Merge "bluetooth: Add policy for bluetooth.hardware.wakeup_supported" into main
diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index 0065c49..c2a1b27 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go
@@ -159,19 +159,19 @@
"android.system.keystore2.IKeystoreService/default": EXCEPTION_NO_FUZZER,
"android.system.net.netd.INetd/default": []string{"netd_hw_service_fuzzer"},
"android.system.suspend.ISystemSuspend/default": EXCEPTION_NO_FUZZER,
- "accessibility": EXCEPTION_NO_FUZZER,
- "account": EXCEPTION_NO_FUZZER,
- "activity": EXCEPTION_NO_FUZZER,
- "activity_task": EXCEPTION_NO_FUZZER,
- "adaptive_auth": EXCEPTION_NO_FUZZER,
- "adb": EXCEPTION_NO_FUZZER,
- "adservices_manager": EXCEPTION_NO_FUZZER,
- "advanced_protection": EXCEPTION_NO_FUZZER,
- "aidl_lazy_test_1": EXCEPTION_NO_FUZZER,
- "aidl_lazy_test_2": EXCEPTION_NO_FUZZER,
- "aidl_lazy_test_quit": EXCEPTION_NO_FUZZER,
- "aidl_lazy_cb_test": EXCEPTION_NO_FUZZER,
- "alarm": EXCEPTION_NO_FUZZER,
+ "accessibility": EXCEPTION_NO_FUZZER,
+ "account": EXCEPTION_NO_FUZZER,
+ "activity": EXCEPTION_NO_FUZZER,
+ "activity_task": EXCEPTION_NO_FUZZER,
+ "adaptive_authentication": EXCEPTION_NO_FUZZER,
+ "adb": EXCEPTION_NO_FUZZER,
+ "adservices_manager": EXCEPTION_NO_FUZZER,
+ "advanced_protection": EXCEPTION_NO_FUZZER,
+ "aidl_lazy_test_1": EXCEPTION_NO_FUZZER,
+ "aidl_lazy_test_2": EXCEPTION_NO_FUZZER,
+ "aidl_lazy_test_quit": EXCEPTION_NO_FUZZER,
+ "aidl_lazy_cb_test": EXCEPTION_NO_FUZZER,
+ "alarm": EXCEPTION_NO_FUZZER,
"android.hardware.automotive.evs.IEvsEnumerator/default": EXCEPTION_NO_FUZZER,
"android.os.UpdateEngineService": []string{"update_engine_service_fuzzer"},
"android.os.UpdateEngineStableService": []string{"update_engine_service_fuzzer"},
@@ -277,6 +277,7 @@
"dropbox": EXCEPTION_NO_FUZZER,
"dumpstate": EXCEPTION_NO_FUZZER,
"dynamic_system": EXCEPTION_NO_FUZZER,
+ "dynamic_instrumentation": EXCEPTION_NO_FUZZER,
"econtroller": EXCEPTION_NO_FUZZER,
"ecm_enhanced_confirmation": EXCEPTION_NO_FUZZER,
"emergency_affordance": EXCEPTION_NO_FUZZER,
@@ -288,6 +289,7 @@
"fingerprint": EXCEPTION_NO_FUZZER,
"feature_flags": EXCEPTION_NO_FUZZER,
"font": EXCEPTION_NO_FUZZER,
+ "forensic": EXCEPTION_NO_FUZZER,
"android.hardware.fingerprint.IFingerprintDaemon": EXCEPTION_NO_FUZZER,
"game": EXCEPTION_NO_FUZZER,
"gfxinfo": EXCEPTION_NO_FUZZER,
diff --git a/contexts/plat_file_contexts_test b/contexts/plat_file_contexts_test
index eab7697..7400a33 100644
--- a/contexts/plat_file_contexts_test
+++ b/contexts/plat_file_contexts_test
@@ -190,6 +190,7 @@
/dev/socket/does_not_exist socket_device
/dev/socket/adbd adbd_socket
/dev/socket/aconfigd aconfigd_socket
+/dev/socket/aconfigd_system aconfigd_socket
/dev/socket/dnsproxyd dnsproxyd_socket
/dev/socket/dumpstate dumpstate_socket
/dev/socket/fwmarkd fwmarkd_socket
@@ -465,6 +466,7 @@
/system/usr/share/zoneinfo/0 system_zoneinfo_file
/system/bin/adbd adbd_exec
/system/bin/aconfigd aconfigd_exec
+/system/bin/aconfigd-system aconfigd_exec
/system/bin/vold_prepare_subdirs vold_prepare_subdirs_exec
/system/bin/stats stats_exec
/system/bin/statsd statsd_exec
diff --git a/private/apexd.te b/private/apexd.te
index 450b563..58a3658 100644
--- a/private/apexd.te
+++ b/private/apexd.te
@@ -226,7 +226,11 @@
neverallow { domain -apexd -init -otapreopt_chroot } apex_mnt_dir:filesystem { mount unmount };
neverallow { domain -apexd -dexopt_chroot_setup -init -otapreopt_chroot } apex_mnt_dir:dir mounton;
-neverallow { domain -init -apexd -system_server -update_engine } apex_service:service_manager find;
-neverallow { domain -init -apexd -system_server -servicemanager -update_engine } apexd:binder call;
+# The update_provider performs APEX updates. To do this, it needs to be able to find apex_service
+# and make binder calls to apexd.
