Merge "Revert "Add shared library into i18n APEX and add the required s...""
diff --git a/Android.bp b/Android.bp
index 4973c13..a2f202f 100644
--- a/Android.bp
+++ b/Android.bp
@@ -375,3 +375,12 @@
reqd_mask: true,
soc_specific: true,
}
+
+// For vts_treble_sys_prop_test
+filegroup {
+ name: "private_property_contexts",
+ srcs: ["private/property_contexts"],
+ visibility: [
+ "//test/vts-testcase/security/system_property",
+ ],
+}
diff --git a/METADATA b/METADATA
new file mode 100644
index 0000000..313792c
--- /dev/null
+++ b/METADATA
@@ -0,0 +1,3 @@
+third_party {
+ license_type: UNENCUMBERED
+}
diff --git a/apex/com.android.art.debug-file_contexts b/apex/com.android.art.debug-file_contexts
index e90cea4..20e5a25 100644
--- a/apex/com.android.art.debug-file_contexts
+++ b/apex/com.android.art.debug-file_contexts
@@ -2,7 +2,7 @@
# System files
#
(/.*)? u:object_r:system_file:s0
-/bin/dex2oat(d)? u:object_r:dex2oat_exec:s0
+/bin/dex2oat(32|64)?(d)? u:object_r:dex2oat_exec:s0
/bin/dexoptanalyzer(d)? u:object_r:dexoptanalyzer_exec:s0
/bin/profman(d)? u:object_r:profman_exec:s0
/lib(64)?(/.*)? u:object_r:system_lib_file:s0
diff --git a/apex/com.android.art.release-file_contexts b/apex/com.android.art.release-file_contexts
index 08688fb..1598afd 100644
--- a/apex/com.android.art.release-file_contexts
+++ b/apex/com.android.art.release-file_contexts
@@ -2,7 +2,7 @@
# System files
#
(/.*)? u:object_r:system_file:s0
-/bin/dex2oat u:object_r:dex2oat_exec:s0
+/bin/dex2oat(32|64)? u:object_r:dex2oat_exec:s0
/bin/dexoptanalyzer u:object_r:dexoptanalyzer_exec:s0
/bin/profman u:object_r:profman_exec:s0
/lib(64)?(/.*)? u:object_r:system_lib_file:s0
diff --git a/prebuilts/api/29.0/private/genfs_contexts b/prebuilts/api/29.0/private/genfs_contexts
index b737f60..380d4a0 100644
--- a/prebuilts/api/29.0/private/genfs_contexts
+++ b/prebuilts/api/29.0/private/genfs_contexts
@@ -234,6 +234,7 @@
genfscon tracefs /events/kmem/rss_stat/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/kmem/ion_heap_grow/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/kmem/ion_heap_shrink/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/ion/ion_stat/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/mm_event/mm_event_record/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/oom/oom_score_adj_update/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/task/task_rename/ u:object_r:debugfs_tracing:s0
@@ -278,6 +279,7 @@
genfscon debugfs /tracing/events/kmem/rss_stat/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/kmem/ion_heap_grow/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/kmem/ion_heap_shrink/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/ion/ion_stat/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/mm_event/mm_event_record/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/oom/oom_score_adj_update/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/task/task_rename/ u:object_r:debugfs_tracing:s0
diff --git a/private/bootstat.te b/private/bootstat.te
index da3179b..016292e 100644
--- a/private/bootstat.te
+++ b/private/bootstat.te
@@ -15,6 +15,7 @@
-bootanim
-bootstat
-dumpstate
+ userdebug_or_eng(`-incidentd')
-init
-recovery
-shell
diff --git a/private/bug_map b/private/bug_map
index 43a77aa..eaa1593 100644
--- a/private/bug_map
+++ b/private/bug_map
@@ -30,5 +30,6 @@
system_server sdcardfs file b/77856826
system_server storage_stub_file dir b/145267097
system_server zygote process b/77856826
+untrusted_app untrusted_app netlink_route_socket b/155595000
vold system_data_file file b/124108085
zygote untrusted_app_25 process b/77925912
