Merge "Ensure that only desired processes can access TracingServiceProxy" into sc-dev
diff --git a/prebuilts/api/31.0/private/apexd.te b/prebuilts/api/31.0/private/apexd.te
index 32b2594..b923cdb 100644
--- a/prebuilts/api/31.0/private/apexd.te
+++ b/prebuilts/api/31.0/private/apexd.te
@@ -209,4 +209,5 @@
allow apexd otapreopt_chroot:fd use;
allow apexd postinstall_apex_mnt_dir:dir { create_dir_perms mounton };
allow apexd postinstall_apex_mnt_dir:file { create_file_perms relabelfrom };
+allow apexd postinstall_apex_mnt_dir:lnk_file create;
allow apexd proc_filesystems:file r_file_perms;
diff --git a/prebuilts/api/31.0/private/automotive_display_service.te b/prebuilts/api/31.0/private/automotive_display_service.te
index fa11ca4..da933a9 100644
--- a/prebuilts/api/31.0/private/automotive_display_service.te
+++ b/prebuilts/api/31.0/private/automotive_display_service.te
@@ -16,6 +16,7 @@
# Allow to use HwBinder IPC for HAL implementations.
hwbinder_use(automotive_display_service)
hal_client_domain(automotive_display_service, hal_graphics_composer)
+hal_client_domain(automotive_display_service, hal_graphics_allocator)
# Allow to read the target property.
get_prop(automotive_display_service, hwservicemanager_prop)
diff --git a/prebuilts/api/31.0/private/compat/30.0/30.0.ignore.cil b/prebuilts/api/31.0/private/compat/30.0/30.0.ignore.cil
index 313acc7..8414caf 100644
--- a/prebuilts/api/31.0/private/compat/30.0/30.0.ignore.cil
+++ b/prebuilts/api/31.0/private/compat/30.0/30.0.ignore.cil
@@ -20,6 +20,7 @@
arm64_memtag_prop
authorization_service
bootanim_config_prop
+ camera2_extensions_prop
camerax_extensions_prop
cgroup_desc_api_file
cgroup_v2
@@ -66,6 +67,7 @@
hal_remotelyprovisionedcomponent_service
hal_secureclock_service
hal_sharedsecret_service
+ hal_uwb_service
hal_weaver_service
hw_timeout_multiplier_prop
keystore_compat_hal_service
diff --git a/prebuilts/api/31.0/private/dexoptanalyzer.te b/prebuilts/api/31.0/private/dexoptanalyzer.te
index d194acb..b99349e 100644
--- a/prebuilts/api/31.0/private/dexoptanalyzer.te
+++ b/prebuilts/api/31.0/private/dexoptanalyzer.te
@@ -51,3 +51,6 @@
# Allow query ART device config properties
get_prop(dexoptanalyzer, device_config_runtime_native_prop)
get_prop(dexoptanalyzer, device_config_runtime_native_boot_prop)
+
+# Allow dexoptanalyzer to read /apex/apex-info-list.xml
+allow dex2oat apex_info_file:file r_file_perms;
diff --git a/prebuilts/api/31.0/private/property_contexts b/prebuilts/api/31.0/private/property_contexts
index a5baab8..8590ea7 100644
--- a/prebuilts/api/31.0/private/property_contexts
+++ b/prebuilts/api/31.0/private/property_contexts
@@ -331,6 +331,9 @@
ro.camerax.extensions.enabled u:object_r:camerax_extensions_prop:s0 exact bool
+ro.vendor.camera.extensions.package u:object_r:camera2_extensions_prop:s0 exact string
+ro.vendor.camera.extensions.service u:object_r:camera2_extensions_prop:s0 exact string
+
# ART properties
dalvik.vm. u:object_r:dalvik_config_prop:s0
ro.dalvik.vm. u:object_r:dalvik_config_prop:s0
@@ -843,6 +846,7 @@
ro.vendor.build.version.release u:object_r:build_vendor_prop:s0 exact string
ro.vendor.build.version.release_or_codename u:object_r:build_vendor_prop:s0 exact string
ro.vendor.build.version.sdk u:object_r:build_vendor_prop:s0 exact int
+ro.vendor.build.dont_use_vabc u:object_r:build_vendor_prop:s0 exact bool
# All vendor CPU abilist props are set by /vendor/build.prop
ro.vendor.product.cpu.abilist u:object_r:build_vendor_prop:s0 exact string
diff --git a/prebuilts/api/31.0/private/zygote.te b/prebuilts/api/31.0/private/zygote.te
index 9038c4f..dd42a81 100644
--- a/prebuilts/api/31.0/private/zygote.te
+++ b/prebuilts/api/31.0/private/zygote.te
@@ -69,8 +69,8 @@
# Zygote opens /mnt/expand to mount CE DE storage on each vol
allow zygote mnt_expand_file:dir { open read search relabelto };
-# Bind mount subdirectories on /data/misc/profiles/cur
-allow zygote user_profile_root_file:dir { mounton search };
+# Bind mount subdirectories on /data/misc/profiles/cur and /data/misc/profiles/ref
+allow zygote { user_profile_root_file user_profile_data_file }:dir { mounton search };
# Create and bind dirs on /data/data
allow zygote tmpfs:dir { create_dir_perms mounton };
