Merge "Allow KeyMint HAL to read serialno"
diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index 5815f68..b02a9bf 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go
@@ -14,414 +14,422 @@
package selinux
+var EXCEPTION_NO_FUZZER = []string{}
+
+//
+// To add a fuzzer for service, add your service name and fuzzer name in ServiceFuzzerBindings
+// example of entry -
+// "android.hardware.health.IHealth/default": []string{"android.hardware.health-service.aidl_fuzzer"},
+
var (
ServiceFuzzerBindings = map[string][]string{
- "android.hardware.audio.core.IConfig/default": []string{},
- "android.hardware.audio.core.IModule/default": []string{},
- "android.hardware.audio.effect.IFactory/default": []string{},
- "android.hardware.authsecret.IAuthSecret/default": []string{},
- "android.hardware.automotive.evs.IEvsEnumerator/hw/0": []string{},
- "android.hardware.boot.IBootControl/default": []string{},
- "android.hardware.automotive.evs.IEvsEnumerator/hw/1": []string{},
- "android.hardware.automotive.remoteaccess.IRemoteAccess/default": []string{},
- "android.hardware.automotive.vehicle.IVehicle/default": []string{},
- "android.hardware.automotive.audiocontrol.IAudioControl/default": []string{},
- "android.hardware.biometrics.face.IFace/default": []string{},
- "android.hardware.biometrics.fingerprint.IFingerprint/default": []string{},
- "android.hardware.biometrics.fingerprint.IFingerprint/virtual": []string{},
- "android.hardware.bluetooth.audio.IBluetoothAudioProviderFactory/default": []string{},
- "android.hardware.broadcastradio.IBroadcastRadio/amfm": []string{},
- "android.hardware.broadcastradio.IBroadcastRadio/dab": []string{},
- "android.hardware.camera.provider.ICameraProvider/internal/0": []string{},
- "android.hardware.cas.IMediaCasService/default": []string{},
+ "android.hardware.audio.core.IConfig/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.core.IModule/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.effect.IFactory/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.authsecret.IAuthSecret/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.automotive.evs.IEvsEnumerator/hw/0": EXCEPTION_NO_FUZZER,
+ "android.hardware.boot.IBootControl/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.automotive.evs.IEvsEnumerator/hw/1": EXCEPTION_NO_FUZZER,
+ "android.hardware.automotive.remoteaccess.IRemoteAccess/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.automotive.vehicle.IVehicle/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.automotive.audiocontrol.IAudioControl/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.biometrics.face.IFace/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.biometrics.fingerprint.IFingerprint/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.biometrics.fingerprint.IFingerprint/virtual": EXCEPTION_NO_FUZZER,
+ "android.hardware.bluetooth.audio.IBluetoothAudioProviderFactory/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.broadcastradio.IBroadcastRadio/amfm": EXCEPTION_NO_FUZZER,
+ "android.hardware.broadcastradio.IBroadcastRadio/dab": EXCEPTION_NO_FUZZER,
+ "android.hardware.camera.provider.ICameraProvider/internal/0": EXCEPTION_NO_FUZZER,
+ "android.hardware.cas.IMediaCasService/default": EXCEPTION_NO_FUZZER,
"android.hardware.confirmationui.IConfirmationUI/default": []string{"android.hardware.confirmationui-service.trusty_fuzzer"},
- "android.hardware.contexthub.IContextHub/default": []string{},
- "android.hardware.drm.IDrmFactory/clearkey": []string{},
- "android.hardware.drm.ICryptoFactory/clearkey": []string{},
- "android.hardware.dumpstate.IDumpstateDevice/default": []string{},
- "android.hardware.gatekeeper.IGatekeeper/default": []string{},
- "android.hardware.gnss.IGnss/default": []string{},
- "android.hardware.graphics.allocator.IAllocator/default": []string{},
- "android.hardware.graphics.composer3.IComposer/default": []string{},
- "android.hardware.health.storage.IStorage/default": []string{},
+ "android.hardware.contexthub.IContextHub/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.drm.IDrmFactory/clearkey": EXCEPTION_NO_FUZZER,
+ "android.hardware.drm.ICryptoFactory/clearkey": EXCEPTION_NO_FUZZER,
+ "android.hardware.dumpstate.IDumpstateDevice/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.fastboot.IFastboot/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.gatekeeper.IGatekeeper/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.gnss.IGnss/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.graphics.allocator.IAllocator/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.graphics.composer3.IComposer/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.health.storage.IStorage/default": EXCEPTION_NO_FUZZER,
"android.hardware.health.IHealth/default": []string{"android.hardware.health-service.aidl_fuzzer"},
- "android.hardware.identity.IIdentityCredentialStore/default": []string{},
- "android.hardware.input.processor.IInputProcessor/default": []string{},
- "android.hardware.ir.IConsumerIr/default": []string{},
- "android.hardware.light.ILights/default": []string{},
- "android.hardware.memtrack.IMemtrack/default": []string{},
- "android.hardware.net.nlinterceptor.IInterceptor/default": []string{},
- "android.hardware.nfc.INfc/default": []string{},
- "android.hardware.oemlock.IOemLock/default": []string{},
- "android.hardware.power.IPower/default": []string{},
- "android.hardware.power.stats.IPowerStats/default": []string{},
- "android.hardware.radio.config.IRadioConfig/default": []string{},
- "android.hardware.radio.data.IRadioData/slot1": []string{},
- "android.hardware.radio.data.IRadioData/slot2": []string{},
- "android.hardware.radio.data.IRadioData/slot3": []string{},