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index d726fcd..cb7eb22 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -21,6 +21,7 @@
atrace
binder_calls_stats_service
biometric_service
+ boot_status_prop
bootloader_boot_reason_prop
blank_screen
blank_screen_exec
@@ -39,6 +40,7 @@
ctl_interface_start_prop
ctl_interface_stop_prop
ctl_sigstop_prop
+ dalvik_config_prop
device_config_boot_count_prop
device_config_reset_performed_prop
device_config_netd_native_prop
@@ -161,6 +163,7 @@
statscompanion_service
storaged_data_file
super_block_device
+ surfaceflinger_color_prop
surfaceflinger_prop
sysfs_fs_ext4_features
system_boot_reason_prop
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 27faba7..19cd7fb 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -23,6 +23,7 @@
blank_screen
blank_screen_exec
blank_screen_tmpfs
+ boot_status_prop
bootloader_boot_reason_prop
bluetooth_a2dp_offload_prop
bpfloader
@@ -37,6 +38,7 @@
ctl_interface_start_prop
ctl_interface_stop_prop
ctl_sigstop_prop
+ dalvik_config_prop
device_config_boot_count_prop
device_config_reset_performed_prop
device_config_netd_native_prop
@@ -147,6 +149,7 @@
statsdw_socket
storaged_data_file
super_block_device
+ surfaceflinger_color_prop
surfaceflinger_prop
staging_data_file
system_boot_reason_prop
diff --git a/private/compat/29.0/29.0.cil b/private/compat/29.0/29.0.cil
index d81263c..680d511 100644
--- a/private/compat/29.0/29.0.cil
+++ b/private/compat/29.0/29.0.cil
@@ -1,5 +1,6 @@
;; types removed from current policy
(type ashmemd)
+(type exported_dalvik_prop)
(type exported_vold_prop)
(type exported2_config_prop)
(type exported2_vold_prop)
@@ -1200,15 +1201,17 @@
(typeattributeset exported2_config_prop_29_0 (exported2_config_prop systemsound_config_prop))
(typeattributeset exported2_default_prop_29_0 (exported2_default_prop))
(typeattributeset exported2_radio_prop_29_0 (exported2_radio_prop))
-(typeattributeset exported2_system_prop_29_0 (exported2_system_prop))
+(typeattributeset exported2_system_prop_29_0
+ ( exported2_system_prop
+ surfaceflinger_color_prop))
(typeattributeset exported2_vold_prop_29_0 (exported2_vold_prop vold_config_prop))
(typeattributeset exported3_default_prop_29_0 (exported3_default_prop))
(typeattributeset exported3_radio_prop_29_0 (exported3_radio_prop))
-(typeattributeset exported3_system_prop_29_0 (exported3_system_prop))
+(typeattributeset exported3_system_prop_29_0 (exported3_system_prop boot_status_prop))
(typeattributeset exported_audio_prop_29_0 (exported_audio_prop))
(typeattributeset exported_bluetooth_prop_29_0 (exported_bluetooth_prop))
(typeattributeset exported_config_prop_29_0 (exported_config_prop))
-(typeattributeset exported_dalvik_prop_29_0 (exported_dalvik_prop))
+(typeattributeset exported_dalvik_prop_29_0 (exported_dalvik_prop dalvik_config_prop))
(typeattributeset exported_default_prop_29_0
( exported_default_prop
surfaceflinger_prop
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index c67db50..fadc7db 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -41,6 +41,7 @@
device_config_sys_traced_prop
device_config_window_manager_native_boot_prop
device_config_configuration_prop
+ emergency_affordance_service
exported_camera_prop
file_integrity_service
fwk_automotive_display_hwservice
@@ -55,6 +56,7 @@
hal_tv_tuner_hwservice
hal_vibrator_service
incremental_control_file
+ incremental_prop
incremental_service
init_perf_lsm_hooks_prop
init_svc_debug_prop
@@ -90,6 +92,7 @@
snapshotctl_log_data_file
socket_hook_prop
soundtrigger_middleware_service
+ storage_config_prop
sysfs_dm_verity
system_adbd_prop
system_config_service
diff --git a/private/coredomain.te b/private/coredomain.te
index 32a1e3f..ab731f1 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te