diff --git a/prebuilts/api/31.0/public/app.te b/prebuilts/api/31.0/public/app.te
index a49faaf..5527f99 100644
--- a/prebuilts/api/31.0/public/app.te
+++ b/prebuilts/api/31.0/public/app.te
@@ -16,6 +16,9 @@
# Receive and use open file descriptors inherited from zygote.
allow appdomain zygote:fd use;
+# Receive and use open file descriptors inherited from app zygote.
+allow appdomain app_zygote:fd use;
+
# gdbserver for ndk-gdb reads the zygote.
# valgrind needs mmap exec for zygote
allow appdomain zygote_exec:file rx_file_perms;
@@ -593,5 +596,8 @@
neverallow appdomain system_bootstrap_lib_file:dir
{ open read getattr search };
+# Allow to read ro.vendor.camera.extensions.enabled
+get_prop(appdomain, camera2_extensions_prop)
+
# Allow to ro.camerax.extensions.enabled
get_prop(appdomain, camerax_extensions_prop)
diff --git a/prebuilts/api/31.0/public/attributes b/prebuilts/api/31.0/public/attributes
index daef4bb..2e01f1e 100644
--- a/prebuilts/api/31.0/public/attributes
+++ b/prebuilts/api/31.0/public/attributes
@@ -358,6 +358,7 @@
hal_attribute(tv_tuner);
hal_attribute(usb);
hal_attribute(usb_gadget);
+hal_attribute(uwb);
hal_attribute(vehicle);
hal_attribute(vibrator);
hal_attribute(vr);
diff --git a/prebuilts/api/31.0/public/hal_neverallows.te b/prebuilts/api/31.0/public/hal_neverallows.te
index 4117878..105689b 100644
--- a/prebuilts/api/31.0/public/hal_neverallows.te
+++ b/prebuilts/api/31.0/public/hal_neverallows.te
@@ -8,6 +8,7 @@
-hal_wifi_hostapd_server
-hal_wifi_supplicant_server
-hal_telephony_server
+ -hal_uwb_server
} self:global_capability_class_set { net_admin net_raw };
# Unless a HAL's job is to communicate over the network, or control network
@@ -25,8 +26,17 @@
-hal_wifi_hostapd_server
-hal_wifi_supplicant_server
-hal_telephony_server
+ -hal_uwb_server
} domain:{ tcp_socket udp_socket rawip_socket } *;
+# The UWB HAL is not actually a networking HAL but may need to bring up and down
+# interfaces. Restrict it to only these networking operations.
+neverallow hal_uwb_server self:global_capability_class_set { net_raw };
+
+# Subset of socket_class_set likely to be usable for communication or accessible through net_admin.
+# udp_socket is required to use interface ioctls.