- "android.hardware.radio.ims.IRadioIms/slot1": []string{},
- "android.hardware.radio.ims.IRadioIms/slot2": []string{},
- "android.hardware.radio.ims.IRadioIms/slot3": []string{},
- "android.hardware.radio.ims.media.IImsMedia/default": []string{},
- "android.hardware.radio.messaging.IRadioMessaging/slot1": []string{},
- "android.hardware.radio.messaging.IRadioMessaging/slot2": []string{},
- "android.hardware.radio.messaging.IRadioMessaging/slot3": []string{},
- "android.hardware.radio.modem.IRadioModem/slot1": []string{},
- "android.hardware.radio.modem.IRadioModem/slot2": []string{},
- "android.hardware.radio.modem.IRadioModem/slot3": []string{},
- "android.hardware.radio.network.IRadioNetwork/slot1": []string{},
- "android.hardware.radio.network.IRadioNetwork/slot2": []string{},
- "android.hardware.radio.network.IRadioNetwork/slot3": []string{},
- "android.hardware.radio.sim.IRadioSim/slot1": []string{},
- "android.hardware.radio.sim.IRadioSim/slot2": []string{},
- "android.hardware.radio.sim.IRadioSim/slot3": []string{},
- "android.hardware.radio.voice.IRadioVoice/slot1": []string{},
- "android.hardware.radio.voice.IRadioVoice/slot2": []string{},
- "android.hardware.radio.voice.IRadioVoice/slot3": []string{},
- "android.hardware.rebootescrow.IRebootEscrow/default": []string{},
- "android.hardware.security.dice.IDiceDevice/default": []string{},
- "android.hardware.security.keymint.IKeyMintDevice/default": []string{},
- "android.hardware.security.keymint.IRemotelyProvisionedComponent/default": []string{},
- "android.hardware.security.secureclock.ISecureClock/default": []string{},
- "android.hardware.security.sharedsecret.ISharedSecret/default": []string{},
- "android.hardware.sensors.ISensors/default": []string{},
- "android.hardware.soundtrigger3.ISoundTriggerHw/default": []string{},
- "android.hardware.thermal.IThermal/default": []string{},
- "android.hardware.tv.cec.IHdmiCec/default": []string{},
- "android.hardware.tv.hdmi.IHdmi/default": []string{},
- "android.hardware.tv.input.ITvInput/default": []string{},
- "android.hardware.tv.tuner.ITuner/default": []string{},
- "android.hardware.usb.IUsb/default": []string{},
- "android.hardware.usb.gadget.IUsbGadget/default": []string{},
- "android.hardware.uwb.IUwb/default": []string{},
- "android.hardware.vibrator.IVibrator/default": []string{},
+ "android.hardware.identity.IIdentityCredentialStore/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.input.processor.IInputProcessor/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.ir.IConsumerIr/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.light.ILights/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.memtrack.IMemtrack/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.net.nlinterceptor.IInterceptor/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.nfc.INfc/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.oemlock.IOemLock/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.power.IPower/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.power.stats.IPowerStats/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.config.IRadioConfig/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.data.IRadioData/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.data.IRadioData/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.data.IRadioData/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.ims.IRadioIms/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.ims.IRadioIms/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.ims.IRadioIms/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.ims.media.IImsMedia/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.messaging.IRadioMessaging/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.messaging.IRadioMessaging/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.messaging.IRadioMessaging/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.modem.IRadioModem/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.modem.IRadioModem/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.modem.IRadioModem/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.network.IRadioNetwork/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.network.IRadioNetwork/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.network.IRadioNetwork/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.sim.IRadioSim/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.sim.IRadioSim/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.sim.IRadioSim/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.voice.IRadioVoice/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.voice.IRadioVoice/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.voice.IRadioVoice/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.rebootescrow.IRebootEscrow/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.security.dice.IDiceDevice/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.security.keymint.IKeyMintDevice/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.security.keymint.IRemotelyProvisionedComponent/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.security.secureclock.ISecureClock/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.security.sharedsecret.ISharedSecret/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.sensors.ISensors/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.soundtrigger3.ISoundTriggerHw/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.thermal.IThermal/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.tv.cec.IHdmiCec/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.tv.hdmi.IHdmi/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.tv.input.ITvInput/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.tv.tuner.ITuner/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.usb.IUsb/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.usb.gadget.IUsbGadget/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.uwb.IUwb/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.vibrator.IVibrator/default": EXCEPTION_NO_FUZZER,
