Merge "Allow remounting /mnt/user/0 as slave mount"
diff --git a/apex/com.android.os.statsd-file_contexts b/apex/com.android.os.statsd-file_contexts
new file mode 100644
index 0000000..7068190
--- /dev/null
+++ b/apex/com.android.os.statsd-file_contexts
@@ -0,0 +1,3 @@
+(/.*)? u:object_r:system_file:s0
+/lib(64)?(/.*) u:object_r:system_lib_file:s0
+
diff --git a/mac_permissions.mk b/mac_permissions.mk
index 7cb1b98..3a28197 100644
--- a/mac_permissions.mk
+++ b/mac_permissions.mk
@@ -27,6 +27,7 @@
$(all_plat_mac_perms_files) $(all_plat_keys)
@mkdir -p $(dir $@)
$(hide) DEFAULT_SYSTEM_DEV_CERTIFICATE="$(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))" \
+ MAINLINE_SEPOLICY_DEV_CERTIFICATES="$(MAINLINE_SEPOLICY_DEV_CERTIFICATES)" \
$(HOST_OUT_EXECUTABLES)/insertkeys.py -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES)
all_plat_keys :=
diff --git a/prebuilts/api/29.0/private/genfs_contexts b/prebuilts/api/29.0/private/genfs_contexts
index 202d1b3..d2819b1 100644
--- a/prebuilts/api/29.0/private/genfs_contexts
+++ b/prebuilts/api/29.0/private/genfs_contexts
@@ -213,6 +213,7 @@
genfscon tracefs /events/power/clock_set_rate/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/power/cpu_frequency_limits/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/power/gpu_frequency/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/power/suspend_resume/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/cpufreq_interactive/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/vmscan/mm_vmscan_direct_reclaim_begin/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/vmscan/mm_vmscan_direct_reclaim_end/ u:object_r:debugfs_tracing:s0
@@ -255,6 +256,7 @@
genfscon debugfs /tracing/events/power/clock_set_rate/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/power/cpu_frequency_limits/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/power/gpu_frequency/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/power/suspend_resume/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/cpufreq_interactive/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/vmscan/mm_vmscan_direct_reclaim_begin/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/vmscan/mm_vmscan_direct_reclaim_end/ u:object_r:debugfs_tracing:s0
diff --git a/prebuilts/api/29.0/public/property_contexts b/prebuilts/api/29.0/public/property_contexts
index e969aaf..7d171cf 100644
--- a/prebuilts/api/29.0/public/property_contexts
+++ b/prebuilts/api/29.0/public/property_contexts
@@ -110,6 +110,7 @@
ro.cp_system_other_odex u:object_r:exported3_default_prop:s0 exact int
ro.crypto.allow_encrypt_override u:object_r:exported2_vold_prop:s0 exact bool
ro.crypto.scrypt_params u:object_r:exported2_vold_prop:s0 exact string
+ro.crypto.set_dun u:object_r:exported2_vold_prop:s0 exact bool
ro.crypto.volume.filenames_mode u:object_r:exported2_vold_prop:s0 exact string
ro.dalvik.vm.native.bridge u:object_r:exported_dalvik_prop:s0 exact string
ro.enable_boot_charger_mode u:object_r:exported3_default_prop:s0 exact bool
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index d496e90..c24954c 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -86,7 +86,7 @@
neverallow all_untrusted_apps file_type:file link;
# Do not allow untrusted apps to access network MAC address file
-neverallow all_untrusted_apps sysfs_mac_address:file no_rw_file_perms;
+neverallow all_untrusted_apps sysfs_net:file no_rw_file_perms;
# Do not allow any write access to files in /sys
neverallow all_untrusted_apps sysfs_type:file { no_w_file_perms no_x_file_perms };
@@ -250,6 +250,11 @@
-untrusted_app_visible_hwservice_violators
