Merge "Add a few permissions required by fastbootd"
diff --git a/Android.mk b/Android.mk
index 9900bfb..bb69f06 100644
--- a/Android.mk
+++ b/Android.mk
@@ -247,11 +247,6 @@
LOCAL_REQUIRED_MODULES += \
precompiled_sepolicy \
precompiled_sepolicy.plat_and_mapping.sha256 \
- vendor_file_contexts \
- vendor_mac_permissions.xml \
- vendor_property_contexts \
- vendor_seapp_contexts \
- vendor_hwservice_contexts \
endif # ($(PRODUCT_PRECOMPILED_SEPOLICY),false)
diff --git a/apex/com.android.runtime.debug-file_contexts b/apex/com.android.runtime.debug-file_contexts
index 98948d2..35ef891 100644
--- a/apex/com.android.runtime.debug-file_contexts
+++ b/apex/com.android.runtime.debug-file_contexts
@@ -6,3 +6,4 @@
/bin/dexoptanalyzer(d)? u:object_r:dexoptanalyzer_exec:s0
/bin/profman(d)? u:object_r:profman_exec:s0
/lib(64)?(/.*)? u:object_r:system_lib_file:s0
+/etc/tz(/.*)? u:object_r:system_zoneinfo_file:s0
diff --git a/apex/com.android.runtime.release-file_contexts b/apex/com.android.runtime.release-file_contexts
index 08688fb..207704d 100644
--- a/apex/com.android.runtime.release-file_contexts
+++ b/apex/com.android.runtime.release-file_contexts
@@ -6,3 +6,4 @@
/bin/dexoptanalyzer u:object_r:dexoptanalyzer_exec:s0
/bin/profman u:object_r:profman_exec:s0
/lib(64)?(/.*)? u:object_r:system_lib_file:s0
+/etc/tz(/.*)? u:object_r:system_zoneinfo_file:s0
diff --git a/private/apexd.te b/private/apexd.te
index 61e099b..7a1e4e2 100644
--- a/private/apexd.te
+++ b/private/apexd.te
@@ -40,6 +40,11 @@
# allow apexd to create symlinks in /apex
allow apexd apex_mnt_dir:lnk_file create_file_perms;
+# allow apexd to relabel apk_tmp_file to apex_data_file.
+# TODO(b/112669193) remove this when APEXes are staged via file descriptor
+allow apexd apk_tmp_file:file relabelfrom;
+allow apexd apex_data_file:file relabelto;
+
# Unmount and mount filesystems
allow apexd labeledfs:filesystem { mount unmount };
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 7936147..7e14dd4 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -19,7 +19,8 @@
# Too much leaky information in debugfs. It's a security
# best practice to ensure these files aren't readable.
-neverallow all_untrusted_apps debugfs_type:file read;
+neverallow all_untrusted_apps { debugfs_type -debugfs_kcov }:file read;
+neverallow {all_untrusted_apps userdebug_or_eng(`-domain')} debugfs_type:file read;
# Do not allow untrusted apps to register services.
# Only trusted components of Android should be registering
@@ -262,6 +263,7 @@
hal_nfc_hwservice
hal_oemlock_hwservice
hal_power_hwservice
+ hal_power_stats_hwservice
hal_secure_element_hwservice
hal_sensors_hwservice
hal_telephony_hwservice
diff --git a/private/bufferhubd.te b/private/bufferhubd.te
index 31328ac..012eb20 100644
--- a/private/bufferhubd.te
+++ b/private/bufferhubd.te
@@ -1,7 +1,3 @@
typeattribute bufferhubd coredomain;
init_daemon_domain(bufferhubd)
-
-# Permission for create binder service "bufferhubd"
-binder_use(bufferhubd);
-add_service(bufferhubd, buffer_hub_service);
diff --git a/private/bug_map b/private/bug_map
index becbd97..9747704 100644
--- a/private/bug_map
+++ b/private/bug_map
@@ -12,6 +12,7 @@
init shell_data_file sock_file 77873135
init system_data_file chr_file 77873135
isolated_app privapp_data_file dir 119596573
+isolated_app app_data_file dir 120394782
mediaextractor app_data_file file 77923736
mediaextractor radio_data_file file 77923736
mediaprovider cache_file blk_file 77925342
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 5ba2adf..d3a6982 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -133,6 +133,7 @@
