len++;
-
- fc_node->str_len++;
- c++;
- }
-}
-
-
-
-/* fc_free_file_context_node_list
- * Free the memory allocated to the linked list and its elements.
- */
-void fc_free_file_context_node_list(struct file_context_node *node)
-{
- struct file_context_node *next;
-
- while (node) {
- next = node->next;
- file_context_node_destroy(node);
- free(node);
- node = next;
- }
-}
-
-
-
-/* main
- * This program takes in two arguments, the input filename and the
- * output filename. The input file should be syntactically correct.
- * Overall what is done in the main is read in the file and store each
- * line of code, sort it, then output it to the output file.
- */
-int main(int argc, char *argv[])
-{
- int lines;
- size_t start, finish, regex_len, context_len;
- size_t line_len, buf_len, i;
- char *input_name, *output_name, *line_buf;
-
- file_context_node_t *temp;
- file_context_node_t *head;
- file_context_node_t *current;
- file_context_bucket_t *master;
- file_context_bucket_t *bcurrent;
-
- FILE *in_file, *out_file;
-
- /* Check for the correct number of command line arguments. */
- if (argc < 2 || argc > 3) {
- fprintf(stderr, "Usage: %s <infile> [<outfile>]\n",argv[0]);
- return 1;
- }
-
- input_name = argv[1];
- output_name = (argc >= 3) ? argv[2] : NULL;
-
- lines = 0;
-
- /* Open the input file. */
- if (!(in_file = fopen(input_name, "r"))) {
- fprintf(stderr, "Error: failure opening input file for read.\n");
- return 1;
- }
-
- /* Initialize the head of the linked list. */
- head = current = (file_context_node_t*)calloc(1, sizeof(file_context_node_t));
- if (!head) {
- fprintf(stderr, "Error: failure allocating memory.\n");
- return 1;
- }
-
- /* Parse the file into a file_context linked list. */
- line_buf = NULL;
-
- while ( getline(&line_buf, &buf_len, in_file) != -1 ){
- line_len = strlen(line_buf);
-
- if( line_len == 0 || line_len == 1)
- continue;
-
- /* Get rid of whitespace from the front of the line. */
- for (i = 0; i < line_len; i++) {
- if (!isspace(line_buf[i]))
- break;
- }
-
- if (i >= line_len)
- continue;
-
- /* Check if the line isn't empty and isn't a comment */
- if (line_buf[i] == '#')
- continue;
-
- /* We have a valid line - allocate a new node. */
- temp = (file_context_node_t *)calloc(1, sizeof(file_context_node_t));
- if (!temp) {
- free(line_buf);
- fprintf(stderr, "Error: failure allocating memory.\n");
- fc_free_file_context_node_list(head);
- return 1;
- }
-
- /* Parse out the regular expression from the line. */
- start = i;
-
- while (i < line_len && (!isspace(line_buf[i])))
- i++;
- finish = i;
-
- regex_len = finish - start;
-
- if (regex_len == 0) {
- file_context_node_destroy(temp);
- free(temp);
- continue;
- }
-
- temp->path = (char*)strndup(&line_buf[start], regex_len);
- if (!temp->path) {
- file_context_node_destroy(temp);
- free(temp);
- free(line_buf);
- fprintf(stderr, "Error: failure allocating memory.\n");
- fc_free_file_context_node_list(head);
- return 1;
- }
-
- /* Get rid of whitespace after the regular expression. */
- for (; i < line_len; i++) {
- if (!isspace(line_buf[i]))
- break;
- }
-
- if (i == line_len) {
- file_context_node_destroy(temp);
- free(temp);
- continue;
- }
-
- /* Parse out the type from the line (if it
- * is there). */
- if (line_buf[i] == '-') {
- temp->file_type = (char *)malloc(sizeof(char) * 3);
- if (!(temp->file_type)) {
- file_context_node_destroy(temp);
- free(temp);
- free(line_buf);
- fprintf(stderr, "Error: failure allocating memory.\n");
- fc_free_file_context_node_list(head);
- return 1;
- }
-
- if( i + 2 >= line_len ) {
- file_context_node_destroy(temp);
- free(temp);
- continue;
- }
-
- /* Fill the type into the array. */
- temp->file_type[0] = line_buf[i];
- temp->file_type[1] = line_buf[i + 1];
- i += 2;
- temp->file_type[2] = 0;
-
- /* Get rid of whitespace after the type. */
- for (; i < line_len; i++) {
- if (!isspace(line_buf[i]))
- break;
- }
-
- if (i == line_len) {
- file_context_node_destroy(temp);
- free(temp);
- continue;
- }
- }
-
- /* Parse out the context from the line. */
- start = i;
- while (i < line_len && (!isspace(line_buf[i])))
- i++;
- finish = i;
-
- context_len = finish - start;
-
