Merge "Allow system_server to measure fs-verity"
diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index f2b8847..60799cd 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go
@@ -92,6 +92,7 @@
"android.hardware.tv.input.ITvInput/default": []string{},
"android.hardware.tv.tuner.ITuner/default": []string{},
"android.hardware.usb.IUsb/default": []string{},
+ "android.hardware.usb.gadget.IUsbGadget/default": []string{},
"android.hardware.uwb.IUwb/default": []string{},
"android.hardware.vibrator.IVibrator/default": []string{},
"android.hardware.vibrator.IVibratorManager/default": []string{"android.hardware.vibrator-service.example_fuzzer"},
diff --git a/microdroid/system/private/microdroid_payload.te b/microdroid/system/private/microdroid_payload.te
index 851a85a..1375442 100644
--- a/microdroid/system/private/microdroid_payload.te
+++ b/microdroid/system/private/microdroid_payload.te
@@ -27,8 +27,16 @@
# Write to /dev/kmsg.
allow microdroid_payload kmsg_device:chr_file rw_file_perms;
-# Allow microdroid_payload to open binder servers via vsock.
-allow microdroid_payload self:vsock_socket { create_socket_perms_no_ioctl listen accept };
+# Allow microdroid_payload to host binder servers via vsock. Listening
+# for connections from the host is permitted, but connecting out to
+# the host is not. Inbound connections are mediated by
+# virtualiationservice which ensures a process can only connect to a
+# VM that it owns.
+allow microdroid_payload self:vsock_socket {
+ create listen accept read getattr write setattr lock append bind
+ getopt setopt shutdown map
+};
+neverallow microdroid_payload self:vsock_socket connect;
# Payload can read extra apks
r_dir_file(microdroid_payload, extra_apk_file)
diff --git a/private/compat/33.0/33.0.ignore.cil b/private/compat/33.0/33.0.ignore.cil
index a601403..ff84b96 100644
--- a/private/compat/33.0/33.0.ignore.cil
+++ b/private/compat/33.0/33.0.ignore.cil
@@ -15,6 +15,7 @@
hal_cas_service
hal_remoteaccess_service
hal_thermal_service
+ hal_usb_gadget_service
hal_tv_input_service
hal_tv_hdmi_service
hal_tv_hdmi_cec_service
@@ -23,6 +24,7 @@
keystore_config_prop
permissive_mte_prop
prng_seeder
+ remote_prov_prop
servicemanager_prop
system_net_netd_service
timezone_metadata_prop
diff --git a/private/property.te b/private/property.te
index cac04d3..eda66c8 100644
--- a/private/property.te
+++ b/private/property.te
@@ -34,7 +34,6 @@
system_internal_prop(pm_prop)
system_internal_prop(profcollectd_node_id_prop)
system_internal_prop(radio_cdma_ecm_prop)
-system_internal_prop(remote_prov_prop)
system_internal_prop(rollback_test_prop)
system_internal_prop(setupwizard_prop)
system_internal_prop(snapuserd_prop)
@@ -627,9 +626,10 @@
neverallow domain system_and_vendor_property_type:{file property_service} *;
neverallow {
- # Only init and the remote provisioner can set the ro.remote_provisioning.* props
+ # Only init, vendor_init and the remote provisioner can set the ro.remote_provisioning.* props
domain
-init
+ -vendor_init
-remote_prov_app
} remote_prov_prop:property_service set;
diff --git a/private/property_contexts b/private/property_contexts
index d1a4ecf..48eed1c 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -564,6 +564,8 @@
bluetooth.core.le.inquiry_scan_interval u:object_r:bluetooth_config_prop:s0 exact uint
bluetooth.core.le.inquiry_scan_window u:object_r:bluetooth_config_prop:s0 exact uint
+bluetooth.sco.disable_enhanced_connection u:object_r:bluetooth_config_prop:s0 exact bool
+
persist.nfc.debug_enabled u:object_r:nfc_prop:s0 exact bool
persist.radio.multisim.config u:object_r:radio_control_prop:s0 exact string
diff --git a/private/service_contexts b/private/service_contexts
index 1079c8c..2b9e88f 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -77,6 +77,7 @@
android.hardware.tv.tuner.ITuner/default u:object_r:hal_tv_tuner_service:s0
android.hardware.tv.input.ITvInput/default u:object_r:hal_tv_input_service:s0
android.hardware.usb.IUsb/default u:object_r:hal_usb_service:s0
+android.hardware.usb.gadget.IUsbGadget/default u:object_r:hal_usb_gadget_service:s0
android.hardware.uwb.IUwb/default u:object_r:hal_uwb_service:s0
android.hardware.vibrator.IVibrator/default u:object_r:hal_vibrator_service:s0
android.hardware.vibrator.IVibratorManager/default u:object_r:hal_vibrator_service:s0
diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index 0b4b919..8c7fe7a 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -153,9 +153,12 @@