property_info
recovery_socket
role_service
+ runtime_service
secure_element
secure_element_device
secure_element_tmpfs
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 38d7d03..764a9ea 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -120,6 +120,7 @@
property_info
recovery_socket
role_service
+ runtime_service
secure_element
secure_element_device
secure_element_service
diff --git a/private/compat/28.0/28.0.cil b/private/compat/28.0/28.0.cil
index d3019ec..323fb0a 100644
--- a/private/compat/28.0/28.0.cil
+++ b/private/compat/28.0/28.0.cil
@@ -1,4 +1,5 @@
;; types removed from current policy
+(type alarm_device)
(type audio_seq_device)
(type audio_timer_device)
(type commontime_management_service)
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index cf72e37..eb58828 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -8,6 +8,7 @@
activity_task_service
adb_service
app_binding_service
+ app_prediction_service
apex_data_file
apex_mnt_dir
apex_key_file
@@ -20,9 +21,11 @@
cpu_variant_prop
dev_cpu_variant
device_config_boot_count_prop
- device_config_reset_performed_prop
device_config_flags_health_check_prop
+ device_config_reset_performed_prop
+ device_config_service
face_service
+ face_vendor_data_file
fastbootd
flags_health_check
flags_health_check_exec
@@ -31,6 +34,7 @@
color_display_service
hal_atrace_hwservice
hal_health_storage_hwservice
+ hal_power_stats_hwservice
hal_system_suspend_default
hal_system_suspend_default_exec
hal_system_suspend_default_tmpfs
@@ -41,6 +45,7 @@
idmap_service
intelligence_service
iris_service
+ iris_vendor_data_file
llkd
llkd_exec
llkd_prop
@@ -58,6 +63,7 @@
overlayfs_file
recovery_socket
role_service
+ runtime_service
super_block_device
system_lmk_prop
system_suspend_hwservice
diff --git a/private/coredomain.te b/private/coredomain.te
index 78ffb27..04f7a46 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te
@@ -169,13 +169,12 @@
}{ usbfs binfmt_miscfs }:file no_rw_file_perms;
')
-# Audit coredomain access to /dev nodes that might no longer be needed after
-# Treble.
-userdebug_or_eng(`
- auditallow coredomain {
- audio_device
- iio_device
- radio_device
- tee_device
- }:chr_file { open read append write ioctl };
-')
+# Following /dev nodes must not be directly accessed by coredomain, but should
+# instead be wrapped by HALs.
+neverallow coredomain {
+ iio_device
+ radio_device
+ # TODO(b/120243891): HAL permission to tee_device is included into coredomain
+ # on non-Treble devices.
+ full_treble_only(`tee_device')
+}:chr_file { open read append write ioctl };
diff --git a/private/dumpstate.te b/private/dumpstate.te
index 293998d..4f3dda6 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -22,6 +22,9 @@
allow dumpstate wm_trace_data_file:file r_file_perms;
')
+# Allow dumpstate to make binder calls to incidentd
+binder_call(dumpstate, incidentd)
+
# Allow dumpstate to make binder calls to storaged service
binder_call(dumpstate, storaged)
@@ -31,6 +34,9 @@
# Allow dumpstate to talk to gpuservice over binder
binder_call(dumpstate, gpuservice);
+# Allow dumpstate to talk to idmap over binder
+binder_call(dumpstate, idmap);
+
# Collect metrics on boot time created by init
get_prop(dumpstate, boottime_prop)
diff --git a/private/file.te b/private/file.te
index 8d18a90..fd1c2ee 100644
--- a/private/file.te
+++ b/private/file.te
@@ -9,3 +9,7 @@
# /data/misc/perfetto-traces for perfetto traces
type perfetto_traces_data_file, file_type, data_file_type, core_data_file_type;
+
+# /sys/kernel/debug/kcov for coverage guided kernel fuzzing in userdebug builds.