}:hwservice_manager find;
+neverallow all_untrusted_apps {
+ vendor_service
+ vintf_service
+}:service_manager find;
+
# SELinux is not an API for untrusted apps to use
neverallow all_untrusted_apps selinuxfs:file no_rw_file_perms;
diff --git a/private/compat/29.0/29.0.cil b/private/compat/29.0/29.0.cil
index 01e8605..86f8a8d 100644
--- a/private/compat/29.0/29.0.cil
+++ b/private/compat/29.0/29.0.cil
@@ -1,7 +1,9 @@
;; types removed from current policy
(type hal_wifi_offload_hwservice)
+(type mediacodec_service)
(type perfprofd_data_file)
(type perfprofd_service)
+(type sysfs_mac_address)
(expandtypeattribute (accessibility_service_29_0) true)
(expandtypeattribute (account_service_29_0) true)
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index 4067843..24c733b 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -12,7 +12,9 @@
device_config_sys_traced_prop
hal_can_bus_hwservice
hal_can_controller_hwservice
+ hal_tv_tuner_hwservice
init_svc_debug_prop
+ linker_prop
ota_metadata_file
runtime_apex_dir
system_ashmem_hwservice
diff --git a/private/dexoptanalyzer.te b/private/dexoptanalyzer.te
index a978af6..1f92462 100644
--- a/private/dexoptanalyzer.te
+++ b/private/dexoptanalyzer.te
@@ -25,7 +25,7 @@
# Allow reading secondary dex files that were reported by the app to the
# package manager.
allow dexoptanalyzer { privapp_data_file app_data_file }:dir { getattr search };
-allow dexoptanalyzer { privapp_data_file app_data_file }:file { getattr read };
+allow dexoptanalyzer { privapp_data_file app_data_file }:file { getattr read map };
# dexoptanalyzer calls access(2) with W_OK flag on app data. We can use the
# "dontaudit...audit_access" policy line to suppress the audit access without
# suppressing denial on actual access.
diff --git a/private/domain.te b/private/domain.te
index 8f7a1e0..ee0ef6e 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -42,6 +42,9 @@
# if memfd support can be used if device supports it
get_prop(domain, use_memfd_prop);
+# Allow to read properties for linker
+get_prop(domain, linker_prop);
+
# For now, everyone can access core property files
# Device specific properties are not granted by default
not_compatible_property(`
@@ -83,6 +86,7 @@
')
# Allow access to linkerconfig file
+allow domain linkerconfig_file:dir search;
allow domain linkerconfig_file:file r_file_perms;
# Limit ability to ptrace or read sensitive /proc/pid files of processes
diff --git a/private/ephemeral_app.te b/private/ephemeral_app.te
index 1283e21..ecedaba 100644
--- a/private/ephemeral_app.te
+++ b/private/ephemeral_app.te
@@ -39,7 +39,6 @@
allow ephemeral_app cameraserver_service:service_manager find;
allow ephemeral_app mediaserver_service:service_manager find;
allow ephemeral_app mediaextractor_service:service_manager find;
-allow ephemeral_app mediacodec_service:service_manager find;
allow ephemeral_app mediametrics_service:service_manager find;
allow ephemeral_app mediadrmserver_service:service_manager find;
allow ephemeral_app drmserver_service:service_manager find;
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 3ad0edb..6be0ba6 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -215,6 +215,7 @@
genfscon tracefs /events/power/clock_set_rate/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/power/cpu_frequency_limits/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/power/gpu_frequency/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/power/suspend_resume/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/cpufreq_interactive/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/vmscan/mm_vmscan_direct_reclaim_begin/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/vmscan/mm_vmscan_direct_reclaim_end/ u:object_r:debugfs_tracing:s0
