Merge "Allow crash_dump on crosvm"
diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index 2c1c416..efb5947 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go
@@ -233,7 +233,7 @@
"devicestoragemonitor": EXCEPTION_NO_FUZZER,
"diskstats": EXCEPTION_NO_FUZZER,
"display": EXCEPTION_NO_FUZZER,
- "dnsresolver": EXCEPTION_NO_FUZZER,
+ "dnsresolver": []string{"resolv_service_fuzzer"},
"domain_verification": EXCEPTION_NO_FUZZER,
"color_display": EXCEPTION_NO_FUZZER,
"netd_listener": EXCEPTION_NO_FUZZER,
diff --git a/private/compat/33.0/33.0.ignore.cil b/private/compat/33.0/33.0.ignore.cil
index ccee3cf..3b61f73 100644
--- a/private/compat/33.0/33.0.ignore.cil
+++ b/private/compat/33.0/33.0.ignore.cil
@@ -53,6 +53,7 @@
remote_provisioning_service
rkpdapp
servicemanager_prop
+ shutdown_checkpoints_system_data_file
stats_config_data_file
system_net_netd_service
timezone_metadata_prop
diff --git a/private/domain.te b/private/domain.te
index 04de035..9a0efb1 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -36,7 +36,7 @@
can_profile_heap({
dumpable_domain
-app_zygote
- -hal_configstore
+ -hal_configstore_server
-logpersist
-recovery
-recovery_persist
@@ -49,7 +49,7 @@
can_profile_perf({
dumpable_domain
-app_zygote
- -hal_configstore
+ -hal_configstore_server
-webview_zygote
-zygote
})
diff --git a/private/file_contexts b/private/file_contexts
index 01995bb..2b98801 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -783,6 +783,9 @@
# User icon files
/data/system/users/[0-9]+/photo\.png u:object_r:icon_file:s0
+# Shutdown-checkpoints files
+/data/system/shutdown-checkpoints(/.*)? u:object_r:shutdown_checkpoints_system_data_file:s0
+
# vold per-user data
/data/misc_de/[0-9]+/vold(/.*)? u:object_r:vold_data_file:s0
/data/misc_ce/[0-9]+/vold(/.*)? u:object_r:vold_data_file:s0
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 08aa5a8..f5a92ac 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -187,6 +187,9 @@
genfscon debugfs /tracing/per_cpu/cpu u:object_r:debugfs_tracing:s0
genfscon tracefs /per_cpu/cpu u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/hyp u:object_r:debugfs_tracing:s0
+genfscon tracefs /hyp u:object_r:debugfs_tracing:s0
+
genfscon debugfs /tracing/instances u:object_r:debugfs_tracing_instances:s0
genfscon tracefs /instances u:object_r:debugfs_tracing_instances:s0
genfscon debugfs /tracing/instances/bootreceiver u:object_r:debugfs_bootreceiver_tracing:s0
diff --git a/private/heapprofd.te b/private/heapprofd.te
index 1b41823..718ce81 100644
--- a/private/heapprofd.te
+++ b/private/heapprofd.te
@@ -53,7 +53,7 @@
app_zygote
bpfloader
diced
- hal_configstore
+ hal_configstore_server
init
kernel
keystore
diff --git a/private/system_server.te b/private/system_server.te
index 4e3ef8d..b3c7528 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -1490,6 +1490,10 @@
allow system_server self:perf_event { open write cpu kernel };
neverallow system_server self:perf_event ~{ open write cpu kernel };
+# Allow writing files under /data/system/shutdown-checkpoints/
+allow system_server shutdown_checkpoints_system_data_file:dir create_dir_perms;
+allow system_server shutdown_checkpoints_system_data_file:file create_file_perms;
+
# Do not allow any domain other than init or system server to set the property
neverallow { domain -init -system_server } socket_hook_prop:property_service set;
diff --git a/private/traced_perf.te b/private/traced_perf.te
index 080b6fe..31fa620 100644
--- a/private/traced_perf.te
+++ b/private/traced_perf.te
@@ -67,7 +67,7 @@
app_zygote
bpfloader
diced
- hal_configstore
+ hal_configstore_server
init
kernel
keystore
diff --git a/public/dumpstate.te b/public/dumpstate.te
index 6b112dc..e626133 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -368,6 +368,10 @@
use_apex_info(dumpstate)
+# Allow reading files under /data/system/shutdown-checkpoints/
+allow dumpstate shutdown_checkpoints_system_data_file:dir r_dir_perms;
+allow dumpstate shutdown_checkpoints_system_data_file:file r_file_perms;
+
###
### neverallow rules
###
diff --git a/public/file.te b/public/file.te
index 5241803..9ca6802 100644
--- a/public/file.te
+++ b/public/file.te
@@ -380,6 +380,8 @@
type staging_data_file, file_type, data_file_type, core_data_file_type;
# /vendor/apex
type vendor_apex_file, vendor_file_type, file_type;
+# /data/system/shutdown-checkpoints
+type shutdown_checkpoints_system_data_file, file_type, data_file_type, core_data_file_type;
# Mount locations managed by vold
type mnt_media_rw_file, file_type;