"android.hardware.vibrator.IVibratorManager/default": []string{"android.hardware.vibrator-service.example_fuzzer"},
- "android.hardware.weaver.IWeaver/default": []string{},
- "android.hardware.wifi.IWifi/default": []string{},
- "android.hardware.wifi.hostapd.IHostapd/default": []string{},
- "android.hardware.wifi.supplicant.ISupplicant/default": []string{},
- "android.frameworks.stats.IStats/default": []string{},
- "android.se.omapi.ISecureElementService/default": []string{},
- "android.system.keystore2.IKeystoreService/default": []string{},
- "android.system.net.netd.INetd/default": []string{},
- "android.system.suspend.ISystemSuspend/default": []string{},
- "accessibility": []string{},
- "account": []string{},
- "activity": []string{},
- "activity_task": []string{},
- "adb": []string{},
- "adservices_manager": []string{},
- "aidl_lazy_test_1": []string{},
- "aidl_lazy_test_2": []string{},
- "aidl_lazy_cb_test": []string{},
- "alarm": []string{},
- "android.hardware.automotive.evs.IEvsEnumerator/default": []string{},
- "android.os.UpdateEngineService": []string{},
- "android.os.UpdateEngineStableService": []string{},
- "android.frameworks.automotive.display.ICarDisplayProxy/default": []string{},
- "android.security.apc": []string{},
- "android.security.authorization": []string{},
- "android.security.compat": []string{},
- "android.security.dice.IDiceMaintenance": []string{},
- "android.security.dice.IDiceNode": []string{},
- "android.security.identity": []string{},
- "android.security.keystore": []string{},
- "android.security.legacykeystore": []string{},
- "android.security.maintenance": []string{},
- "android.security.metrics": []string{},
- "android.security.remoteprovisioning": []string{},
- "android.security.remoteprovisioning.IRemotelyProvisionedKeyPool": []string{},
- "android.service.gatekeeper.IGateKeeperService": []string{},
- "android.system.composd": []string{},
- "android.system.virtualizationservice": []string{},
- "ambient_context": []string{},
- "app_binding": []string{},
- "app_hibernation": []string{},
- "app_integrity": []string{},
- "app_prediction": []string{},
- "app_search": []string{},
- "apexservice": []string{},
- "attestation_verification": []string{},
- "blob_store": []string{},
- "gsiservice": []string{},
- "appops": []string{},
- "appwidget": []string{},
- "artd": []string{},
- "assetatlas": []string{},
- "attention": []string{},
- "audio": []string{},
- "auth": []string{},
- "autofill": []string{},
- "background_install_control": []string{},
- "backup": []string{},
- "batteryproperties": []string{},
- "batterystats": []string{},
- "battery": []string{},
- "binder_calls_stats": []string{},
- "biometric": []string{},
- "bluetooth_manager": []string{},
- "bluetooth": []string{},
- "broadcastradio": []string{},
- "bugreport": []string{},
- "cacheinfo": []string{},
- "carrier_config": []string{},
- "clipboard": []string{},
- "cloudsearch": []string{},
- "cloudsearch_service": []string{},
- "com.android.net.IProxyService": []string{},
- "companiondevice": []string{},
- "communal": []string{},
- "platform_compat": []string{},
- "platform_compat_native": []string{},
- "connectivity": []string{},
- "connectivity_native": []string{},
- "connmetrics": []string{},
- "consumer_ir": []string{},
- "content": []string{},
- "content_capture": []string{},
- "content_suggestions": []string{},
- "contexthub": []string{},
- "country_detector": []string{},
- "coverage": []string{},
- "cpuinfo": []string{},
- "credential": []string{},
- "crossprofileapps": []string{},
- "dataloader_manager": []string{},
- "dbinfo": []string{},
- "device_config": []string{},
- "device_policy": []string{},
- "device_identifiers": []string{},
- "deviceidle": []string{},
- "device_lock": []string{},
- "device_state": []string{},
- "devicestoragemonitor": []string{},
- "diskstats": []string{},
- "display": []string{},
- "dnsresolver": []string{},
- "domain_verification": []string{},
- "color_display": []string{},
- "netd_listener": []string{},
- "network_watchlist": []string{},
- "DockObserver": []string{},
- "dreams": []string{},
- "drm.drmManager": []string{},
- "dropbox": []string{},
- "dumpstate": []string{},
- "dynamic_system": []string{},
- "econtroller": []string{},
- "emergency_affordance": []string{},
- "euicc_card_controller": []string{},
- "external_vibrator_service": []string{},
- "ethernet": []string{},
- "face": []string{},
- "file_integrity": []string{},
- "fingerprint": []string{},
- "font": []string{},
- "android.hardware.fingerprint.IFingerprintDaemon": []string{},
- "game": []string{},
- "gfxinfo": []string{},
- "gnss_time_update_service": []string{},
- "graphicsstats": []string{},
- "gpu": []string{},
- "hardware": []string{},
- "hardware_properties": []string{},
- "hdmi_control": []string{},
- "healthconnect": []string{},
- "ions": []string{},
- "idmap": []string{},
- "incident": []string{},
- "incidentcompanion": []string{},
- "inputflinger": []string{},
- "input_method": []string{},
- "input": []string{},
- "installd": []string{},
- "iphonesubinfo_msim": []string{},
- "iphonesubinfo2": []string{},
- "iphonesubinfo": []string{},
- "ims": []string{},
- "imms": []string{},
- "incremental": []string{},
- "ipsec": []string{},
- "ircsmessage": []string{},
- "iris": []string{},
- "isms_msim": []string{},
- "isms2": []string{},
- "isms": []string{},