- temp->context = (char*)strndup(&line_buf[start], context_len);
- if (!temp->context) {
- file_context_node_destroy(temp);
- free(temp);
- free(line_buf);
- fprintf(stderr, "Error: failure allocating memory.\n");
- fc_free_file_context_node_list(head);
- return 1;
- }
-
- /* Get rid of whitespace after the context. */
- for (; i < line_len; i++) {
- if (!isspace(line_buf[i]))
- break;
- }
-
- /* Parse out the extra from the line. */
- start = i;
- finish = line_len;
- while (start < finish && (!isspace(line_buf[i - 1])))
- finish--;
-
- if (start < finish && line_buf[start] != '#') {
- temp->extra = (char*)strndup(&line_buf[start], finish - start);
- if (!(temp->extra)) {
- file_context_node_destroy(temp);
- free(temp);
- free(line_buf);
- fprintf(stderr, "Error: failure allocating memory.\n");
- fc_free_file_context_node_list(head);
- return 1;
- }
- }
-
- /* Set all the data about the regular
- * expression. */
- fc_fill_data(temp);
-
- /* Link this line of code at the end of
- * the linked list. */
- current->next = temp;
- current = current->next;
- lines++;
- }
- free(line_buf);
- fclose(in_file);
-
- /* Create the bucket linked list from the earlier linked list. */
- current = head->next;
- bcurrent = master =
- (file_context_bucket_t *)
- malloc(sizeof(file_context_bucket_t));
- if (!bcurrent) {
- printf
- ("Error: failure allocating memory.\n");
- fc_free_file_context_node_list(head);
- return -1;
- }
- bcurrent->next = NULL;
- bcurrent->data = NULL;
-
- /* Go until all the nodes have been put in individual buckets. */
- while (current) {
- /* Copy over the file context line into the bucket. */
- bcurrent->data = current;
- current = current->next;
-
- /* Detach the node in the bucket from the old list. */
- bcurrent->data->next = NULL;
-
- /* If there should be another bucket, put one at the end. */
- if (current) {
- bcurrent->next =
- (file_context_bucket_t *)
- malloc(sizeof(file_context_bucket_t));
- if (!(bcurrent->next)) {
- printf
- ("Error: failure allocating memory.\n");
- free(head);
- fc_free_file_context_node_list(current);
- fc_merge_sort(master);
- fc_free_file_context_node_list(master->data);
- free(master);
- return -1;
- }
-
- /* Make sure the new bucket thinks it's the end of the
- * list. */
- bcurrent->next->next = NULL;
-
- bcurrent = bcurrent->next;
- }
- }
-
- /* Sort the bucket list. */
- fc_merge_sort(master);
-
- free(head);
-
- /* Open the output file. */
- if (output_name) {
- if (!(out_file = fopen(output_name, "w"))) {
- printf("Error: failure opening output file for write.\n");
- fc_free_file_context_node_list(master->data);
- free(master);
- return -1;
- }
- } else {
- out_file = stdout;
- }
-
- /* Output the sorted file_context linked list to the output file. */
- current = master->data;
-
- while (current) {
- /* Output the path. */
- fprintf(out_file, "%s\t\t", current->path);
-
- /* Output the type, if there is one. */
- if (current->file_type) {
- fprintf(out_file, "%s\t", current->file_type);
- }
-
- /* Output the context. */
- fprintf(out_file, "%s", current->context);
-
- /* Output the extra, if there is one. */
- if (current->extra) {
- fprintf(out_file, "\t%s", current->extra);
- }
-
- fprintf(out_file, "\n");
-
- current = current->next;
- }
-
- fc_free_file_context_node_list(master->data);
- free(master);
-
- if (output_name) {
- fclose(out_file);
- }
-
- return 0;
-}
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 8890ca0..390ec0b 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -39,6 +39,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.memtrack@1\.0-service u:object_r:hal_memtrack_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.0-service u:object_r:hal_nfc_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.1-service u:object_r:hal_nfc_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.2-service u:object_r:hal_nfc_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.media\.omx@1\.0-service u:object_r:mediacodec_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.power@1\.0-service u:object_r:hal_power_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.power\.stats@1\.0-service u:object_r:hal_power_stats_default_exec:s0