@@ -257,6 +258,7 @@
genfscon debugfs /tracing/events/power/clock_set_rate/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/power/cpu_frequency_limits/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/power/gpu_frequency/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/power/suspend_resume/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/cpufreq_interactive/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/vmscan/mm_vmscan_direct_reclaim_begin/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/vmscan/mm_vmscan_direct_reclaim_end/ u:object_r:debugfs_tracing:s0
diff --git a/private/hwservice_contexts b/private/hwservice_contexts
index e22175e..27fca1f 100644
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts
@@ -64,6 +64,7 @@
android.hardware.thermal::IThermalCallback u:object_r:thermalcallback_hwservice:s0
android.hardware.tv.cec::IHdmiCec u:object_r:hal_tv_cec_hwservice:s0
android.hardware.tv.input::ITvInput u:object_r:hal_tv_input_hwservice:s0
+android.hardware.tv.tuner::ITuner u:object_r:hal_tv_tuner_hwservice:s0
android.hardware.usb::IUsb u:object_r:hal_usb_hwservice:s0
android.hardware.usb.gadget::IUsbGadget u:object_r:hal_usb_gadget_hwservice:s0
android.hardware.vibrator::IVibrator u:object_r:hal_vibrator_hwservice:s0
diff --git a/private/keys.conf b/private/keys.conf
index f517b67..362e73d 100644
--- a/private/keys.conf
+++ b/private/keys.conf
@@ -15,7 +15,7 @@
ALL : $DEFAULT_SYSTEM_DEV_CERTIFICATE/media.x509.pem
[@NETWORK_STACK]
-ALL : $DEFAULT_SYSTEM_DEV_CERTIFICATE/networkstack.x509.pem
+ALL : $MAINLINE_SEPOLICY_DEV_CERTIFICATES/networkstack.x509.pem
[@SHARED]
ALL : $DEFAULT_SYSTEM_DEV_CERTIFICATE/shared.x509.pem
diff --git a/private/nfc.te b/private/nfc.te
index 5e85672..2e48eef 100644
--- a/private/nfc.te
+++ b/private/nfc.te
@@ -15,7 +15,6 @@
# SoundPool loading and playback
allow nfc audioserver_service:service_manager find;
allow nfc drmserver_service:service_manager find;
-allow nfc mediacodec_service:service_manager find;
allow nfc mediametrics_service:service_manager find;
allow nfc mediaextractor_service:service_manager find;
allow nfc mediaserver_service:service_manager find;
diff --git a/private/platform_app.te b/private/platform_app.te
index bbba1d9..8c2128d 100644
--- a/private/platform_app.te
+++ b/private/platform_app.te
@@ -58,7 +58,6 @@
allow platform_app mediaserver_service:service_manager find;
allow platform_app mediametrics_service:service_manager find;
allow platform_app mediaextractor_service:service_manager find;
-allow platform_app mediacodec_service:service_manager find;
allow platform_app mediadrmserver_service:service_manager find;
allow platform_app persistent_data_block_service:service_manager find;
allow platform_app radio_service:service_manager find;
diff --git a/private/priv_app.te b/private/priv_app.te
index 5768f00..f9409b9 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -37,7 +37,6 @@
allow priv_app audioserver_service:service_manager find;
allow priv_app cameraserver_service:service_manager find;
allow priv_app drmserver_service:service_manager find;
-allow priv_app mediacodec_service:service_manager find;
allow priv_app mediadrmserver_service:service_manager find;
allow priv_app mediaextractor_service:service_manager find;
allow priv_app mediametrics_service:service_manager find;
diff --git a/private/property_contexts b/private/property_contexts
index d1a97d9..55445ec 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -23,6 +23,7 @@