@@ -88,7 +88,7 @@
-webview_zygote
-zygote
userdebug_or_eng(`-heapprofd')
- } vendor_overlay_file:file r_file_perms;
+ } vendor_overlay_file:file open;
')
# Core domains are not permitted to use kernel interfaces which are not
diff --git a/private/domain.te b/private/domain.te
index 8163aea..9eed3db 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -72,8 +72,9 @@
# For now, everyone can access core property files
# Device specific properties are not granted by default
not_compatible_property(`
+ get_prop(domain, boot_status_prop)
get_prop(domain, core_property_type)
- get_prop(domain, exported_dalvik_prop)
+ get_prop(domain, dalvik_config_prop)
get_prop(domain, exported_ffs_prop)
get_prop(domain, exported_system_radio_prop)
get_prop(domain, exported2_radio_prop)
@@ -81,13 +82,15 @@
get_prop(domain, exported3_default_prop)
get_prop(domain, exported3_radio_prop)
get_prop(domain, exported3_system_prop)
+ get_prop(domain, surfaceflinger_color_prop)
get_prop(domain, systemsound_config_prop)
get_prop(domain, vendor_default_prop)
get_prop(domain, vold_config_prop)
')
compatible_property_only(`
+ get_prop({coredomain appdomain shell}, boot_status_prop)
get_prop({coredomain appdomain shell}, core_property_type)
- get_prop({coredomain appdomain shell}, exported_dalvik_prop)
+ get_prop({coredomain appdomain shell}, dalvik_config_prop)
get_prop({coredomain appdomain shell}, exported_ffs_prop)
get_prop({coredomain appdomain shell}, exported_system_radio_prop)
get_prop({coredomain appdomain shell}, exported2_radio_prop)
@@ -96,6 +99,7 @@
get_prop({coredomain appdomain shell}, exported3_radio_prop)
get_prop({coredomain appdomain shell}, exported3_system_prop)
get_prop({coredomain appdomain shell}, exported_camera_prop)
+ get_prop({coredomain appdomain shell}, surfaceflinger_color_prop)
get_prop({coredomain appdomain shell}, systemsound_config_prop)
get_prop({coredomain appdomain shell}, userspace_reboot_config_prop)
get_prop({coredomain appdomain shell}, vold_config_prop)
diff --git a/private/ephemeral_app.te b/private/ephemeral_app.te
index 56d4747..e004891 100644
--- a/private/ephemeral_app.te
+++ b/private/ephemeral_app.te
@@ -44,10 +44,6 @@
allow ephemeral_app drmserver_service:service_manager find;
allow ephemeral_app radio_service:service_manager find;
allow ephemeral_app ephemeral_app_api_service:service_manager find;
-allow ephemeral_app gpu_service:service_manager find;
-
-# Allow ephemeral apps to interact with gpuservice
-binder_call(ephemeral_app, gpuservice)
# Write app-specific trace data to the Perfetto traced damon. This requires
# connecting to its producer socket and obtaining a (per-process) tmpfs fd.
diff --git a/private/file_contexts b/private/file_contexts
index 75e9585..218bb51 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -515,7 +515,7 @@
# Misc data
/data/misc/adb(/.*)? u:object_r:adb_keys_file:s0
/data/misc/apexdata(/.*)? u:object_r:apex_module_data_file:s0
-/data/misc/apexdata/com.android.permission(/.*)? u:object_r:apex_permission_data_file:s0
+/data/misc/apexdata/com\.android\.permission(/.*)? u:object_r:apex_permission_data_file:s0
/data/misc/apexdata/com\.android\.wifi(/.*)? u:object_r:apex_wifi_data_file:s0
/data/misc/apexrollback(/.*)? u:object_r:apex_rollback_data_file:s0
/data/misc/apns(/.*)? u:object_r:radio_data_file:s0
@@ -608,8 +608,8 @@
# Apex data directories
/data/misc_de/[0-9]+/apexdata(/.*)? u:object_r:apex_module_data_file:s0
/data/misc_ce/[0-9]+/apexdata(/.*)? u:object_r:apex_module_data_file:s0
-/data/misc_de/[0-9]+/apexdata/com.android.permission(/.*)? u:object_r:apex_permission_data_file:s0
-/data/misc_ce/[0-9]+/apexdata/com.android.permission(/.*)? u:object_r:apex_permission_data_file:s0