- "isub": []string{},
- "jobscheduler": []string{},
- "launcherapps": []string{},
- "legacy_permission": []string{},
- "lights": []string{},
- "locale": []string{},
- "location": []string{},
- "location_time_zone_manager": []string{},
- "lock_settings": []string{},
- "logcat": []string{},
- "logd": []string{},
- "looper_stats": []string{},
- "lpdump_service": []string{},
- "mdns": []string{},
- "media.aaudio": []string{},
- "media.audio_flinger": []string{},
- "media.audio_policy": []string{},
- "media.camera": []string{},
- "media.camera.proxy": []string{},
- "media.log": []string{},
- "media.player": []string{},
- "media.metrics": []string{},
- "media.extractor": []string{},
- "media.transcoding": []string{},
- "media.resource_manager": []string{},
- "media.resource_observer": []string{},
- "media.sound_trigger_hw": []string{},
- "media.drm": []string{},
- "media.tuner": []string{},
- "media_communication": []string{},
- "media_metrics": []string{},
- "media_projection": []string{},
- "media_resource_monitor": []string{},
- "media_router": []string{},
- "media_session": []string{},
- "meminfo": []string{},
- "memtrack.proxy": []string{},
- "midi": []string{},
- "mount": []string{},
- "music_recognition": []string{},
- "nearby": []string{},
- "netd": []string{},
- "netpolicy": []string{},
- "netstats": []string{},
- "network_stack": []string{},
- "network_management": []string{},
- "network_score": []string{},
- "network_time_update_service": []string{},
- "nfc": []string{},
- "notification": []string{},
- "oem_lock": []string{},
- "otadexopt": []string{},
- "overlay": []string{},
- "pac_proxy": []string{},
- "package": []string{},
- "package_native": []string{},
- "people": []string{},
- "performance_hint": []string{},
- "permission": []string{},
- "permissionmgr": []string{},
- "permission_checker": []string{},
- "persistent_data_block": []string{},
- "phone_msim": []string{},
- "phone1": []string{},
- "phone2": []string{},
- "phone": []string{},
- "pinner": []string{},
- "powerstats": []string{},
- "power": []string{},
- "print": []string{},
- "processinfo": []string{},
- "procstats": []string{},
- "profcollectd": []string{},
- "radio.phonesubinfo": []string{},
- "radio.phone": []string{},
- "radio.sms": []string{},
- "rcs": []string{},
- "reboot_readiness": []string{},
- "recovery": []string{},
- "resolver": []string{},
- "resources": []string{},
- "restrictions": []string{},
- "rkpd.registrar": []string{},
- "rkpd.refresh": []string{},
- "role": []string{},
- "rollback": []string{},
- "rttmanager": []string{},
- "runtime": []string{},
- "safety_center": []string{},
- "samplingprofiler": []string{},
- "scheduling_policy": []string{},
- "search": []string{},
- "search_ui": []string{},
- "secure_element": []string{},
- "sec_key_att_app_id_provider": []string{},
- "selection_toolbar": []string{},
- "sensorservice": []string{},
- "sensor_privacy": []string{},
- "serial": []string{},
- "servicediscovery": []string{},
+ "android.hardware.weaver.IWeaver/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.wifi.IWifi/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.wifi.hostapd.IHostapd/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.wifi.supplicant.ISupplicant/default": EXCEPTION_NO_FUZZER,
+ "android.frameworks.stats.IStats/default": EXCEPTION_NO_FUZZER,
+ "android.se.omapi.ISecureElementService/default": EXCEPTION_NO_FUZZER,
+ "android.system.keystore2.IKeystoreService/default": EXCEPTION_NO_FUZZER,
+ "android.system.net.netd.INetd/default": EXCEPTION_NO_FUZZER,
+ "android.system.suspend.ISystemSuspend/default": EXCEPTION_NO_FUZZER,
+ "accessibility": EXCEPTION_NO_FUZZER,
+ "account": EXCEPTION_NO_FUZZER,
+ "activity": EXCEPTION_NO_FUZZER,
+ "activity_task": EXCEPTION_NO_FUZZER,
+ "adb": EXCEPTION_NO_FUZZER,
+ "adservices_manager": EXCEPTION_NO_FUZZER,
+ "aidl_lazy_test_1": EXCEPTION_NO_FUZZER,
+ "aidl_lazy_test_2": EXCEPTION_NO_FUZZER,
+ "aidl_lazy_cb_test": EXCEPTION_NO_FUZZER,
+ "alarm": EXCEPTION_NO_FUZZER,
+ "android.hardware.automotive.evs.IEvsEnumerator/default": EXCEPTION_NO_FUZZER,
+ "android.os.UpdateEngineService": EXCEPTION_NO_FUZZER,
+ "android.os.UpdateEngineStableService": EXCEPTION_NO_FUZZER,
+ "android.frameworks.automotive.display.ICarDisplayProxy/default": EXCEPTION_NO_FUZZER,
+ "android.security.apc": EXCEPTION_NO_FUZZER,
+ "android.security.authorization": EXCEPTION_NO_FUZZER,
+ "android.security.compat": EXCEPTION_NO_FUZZER,
+ "android.security.dice.IDiceMaintenance": EXCEPTION_NO_FUZZER,
+ "android.security.dice.IDiceNode": EXCEPTION_NO_FUZZER,
+ "android.security.identity": EXCEPTION_NO_FUZZER,
+ "android.security.keystore": EXCEPTION_NO_FUZZER,
+ "android.security.legacykeystore": EXCEPTION_NO_FUZZER,
+ "android.security.maintenance": EXCEPTION_NO_FUZZER,
+ "android.security.metrics": EXCEPTION_NO_FUZZER,
+ "android.security.remoteprovisioning": EXCEPTION_NO_FUZZER,
+ "android.security.remoteprovisioning.IRemotelyProvisionedKeyPool": EXCEPTION_NO_FUZZER,
+ "android.service.gatekeeper.IGateKeeperService": EXCEPTION_NO_FUZZER,
+ "android.system.composd": EXCEPTION_NO_FUZZER,
+ "android.system.virtualizationservice": EXCEPTION_NO_FUZZER,
+ "ambient_context": EXCEPTION_NO_FUZZER,
+ "app_binding": EXCEPTION_NO_FUZZER,
+ "app_hibernation": EXCEPTION_NO_FUZZER,
+ "app_integrity": EXCEPTION_NO_FUZZER,
+ "app_prediction": EXCEPTION_NO_FUZZER,
+ "app_search": EXCEPTION_NO_FUZZER,
+ "apexservice": EXCEPTION_NO_FUZZER,
+ "attestation_verification": EXCEPTION_NO_FUZZER,
+ "blob_store": EXCEPTION_NO_FUZZER,
+ "gsiservice": EXCEPTION_NO_FUZZER,
+ "appops": EXCEPTION_NO_FUZZER,
+ "appwidget": EXCEPTION_NO_FUZZER,
+ "artd": EXCEPTION_NO_FUZZER,
