Merge "Allow init to read apex-info-list.xml"
diff --git a/microdroid/system/private/compos.te b/microdroid/system/private/compos.te
index 49bc5b3..386f11e 100644
--- a/microdroid/system/private/compos.te
+++ b/microdroid/system/private/compos.te
@@ -25,6 +25,10 @@
# See b/35323867#comment3
dontaudit compos self:global_capability_class_set dac_override;
+# Allow settings system properties that ART expects.
+set_prop(compos, dalvik_config_prop)
+set_prop(compos, device_config_runtime_native_boot_prop)
+
# Allow running odrefresh in its own domain
domain_auto_trans(compos, odrefresh_exec, odrefresh)
diff --git a/microdroid/system/private/property.te b/microdroid/system/private/property.te
index abb193f..28fb8e1 100644
--- a/microdroid/system/private/property.te
+++ b/microdroid/system/private/property.te
@@ -3,6 +3,7 @@
# Declare ART properties for CompOS
system_public_prop(dalvik_config_prop)
system_restricted_prop(device_config_runtime_native_prop)
+system_restricted_prop(device_config_runtime_native_boot_prop)
# Don't audit legacy ctl. property handling. We only want the newer permission check to appear
# in the audit log
diff --git a/microdroid/system/private/property_contexts b/microdroid/system/private/property_contexts
index b2113e2..2b95520 100644
--- a/microdroid/system/private/property_contexts
+++ b/microdroid/system/private/property_contexts
@@ -154,7 +154,9 @@
heapprofd.enable u:object_r:heapprofd_prop:s0 exact bool
# ART properties for CompOS
-dalvik.vm. u:object_r:dalvik_config_prop:s0 prefix
-persist.device_config.runtime_native. u:object_r:device_config_runtime_native_prop:s0 prefix
+dalvik.vm. u:object_r:dalvik_config_prop:s0 prefix
+ro.dalvik.vm. u:object_r:dalvik_config_prop:s0 prefix
+persist.device_config.runtime_native. u:object_r:device_config_runtime_native_prop:s0 prefix
+persist.device_config.runtime_native_boot. u:object_r:device_config_runtime_native_boot_prop:s0 prefix
apexd.payload_metadata.path u:object_r:apexd_payload_metadata_prop:s0 exact string
diff --git a/private/composd.te b/private/composd.te
index 5f99a92..d007d66 100644
--- a/private/composd.te
+++ b/private/composd.te
@@ -31,6 +31,7 @@
# Read ART's properties
get_prop(composd, dalvik_config_prop)
+get_prop(composd, device_config_runtime_native_boot_prop)
# We never create any artifact files directly
neverallow composd apex_art_data_file:file ~unlink;
diff --git a/private/system_server.te b/private/system_server.te
index 287503c..e77ba5d 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -487,7 +487,7 @@
allow system_server keychain_data_file:lnk_file create_file_perms;
# Read the user parent directories like /data/user. Don't allow write access,
-# as vold and init are responsible for creating and deleting the subdirectories.
+# as vold is responsible for creating and deleting the subdirectories.
allow system_server system_userdir_file:dir r_dir_perms;
# Manage /data/app.
diff --git a/private/untrusted_app.te b/private/untrusted_app.te
index 62d458d..56e44db 100644
--- a/private/untrusted_app.te
+++ b/private/untrusted_app.te
@@ -14,3 +14,10 @@
untrusted_app_domain(untrusted_app)
net_domain(untrusted_app)
bluetooth_domain(untrusted_app)
+
+# Allow webview to access fd shared by sdksandbox for experiments data
+# TODO(b/229249719): Will not be supported in Android U
+allow untrusted_app sdk_sandbox_data_file:fd use;
+allow untrusted_app sdk_sandbox_data_file:file write;
+
+neverallow untrusted_app sdk_sandbox_data_file:file { open create };
\ No newline at end of file
diff --git a/private/vold.te b/private/vold.te
index 22553ea..40c1a57 100644
--- a/private/vold.te
+++ b/private/vold.te
@@ -82,27 +82,13 @@
# /data/user/$userId. This is very important, as these directories need to be
# encrypted with per-user keys, which only vold can do. Encryption can only be
# set up on empty directories, so creation and encryption must happen together.
-#
-# Exception: init creates /data/user/0 and /data/media/obb, so that needs to be
-# allowed for now. (/data/media/obb isn't actually a per-user directory, but
-# it's located in /data/media so it constrains the sepolicy for that directory.)
neverallow {
domain
-vold
} {
- vendor_userdir_file
-}:dir {
- add_name
- remove_name
- write
-};
-neverallow {
- domain
- -vold
- -init
-} {
- system_userdir_file
media_userdir_file
+ system_userdir_file
+ vendor_userdir_file
}:dir {
add_name
remove_name
diff --git a/public/init.te b/public/init.te
index 99e2c26..cc28098 100644
--- a/public/init.te
+++ b/public/init.te
@@ -212,10 +212,11 @@
allow init {
file_type
-app_data_file
+ -credstore_data_file
-exec_type
-iorapd_data_file
- -credstore_data_file
-keystore_data_file
+ -media_userdir_file
-misc_logd_file
-nativetest_data_file
-privapp_data_file
@@ -223,6 +224,7 @@
-system_app_data_file
-system_dlkm_file_type
-system_file_type
+ -system_userdir_file
-vendor_file_type
-vendor_userdir_file
-vold_data_file
diff --git a/public/ioctl_defines b/public/ioctl_defines
index 51cce4e..11f7f3e 100644
--- a/public/ioctl_defines
+++ b/public/ioctl_defines
@@ -132,6 +132,7 @@
define(`BC_REPLY', `0x40406301')
define(`BC_REQUEST_DEATH_NOTIFICATION', `0x400c630e')
define(`BC_TRANSACTION', `0x40406300')
+define(`BINDER_GET_EXTENDED_ERROR', `0xc0486211')
define(`BINDER_ENABLE_ONEWAY_SPAM_DETECTION', `0x40046210')
define(`BINDER_FREEZE', `0x400c620e')
define(`BINDER_GET_FROZEN_INFO', `0xc00c620f')
diff --git a/public/ioctl_macros b/public/ioctl_macros
index 47a5157..64ee1b0 100644
--- a/public/ioctl_macros
+++ b/public/ioctl_macros
@@ -73,4 +73,5 @@
BINDER_SET_IDLE_PRIORITY BINDER_SET_CONTEXT_MGR BINDER_THREAD_EXIT
BINDER_VERSION BINDER_GET_NODE_DEBUG_INFO BINDER_GET_NODE_INFO_FOR_REF
BINDER_SET_CONTEXT_MGR_EXT BINDER_ENABLE_ONEWAY_SPAM_DETECTION
+BINDER_GET_EXTENDED_ERROR
}')