ro.hw. u:object_r:system_prop:s0
sys. u:object_r:system_prop:s0
sys.cppreopt u:object_r:cppreopt_prop:s0
+sys.linker. u:object_r:linker_prop:s0
sys.lpdumpd u:object_r:lpdumpd_prop:s0
sys.powerctl u:object_r:powerctl_prop:s0
sys.usb.ffs. u:object_r:ffs_prop:s0
diff --git a/private/radio.te b/private/radio.te
index 9ac2cf1..b6b7b8e 100644
--- a/private/radio.te
+++ b/private/radio.te
@@ -6,3 +6,5 @@
# Telephony code contains time / time zone detection logic so it reads the associated properties.
get_prop(radio, time_prop)
+
+allow radio uce_service:service_manager find;
diff --git a/private/service.te b/private/service.te
index e597f5b..bed3d74 100644
--- a/private/service.te
+++ b/private/service.te
@@ -5,3 +5,4 @@
type incidentcompanion_service, system_api_service, system_server_service, service_manager_type;
type stats_service, service_manager_type;
type statscompanion_service, system_server_service, service_manager_type;
+type uce_service, service_manager_type;
diff --git a/private/service_contexts b/private/service_contexts
index 8dc3fc2..2f3abfd 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -114,7 +114,6 @@
media.metrics u:object_r:mediametrics_service:s0
media.extractor u:object_r:mediaextractor_service:s0
media.extractor.update u:object_r:mediaextractor_update_service:s0
-media.codec u:object_r:mediacodec_service:s0
media.codec.update u:object_r:mediaextractor_update_service:s0
media.resource_manager u:object_r:mediaserver_service:s0
media.sound_trigger_hw u:object_r:audioserver_service:s0
@@ -198,6 +197,7 @@
thermalservice u:object_r:thermal_service:s0
trust u:object_r:trust_service:s0
tv_input u:object_r:tv_input_service:s0
+uce u:object_r:uce_service:s0
uimode u:object_r:uimode_service:s0
updatelock u:object_r:updatelock_service:s0
uri_grants u:object_r:uri_grants_service:s0
diff --git a/private/shell.te b/private/shell.te
index 02b01f5..8a933a5 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -74,3 +74,8 @@
# Allow shell to start and comminicate with lpdumpd.
set_prop(shell, lpdumpd_prop);
binder_call(shell, lpdumpd)
+
+# Allow shell to set linker property
+userdebug_or_eng(`
+ set_prop(shell, linker_prop)
+')
diff --git a/private/system_server.te b/private/system_server.te
index 1f8945b..e5d0b57 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -320,7 +320,6 @@
r_dir_file(system_server, sysfs_wakeup_reasons)
allow system_server sysfs_nfc_power_writable:file rw_file_perms;
-allow system_server sysfs_mac_address:file r_file_perms;
allow system_server sysfs_power:dir search;
allow system_server sysfs_power:file rw_file_perms;
allow system_server sysfs_thermal:dir search;
@@ -715,7 +714,6 @@
allow system_server mediaserver_service:service_manager find;
allow system_server mediametrics_service:service_manager find;
allow system_server mediaextractor_service:service_manager find;
-allow system_server mediacodec_service:service_manager find;
allow system_server mediadrmserver_service:service_manager find;
allow system_server netd_service:service_manager find;
allow system_server nfc_service:service_manager find;
@@ -779,9 +777,6 @@
allow system_server fingerprintd_data_file:dir { r_dir_perms remove_name rmdir relabelto write };
allow system_server fingerprintd_data_file:file { getattr unlink };
-# Allow system process to read network MAC address
-allow system_server sysfs_mac_address:file r_file_perms;
-
userdebug_or_eng(`
# Allow system server to create and write method traces in /data/misc/trace.
allow system_server method_trace_data_file:dir w_dir_perms;
diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index de047da..fd605c7 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -92,7 +92,6 @@
allow untrusted_app_all drmserver_service:service_manager find;
allow untrusted_app_all mediaserver_service:service_manager find;
allow untrusted_app_all mediaextractor_service:service_manager find;
-allow untrusted_app_all mediacodec_service:service_manager find;
allow untrusted_app_all mediametrics_service:service_manager find;
allow untrusted_app_all mediadrmserver_service:service_manager find;
allow untrusted_app_all nfc_service:service_manager find;
diff --git a/public/attributes b/public/attributes
index 1375978..c5e0cba 100644
--- a/public/attributes
+++ b/public/attributes
@@ -98,6 +98,12 @@
# services which export only system_api
attribute system_api_service;
+# services which should only be available to vendor
+attribute vendor_service;
+
+# services which should be available system<->vendor
+attribute vintf_service;