+type debugfs_kcov, fs_type, debugfs_type;
+
diff --git a/private/file_contexts b/private/file_contexts
index acd5df9..abef72b 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -71,7 +71,6 @@
/dev/adf[0-9]* u:object_r:graphics_device:s0
/dev/adf-interface[0-9]*\.[0-9]* u:object_r:graphics_device:s0
/dev/adf-overlay-engine[0-9]*\.[0-9]* u:object_r:graphics_device:s0
-/dev/alarm u:object_r:alarm_device:s0
/dev/ashmem u:object_r:ashmem_device:s0
/dev/audio.* u:object_r:audio_device:s0
/dev/binder u:object_r:binder_device:s0
@@ -484,6 +483,12 @@
# Fingerprint vendor data file
/data/vendor_de/[0-9]+/fpdata(/.*)? u:object_r:fingerprint_vendor_data_file:s0
+# Face vendor data file
+/data/vendor_de/[0-9]+/facedata(/.*)? u:object_r:face_vendor_data_file:s0
+
+# Iris vendor data file
+/data/vendor_de/[0-9]+/irisdata(/.*)? u:object_r:iris_vendor_data_file:s0
+
# Bootchart data
/data/bootchart(/.*)? u:object_r:bootchart_data_file:s0
diff --git a/private/genfs_contexts b/private/genfs_contexts
index f87c086..5f7a042 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -150,11 +150,6 @@
genfscon tracefs /trace_marker u:object_r:debugfs_trace_marker:s0
genfscon debugfs /wakeup_sources u:object_r:debugfs_wakeup_sources:s0
-genfscon debugfs /tracing/events/workqueue/ u:object_r:debugfs_tracing_debug:s0
-genfscon debugfs /tracing/events/regulator/ u:object_r:debugfs_tracing_debug:s0
-genfscon debugfs /tracing/events/pagecache/ u:object_r:debugfs_tracing_debug:s0
-genfscon debugfs /tracing/events/irq/ u:object_r:debugfs_tracing_debug:s0
-genfscon debugfs /tracing/events/ipi/ u:object_r:debugfs_tracing_debug:s0
genfscon debugfs /tracing/events/header_page u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/f2fs/f2fs_get_data_block/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/f2fs/f2fs_iget/ u:object_r:debugfs_tracing:s0
@@ -172,11 +167,6 @@
genfscon debugfs /tracing/events/block/block_rq_issue/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/block/block_rq_complete/ u:object_r:debugfs_tracing:s0
-genfscon tracefs /events/workqueue/ u:object_r:debugfs_tracing_debug:s0
-genfscon tracefs /events/regulator/ u:object_r:debugfs_tracing_debug:s0
-genfscon tracefs /events/pagecache/ u:object_r:debugfs_tracing_debug:s0
-genfscon tracefs /events/irq/ u:object_r:debugfs_tracing_debug:s0
-genfscon tracefs /events/ipi/ u:object_r:debugfs_tracing_debug:s0
genfscon tracefs /events/header_page u:object_r:debugfs_tracing:s0
genfscon tracefs /events/f2fs/f2fs_get_data_block/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/f2fs/f2fs_iget/ u:object_r:debugfs_tracing:s0
@@ -252,6 +242,9 @@
genfscon debugfs /tracing/events/sync/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/fence/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /kcov u:object_r:debugfs_kcov:s0
+
+
genfscon inotifyfs / u:object_r:inotify:s0
genfscon vfat / u:object_r:vfat:s0
genfscon exfat / u:object_r:exfat:s0
diff --git a/private/heapprofd.te b/private/heapprofd.te
index 30ad7f1..b7013d7 100644
--- a/private/heapprofd.te
+++ b/private/heapprofd.te
@@ -13,10 +13,10 @@
# Executables and libraries.
# These are needed to read the ELF binary data needed for unwinding.
- allow heapprofd system_file:file r_file_perms;
- allow heapprofd apk_data_file:file r_file_perms;
- allow heapprofd dalvikcache_data_file:file r_file_perms;
- allow heapprofd vendor_file_type:file r_file_perms;
+ r_dir_file(heapprofd, system_file_type)
+ r_dir_file(heapprofd, apk_data_file)
+ r_dir_file(heapprofd, dalvikcache_data_file)
+ r_dir_file(heapprofd, vendor_file_type)
')
# Write trace data to the Perfetto traced damon. This requires connecting to its
diff --git a/private/hwservice_contexts b/private/hwservice_contexts
index 035d240..f64eccd 100644
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts
@@ -37,11 +37,13 @@
android.hardware.lowpan::ILowpanDevice u:object_r:hal_lowpan_hwservice:s0
android.hardware.media.omx::IOmx u:object_r:hal_omx_hwservice:s0
android.hardware.media.omx::IOmxStore u:object_r:hal_omx_hwservice:s0
+android.hardware.media.c2::IComponentStore u:object_r:hal_codec2_hwservice:s0
android.hardware.memtrack::IMemtrack u:object_r:hal_memtrack_hwservice:s0
android.hardware.neuralnetworks::IDevice u:object_r:hal_neuralnetworks_hwservice:s0
android.hardware.nfc::INfc u:object_r:hal_nfc_hwservice:s0
android.hardware.oemlock::IOemLock u:object_r:hal_oemlock_hwservice:s0
android.hardware.power::IPower u:object_r:hal_power_hwservice:s0
+android.hardware.power.stats::IPowerStats u:object_r:hal_power_stats_hwservice:s0
android.hardware.radio.config::IRadioConfig u:object_r:hal_telephony_hwservice:s0
android.hardware.radio.deprecated::IOemHook u:object_r:hal_telephony_hwservice:s0
android.hardware.radio::IRadio u:object_r:hal_telephony_hwservice:s0
diff --git a/private/incident_helper.te b/private/incident_helper.te
index 078aa24..b453855 100644
--- a/private/incident_helper.te
+++ b/private/incident_helper.te
@@ -6,8 +6,8 @@
domain_auto_trans(incidentd, incident_helper_exec, incident_helper)
# use pipe to transmit data from/to incidentd/incident_helper for parsing
-allow incident_helper { shell incident incidentd }:fd use;
-allow incident_helper { shell incident incidentd }:fifo_file { getattr read write };
+allow incident_helper { shell incident incidentd dumpstate }:fd use;
+allow incident_helper { shell incident incidentd dumpstate }:fifo_file { getattr read write };
allow incident_helper incidentd:unix_stream_socket { read write };
# only allow incidentd and shell to call incident_helper
diff --git a/private/incidentd.te b/private/incidentd.te
index 4e80bdd..ad6fbf3 100644
--- a/private/incidentd.te
+++ b/private/incidentd.te
@@ -134,9 +134,9 @@
# Only incidentd can publish the binder service
add_service(incidentd, incident_service)
-# Allow pipes from (and only from) incident
-allow incidentd incident:fd use;
-allow incidentd incident:fifo_file write;
+# Allow pipes only from dumpstate and incident
+allow incidentd { dumpstate incident }:fd use;
+allow incidentd { dumpstate incident }:fifo_file write;