+# WARNING: USING THE update_provider ATTRIBUTE WILL CAUSE CTS TO FAIL!
+neverallow { domain -init -apexd -system_server -update_engine -update_provider } apex_service:service_manager find;
+# WARNING: USING THE update_provider ATTRIBUTE WILL CAUSE CTS TO FAIL!
+neverallow { domain -init -apexd -system_server -servicemanager -update_engine -update_provider } apexd:binder call;
neverallow { domain userdebug_or_eng(`-crash_dump') } apexd:process ptrace;
diff --git a/private/attributes b/private/attributes
index c89d0c7..7e25e94 100644
--- a/private/attributes
+++ b/private/attributes
@@ -22,3 +22,8 @@
attribute sdk_sandbox_current;
# Common to adbd and adbd_tradeinmode.
attribute adbd_common;
+
+# Provides access to platform update services.
+# WARNING: USING THE update_provider ATTRIBUTE WILL CAUSE CTS TO FAIL!
+attribute update_provider;
+expandattribute update_provider false;
diff --git a/private/bootanim.te b/private/bootanim.te
index d9be72f..fd3a09b 100644
--- a/private/bootanim.te
+++ b/private/bootanim.te
@@ -64,3 +64,6 @@
# System file accesses.
allow bootanim system_file:dir r_dir_perms;
+
+# Allow bootanim to send information to statsd socket.
+unix_socket_send(bootanim, statsdw, statsd)
\ No newline at end of file
diff --git a/private/compat/202404/202404.ignore.cil b/private/compat/202404/202404.ignore.cil
index 014270b..3ba4bcd 100644
--- a/private/compat/202404/202404.ignore.cil
+++ b/private/compat/202404/202404.ignore.cil
@@ -13,7 +13,6 @@
proc_cgroups
ranging_service
supervision_service
- sysfs_udc
app_function_service
virtual_fingerprint
virtual_fingerprint_exec
@@ -23,4 +22,5 @@
media_quality_service
advanced_protection_service
sysfs_firmware_acpi_tables
+ dynamic_instrumentation_service
))
diff --git a/private/domain.te b/private/domain.te
index 38dab17..515317b 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -1747,11 +1747,19 @@
-artd # compile secondary dex files
-installd
} {
- privapp_data_file
app_data_file
is_flag_enabled(RELEASE_UNLOCKED_STORAGE_API, `storage_area_content_file')
}:dir_file_class_set { relabelfrom relabelto };
+neverallow {
+ domain
+ -artd # compile secondary dex files
+ -installd
+ -vmlauncher_app # it still cannot relabel files belong to other apps due to UID mismatch
+} {
+ privapp_data_file
+}:dir_file_class_set { relabelfrom relabelto };
+
is_flag_enabled(RELEASE_UNLOCKED_STORAGE_API, `
neverallow {
domain
@@ -1765,6 +1773,7 @@
# that these files cannot be accessed by other domains to ensure that the files
# do not change between system_server staging the files and apexd processing
# the files.
+# The update_provider can also stage files before apexd processes them.
neverallow {
domain
-init
@@ -1773,6 +1782,7 @@
-installd
-priv_app
-virtualizationmanager
+ -update_provider # WARNING: USING THIS ATTRIBUTE WILL CAUSE CTS TO FAIL!
} staging_data_file:dir *;
neverallow {
domain
@@ -1787,10 +1797,13 @@
-shell
-virtualizationmanager
-crosvm
+ -update_provider # WARNING: USING THIS ATTRIBUTE WILL CAUSE CTS TO FAIL!
} staging_data_file:file *;
-neverallow { domain -init -system_server -installd} staging_data_file:dir no_w_dir_perms;
+# WARNING: USING THE update_provider ATTRIBUTE WILL CAUSE CTS TO FAIL!