+neverallow hal_uwb_server domain:{ socket tcp_socket rawip_socket netlink_socket packet_socket key_socket netlink_route_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket netlink_iscsi_socket netlink_fib_lookup_socket netlink_connector_socket netlink_netfilter_socket netlink_scsitransport_socket netlink_rdma_socket netlink_crypto_socket qipcrtr_socket xdp_socket } *;
+
###
# HALs are defined as an attribute and so a given domain could hypothetically
# have multiple HALs in it (or even all of them) with the subsequent policy of
diff --git a/prebuilts/api/31.0/public/property.te b/prebuilts/api/31.0/public/property.te
index 57146a4..1d3f358 100644
--- a/prebuilts/api/31.0/public/property.te
+++ b/prebuilts/api/31.0/public/property.te
@@ -123,6 +123,7 @@
system_vendor_config_prop(build_vendor_prop)
system_vendor_config_prop(camera_calibration_prop)
system_vendor_config_prop(camera_config_prop)
+system_vendor_config_prop(camera2_extensions_prop)
system_vendor_config_prop(camerax_extensions_prop)
system_vendor_config_prop(charger_config_prop)
system_vendor_config_prop(codec2_config_prop)
diff --git a/prebuilts/api/31.0/public/vendor_init.te b/prebuilts/api/31.0/public/vendor_init.te
index b0e1da5..0999f48 100644
--- a/prebuilts/api/31.0/public/vendor_init.te
+++ b/prebuilts/api/31.0/public/vendor_init.te
@@ -218,6 +218,7 @@
set_prop(vendor_init, apk_verity_prop)
set_prop(vendor_init, bluetooth_a2dp_offload_prop)
set_prop(vendor_init, bluetooth_audio_hal_prop)
+set_prop(vendor_init, camera2_extensions_prop)
set_prop(vendor_init, camerax_extensions_prop)
set_prop(vendor_init, cpu_variant_prop)
set_prop(vendor_init, dalvik_runtime_prop)
diff --git a/private/apexd.te b/private/apexd.te
index 32b2594..b923cdb 100644
--- a/private/apexd.te
+++ b/private/apexd.te
@@ -209,4 +209,5 @@
allow apexd otapreopt_chroot:fd use;
allow apexd postinstall_apex_mnt_dir:dir { create_dir_perms mounton };
allow apexd postinstall_apex_mnt_dir:file { create_file_perms relabelfrom };
+allow apexd postinstall_apex_mnt_dir:lnk_file create;
allow apexd proc_filesystems:file r_file_perms;
diff --git a/private/automotive_display_service.te b/private/automotive_display_service.te
index fa11ca4..da933a9 100644
--- a/private/automotive_display_service.te
+++ b/private/automotive_display_service.te
@@ -16,6 +16,7 @@
# Allow to use HwBinder IPC for HAL implementations.
hwbinder_use(automotive_display_service)
hal_client_domain(automotive_display_service, hal_graphics_composer)
+hal_client_domain(automotive_display_service, hal_graphics_allocator)
# Allow to read the target property.
get_prop(automotive_display_service, hwservicemanager_prop)
diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index 313acc7..8414caf 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -20,6 +20,7 @@
arm64_memtag_prop
authorization_service
bootanim_config_prop
+ camera2_extensions_prop
camerax_extensions_prop
cgroup_desc_api_file
cgroup_v2
@@ -66,6 +67,7 @@
hal_remotelyprovisionedcomponent_service
hal_secureclock_service
hal_sharedsecret_service
+ hal_uwb_service
hal_weaver_service
hw_timeout_multiplier_prop
keystore_compat_hal_service
diff --git a/private/dexoptanalyzer.te b/private/dexoptanalyzer.te
index d194acb..b99349e 100644
--- a/private/dexoptanalyzer.te
+++ b/private/dexoptanalyzer.te
@@ -51,3 +51,6 @@
# Allow query ART device config properties
get_prop(dexoptanalyzer, device_config_runtime_native_prop)
get_prop(dexoptanalyzer, device_config_runtime_native_boot_prop)
+
+# Allow dexoptanalyzer to read /apex/apex-info-list.xml
+allow dex2oat apex_info_file:file r_file_perms;
diff --git a/private/property_contexts b/private/property_contexts
index a5baab8..8590ea7 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -331,6 +331,9 @@
ro.camerax.extensions.enabled u:object_r:camerax_extensions_prop:s0 exact bool
+ro.vendor.camera.extensions.package u:object_r:camera2_extensions_prop:s0 exact string
+ro.vendor.camera.extensions.service u:object_r:camera2_extensions_prop:s0 exact string
+
# ART properties
dalvik.vm. u:object_r:dalvik_config_prop:s0
ro.dalvik.vm. u:object_r:dalvik_config_prop:s0
@@ -843,6 +846,7 @@
ro.vendor.build.version.release u:object_r:build_vendor_prop:s0 exact string
ro.vendor.build.version.release_or_codename u:object_r:build_vendor_prop:s0 exact string
ro.vendor.build.version.sdk u:object_r:build_vendor_prop:s0 exact int
+ro.vendor.build.dont_use_vabc u:object_r:build_vendor_prop:s0 exact bool
# All vendor CPU abilist props are set by /vendor/build.prop
ro.vendor.product.cpu.abilist u:object_r:build_vendor_prop:s0 exact string
diff --git a/private/zygote.te b/private/zygote.te
index 9038c4f..dd42a81 100644
--- a/private/zygote.te
+++ b/private/zygote.te
@@ -69,8 +69,8 @@
# Zygote opens /mnt/expand to mount CE DE storage on each vol
allow zygote mnt_expand_file:dir { open read search relabelto };
-# Bind mount subdirectories on /data/misc/profiles/cur
-allow zygote user_profile_root_file:dir { mounton search };
+# Bind mount subdirectories on /data/misc/profiles/cur and /data/misc/profiles/ref
+allow zygote { user_profile_root_file user_profile_data_file }:dir { mounton search };
# Create and bind dirs on /data/data
allow zygote tmpfs:dir { create_dir_perms mounton };
