Merge "Revert "Add rules for reading VM DTBO by vfio_handler"" into main

commit: 8cd6556686cb305af3e36f7ddfbbb59f35cae72a [log] [tgz]
author: Greg Kaiser <gkaiser@google.com> Mon Aug 14 13:19:31 2023 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Mon Aug 14 13:19:31 2023 +0000
tree: 56b45ea0a5f4e78204ce2fa6b6ebad1dcd78a378
parent: 9ea3a161973e25fb4b264c1bd89c7641fa6a7842 [diff]
parent: cbb3ddd15f1582212ed44aadc1714f91780984ee [diff]
diff --git a/private/app.te b/private/app.te
index 3f8560a..594ae63 100644
--- a/private/app.te
+++ b/private/app.te

@@ -102,6 +102,10 @@
 # Don't allow regular apps access to storage configuration properties.
 neverallow { appdomain -mediaprovider_app } storage_config_prop:file no_rw_file_perms;
 
+# Don't allow apps reading /system/etc/font_fallback.xml
+dontaudit appdomain system_font_fallback_file:file no_rw_file_perms;
+neverallow appdomain system_font_fallback_file:file no_rw_file_perms;
+
 # Allow to read sendbug.preferred.domain
 get_prop(appdomain, sendbug_config_prop)
 

diff --git a/private/file.te b/private/file.te
index 129b1ea..64b51a2 100644
--- a/private/file.te
+++ b/private/file.te

@@ -136,3 +136,6 @@
 
 # /sys/firmware/devicetree/base/avf
 type sysfs_dt_avf, fs_type, sysfs_type;
+
+# Type for /system/fonts/font_fallback.xm
+type system_font_fallback_file, system_file_type, file_type;

diff --git a/private/file_contexts b/private/file_contexts
index 544d051..6acaf9d 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -350,6 +350,7 @@
 /system/etc/cgroups\.json               u:object_r:cgroup_desc_file:s0
 /system/etc/task_profiles/cgroups_[0-9]+\.json               u:object_r:cgroup_desc_api_file:s0
 /system/etc/event-log-tags              u:object_r:system_event_log_tags_file:s0
+/system/etc/font_fallback.xml           u:object_r:system_font_fallback_file:s0
 /system/etc/group                       u:object_r:system_group_file:s0
 /system/etc/ld\.config.*                u:object_r:system_linker_config_file:s0
 /system/etc/passwd                      u:object_r:system_passwd_file:s0

diff --git a/private/system_server.te b/private/system_server.te
index dc6d322..f44eab1 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -1550,5 +1550,8 @@
 neverallow { domain -init -system_server } font_data_file:file no_w_file_perms;
 neverallow { domain -init -system_server } font_data_file:dir no_w_dir_perms;
 
+# Allow reading /system/etc/font_fallback.xml
+allow system_server system_font_fallback_file:file r_file_perms;
+
 # Allow system server to set dynamic ART properties.
 set_prop(system_server, dalvik_dynamic_config_prop)

diff --git a/private/zygote.te b/private/zygote.te
index c5cc73a..788dafe 100644
--- a/private/zygote.te
+++ b/private/zygote.te

@@ -265,6 +265,9 @@
 # Allow zygote to query for compression/features.
 r_dir_file(zygote, sysfs_fs_f2fs)
 
+# Allow zygote to read fonts_customization.xml for preloading font files that matches device locale.
+allow zygote system_font_fallback_file:file r_file_perms;
+
 ###
 ### neverallow rules
 ###
commit	8cd6556686cb305af3e36f7ddfbbb59f35cae72a	[log] [tgz]
author	Greg Kaiser <gkaiser@google.com>	Mon Aug 14 13:19:31 2023 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Mon Aug 14 13:19:31 2023 +0000
tree	56b45ea0a5f4e78204ce2fa6b6ebad1dcd78a378
parent	9ea3a161973e25fb4b264c1bd89c7641fa6a7842 [diff]
parent	cbb3ddd15f1582212ed44aadc1714f91780984ee [diff]