+neverallow { domain -init -system_server -installd -update_provider } staging_data_file:dir no_w_dir_perms;
# apexd needs the link/unlink/rename permissions
-neverallow { domain -init -system_server -installd -apexd } staging_data_file:file {
+# WARNING: USING THE update_provider ATTRIBUTE WILL CAUSE CTS TO FAIL!
+neverallow { domain -init -system_server -installd -apexd -update_provider } staging_data_file:file {
no_w_file_perms no_x_file_perms
};
neverallow apexd staging_data_file:file {
diff --git a/private/file_contexts b/private/file_contexts
index 2e67c35..a957f24 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -156,6 +156,7 @@
/dev/socket(/.*)? u:object_r:socket_device:s0
/dev/socket/adbd u:object_r:adbd_socket:s0
/dev/socket/aconfigd u:object_r:aconfigd_socket:s0
+/dev/socket/aconfigd_system u:object_r:aconfigd_socket:s0
/dev/socket/dnsproxyd u:object_r:dnsproxyd_socket:s0
/dev/socket/dumpstate u:object_r:dumpstate_socket:s0
/dev/socket/fwmarkd u:object_r:fwmarkd_socket:s0
@@ -394,6 +395,7 @@
/system/bin/netbpfload u:object_r:bpfloader_exec:s0
/system/bin/watchdogd u:object_r:watchdogd_exec:s0
/system/bin/aconfigd u:object_r:aconfigd_exec:s0
+/system/bin/aconfigd-system u:object_r:aconfigd_exec:s0
/system/bin/apexd u:object_r:apexd_exec:s0
/system/bin/gsid u:object_r:gsid_exec:s0
/system/bin/simpleperf u:object_r:simpleperf_exec:s0
diff --git a/private/genfs_contexts b/private/genfs_contexts
index e300d78..a257ce6 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -135,7 +135,6 @@
genfscon sysfs /class/rtc u:object_r:sysfs_rtc:s0
genfscon sysfs /class/switch u:object_r:sysfs_switch:s0
genfscon sysfs /class/wakeup u:object_r:sysfs_wakeup:s0
-genfscon sysfs /class/udc u:object_r:sysfs_udc:s0
genfscon sysfs /devices/platform/nfc-power/nfc_power u:object_r:sysfs_nfc_power_writable:s0
genfscon sysfs /devices/virtual/android_usb u:object_r:sysfs_android_usb:s0
genfscon sysfs /devices/virtual/block/ u:object_r:sysfs_devices_block:s0
diff --git a/private/property_contexts b/private/property_contexts
index 440a01f..58a1858 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -1301,6 +1301,13 @@
ro.boot.product.vendor.sku u:object_r:exported_default_prop:s0 exact string
ro.boot.slot_suffix u:object_r:exported_default_prop:s0 exact string
+# Vendor configurable property to be used specifically to assign industrial
+# design ID or vendor hardware identifier that encodes on device components.
+# This property should not be assigned a generic device name or identifier and
+# should not be redundant to properties like ro.boot.hardware. ro.product.name
+# etc.
+ro.boot.product.hardware.id u:object_r:exported_default_prop:s0 exact string
+
ro.boringcrypto.hwrand u:object_r:exported_default_prop:s0 exact bool
# Update related props
diff --git a/private/service.te b/private/service.te
index eee98d0..31b3d73 100644
--- a/private/service.te
+++ b/private/service.te
@@ -1,4 +1,4 @@
-type adaptive_auth_service, system_server_service, service_manager_type;
+type adaptive_authentication_service, system_api_service, system_server_service, service_manager_type;
type ambient_context_service, app_api_service, system_server_service, service_manager_type;
# These types will be public starting at board api 202504
diff --git a/private/service_contexts b/private/service_contexts
index 7c3c5de..26ba680 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -144,7 +144,7 @@
account u:object_r:account_service:s0
activity u:object_r:activity_service:s0
activity_task u:object_r:activity_task_service:s0
-adaptive_auth u:object_r:adaptive_auth_service:s0
+adaptive_authentication u:object_r:adaptive_authentication_service:s0
adb u:object_r:adb_service:s0
adservices_manager u:object_r:adservices_manager_service:s0
starting_at_board_api(202504, `
@@ -187,6 +187,9 @@
app_binding u:object_r:app_binding_service:s0
app_function u:object_r:app_function_service:s0
app_hibernation u:object_r:app_hibernation_service:s0
+starting_at_board_api(202504, `
+ dynamic_instrumentation u:object_r:dynamic_instrumentation_service:s0
+')
app_integrity u:object_r:app_integrity_service:s0
app_prediction u:object_r:app_prediction_service:s0
app_search u:object_r:app_search_service:s0
@@ -275,6 +278,9 @@
file_integrity u:object_r:file_integrity_service:s0
fingerprint u:object_r:fingerprint_service:s0
font u:object_r:font_service:s0
+starting_at_board_api(202504, `
+ forensic u:object_r:forensic_service:s0
+')
android.hardware.fingerprint.IFingerprintDaemon u:object_r:fingerprintd_service:s0
game u:object_r:game_service:s0
gfxinfo u:object_r:gfxinfo_service:s0
diff --git a/private/system_server.te b/private/system_server.te
index 5fb5346..6eb5b74 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -1275,9 +1275,6 @@
# UsbDeviceManager uses /dev/usb-ffs
allow system_server functionfs:dir search;
allow system_server functionfs:file rw_file_perms;
-# To resolve arbitrary sysfs paths from /sys/class/udc/* symlinks.