# Allow incident to call back to incident with status updates.
binder_call(incidentd, incident)
@@ -145,9 +145,10 @@
### neverallow rules
###
-# only system_server, system_app and incident command can find the incident service
+# only dumpstate, system_server, system_app and incident command can find the incident service
neverallow {
domain
+ -dumpstate
-incident
-incidentd
-statsd
diff --git a/private/service.te b/private/service.te
index 660bc1e..3fec882 100644
--- a/private/service.te
+++ b/private/service.te
@@ -1,3 +1,2 @@
-type buffer_hub_service, service_manager_type;
type stats_service, service_manager_type;
type statscompanion_service, system_server_service, service_manager_type;
diff --git a/private/service_contexts b/private/service_contexts
index 0089f6f..49087c8 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -8,6 +8,7 @@
android.security.keystore u:object_r:keystore_service:s0
android.service.gatekeeper.IGateKeeperService u:object_r:gatekeeper_service:s0
app_binding u:object_r:app_binding_service:s0
+app_prediction u:object_r:app_prediction_service:s0
apexservice u:object_r:apex_service:s0
appops u:object_r:appops_service:s0
appwidget u:object_r:appwidget_service:s0
@@ -23,7 +24,6 @@
bluetooth_manager u:object_r:bluetooth_manager_service:s0
bluetooth u:object_r:bluetooth_service:s0
broadcastradio u:object_r:broadcastradio_service:s0
-bufferhubd u:object_r:buffer_hub_service:s0
carrier_config u:object_r:radio_service:s0
clipboard u:object_r:clipboard_service:s0
com.android.net.IProxyService u:object_r:IProxyService_service:s0
@@ -38,6 +38,7 @@
cpuinfo u:object_r:cpuinfo_service:s0
crossprofileapps u:object_r:crossprofileapps_service:s0
dbinfo u:object_r:dbinfo_service:s0
+device_config u:object_r:device_config_service:s0
device_policy u:object_r:device_policy_service:s0
device_identifiers u:object_r:device_identifiers_service:s0
deviceidle u:object_r:deviceidle_service:s0
@@ -145,6 +146,7 @@
restrictions u:object_r:restrictions_service:s0
role u:object_r:role_service:s0
rttmanager u:object_r:rttmanager_service:s0
+runtime u:object_r:runtime_service:s0
samplingprofiler u:object_r:samplingprofiler_service:s0
scheduling_policy u:object_r:scheduling_policy_service:s0
search u:object_r:search_service:s0
diff --git a/private/shell.te b/private/shell.te
index 885714d..8867112 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -52,9 +52,6 @@
allow shell perfetto_traces_data_file:dir rw_dir_perms;
allow shell perfetto_traces_data_file:file r_file_perms;
-# Allow shell-based "dumpsys" to call into bufferhubd.
-binder_call(shell, bufferhubd);
-
# Allow shell to run adb shell cmd gpu commands.
binder_call(shell, gpuservice);
diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index c50faef..36e784f 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@@ -71,10 +71,6 @@
binder_call(surfaceflinger, shell)
r_dir_file(surfaceflinger, dumpstate)
-# Needed on some devices for playing DRM protected content,
-# but seems expected and appropriate for all devices.