# These have been disallowed since Android O.
# For P, we assume that apps are safely handling the denial.
-dontaudit untrusted_app_all proc_stat:file read;
-dontaudit untrusted_app_all proc_vmstat:file read;
-dontaudit untrusted_app_all proc_uptime:file read;
+dontaudit untrusted_app_all {
+ proc_stat
+ proc_uptime
+ proc_vmstat
+ proc_zoneinfo
+}:file read;
# Allow the allocation and use of ptys
# Used by: https://play.google.com/store/apps/details?id=jackpal.androidterm
diff --git a/public/dumpstate.te b/public/dumpstate.te
index c73c2e7..0864ee0 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -243,9 +243,9 @@
allow dumpstate recovery_data_file:dir r_dir_perms;
allow dumpstate recovery_data_file:file r_file_perms;
-#Access /data/misc/update_engine_log
-allow dumpstate update_engine_log_data_file:dir r_dir_perms;
-allow dumpstate update_engine_log_data_file:file r_file_perms;
+# Access /data/misc/update_engine & /data/misc/update_engine_log
+allow dumpstate { update_engine_data_file update_engine_log_data_file }:dir r_dir_perms;
+allow dumpstate { update_engine_data_file update_engine_log_data_file }:file r_file_perms;
# Access /data/misc/profiles/{cur,ref}/
userdebug_or_eng(`
diff --git a/public/hal_usb_gadget.te b/public/hal_usb_gadget.te
index a474652..45bfdbe 100644
--- a/public/hal_usb_gadget.te
+++ b/public/hal_usb_gadget.te
@@ -2,6 +2,9 @@
binder_call(hal_usb_gadget_client, hal_usb_gadget_server)
binder_call(hal_usb_gadget_server, hal_usb_gadget_client)
+hal_attribute_service(hal_usb_gadget, hal_usb_gadget_service)
+binder_call(hal_usb_gadget_server, servicemanager)
+
hal_attribute_hwservice(hal_usb_gadget, hal_usb_gadget_hwservice)
# Configuring usb gadget functions
@@ -10,4 +13,4 @@
allow hal_usb_gadget_server configfs:file create_file_perms;
allow hal_usb_gadget_server functionfs:dir { read search };
allow hal_usb_gadget_server functionfs:file read;
-
+allow hal_usb_gadget_server proc_interrupts:file r_file_perms;
diff --git a/public/property.te b/public/property.te
index a9e61b5..a24e482 100644
--- a/public/property.te
+++ b/public/property.te
@@ -226,6 +226,7 @@
system_public_prop(qemu_sf_lcd_density_prop)
system_public_prop(radio_control_prop)
system_public_prop(radio_prop)
+system_public_prop(remote_prov_prop)
system_public_prop(serialno_prop)
system_public_prop(surfaceflinger_color_prop)
system_public_prop(system_prop)
diff --git a/public/service.te b/public/service.te
index 15fb54f..db7c298 100644
--- a/public/service.te
+++ b/public/service.te
@@ -312,6 +312,7 @@
type hal_tv_input_service, protected_service, hal_service_type, service_manager_type;
type hal_tv_tuner_service, protected_service, hal_service_type, service_manager_type;
type hal_usb_service, protected_service, hal_service_type, service_manager_type;
+type hal_usb_gadget_service, protected_service, hal_service_type, service_manager_type;
type hal_uwb_service, protected_service, hal_service_type, service_manager_type;
type hal_vehicle_service, protected_service, hal_service_type, service_manager_type;
type hal_vibrator_service, protected_service, hal_service_type, service_manager_type;
diff --git a/public/te_macros b/public/te_macros
index 8a8b473..ab42534 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -194,7 +194,7 @@
# to crosvm
allow { virtualizationservice crosvm } $1:fd use;
# Allow piping console log to the client
-allow { virtualizationservice crosvm } $1:fifo_file write;
+allow { virtualizationservice crosvm } $1:fifo_file { getattr write};
# Allow client to read/write vsock created by virtualizationservice to
# communicate with the VM that it created. Notice that we do not grant
# permission to create a vsock; the client can only connect to VMs
diff --git a/public/vendor_init.te b/public/vendor_init.te
index 61fa686..74bf488 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -246,6 +246,7 @@
set_prop(vendor_init, qemu_hw_prop)
set_prop(vendor_init, radio_control_prop)
set_prop(vendor_init, rebootescrow_hal_prop)
+set_prop(vendor_init, remote_prov_prop)
set_prop(vendor_init, serialno_prop)
set_prop(vendor_init, soc_prop)
set_prop(vendor_init, surfaceflinger_color_prop)
diff --git a/vendor/file_contexts b/vendor/file_contexts
index c41a1fb..5681054 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -104,6 +104,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.tuner-service\.example(-lazy)? u:object_r:hal_tv_tuner_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.0-service u:object_r:hal_usb_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.usb-service\.example u:object_r:hal_usb_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.usb\.gadget-service\.example u:object_r:hal_usb_gadget_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.usb\.gadget@1\.1-service u:object_r:hal_usb_gadget_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.uwb-service u:object_r:hal_uwb_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.vibrator@1\.0-service u:object_r:hal_vibrator_default_exec:s0