+
# All types used for services managed by servicemanager.
# On change, update CHECK_SC_ASSERT_ATTRS
# definition in tools/checkfc.c.
@@ -287,6 +293,7 @@
hal_attribute(thermal);
hal_attribute(tv_cec);
hal_attribute(tv_input);
+hal_attribute(tv_tuner);
hal_attribute(usb);
hal_attribute(usb_gadget);
hal_attribute(vehicle);
diff --git a/public/domain.te b/public/domain.te
index e12c224..3771506 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -88,15 +88,9 @@
allow { domain -coredomain -appdomain } system_ashmem_hwservice:hwservice_manager find;
allow { domain -coredomain -appdomain } ashmem_server: binder call;
-# /dev/binder can be accessed by non-vendor domains and by apps
-allow {
- coredomain
- appdomain
- binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
- -hwservicemanager
-} binder_device:chr_file rw_file_perms;
-# Devices which are not full TREBLE have fewer restrictions on access to /dev/binder
-not_full_treble(`allow { domain -hwservicemanager -vndservicemanager } binder_device:chr_file rw_file_perms;')
+# /dev/binder can be accessed by ... everyone! :)
+allow { domain -hwservicemanager -vndservicemanager } binder_device:chr_file rw_file_perms;
+
allow { domain -servicemanager -vndservicemanager -isolated_app } hwbinder_device:chr_file rw_file_perms;
allow domain ptmx_device:chr_file rw_file_perms;
allow domain random_device:chr_file rw_file_perms;
@@ -630,31 +624,23 @@
neverallow vndservicemanager binder_device:chr_file no_rw_file_perms;
neverallow vndservicemanager hwbinder_device:chr_file no_rw_file_perms;
-# On full TREBLE devices, only core components and apps can use Binder and servicemanager. Non-core
-# domain apps need this because Android framework offers many of its services to apps as Binder
-# services.
-full_treble_only(`
- neverallow {
- domain
- -coredomain
- -appdomain
- -binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
- } binder_device:chr_file rw_file_perms;
-')
+# system services cant add vendor services
+neverallow {
+ coredomain
+} vendor_service:service_manager add;
-# libcutils can probe for /dev/binder permissions with access(). Ignore
-# generated denials. See b/129073672 for details.
-dontaudit domain binder_device:chr_file audit_access;
+# vendor services cant add system services
+neverallow {
+ domain
+ -coredomain
+ -binder_in_vendor_violators # TODO(b/131617943) remove once all violators are gone
+} {
+ service_manager_type
+ -vendor_service
+ -vintf_service
+}:service_manager add;
full_treble_only(`
- neverallow {
- domain
- -coredomain
- -appdomain # restrictions for vendor apps are declared lower down
- -binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
- } service_manager_type:service_manager find;
-')
-full_treble_only(`
# Vendor apps are permited to use only stable public services. If they were to use arbitrary
# services which can change any time framework/core is updated, breakage is likely.
neverallow {
@@ -679,14 +665,6 @@
-vr_manager_service
}:service_manager find;
')
-full_treble_only(`
- neverallow {
- domain
- -coredomain
- -appdomain
- -binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
- } servicemanager:binder { call transfer };
-')
# On full TREBLE devices, only vendor components, shell, and su can use VendorBinder.
full_treble_only(`
diff --git a/public/drmserver.te b/public/drmserver.te
index b7b641c..12c080a 100644
--- a/public/drmserver.te
+++ b/public/drmserver.te
@@ -10,6 +10,7 @@
binder_use(drmserver)
binder_call(drmserver, system_server)
binder_call(drmserver, appdomain)
+binder_call(drmserver, mediametrics)
binder_service(drmserver)