-allow surfaceflinger tee_device:chr_file rw_file_perms;
-
# media.player service
# do not use add_service() as hal_graphics_composer_default may be the
diff --git a/private/system_server.te b/private/system_server.te
index 4cf8ae0..ed864f5 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -186,6 +186,7 @@
binder_call(system_server, idmap)
binder_call(system_server, installd)
binder_call(system_server, incidentd)
+binder_call(system_server, iorapd)
binder_call(system_server, netd)
binder_call(system_server, statsd)
binder_call(system_server, storaged)
@@ -215,6 +216,7 @@
hal_client_domain(system_server, hal_oemlock)
hal_client_domain(system_server, hal_omx)
hal_client_domain(system_server, hal_power)
+hal_client_domain(system_server, hal_power_stats)
hal_client_domain(system_server, hal_sensors)
hal_client_domain(system_server, hal_system_suspend)
hal_client_domain(system_server, hal_tetheroffload)
@@ -324,12 +326,9 @@
# Access devices.
allow system_server device:dir r_dir_perms;
allow system_server mdns_socket:sock_file rw_file_perms;
-allow system_server alarm_device:chr_file rw_file_perms;
allow system_server gpu_device:chr_file rw_file_perms;
-allow system_server iio_device:chr_file rw_file_perms;
allow system_server input_device:dir r_dir_perms;
allow system_server input_device:chr_file rw_file_perms;
-allow system_server radio_device:chr_file r_file_perms;
allow system_server tty_device:chr_file rw_file_perms;
allow system_server usbaccessory_device:chr_file rw_file_perms;
allow system_server video_device:dir r_dir_perms;
@@ -338,7 +337,7 @@
allow system_server rtc_device:chr_file rw_file_perms;
allow system_server audio_device:dir r_dir_perms;
-# write access needed for MIDI
+# write access to ALSA interfaces (/dev/snd/*) needed for MIDI
allow system_server audio_device:chr_file rw_file_perms;
# tun device used for 3rd party vpn apps
@@ -678,6 +677,7 @@
allow system_server idmap_service:service_manager find;
allow system_server incident_service:service_manager find;
allow system_server installd_service:service_manager find;
+allow system_server iorapd_service:service_manager find;
allow system_server keystore_service:service_manager find;
allow system_server mediaserver_service:service_manager find;
allow system_server mediametrics_service:service_manager find;
diff --git a/private/traced_probes.te b/private/traced_probes.te
index f84d698..ad6611c 100644
--- a/private/traced_probes.te
+++ b/private/traced_probes.te
@@ -18,6 +18,7 @@
# TODO(primiano): temporarily I/O tracing categories are still
# userdebug only until we nail down the blacklist/whitelist.
userdebug_or_eng(`
+allow traced_probes debugfs_tracing_debug:dir r_dir_perms;
allow traced_probes debugfs_tracing_debug:file rw_file_perms;
')
@@ -65,6 +66,10 @@
proc_stat
}:file r_file_perms;
+
+# Allow access to the IHealth HAL service for tracing battery counters.
+hal_client_domain(traced_probes, hal_health)
+
###
### Neverallow rules
###
diff --git a/private/traceur_app.te b/private/traceur_app.te
index a3c435c..94841df 100644
--- a/private/traceur_app.te
+++ b/private/traceur_app.te
@@ -12,4 +12,11 @@
allow traceur_app trace_data_file:dir rw_dir_perms;
allow traceur_app atrace_exec:file rx_file_perms;
+# To exec the perfetto cmdline client and pass it the trace config on
+# stdint through a pipe.
+allow traceur_app perfetto_exec:file rx_file_perms;
+
+# Allow to access traced's privileged consumer socket.
+unix_socket_connect(traceur_app, traced_consumer, traced)
+
dontaudit traceur_app debugfs_tracing_debug:file audit_access;
diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index 527216d..72e03e1 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -140,3 +140,10 @@
# the ACTION_USER_UNLOCKED intent is delivered. Suppress this
# denial to prevent third party apps from spamming the logs.
dontaudit untrusted_app_all system_data_file:dir write;
+
+# Allow access to kcov via its ioctl interface for coverage
+# guided kernel fuzzing.