+ "assetatlas": EXCEPTION_NO_FUZZER,
+ "attention": EXCEPTION_NO_FUZZER,
+ "audio": EXCEPTION_NO_FUZZER,
+ "auth": EXCEPTION_NO_FUZZER,
+ "autofill": EXCEPTION_NO_FUZZER,
+ "background_install_control": EXCEPTION_NO_FUZZER,
+ "backup": EXCEPTION_NO_FUZZER,
+ "batteryproperties": EXCEPTION_NO_FUZZER,
+ "batterystats": EXCEPTION_NO_FUZZER,
+ "battery": EXCEPTION_NO_FUZZER,
+ "binder_calls_stats": EXCEPTION_NO_FUZZER,
+ "biometric": EXCEPTION_NO_FUZZER,
+ "bluetooth_manager": EXCEPTION_NO_FUZZER,
+ "bluetooth": EXCEPTION_NO_FUZZER,
+ "broadcastradio": EXCEPTION_NO_FUZZER,
+ "bugreport": EXCEPTION_NO_FUZZER,
+ "cacheinfo": EXCEPTION_NO_FUZZER,
+ "carrier_config": EXCEPTION_NO_FUZZER,
+ "clipboard": EXCEPTION_NO_FUZZER,
+ "cloudsearch": EXCEPTION_NO_FUZZER,
+ "cloudsearch_service": EXCEPTION_NO_FUZZER,
+ "com.android.net.IProxyService": EXCEPTION_NO_FUZZER,
+ "companiondevice": EXCEPTION_NO_FUZZER,
+ "communal": EXCEPTION_NO_FUZZER,
+ "platform_compat": EXCEPTION_NO_FUZZER,
+ "platform_compat_native": EXCEPTION_NO_FUZZER,
+ "connectivity": EXCEPTION_NO_FUZZER,
+ "connectivity_native": EXCEPTION_NO_FUZZER,
+ "connmetrics": EXCEPTION_NO_FUZZER,
+ "consumer_ir": EXCEPTION_NO_FUZZER,
+ "content": EXCEPTION_NO_FUZZER,
+ "content_capture": EXCEPTION_NO_FUZZER,
+ "content_suggestions": EXCEPTION_NO_FUZZER,
+ "contexthub": EXCEPTION_NO_FUZZER,
+ "country_detector": EXCEPTION_NO_FUZZER,
+ "coverage": EXCEPTION_NO_FUZZER,
+ "cpuinfo": EXCEPTION_NO_FUZZER,
+ "credential": EXCEPTION_NO_FUZZER,
+ "crossprofileapps": EXCEPTION_NO_FUZZER,
+ "dataloader_manager": EXCEPTION_NO_FUZZER,
+ "dbinfo": EXCEPTION_NO_FUZZER,
+ "device_config": EXCEPTION_NO_FUZZER,
+ "device_policy": EXCEPTION_NO_FUZZER,
+ "device_identifiers": EXCEPTION_NO_FUZZER,
+ "deviceidle": EXCEPTION_NO_FUZZER,
+ "device_lock": EXCEPTION_NO_FUZZER,
+ "device_state": EXCEPTION_NO_FUZZER,
+ "devicestoragemonitor": EXCEPTION_NO_FUZZER,
+ "diskstats": EXCEPTION_NO_FUZZER,
+ "display": EXCEPTION_NO_FUZZER,
+ "dnsresolver": EXCEPTION_NO_FUZZER,
+ "domain_verification": EXCEPTION_NO_FUZZER,
+ "color_display": EXCEPTION_NO_FUZZER,
+ "netd_listener": EXCEPTION_NO_FUZZER,
+ "network_watchlist": EXCEPTION_NO_FUZZER,
+ "DockObserver": EXCEPTION_NO_FUZZER,
+ "dreams": EXCEPTION_NO_FUZZER,
+ "drm.drmManager": EXCEPTION_NO_FUZZER,
+ "dropbox": EXCEPTION_NO_FUZZER,
+ "dumpstate": EXCEPTION_NO_FUZZER,
+ "dynamic_system": EXCEPTION_NO_FUZZER,
+ "econtroller": EXCEPTION_NO_FUZZER,
+ "emergency_affordance": EXCEPTION_NO_FUZZER,
+ "euicc_card_controller": EXCEPTION_NO_FUZZER,
+ "external_vibrator_service": EXCEPTION_NO_FUZZER,
+ "ethernet": EXCEPTION_NO_FUZZER,
+ "face": EXCEPTION_NO_FUZZER,
+ "file_integrity": EXCEPTION_NO_FUZZER,
+ "fingerprint": EXCEPTION_NO_FUZZER,
+ "font": EXCEPTION_NO_FUZZER,
+ "android.hardware.fingerprint.IFingerprintDaemon": EXCEPTION_NO_FUZZER,
+ "game": EXCEPTION_NO_FUZZER,
+ "gfxinfo": EXCEPTION_NO_FUZZER,
+ "gnss_time_update_service": EXCEPTION_NO_FUZZER,
+ "graphicsstats": EXCEPTION_NO_FUZZER,
+ "gpu": EXCEPTION_NO_FUZZER,
+ "hardware": EXCEPTION_NO_FUZZER,
+ "hardware_properties": EXCEPTION_NO_FUZZER,
+ "hdmi_control": EXCEPTION_NO_FUZZER,
+ "healthconnect": EXCEPTION_NO_FUZZER,
+ "ions": EXCEPTION_NO_FUZZER,
+ "idmap": EXCEPTION_NO_FUZZER,
+ "incident": EXCEPTION_NO_FUZZER,
+ "incidentcompanion": EXCEPTION_NO_FUZZER,
+ "inputflinger": EXCEPTION_NO_FUZZER,
+ "input_method": EXCEPTION_NO_FUZZER,
+ "input": EXCEPTION_NO_FUZZER,
+ "installd": EXCEPTION_NO_FUZZER,
+ "iphonesubinfo_msim": EXCEPTION_NO_FUZZER,
+ "iphonesubinfo2": EXCEPTION_NO_FUZZER,
+ "iphonesubinfo": EXCEPTION_NO_FUZZER,
+ "ims": EXCEPTION_NO_FUZZER,
+ "imms": EXCEPTION_NO_FUZZER,
+ "incremental": EXCEPTION_NO_FUZZER,
+ "ipsec": EXCEPTION_NO_FUZZER,
+ "ircsmessage": EXCEPTION_NO_FUZZER,
+ "iris": EXCEPTION_NO_FUZZER,
+ "isms_msim": EXCEPTION_NO_FUZZER,
+ "isms2": EXCEPTION_NO_FUZZER,
+ "isms": EXCEPTION_NO_FUZZER,
+ "isub": EXCEPTION_NO_FUZZER,
+ "jobscheduler": EXCEPTION_NO_FUZZER,
+ "launcherapps": EXCEPTION_NO_FUZZER,
+ "legacy_permission": EXCEPTION_NO_FUZZER,
+ "lights": EXCEPTION_NO_FUZZER,
+ "locale": EXCEPTION_NO_FUZZER,
+ "location": EXCEPTION_NO_FUZZER,
+ "location_time_zone_manager": EXCEPTION_NO_FUZZER,
+ "lock_settings": EXCEPTION_NO_FUZZER,
+ "logcat": EXCEPTION_NO_FUZZER,
+ "logd": EXCEPTION_NO_FUZZER,
+ "looper_stats": EXCEPTION_NO_FUZZER,
+ "lpdump_service": EXCEPTION_NO_FUZZER,
+ "mdns": EXCEPTION_NO_FUZZER,
+ "media.aaudio": EXCEPTION_NO_FUZZER,
+ "media.audio_flinger": EXCEPTION_NO_FUZZER,
+ "media.audio_policy": EXCEPTION_NO_FUZZER,
+ "media.camera": EXCEPTION_NO_FUZZER,
+ "media.camera.proxy": EXCEPTION_NO_FUZZER,
+ "media.log": EXCEPTION_NO_FUZZER,
+ "media.player": EXCEPTION_NO_FUZZER,
+ "media.metrics": EXCEPTION_NO_FUZZER,
+ "media.extractor": EXCEPTION_NO_FUZZER,
+ "media.transcoding": EXCEPTION_NO_FUZZER,
+ "media.resource_manager": EXCEPTION_NO_FUZZER,
+ "media.resource_observer": EXCEPTION_NO_FUZZER,
+ "media.sound_trigger_hw": EXCEPTION_NO_FUZZER,
+ "media.drm": EXCEPTION_NO_FUZZER,
+ "media.tuner": EXCEPTION_NO_FUZZER,
+ "media_communication": EXCEPTION_NO_FUZZER,
+ "media_metrics": EXCEPTION_NO_FUZZER,
+ "media_projection": EXCEPTION_NO_FUZZER,
+ "media_resource_monitor": EXCEPTION_NO_FUZZER,
+ "media_router": EXCEPTION_NO_FUZZER,
+ "media_session": EXCEPTION_NO_FUZZER,
+ "meminfo": EXCEPTION_NO_FUZZER,
+ "memtrack.proxy": EXCEPTION_NO_FUZZER,
+ "midi": EXCEPTION_NO_FUZZER,
+ "mount": EXCEPTION_NO_FUZZER,
+ "music_recognition": EXCEPTION_NO_FUZZER,
+ "nearby": EXCEPTION_NO_FUZZER,
+ "netd": EXCEPTION_NO_FUZZER,
+ "netpolicy": EXCEPTION_NO_FUZZER,
+ "netstats": EXCEPTION_NO_FUZZER,
+ "network_stack": EXCEPTION_NO_FUZZER,
+ "network_management": EXCEPTION_NO_FUZZER,