# Inherit or receive open files from system_server.
allow drmserver system_server:fd use;
@@ -50,6 +51,7 @@
add_service(drmserver, drmserver_service)
allow drmserver permission_service:service_manager find;
+allow drmserver mediametrics_service:service_manager find;
selinux_check_access(drmserver)
diff --git a/public/file.te b/public/file.te
index 1fd00a4..8ef00eb 100644
--- a/public/file.te
+++ b/public/file.te
@@ -90,7 +90,6 @@
type sysfs_hwrandom, fs_type, sysfs_type;
type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject;
type sysfs_wake_lock, fs_type, sysfs_type;
-type sysfs_mac_address, fs_type, sysfs_type;
type sysfs_net, fs_type, sysfs_type;
type sysfs_power, fs_type, sysfs_type;
type sysfs_rtc, fs_type, sysfs_type;
diff --git a/public/hal_tv_tuner.te b/public/hal_tv_tuner.te
new file mode 100644
index 0000000..0da4ec7
--- /dev/null
+++ b/public/hal_tv_tuner.te
@@ -0,0 +1,4 @@
+binder_call(hal_tv_tuner_client, hal_tv_tuner_server)
+binder_call(hal_tv_tuner_server, hal_tv_tuner_client)
+
+hal_attribute_hwservice(hal_tv_tuner, hal_tv_tuner_hwservice)
diff --git a/public/hwservice.te b/public/hwservice.te
index 9f1f42c..b393c04 100644
--- a/public/hwservice.te
+++ b/public/hwservice.te
@@ -52,6 +52,7 @@
type hal_thermal_hwservice, hwservice_manager_type;
type hal_tv_cec_hwservice, hwservice_manager_type;
type hal_tv_input_hwservice, hwservice_manager_type;
+type hal_tv_tuner_hwservice, hwservice_manager_type;
type hal_usb_hwservice, hwservice_manager_type;
type hal_usb_gadget_hwservice, hwservice_manager_type;
type hal_vehicle_hwservice, hwservice_manager_type;
diff --git a/public/mediaserver.te b/public/mediaserver.te
index dbdb051..79d0840 100644
--- a/public/mediaserver.te
+++ b/public/mediaserver.te
@@ -74,7 +74,6 @@
allow mediaserver batterystats_service:service_manager find;
allow mediaserver drmserver_service:service_manager find;
allow mediaserver mediaextractor_service:service_manager find;
-allow mediaserver mediacodec_service:service_manager find;
allow mediaserver mediametrics_service:service_manager find;
allow mediaserver media_session_service:service_manager find;
allow mediaserver permission_service:service_manager find;
diff --git a/public/property.te b/public/property.te
index 9dc204c..4f4adec 100644
--- a/public/property.te
+++ b/public/property.te
@@ -58,6 +58,7 @@
type init_svc_debug_prop, property_type;
type last_boot_reason_prop, property_type;
type system_lmk_prop, property_type;
+type linker_prop, property_type;
type llkd_prop, property_type;
type logd_prop, property_type, core_property_type;
type logpersistd_logging_prop, property_type;
@@ -192,6 +193,13 @@
ctl_rildaemon_prop
}:property_service set;
+# Do now allow to modify linker properties except shell and init
+neverallow {
+ domain
+ -init
+ userdebug_or_eng(`-shell')
+} linker_prop:property_service set;
+
neverallow {
domain
-init
@@ -451,6 +459,7 @@
-hwservicemanager_prop
-last_boot_reason_prop
-system_lmk_prop
+ -linker_prop
-log_prop
-log_tag_prop
-logd_prop
diff --git a/public/property_contexts b/public/property_contexts
index 2a1a7e2..69fffef 100644
--- a/public/property_contexts
+++ b/public/property_contexts
@@ -111,6 +111,7 @@
ro.cp_system_other_odex u:object_r:exported3_default_prop:s0 exact int
ro.crypto.allow_encrypt_override u:object_r:exported2_vold_prop:s0 exact bool
ro.crypto.scrypt_params u:object_r:exported2_vold_prop:s0 exact string
+ro.crypto.set_dun u:object_r:exported2_vold_prop:s0 exact bool
ro.crypto.volume.filenames_mode u:object_r:exported2_vold_prop:s0 exact string
ro.dalvik.vm.native.bridge u:object_r:exported_dalvik_prop:s0 exact string