+userdebug_or_eng(`
+ allow untrusted_app_all debugfs_kcov:file rw_file_perms;
+ allowxperm untrusted_app_all debugfs_kcov:file ioctl { KCOV_INIT_TRACE KCOV_ENABLE KCOV_DISABLE };
+')
diff --git a/private/vold.te b/private/vold.te
index a6d1001..dea24a5 100644
--- a/private/vold.te
+++ b/private/vold.te
@@ -8,8 +8,8 @@
# For a handful of probing tools, we choose an even more restrictive
# domain when working with untrusted block devices
-domain_trans(vold, shell_exec, blkid);
-domain_trans(vold, shell_exec, blkid_untrusted);
+domain_trans(vold, blkid_exec, blkid);
+domain_trans(vold, blkid_exec, blkid_untrusted);
domain_trans(vold, fsck_exec, fsck);
domain_trans(vold, fsck_exec, fsck_untrusted);
diff --git a/private/vold_prepare_subdirs.te b/private/vold_prepare_subdirs.te
index 0d062e9..e93e1e5 100644
--- a/private/vold_prepare_subdirs.te
+++ b/private/vold_prepare_subdirs.te
@@ -14,12 +14,16 @@
vendor_data_file
}:dir { open read write add_name remove_name rmdir relabelfrom };
allow vold_prepare_subdirs {
+ face_vendor_data_file
fingerprint_vendor_data_file
+ iris_vendor_data_file
storaged_data_file
vold_data_file
}:dir { create_dir_perms relabelto };
allow vold_prepare_subdirs {
+ face_vendor_data_file
fingerprint_vendor_data_file
+ iris_vendor_data_file
storaged_data_file
system_data_file
vold_data_file
diff --git a/public/attributes b/public/attributes
index 6453d7b..37c2b94 100644
--- a/public/attributes
+++ b/public/attributes
@@ -275,6 +275,7 @@
hal_attribute(oemlock);
hal_attribute(omx);
hal_attribute(power);
+hal_attribute(power_stats);
hal_attribute(secure_element);
hal_attribute(sensors);
hal_attribute(system_suspend);
diff --git a/public/device.te b/public/device.te
index e55c86d..57b0503 100644
--- a/public/device.te
+++ b/public/device.te
@@ -1,6 +1,5 @@
# Device types
type device, dev_type, fs_type;
-type alarm_device, dev_type, mlstrustedobject;
type ashmem_device, dev_type, mlstrustedobject;
type audio_device, dev_type;
type binder_device, dev_type, mlstrustedobject;
diff --git a/public/domain.te b/public/domain.te
index c536c12..d0e4e41 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -75,7 +75,6 @@
not_full_treble(`allow { domain -hwservicemanager -vndservicemanager } binder_device:chr_file rw_file_perms;')
allow { domain -servicemanager -vndservicemanager -isolated_app } hwbinder_device:chr_file rw_file_perms;
allow domain ptmx_device:chr_file rw_file_perms;
-allow domain alarm_device:chr_file r_file_perms;
allow domain random_device:chr_file rw_file_perms;
allow domain proc_random:dir r_dir_perms;
allow domain proc_random:file r_file_perms;
diff --git a/public/drmserver.te b/public/drmserver.te
index 4a10147..b7b641c 100644
--- a/public/drmserver.te
+++ b/public/drmserver.te
@@ -20,7 +20,6 @@
allow drmserver sdcard_type:dir search;
allow drmserver drm_data_file:dir create_dir_perms;
allow drmserver drm_data_file:file create_file_perms;
-allow drmserver tee_device:chr_file rw_file_perms;
allow drmserver { app_data_file privapp_data_file }:file { read write getattr map };
allow drmserver sdcard_type:file { read write getattr map };
r_dir_file(drmserver, efs_file)
diff --git a/public/dumpstate.te b/public/dumpstate.te
index af6956e..cd3310a 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -209,7 +209,6 @@
-apex_service
-dumpstate_service
-gatekeeper_service
- -incident_service
-iorapd_service
-virtual_touchpad_service
-vold_service
@@ -220,7 +219,6 @@
apex_service
dumpstate_service
gatekeeper_service
- incident_service
iorapd_service
virtual_touchpad_service
vold_service
diff --git a/public/file.te b/public/file.te
index 3d09537..597204a 100644
--- a/public/file.te
+++ b/public/file.te
@@ -358,6 +358,10 @@
type fingerprint_vendor_data_file, file_type, data_file_type;
# Type for appfuse file.
type app_fuse_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
+# Type for face template file
+type face_vendor_data_file, file_type, data_file_type;
+# Type for iris template file
+type iris_vendor_data_file, file_type, data_file_type;
# Socket types
type adbd_socket, file_type, coredomain_socket;
@@ -386,7 +390,7 @@
type tombstoned_java_trace_socket, file_type, mlstrustedobject;
type tombstoned_intercept_socket, file_type, coredomain_socket;
type traced_producer_socket, file_type, coredomain_socket, mlstrustedobject;
-type traced_consumer_socket, file_type, coredomain_socket;
+type traced_consumer_socket, file_type, coredomain_socket, mlstrustedobject;
type uncrypt_socket, file_type, coredomain_socket;
type wpa_socket, file_type, data_file_type, core_data_file_type;
type zygote_socket, file_type, coredomain_socket;
diff --git a/public/gatekeeperd.te b/public/gatekeeperd.te
index 40c9a07..e1739c2 100644
--- a/public/gatekeeperd.te
+++ b/public/gatekeeperd.te
@@ -7,7 +7,6 @@
### Rules needed when Gatekeeper HAL runs inside gatekeeperd process.
### These rules should eventually be granted only when needed.
-allow gatekeeperd tee_device:chr_file rw_file_perms;
allow gatekeeperd ion_device:chr_file r_file_perms;
# Load HAL implementation
allow gatekeeperd system_file:dir r_dir_perms;
diff --git a/public/hal_neuralnetworks.te b/public/hal_neuralnetworks.te
index 348fdb8..21374bc 100644
--- a/public/hal_neuralnetworks.te
+++ b/public/hal_neuralnetworks.te
@@ -5,3 +5,9 @@
hal_attribute_hwservice(hal_neuralnetworks, hal_neuralnetworks_hwservice)
allow hal_neuralnetworks hidl_memory_hwservice:hwservice_manager find;
allow hal_neuralnetworks hal_allocator:fd use;
+
+# Allow NN HAL service to use a client-provided fd residing in /data/data/.