+ "network_score": EXCEPTION_NO_FUZZER,
+ "network_time_update_service": EXCEPTION_NO_FUZZER,
+ "nfc": EXCEPTION_NO_FUZZER,
+ "notification": EXCEPTION_NO_FUZZER,
+ "oem_lock": EXCEPTION_NO_FUZZER,
+ "otadexopt": EXCEPTION_NO_FUZZER,
+ "overlay": EXCEPTION_NO_FUZZER,
+ "pac_proxy": EXCEPTION_NO_FUZZER,
+ "package": EXCEPTION_NO_FUZZER,
+ "package_native": EXCEPTION_NO_FUZZER,
+ "people": EXCEPTION_NO_FUZZER,
+ "performance_hint": EXCEPTION_NO_FUZZER,
+ "permission": EXCEPTION_NO_FUZZER,
+ "permissionmgr": EXCEPTION_NO_FUZZER,
+ "permission_checker": EXCEPTION_NO_FUZZER,
+ "persistent_data_block": EXCEPTION_NO_FUZZER,
+ "phone_msim": EXCEPTION_NO_FUZZER,
+ "phone1": EXCEPTION_NO_FUZZER,
+ "phone2": EXCEPTION_NO_FUZZER,
+ "phone": EXCEPTION_NO_FUZZER,
+ "pinner": EXCEPTION_NO_FUZZER,
+ "powerstats": EXCEPTION_NO_FUZZER,
+ "power": EXCEPTION_NO_FUZZER,
+ "print": EXCEPTION_NO_FUZZER,
+ "processinfo": EXCEPTION_NO_FUZZER,
+ "procstats": EXCEPTION_NO_FUZZER,
+ "profcollectd": EXCEPTION_NO_FUZZER,
+ "radio.phonesubinfo": EXCEPTION_NO_FUZZER,
+ "radio.phone": EXCEPTION_NO_FUZZER,
+ "radio.sms": EXCEPTION_NO_FUZZER,
+ "rcs": EXCEPTION_NO_FUZZER,
+ "reboot_readiness": EXCEPTION_NO_FUZZER,
+ "recovery": EXCEPTION_NO_FUZZER,
+ "resolver": EXCEPTION_NO_FUZZER,
+ "resources": EXCEPTION_NO_FUZZER,
+ "restrictions": EXCEPTION_NO_FUZZER,
+ "rkpd.registrar": EXCEPTION_NO_FUZZER,
+ "rkpd.refresh": EXCEPTION_NO_FUZZER,
+ "role": EXCEPTION_NO_FUZZER,
+ "rollback": EXCEPTION_NO_FUZZER,
+ "rttmanager": EXCEPTION_NO_FUZZER,
+ "runtime": EXCEPTION_NO_FUZZER,
+ "safety_center": EXCEPTION_NO_FUZZER,
+ "samplingprofiler": EXCEPTION_NO_FUZZER,
+ "scheduling_policy": EXCEPTION_NO_FUZZER,
+ "search": EXCEPTION_NO_FUZZER,
+ "search_ui": EXCEPTION_NO_FUZZER,
+ "secure_element": EXCEPTION_NO_FUZZER,
+ "sec_key_att_app_id_provider": EXCEPTION_NO_FUZZER,
+ "selection_toolbar": EXCEPTION_NO_FUZZER,
+ "sensorservice": EXCEPTION_NO_FUZZER,
+ "sensor_privacy": EXCEPTION_NO_FUZZER,
+ "serial": EXCEPTION_NO_FUZZER,
+ "servicediscovery": EXCEPTION_NO_FUZZER,
"manager": []string{"servicemanager_fuzzer"},
- "settings": []string{},
- "shortcut": []string{},
- "simphonebook_msim": []string{},
- "simphonebook2": []string{},
- "simphonebook": []string{},
- "sip": []string{},
- "slice": []string{},
- "smartspace": []string{},
- "speech_recognition": []string{},
- "stats": []string{},
- "statsbootstrap": []string{},
- "statscompanion": []string{},
- "statsmanager": []string{},
- "soundtrigger": []string{},
- "soundtrigger_middleware": []string{},
- "statusbar": []string{},
- "storaged": []string{},
- "storaged_pri": []string{},
- "storagestats": []string{},
- "sdk_sandbox": []string{},
- "SurfaceFlinger": []string{},
- "SurfaceFlingerAIDL": []string{},
- "suspend_control": []string{},
- "suspend_control_internal": []string{},
- "system_config": []string{},
- "system_server_dumper": []string{},
- "system_update": []string{},
- "tare": []string{},
- "task": []string{},
- "telecom": []string{},
- "telephony.registry": []string{},
- "telephony_ims": []string{},
- "testharness": []string{},
- "tethering": []string{},
- "textclassification": []string{},
- "textservices": []string{},
- "texttospeech": []string{},
- "time_detector": []string{},
- "time_zone_detector": []string{},
- "thermalservice": []string{},
- "tracing.proxy": []string{},
- "translation": []string{},
- "transparency": []string{},
- "trust": []string{},
- "tv_interactive_app": []string{},
- "tv_input": []string{},
- "tv_tuner_resource_mgr": []string{},
- "uce": []string{},
- "uimode": []string{},
- "updatelock": []string{},
- "uri_grants": []string{},
- "usagestats": []string{},
- "usb": []string{},
- "user": []string{},
- "uwb": []string{},
- "vcn_management": []string{},
- "vibrator": []string{},
- "vibrator_manager": []string{},
- "virtualdevice": []string{},
- "virtual_touchpad": []string{},
- "voiceinteraction": []string{},
- "vold": []string{},
- "vpn_management": []string{},
- "vrmanager": []string{},
- "wallpaper": []string{},
- "wallpaper_effects_generation": []string{},
- "webviewupdate": []string{},
- "wifip2p": []string{},
- "wifiscanner": []string{},
- "wifi": []string{},
- "wifinl80211": []string{},
- "wifiaware": []string{},
- "wifirtt": []string{},
- "window": []string{},
- "*": []string{},
+ "settings": EXCEPTION_NO_FUZZER,
+ "shortcut": EXCEPTION_NO_FUZZER,
+ "simphonebook_msim": EXCEPTION_NO_FUZZER,
+ "simphonebook2": EXCEPTION_NO_FUZZER,
+ "simphonebook": EXCEPTION_NO_FUZZER,
+ "sip": EXCEPTION_NO_FUZZER,
+ "slice": EXCEPTION_NO_FUZZER,
+ "smartspace": EXCEPTION_NO_FUZZER,
+ "speech_recognition": EXCEPTION_NO_FUZZER,
+ "stats": EXCEPTION_NO_FUZZER,
+ "statsbootstrap": EXCEPTION_NO_FUZZER,
+ "statscompanion": EXCEPTION_NO_FUZZER,
+ "statsmanager": EXCEPTION_NO_FUZZER,
+ "soundtrigger": EXCEPTION_NO_FUZZER,
+ "soundtrigger_middleware": EXCEPTION_NO_FUZZER,
+ "statusbar": EXCEPTION_NO_FUZZER,
+ "storaged": EXCEPTION_NO_FUZZER,
+ "storaged_pri": EXCEPTION_NO_FUZZER,
+ "storagestats": EXCEPTION_NO_FUZZER,
+ "sdk_sandbox": EXCEPTION_NO_FUZZER,
+ "SurfaceFlinger": EXCEPTION_NO_FUZZER,
+ "SurfaceFlingerAIDL": EXCEPTION_NO_FUZZER,
+ "suspend_control": EXCEPTION_NO_FUZZER,
+ "suspend_control_internal": EXCEPTION_NO_FUZZER,
+ "system_config": EXCEPTION_NO_FUZZER,
+ "system_server_dumper": EXCEPTION_NO_FUZZER,
+ "system_update": EXCEPTION_NO_FUZZER,
+ "tare": EXCEPTION_NO_FUZZER,
+ "task": EXCEPTION_NO_FUZZER,
+ "telecom": EXCEPTION_NO_FUZZER,
+ "telephony.registry": EXCEPTION_NO_FUZZER,
+ "telephony_ims": EXCEPTION_NO_FUZZER,
+ "testharness": EXCEPTION_NO_FUZZER,
+ "tethering": EXCEPTION_NO_FUZZER,
+ "textclassification": EXCEPTION_NO_FUZZER,