+/data/misc_de/[0-9]+/apexdata/com\.android\.permission(/.*)? u:object_r:apex_permission_data_file:s0
+/data/misc_ce/[0-9]+/apexdata/com\.android\.permission(/.*)? u:object_r:apex_permission_data_file:s0
/data/misc_de/[0-9]+/apexdata/com\.android\.wifi(/.*)? u:object_r:apex_wifi_data_file:s0
/data/misc_ce/[0-9]+/apexdata/com\.android\.wifi(/.*)? u:object_r:apex_wifi_data_file:s0
diff --git a/private/genfs_contexts b/private/genfs_contexts
index d4d7fff..b423e64 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -241,6 +241,7 @@
genfscon tracefs /events/kmem/rss_stat/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/kmem/ion_heap_grow/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/kmem/ion_heap_shrink/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/ion/ion_stat/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/mm_event/mm_event_record/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/oom/oom_score_adj_update/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/task/task_rename/ u:object_r:debugfs_tracing:s0
@@ -285,6 +286,7 @@
genfscon debugfs /tracing/events/kmem/rss_stat/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/kmem/ion_heap_grow/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/kmem/ion_heap_shrink/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/ion/ion_stat/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/mm_event/mm_event_record/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/oom/oom_score_adj_update/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/task/task_rename/ u:object_r:debugfs_tracing:s0
diff --git a/private/incidentd.te b/private/incidentd.te
index c379fa2..405684a 100644
--- a/private/incidentd.te
+++ b/private/incidentd.te
@@ -168,6 +168,14 @@
get_prop(incidentd, serialno_prop)
')
+# Read ro.boot.bootreason, persist.sys.boot.bootreason
+# This is used to track reports from lab testing devices
+userdebug_or_eng(`
+ get_prop(incidentd, bootloader_boot_reason_prop);
+ get_prop(incidentd, system_boot_reason_prop);
+ get_prop(incidentd, last_boot_reason_prop);
+')
+
###
### neverallow rules
###
diff --git a/private/mediaprovider_app.te b/private/mediaprovider_app.te
index 7923649..fea903e 100644
--- a/private/mediaprovider_app.te
+++ b/private/mediaprovider_app.te
@@ -6,7 +6,7 @@
app_domain(mediaprovider_app)
# Access to /mnt/pass_through.
-allow mediaprovider_app mnt_pass_through_file:dir r_dir_perms;
+r_dir_file(mediaprovider_app, mnt_pass_through_file)
# Allow MediaProvider to host a FUSE daemon for external storage
allow mediaprovider_app fuse_device:chr_file { read write ioctl getattr };
diff --git a/private/platform_app.te b/private/platform_app.te
index 3beec38..ba6de5b 100644
--- a/private/platform_app.te
+++ b/private/platform_app.te
@@ -66,12 +66,8 @@
allow platform_app app_api_service:service_manager find;
allow platform_app system_api_service:service_manager find;
allow platform_app vr_manager_service:service_manager find;
-allow platform_app gpu_service:service_manager find;
allow platform_app stats_service:service_manager find;
-# Allow platform apps to interact with gpuservice
-binder_call(platform_app, gpuservice)
-
# Allow platform apps to log via statsd.
binder_call(platform_app, statsd)
diff --git a/private/priv_app.te b/private/priv_app.te
index db28bec..2325716 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -46,10 +46,6 @@
allow priv_app recovery_service:service_manager find;
allow priv_app stats_service:service_manager find;
-# Allow privileged apps to interact with gpuservice
-binder_call(priv_app, gpuservice)
-allow priv_app gpu_service:service_manager find;