+allow hal_neuralnetworks_server app_data_file:file { read write getattr map };
+
+# Allow NN HAL service to use a client-provided fd residing in /data/local/tmp/.
+allow hal_neuralnetworks_server shell_data_file:file { read write getattr map };
diff --git a/public/hal_power_stats.te b/public/hal_power_stats.te
new file mode 100644
index 0000000..2c04008
--- /dev/null
+++ b/public/hal_power_stats.te
@@ -0,0 +1,5 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_power_stats_client, hal_power_stats_server)
+binder_call(hal_power_stats_server, hal_power_stats_client)
+
+hal_attribute_hwservice(hal_power_stats, hal_power_stats_hwservice)
diff --git a/public/hal_telephony.te b/public/hal_telephony.te
index 9d0f8c0..3e4b65d 100644
--- a/public/hal_telephony.te
+++ b/public/hal_telephony.te
@@ -9,7 +9,6 @@
allow hal_telephony_server self:netlink_route_socket nlmsg_write;
allow hal_telephony_server kernel:system module_request;
allow hal_telephony_server self:global_capability_class_set { setpcap setgid setuid net_admin net_raw };
-allow hal_telephony_server alarm_device:chr_file rw_file_perms;
allow hal_telephony_server cgroup:dir create_dir_perms;
allow hal_telephony_server cgroup:{ file lnk_file } r_file_perms;
allow hal_telephony_server radio_device:chr_file rw_file_perms;
diff --git a/public/hal_usb.te b/public/hal_usb.te
index b8034b8..38bc49a 100644
--- a/public/hal_usb.te
+++ b/public/hal_usb.te
@@ -6,6 +6,7 @@
allow hal_usb self:netlink_kobject_uevent_socket create;
allow hal_usb self:netlink_kobject_uevent_socket setopt;
+allow hal_usb self:netlink_kobject_uevent_socket getopt;
allow hal_usb self:netlink_kobject_uevent_socket bind;
allow hal_usb self:netlink_kobject_uevent_socket read;
allow hal_usb sysfs:dir open;
diff --git a/public/hal_wifi.te b/public/hal_wifi.te
index f735be5..805adaf 100644
--- a/public/hal_wifi.te
+++ b/public/hal_wifi.te
@@ -10,9 +10,9 @@
set_prop(hal_wifi, exported_wifi_prop)
set_prop(hal_wifi, wifi_prop)
-# allow hal wifi set interfaces up and down
+# allow hal wifi set interfaces up and down and get the factory MAC
allow hal_wifi self:udp_socket create_socket_perms;
-allowxperm hal_wifi self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFHWADDR };
+allowxperm hal_wifi self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFHWADDR SIOCETHTOOL };
allow hal_wifi self:global_capability_class_set { net_admin net_raw };
# allow hal_wifi to speak to nl80211 in the kernel
diff --git a/public/hwservice.te b/public/hwservice.te
index 8ded06b..fa83862 100644
--- a/public/hwservice.te
+++ b/public/hwservice.te
@@ -38,6 +38,7 @@
type hal_oemlock_hwservice, hwservice_manager_type;
type hal_omx_hwservice, hwservice_manager_type;
type hal_power_hwservice, hwservice_manager_type;
+type hal_power_stats_hwservice, hwservice_manager_type;
type hal_renderscript_hwservice, hwservice_manager_type, same_process_hwservice;
type hal_secure_element_hwservice, hwservice_manager_type;
type hal_sensors_hwservice, hwservice_manager_type;
diff --git a/public/init.te b/public/init.te
index 2a8036a..8b95e2b 100644
--- a/public/init.te
+++ b/public/init.te
@@ -257,7 +257,6 @@
allow init { fs_type -contextmount_type -sdcard_type -rootfs }:dir { open read setattr search };
allow init {
- alarm_device
ashmem_device
binder_device
console_device
diff --git a/public/ioctl_defines b/public/ioctl_defines
index 97869f9..ab2f7c5 100644
--- a/public/ioctl_defines
+++ b/public/ioctl_defines
@@ -1169,6 +1169,9 @@
define(`JSIOCSAXMAP', `0x40406a31')
define(`JSIOCSBTNMAP', `0x44006a33')
define(`JSIOCSCORR', `0x40246a21')
+define(`KCOV_DISABLE', `0x00006365')
+define(`KCOV_ENABLE', `0x00006364')
+define(`KCOV_INIT_TRACE', `0x80086301')
define(`KDADDIO', `0x00004b34')
define(`KDDELIO', `0x00004b35')
define(`KDDISABIO', `0x00004b37')
diff --git a/public/property_contexts b/public/property_contexts
index f2362d5..1533a0f 100644
--- a/public/property_contexts
+++ b/public/property_contexts
@@ -6,6 +6,7 @@
audio.camerasound.force u:object_r:exported_audio_prop:s0 exact bool
audio.deep_buffer.media u:object_r:exported3_default_prop:s0 exact bool
audio.offload.video u:object_r:exported3_default_prop:s0 exact bool
+audio.offload.min.duration.secs u:object_r:exported3_default_prop:s0 exact int
camera.disable_zsl_mode u:object_r:exported3_default_prop:s0 exact bool