+ "textservices": EXCEPTION_NO_FUZZER,
+ "texttospeech": EXCEPTION_NO_FUZZER,
+ "time_detector": EXCEPTION_NO_FUZZER,
+ "time_zone_detector": EXCEPTION_NO_FUZZER,
+ "thermalservice": EXCEPTION_NO_FUZZER,
+ "tracing.proxy": EXCEPTION_NO_FUZZER,
+ "translation": EXCEPTION_NO_FUZZER,
+ "transparency": EXCEPTION_NO_FUZZER,
+ "trust": EXCEPTION_NO_FUZZER,
+ "tv_interactive_app": EXCEPTION_NO_FUZZER,
+ "tv_input": EXCEPTION_NO_FUZZER,
+ "tv_tuner_resource_mgr": EXCEPTION_NO_FUZZER,
+ "uce": EXCEPTION_NO_FUZZER,
+ "uimode": EXCEPTION_NO_FUZZER,
+ "updatelock": EXCEPTION_NO_FUZZER,
+ "uri_grants": EXCEPTION_NO_FUZZER,
+ "usagestats": EXCEPTION_NO_FUZZER,
+ "usb": EXCEPTION_NO_FUZZER,
+ "user": EXCEPTION_NO_FUZZER,
+ "uwb": EXCEPTION_NO_FUZZER,
+ "vcn_management": EXCEPTION_NO_FUZZER,
+ "vibrator": EXCEPTION_NO_FUZZER,
+ "vibrator_manager": EXCEPTION_NO_FUZZER,
+ "virtualdevice": EXCEPTION_NO_FUZZER,
+ "virtual_touchpad": EXCEPTION_NO_FUZZER,
+ "voiceinteraction": EXCEPTION_NO_FUZZER,
+ "vold": EXCEPTION_NO_FUZZER,
+ "vpn_management": EXCEPTION_NO_FUZZER,
+ "vrmanager": EXCEPTION_NO_FUZZER,
+ "wallpaper": EXCEPTION_NO_FUZZER,
+ "wallpaper_effects_generation": EXCEPTION_NO_FUZZER,
+ "webviewupdate": EXCEPTION_NO_FUZZER,
+ "wifip2p": EXCEPTION_NO_FUZZER,
+ "wifiscanner": EXCEPTION_NO_FUZZER,
+ "wifi": EXCEPTION_NO_FUZZER,
+ "wifinl80211": EXCEPTION_NO_FUZZER,
+ "wifiaware": EXCEPTION_NO_FUZZER,
+ "wifirtt": EXCEPTION_NO_FUZZER,
+ "window": EXCEPTION_NO_FUZZER,
+ "*": EXCEPTION_NO_FUZZER,
}
)
diff --git a/private/app.te b/private/app.te
index 005a078..ae8b206 100644
--- a/private/app.te
+++ b/private/app.te
@@ -52,6 +52,12 @@
get_prop(appdomain, device_config_runtime_native_prop)
get_prop(appdomain, device_config_runtime_native_boot_prop)
+# Allow to read ro.vendor.camera.extensions.enabled
+get_prop(appdomain, camera2_extensions_prop)
+
+# Allow to ro.camerax.extensions.enabled
+get_prop(appdomain, camerax_extensions_prop)
+
userdebug_or_eng(`perfetto_producer({ appdomain })')
# Prevent apps from causing presubmit failures.
diff --git a/private/compat/33.0/33.0.ignore.cil b/private/compat/33.0/33.0.ignore.cil
index a5d5f98..444c89c 100644
--- a/private/compat/33.0/33.0.ignore.cil
+++ b/private/compat/33.0/33.0.ignore.cil
@@ -22,6 +22,7 @@
hal_wifi_service
healthconnect_service
keystore_config_prop
+ ntfs
permissive_mte_prop
prng_seeder
servicemanager_prop
@@ -34,4 +35,5 @@
hal_gatekeeper_service
hal_broadcastradio_service
hal_confirmationui_service
+ hal_fastboot_service
))
diff --git a/private/crosvm.te b/private/crosvm.te
index 5971b91..9c45131 100644
--- a/private/crosvm.te
+++ b/private/crosvm.te
@@ -10,9 +10,6 @@
neverallow { domain -crosvm -ueventd } kvm_device:chr_file ~getattr;
neverallowxperm { domain -crosvm } kvm_device:chr_file ioctl ~{ KVM_CHECK_EXTENSION };
-# Let crosvm mlock VM memory and page tables.
-allow crosvm self:capability ipc_lock;
-
# Let crosvm create temporary files.
tmpfs_domain(crosvm)
diff --git a/private/fastbootd.te b/private/fastbootd.te
index c33e044..d93ee42 100644
--- a/private/fastbootd.te
+++ b/private/fastbootd.te
@@ -45,6 +45,9 @@
# Needed for reading boot properties.
allow fastbootd proc_bootconfig:file r_file_perms;
+ # Let this domain use the hal fastboot service
+ binder_use(fastbootd)
+ hal_client_domain(fastbootd, hal_fastboot)
')
# io_uring_setup needs ipc_lock and permission to operate anon inodes
diff --git a/private/file_contexts b/private/file_contexts
index 4deecf7..72fae62 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -230,6 +230,7 @@
/system/bin/extra_free_kbytes\.sh u:object_r:extra_free_kbytes_exec:s0
/system/bin/fsck\.exfat -- u:object_r:fsck_exec:s0
/system/bin/fsck\.f2fs -- u:object_r:fsck_exec:s0
+/system/bin/ntfsfix -- u:object_r:fsck_exec:s0
/system/bin/init u:object_r:init_exec:s0
# TODO(/123600489): merge mini-keyctl into toybox
/system/bin/mini-keyctl -- u:object_r:toolbox_exec:s0
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 6578470..29d8561 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -385,6 +385,7 @@
genfscon vfat / u:object_r:vfat:s0
genfscon binder / u:object_r:binderfs:s0
genfscon exfat / u:object_r:exfat:s0
+genfscon ntfs / u:object_r:ntfs:s0
genfscon debugfs / u:object_r:debugfs:s0
genfscon fuse / u:object_r:fuse:s0
genfscon configfs / u:object_r:configfs:s0
diff --git a/private/init.te b/private/init.te
index f03a138..2fd2940 100644
--- a/private/init.te
+++ b/private/init.te
@@ -14,6 +14,7 @@
domain_trans(init, rootfs, hal_bootctl_server)
domain_trans(init, rootfs, charger)
domain_trans(init, rootfs, fastbootd)
+ domain_trans(init, rootfs, hal_fastboot_server)
domain_trans(init, rootfs, hal_health_server)
domain_trans(init, rootfs, recovery)
domain_trans(init, rootfs, linkerconfig)
diff --git a/private/service_contexts b/private/service_contexts
index 2b9e88f..f2023f3 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -24,6 +24,7 @@
android.hardware.drm.IDrmFactory/clearkey u:object_r:hal_drm_service:s0
android.hardware.drm.ICryptoFactory/clearkey u:object_r:hal_drm_service:s0
android.hardware.dumpstate.IDumpstateDevice/default u:object_r:hal_dumpstate_service:s0
+android.hardware.fastboot.IFastboot/default u:object_r:hal_fastboot_service:s0
android.hardware.gnss.IGnss/default u:object_r:hal_gnss_service:s0
android.hardware.graphics.allocator.IAllocator/default u:object_r:hal_graphics_allocator_service:s0
android.hardware.graphics.composer3.IComposer/default u:object_r:hal_graphics_composer_service:s0
diff --git a/private/shell.te b/private/shell.te
index c20e612..6a7c629 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -121,6 +121,9 @@
allow shell profcollectd:binder call;
')
+# Allow shell to run remount command.