diff --git a/public/app.te b/public/app.te
index a49faaf..5527f99 100644
--- a/public/app.te
+++ b/public/app.te
@@ -16,6 +16,9 @@
# Receive and use open file descriptors inherited from zygote.
allow appdomain zygote:fd use;
+# Receive and use open file descriptors inherited from app zygote.
+allow appdomain app_zygote:fd use;
+
# gdbserver for ndk-gdb reads the zygote.
# valgrind needs mmap exec for zygote
allow appdomain zygote_exec:file rx_file_perms;
@@ -593,5 +596,8 @@
neverallow appdomain system_bootstrap_lib_file:dir
{ open read getattr search };
+# Allow to read ro.vendor.camera.extensions.enabled
+get_prop(appdomain, camera2_extensions_prop)
+
# Allow to ro.camerax.extensions.enabled
get_prop(appdomain, camerax_extensions_prop)
diff --git a/public/attributes b/public/attributes
index daef4bb..2e01f1e 100644
--- a/public/attributes
+++ b/public/attributes
@@ -358,6 +358,7 @@
hal_attribute(tv_tuner);
hal_attribute(usb);
hal_attribute(usb_gadget);
+hal_attribute(uwb);
hal_attribute(vehicle);
hal_attribute(vibrator);
hal_attribute(vr);
diff --git a/public/hal_neverallows.te b/public/hal_neverallows.te
index 4117878..105689b 100644
--- a/public/hal_neverallows.te
+++ b/public/hal_neverallows.te
@@ -8,6 +8,7 @@
-hal_wifi_hostapd_server
-hal_wifi_supplicant_server
-hal_telephony_server
+ -hal_uwb_server
} self:global_capability_class_set { net_admin net_raw };
# Unless a HAL's job is to communicate over the network, or control network
@@ -25,8 +26,17 @@
-hal_wifi_hostapd_server
-hal_wifi_supplicant_server
-hal_telephony_server
+ -hal_uwb_server
} domain:{ tcp_socket udp_socket rawip_socket } *;
+# The UWB HAL is not actually a networking HAL but may need to bring up and down
+# interfaces. Restrict it to only these networking operations.
+neverallow hal_uwb_server self:global_capability_class_set { net_raw };
+
+# Subset of socket_class_set likely to be usable for communication or accessible through net_admin.
+# udp_socket is required to use interface ioctls.
+neverallow hal_uwb_server domain:{ socket tcp_socket rawip_socket netlink_socket packet_socket key_socket netlink_route_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket netlink_iscsi_socket netlink_fib_lookup_socket netlink_connector_socket netlink_netfilter_socket netlink_scsitransport_socket netlink_rdma_socket netlink_crypto_socket qipcrtr_socket xdp_socket } *;
+
###
# HALs are defined as an attribute and so a given domain could hypothetically
# have multiple HALs in it (or even all of them) with the subsequent policy of
diff --git a/public/property.te b/public/property.te
index 57146a4..1d3f358 100644
--- a/public/property.te
+++ b/public/property.te
@@ -123,6 +123,7 @@
system_vendor_config_prop(build_vendor_prop)
system_vendor_config_prop(camera_calibration_prop)
system_vendor_config_prop(camera_config_prop)
+system_vendor_config_prop(camera2_extensions_prop)
system_vendor_config_prop(camerax_extensions_prop)
system_vendor_config_prop(charger_config_prop)
system_vendor_config_prop(codec2_config_prop)
diff --git a/public/vendor_init.te b/public/vendor_init.te
index b0e1da5..0999f48 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -218,6 +218,7 @@
set_prop(vendor_init, apk_verity_prop)
set_prop(vendor_init, bluetooth_a2dp_offload_prop)
set_prop(vendor_init, bluetooth_audio_hal_prop)
+set_prop(vendor_init, camera2_extensions_prop)
set_prop(vendor_init, camerax_extensions_prop)
set_prop(vendor_init, cpu_variant_prop)
set_prop(vendor_init, dalvik_runtime_prop)