camera.fifo.disable u:object_r:exported3_default_prop:s0 exact int
dalvik.vm.appimageformat u:object_r:exported_dalvik_prop:s0 exact string
diff --git a/public/radio.te b/public/radio.te
index 05bfd8c..8a8bef3 100644
--- a/public/radio.te
+++ b/public/radio.te
@@ -12,7 +12,6 @@
allow radio radio_data_file:dir create_dir_perms;
allow radio radio_data_file:notdevfile_class_set create_file_perms;
-allow radio alarm_device:chr_file rw_file_perms;
allow radio net_data_file:dir search;
allow radio net_data_file:file r_file_perms;
diff --git a/public/service.te b/public/service.te
index 55f8d75..7799c84 100644
--- a/public/service.te
+++ b/public/service.te
@@ -44,6 +44,7 @@
type adb_service, system_api_service, system_server_service, service_manager_type;
type alarm_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type app_binding_service, system_server_service, service_manager_type;
+type app_prediction_service, app_api_service, system_server_service, service_manager_type;
type appops_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type appwidget_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type assetatlas_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
@@ -71,6 +72,7 @@
type coverage_service, system_server_service, service_manager_type;
type cpuinfo_service, system_api_service, system_server_service, service_manager_type;
type dbinfo_service, system_api_service, system_server_service, service_manager_type;
+type device_config_service, system_server_service, service_manager_type;
type device_policy_service, app_api_service, system_server_service, service_manager_type;
type deviceidle_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type device_identifiers_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
@@ -133,6 +135,7 @@
type registry_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type restrictions_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type role_service, app_api_service, system_server_service, service_manager_type;
+type runtime_service, system_server_service, service_manager_type;
type rttmanager_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type samplingprofiler_service, system_server_service, service_manager_type;
type scheduling_policy_service, system_server_service, service_manager_type;
diff --git a/public/statsd.te b/public/statsd.te
index 603ee14..1006867 100644
--- a/public/statsd.te
+++ b/public/statsd.te
@@ -60,6 +60,7 @@
allow statsd proc_uid_cputime_showstat:file { getattr open read };
hal_client_domain(statsd, hal_health)
hal_client_domain(statsd, hal_power)
+hal_client_domain(statsd, hal_power_stats)
hal_client_domain(statsd, hal_thermal)
# Allow 'adb shell cmd' to upload configs and download output.
diff --git a/public/vold.te b/public/vold.te
index 6994776..0f5fb0f 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -31,9 +31,6 @@
# Allow us to jump into execution domains of above tools
allow vold self:process setexec;
-# For sgdisk launched through popen()
-allow vold shell_exec:file rx_file_perms;
-
# For formatting adoptable storage devices
allow vold e2fs_exec:file rx_file_perms;
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 44198cc..58a42e0 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -38,6 +38,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.1-service u:object_r:hal_nfc_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.media\.omx@1\.0-service u:object_r:mediacodec_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.power@1\.0-service u:object_r:hal_power_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.power\.stats@1\.0-service u:object_r:hal_power_stats_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.radio\.config@1\.0-service u:object_r:hal_radio_config_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.radio@1\.2-radio-service u:object_r:hal_radio_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.radio@1\.2-sap-service u:object_r:hal_radio_default_exec:s0
diff --git a/vendor/hal_power_stats_default.te b/vendor/hal_power_stats_default.te
new file mode 100644
index 0000000..b7a2c02
--- /dev/null
+++ b/vendor/hal_power_stats_default.te
@@ -0,0 +1,5 @@
+type hal_power_stats_default, domain;
+hal_server_domain(hal_power_stats_default, hal_power_stats)
+
+type hal_power_stats_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_power_stats_default)