ro.enable_boot_charger_mode u:object_r:exported3_default_prop:s0 exact bool
diff --git a/public/service.te b/public/service.te
index c195b69..7ad8493 100644
--- a/public/service.te
+++ b/public/service.te
@@ -10,7 +10,7 @@
type fingerprintd_service, service_manager_type;
type hal_fingerprint_service, service_manager_type;
type gatekeeper_service, app_api_service, service_manager_type;
-type gpu_service, service_manager_type;
+type gpu_service, app_api_service, service_manager_type;
type idmap_service, service_manager_type;
type iorapd_service, service_manager_type;
type incident_service, service_manager_type;
@@ -21,7 +21,6 @@
type mediametrics_service, service_manager_type;
type mediaextractor_service, service_manager_type;
type mediaextractor_update_service, service_manager_type;
-type mediacodec_service, service_manager_type;
type mediadrmserver_service, service_manager_type;
type netd_service, service_manager_type;
type nfc_service, service_manager_type;
diff --git a/public/su.te b/public/su.te
index a2f435e..f76a2a8 100644
--- a/public/su.te
+++ b/public/su.te
@@ -93,6 +93,7 @@
typeattribute su hal_thermal_client;
typeattribute su hal_tv_cec_client;
typeattribute su hal_tv_input_client;
+ typeattribute su hal_tv_tuner_client;
typeattribute su hal_usb_client;
typeattribute su hal_vibrator_client;
typeattribute su hal_vr_client;
diff --git a/public/vendor_init.te b/public/vendor_init.te
index da3651d..f458d77 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -218,6 +218,7 @@
-gsid_prop
-nnapi_ext_deny_product_prop
-init_svc_debug_prop
+ -linker_prop
})
')
diff --git a/tests/combine_maps.py b/tests/combine_maps.py
index a2bf38d..d592b17 100644
--- a/tests/combine_maps.py
+++ b/tests/combine_maps.py
@@ -18,7 +18,8 @@
mapping files from x to y (top) and y to z (bottom), it's possible to construct
a mapping file from x to z. We do the following to combine two maps.
1. Add all new types declarations from top to bottom.
-2. Say, a new type "bar" in top is mapped like this "foo_V_v<-bar", then we map
+2. Add all new typeattribute declarations from top to bottom.
+3. Say, a new type "bar" in top is mapped like this "foo_V_v<-bar", then we map
"bar" to whatever "foo" is mapped to in the bottom map. We do this for all new
types in the top map.
@@ -33,6 +34,7 @@
def Combine(top, bottom):
bottom.types.update(top.types)
+ bottom.typeattributes.update(top.typeattributes)
for top_ta in top.typeattributesets:
top_type_set = top.typeattributesets[top_ta]
diff --git a/tests/treble_sepolicy_tests.py b/tests/treble_sepolicy_tests.py
index 0851d3b..cf1e856 100644
--- a/tests/treble_sepolicy_tests.py
+++ b/tests/treble_sepolicy_tests.py
@@ -244,8 +244,8 @@
ret += "latest API level.\n"
ret += " ".join(str(x) for x in sorted(violators)) + "\n\n"
ret += "See examples of how to fix this:\n"
- ret += "https://android-review.git.corp.google.com/c/platform/system/sepolicy/+/781036\n"
- ret += "https://android-review.git.corp.google.com/c/platform/system/sepolicy/+/852612\n"
+ ret += "https://android-review.googlesource.com/c/platform/system/sepolicy/+/781036\n"
+ ret += "https://android-review.googlesource.com/c/platform/system/sepolicy/+/852612\n"
return ret
###
@@ -270,7 +270,7 @@
ret += "latest API level.\n"
ret += " ".join(str(x) for x in sorted(violators)) + "\n\n"
ret += "See examples of how to fix this:\n"
- ret += "https://android-review.git.corp.google.com/c/platform/system/sepolicy/+/822743\n"
+ ret += "https://android-review.googlesource.com/c/platform/system/sepolicy/+/822743\n"
return ret
def TestTrebleCompatMapping():