-allow system_server sysfs_type:dir search;
-r_dir_file(system_server, sysfs_udc)
# system_server contains time / time zone detection logic so reads the associated properties.
get_prop(system_server, time_prop)
diff --git a/private/uprobestats.te b/private/uprobestats.te
index 2c5711f..c55f23d 100644
--- a/private/uprobestats.te
+++ b/private/uprobestats.te
@@ -24,6 +24,9 @@
# For registration with system server as a process observer.
binder_use(uprobestats)
allow uprobestats activity_service:service_manager find;
+starting_at_board_api(202504, `
+ allow uprobestats dynamic_instrumentation_service:service_manager find;
+')
binder_call(uprobestats, system_server);
# Allow uprobestats to talk to native package manager
diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
index 1acf734..a78d974 100644
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te
@@ -124,6 +124,7 @@
-init
-virtualizationmanager
-virtualizationservice
+ -vmlauncher_app
} virtualizationservice_data_file:file { open create };
neverallow virtualizationservice {
diff --git a/private/vmlauncher_app.te b/private/vmlauncher_app.te
index 8597fcd..abee70f 100644
--- a/private/vmlauncher_app.te
+++ b/private/vmlauncher_app.te
@@ -13,6 +13,9 @@
allow vmlauncher_app fsck_exec:file { r_file_perms execute execute_no_trans };
+allow vmlauncher_app virtualizationservice_data_file:file { read relabelto open write unlink };
+allow vmlauncher_app privapp_data_file:file { relabelfrom };
+
is_flag_enabled(RELEASE_AVF_SUPPORT_CUSTOM_VM_WITH_PARAVIRTUALIZED_DEVICES, `
# TODO(b/332677707): remove them when display service uses binder RPC.
allow vmlauncher_app virtualization_service:service_manager find;
diff --git a/public/file.te b/public/file.te
index c158492..9cc76c0 100644
--- a/public/file.te
+++ b/public/file.te
@@ -100,9 +100,6 @@
type cgroup_v2, fs_type;
type sysfs, fs_type, sysfs_type, mlstrustedobject;
type sysfs_android_usb, fs_type, sysfs_type;
-starting_at_board_api(202504, `
- type sysfs_udc, fs_type, sysfs_type;
-')
type sysfs_uio, sysfs_type, fs_type;
type sysfs_batteryinfo, fs_type, sysfs_type;
type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject;
diff --git a/public/service.te b/public/service.te
index f54df00..753d20d 100644
--- a/public/service.te
+++ b/public/service.te
@@ -75,6 +75,9 @@
type app_function_service, app_api_service, system_server_service, service_manager_type;
')
type app_hibernation_service, app_api_service, system_api_service, system_server_service, service_manager_type;
+starting_at_board_api(202504, `
+ type dynamic_instrumentation_service, app_api_service, system_server_service, service_manager_type;
+')
type app_integrity_service, system_api_service, system_server_service, service_manager_type;
type app_prediction_service, app_api_service, system_server_service, service_manager_type;
type app_search_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
@@ -144,6 +147,9 @@
type platform_compat_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type face_service, app_api_service, system_server_service, service_manager_type;
type fingerprint_service, app_api_service, system_server_service, service_manager_type;
+starting_at_board_api(202504, `
+ type forensic_service, app_api_service, system_api_service, system_server_service, service_manager_type;
+')
type fwk_altitude_service, system_server_service, service_manager_type;
type fwk_stats_service, app_api_service, system_server_service, service_manager_type;
type fwk_sensor_service, system_server_service, service_manager_type;