+allow shell remount_exec:file rx_file_perms;
+
# Allow shell to call perf_event_open for profiling other shell processes, but
# not the whole system.
allow shell self:perf_event { open read write kernel };
diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index dbb5507..26c781b 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@@ -132,6 +132,9 @@
# Allow to use files supplied by hal_evs
allow surfaceflinger hal_evs:fd use;
+# Allow to use release fence fds supplied by hal_camera
+allow surfaceflinger hal_camera:fd use;
+
# Allow pushing jank event atoms to statsd
userdebug_or_eng(`
unix_socket_send(surfaceflinger, statsdw, statsd)
diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
index 3e057fe..f41e7cc 100644
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te
@@ -22,6 +22,9 @@
# When virtualizationservice execs a file with the crosvm_exec label, run it in the crosvm domain.
domain_auto_trans(virtualizationservice, crosvm_exec, crosvm)
+# Let virtualizationservice (and specifically its children) mlock VM memory and page tables.
+allow virtualizationservice self:capability sys_resource;
+
# Let virtualizationservice kill crosvm.
allow virtualizationservice crosvm:process sigkill;
diff --git a/public/app.te b/public/app.te
index de3d0ca..9ce0255 100644
--- a/public/app.te
+++ b/public/app.te
@@ -233,9 +233,3 @@
{ open read write append execute execute_no_trans map };
neverallow appdomain system_bootstrap_lib_file:dir
{ open read getattr search };
-
-# Allow to read ro.vendor.camera.extensions.enabled
-get_prop(appdomain, camera2_extensions_prop)
-
-# Allow to ro.camerax.extensions.enabled
-get_prop(appdomain, camerax_extensions_prop)
diff --git a/public/attributes b/public/attributes
index 121adc0..ae610e6 100644
--- a/public/attributes
+++ b/public/attributes
@@ -338,6 +338,7 @@
hal_attribute(dumpstate);
hal_attribute(evs);
hal_attribute(face);
+hal_attribute(fastboot);
hal_attribute(fingerprint);
hal_attribute(gatekeeper);
hal_attribute(gnss);
diff --git a/public/dumpstate.te b/public/dumpstate.te
index 0864ee0..2a3c19c 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -75,6 +75,7 @@
vold
# This list comes from hal_interfaces_to_dump in dumputils/dump_utils.c
+ evsmanagerd
hal_audio_server
hal_audiocontrol_server
hal_bluetooth_server
diff --git a/public/fastbootd.te b/public/fastbootd.te
index 68cb9e0..8452b97 100644
--- a/public/fastbootd.te
+++ b/public/fastbootd.te
@@ -13,6 +13,7 @@
# fastbootd can use AIDL HALs in binder mode
binder_use(fastbootd)
hal_client_domain(fastbootd, hal_health)
+ hal_client_domain(fastbootd, hal_fastboot)
# Access /dev/usb-ffs/fastbootd/ep0
allow fastbootd functionfs:dir search;
diff --git a/public/file.te b/public/file.te
index eb55210..8d33a9d 100644
--- a/public/file.te
+++ b/public/file.te
@@ -157,6 +157,7 @@
type sdcardfs, sdcard_type, fs_type, mlstrustedobject;
type vfat, sdcard_type, fs_type, mlstrustedobject;
type exfat, sdcard_type, fs_type, mlstrustedobject;
+type ntfs, sdcard_type, fs_type, mlstrustedobject;
type debugfs, fs_type, debugfs_type;
type debugfs_kprobes, fs_type, debugfs_type;
type debugfs_mmc, fs_type, debugfs_type;
diff --git a/public/hal_configstore.te b/public/hal_configstore.te
index 886286e..7d4d150 100644
--- a/public/hal_configstore.te
+++ b/public/hal_configstore.te
@@ -49,11 +49,11 @@
# Should never need sdcard access
neverallow hal_configstore_server {
sdcard_type
- fuse sdcardfs vfat exfat # manual expansion for completeness
+ fuse sdcardfs vfat exfat ntfs # manual expansion for completeness
}:dir ~getattr;
neverallow hal_configstore_server {
sdcard_type
- fuse sdcardfs vfat exfat # manual expansion for completeness
+ fuse sdcardfs vfat exfat ntfs # manual expansion for completeness
}:file *;
# Do not permit access to service_manager and vndservice_manager
diff --git a/public/hal_fastboot.te b/public/hal_fastboot.te
new file mode 100644
index 0000000..7aecac1
--- /dev/null
+++ b/public/hal_fastboot.te
@@ -0,0 +1,7 @@
+# allow binder connection from client to server
+binder_call(hal_fastboot_client, hal_fastboot_server)
+# allow client to find the service, allow server to register the service
+hal_attribute_service(hal_fastboot, hal_fastboot_service)
+# allow binder communication from server to service_manager
+binder_call(hal_fastboot_server, servicemanager)
+
diff --git a/public/hal_keymint.te b/public/hal_keymint.te
index 9c65e22..ba29956 100644
--- a/public/hal_keymint.te
+++ b/public/hal_keymint.te
@@ -4,5 +4,5 @@
hal_attribute_service(hal_keymint, hal_remotelyprovisionedcomponent_service)
binder_call(hal_keymint_server, servicemanager)
-allow hal_keymint tee_device:chr_file rw_file_perms;
-allow hal_keymint ion_device:chr_file r_file_perms;
+allow hal_keymint_server tee_device:chr_file rw_file_perms;
+allow hal_keymint_server ion_device:chr_file r_file_perms;
diff --git a/public/service.te b/public/service.te
index db7c298..8c8a430 100644
--- a/public/service.te
+++ b/public/service.te
@@ -281,6 +281,7 @@
type hal_dumpstate_service, protected_service, hal_service_type, service_manager_type;
type hal_evs_service, protected_service, hal_service_type, service_manager_type;
type hal_face_service, protected_service, hal_service_type, service_manager_type;
+type hal_fastboot_service, protected_service, hal_service_type, service_manager_type;
type hal_fingerprint_service, protected_service, hal_service_type, service_manager_type;
type hal_gnss_service, protected_service, hal_service_type, service_manager_type;
type hal_graphics_allocator_service, hal_service_type, service_manager_type;
diff --git a/vendor/hal_fastboot_default.te b/vendor/hal_fastboot_default.te
new file mode 100644
index 0000000..4a52642
--- /dev/null
+++ b/vendor/hal_fastboot_default.te
@@ -0,0 +1,6 @@
+type hal_fastboot_default, domain;
+
+hal_server_domain(hal_fastboot_default, hal_fastboot)
+
+type hal_fastboot_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_fastboot_default)