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 43e149e..24a4142 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -26,6 +26,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.gnss@[0-9]\.[0-9]-service u:object_r:hal_gnss_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.allocator@2\.0-service u:object_r:hal_graphics_allocator_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.allocator@3\.0-service u:object_r:hal_graphics_allocator_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.allocator@4\.0-service u:object_r:hal_graphics_allocator_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.composer@[0-9]\.[0-9]-service u:object_r:hal_graphics_composer_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.health@1\.0-service u:object_r:hal_health_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.health@2\.0-service u:object_r:hal_health_default_exec:s0
@@ -53,6 +54,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.thermal@1\.[01]-service u:object_r:hal_thermal_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.cec@1\.0-service u:object_r:hal_tv_cec_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.input@1\.0-service u:object_r:hal_tv_input_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.tuner@1\.0-service u:object_r:hal_tv_tuner_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.0-service u:object_r:hal_usb_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.vibrator@1\.0-service u:object_r:hal_vibrator_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.vr@1\.0-service u:object_r:hal_vr_default_exec:s0
@@ -69,6 +71,7 @@
/(vendor|system/vendor)/lib(64)?/hw/android\.hardware\.graphics\.mapper@2\.0-impl\.so u:object_r:same_process_hal_file:s0
/(vendor|system/vendor)/lib(64)?/hw/android\.hardware\.graphics\.mapper@2\.0-impl-2\.1\.so u:object_r:same_process_hal_file:s0
/(vendor|system/vendor)/lib(64)?/hw/android\.hardware\.graphics\.mapper@3\.0-impl\.so u:object_r:same_process_hal_file:s0
+/(vendor|system/vendor)/lib(64)?/hw/android\.hardware\.graphics\.mapper@4\.0-impl\.so u:object_r:same_process_hal_file:s0
/(vendor|system/vendor)/lib(64)?/hw/android\.hardware\.renderscript@1\.0-impl\.so u:object_r:same_process_hal_file:s0
/(vendor|system/vendor)/lib(64)?/hw/gralloc\.default\.so u:object_r:same_process_hal_file:s0
diff --git a/vendor/hal_tv_tuner_default.te b/vendor/hal_tv_tuner_default.te
new file mode 100644
index 0000000..d5b8f57
--- /dev/null
+++ b/vendor/hal_tv_tuner_default.te
@@ -0,0 +1,5 @@
+type hal_tv_tuner_default, domain;
+hal_server_domain(hal_tv_tuner_default, hal_tv_tuner)
+
+type hal_tv_tuner_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_tv_tuner_default)
diff --git a/vendor/mediacodec.te b/vendor/mediacodec.te
index 29e1a90..73467c9 100644
--- a/vendor/mediacodec.te
+++ b/vendor/mediacodec.te
@@ -3,15 +3,6 @@
init_daemon_domain(mediacodec)
-not_full_treble(`
- # on legacy devices, continue to allow /dev/binder traffic
- binder_use(mediacodec)
- binder_service(mediacodec)
- add_service(mediacodec, mediacodec_service)
- allow mediacodec mediametrics_service:service_manager find;
- allow mediacodec surfaceflinger_service:service_manager find;
-')
-
# can route /dev/binder traffic to /dev/vndbinder
vndbinder_use(mediacodec)
diff --git a/vendor/vndservicemanager.te b/vendor/vndservicemanager.te
index dbc88fa..6e5c391 100644
--- a/vendor/vndservicemanager.te
+++ b/vendor/vndservicemanager.te
@@ -13,5 +13,8 @@
# Read vndservice_contexts
allow vndservicemanager vndservice_contexts_file:file r_file_perms;
+# Start lazy services
+set_prop(vndservicemanager, ctl_interface_start_prop)
+
# Check SELinux permissions.
selinux_check_access(vndservicemanager)