-
# Write to /cache.
allow priv_app { cache_file cache_recovery_file }:dir create_dir_perms;
allow priv_app { cache_file cache_recovery_file }:file create_file_perms;
diff --git a/private/property.te b/private/property.te
index 0cdadbf..d479502 100644
--- a/private/property.te
+++ b/private/property.te
@@ -135,7 +135,6 @@
core_property_type
extended_core_property_type
exported_config_prop
- exported_dalvik_prop
exported_default_prop
exported_dumpstate_prop
exported_ffs_prop
@@ -237,8 +236,8 @@
-vendor_init
} {
core_property_type
+ dalvik_config_prop
extended_core_property_type
- exported_dalvik_prop
exported_ffs_prop
exported_system_radio_prop
exported2_system_prop
@@ -332,3 +331,11 @@
} {
userspace_reboot_test_prop
}:property_service set;
+
+neverallow {
+ -init
+ -system_server
+ -vendor_init
+} {
+ surfaceflinger_color_prop
+}:property_service set;
diff --git a/private/property_contexts b/private/property_contexts
index da47bdc..f18a23d 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -22,6 +22,7 @@
hw. u:object_r:system_prop:s0
ro.hw. u:object_r:system_prop:s0
sys. u:object_r:system_prop:s0
+sys.audio. u:object_r:audio_prop:s0
sys.init.perf_lsm_hooks u:object_r:init_perf_lsm_hooks_prop:s0
sys.cppreopt u:object_r:cppreopt_prop:s0
sys.lpdumpd u:object_r:lpdumpd_prop:s0
@@ -262,66 +263,77 @@
camera.disable_zsl_mode u:object_r:exported3_default_prop:s0 exact bool
camera.fifo.disable u:object_r:exported3_default_prop:s0 exact int
-dalvik.vm.appimageformat u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.backgroundgctype u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.boot-dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.boot-dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
-dalvik.vm.boot-image u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.checkjni u:object_r:exported_dalvik_prop:s0 exact bool
-dalvik.vm.dex2oat-Xms u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.dex2oat-Xmx u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.dex2oat-filter u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.dex2oat-flags u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
-dalvik.vm.dexopt.secondary u:object_r:exported_dalvik_prop:s0 exact bool
-dalvik.vm.execution-mode u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.extra-opts u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.foreground-heap-growth-multiplier u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.gctype u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.heapgrowthlimit u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.heapmaxfree u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.heapminfree u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.heapsize u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.heapstartsize u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.heaptargetutilization u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.hot-startup-method-samples u:object_r:exported_dalvik_prop:s0 exact int
-dalvik.vm.image-dex2oat-Xms u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.image-dex2oat-Xmx u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.image-dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.image-dex2oat-filter u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.image-dex2oat-flags u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.image-dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
-dalvik.vm.isa.arm.features u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.isa.arm.variant u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.isa.arm64.features u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.isa.arm64.variant u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.isa.mips.features u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.isa.mips.variant u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.isa.mips64.features u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.isa.mips64.variant u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.isa.unknown.features u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.isa.unknown.variant u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.isa.x86.features u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.isa.x86.variant u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.isa.x86_64.features u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.isa.x86_64.variant u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.jitinitialsize u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.jitmaxsize u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.jitprithreadweight u:object_r:exported_dalvik_prop:s0 exact int
-dalvik.vm.jitthreshold u:object_r:exported_dalvik_prop:s0 exact int
-dalvik.vm.jittransitionweight u:object_r:exported_dalvik_prop:s0 exact int
-dalvik.vm.jniopts u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.lockprof.threshold u:object_r:exported_dalvik_prop:s0 exact int
-dalvik.vm.method-trace u:object_r:exported_dalvik_prop:s0 exact bool
-dalvik.vm.method-trace-file u:object_r:exported_dalvik_prop:s0 exact string
-dalvik.vm.method-trace-file-siz u:object_r:exported_dalvik_prop:s0 exact int
-dalvik.vm.method-trace-stream u:object_r:exported_dalvik_prop:s0 exact bool
-dalvik.vm.profilesystemserver u:object_r:exported_dalvik_prop:s0 exact bool
-dalvik.vm.profilebootclasspath u:object_r:exported_dalvik_prop:s0 exact bool
-dalvik.vm.usejit u:object_r:exported_dalvik_prop:s0 exact bool
-dalvik.vm.usejitprofiles u:object_r:exported_dalvik_prop:s0 exact bool
-dalvik.vm.zygote.max-boot-retry u:object_r:exported_dalvik_prop:s0 exact int
+# Should always_debuggable be bool? It's checked against the string "1".
+dalvik.vm.always_debuggable u:object_r:dalvik_config_prop:s0 exact int
+dalvik.vm.appimageformat u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.backgroundgctype u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.boot-dex2oat-cpu-set u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.boot-dex2oat-threads u:object_r:dalvik_config_prop:s0 exact int
+dalvik.vm.boot-image u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.checkjni u:object_r:dalvik_config_prop:s0 exact bool
+dalvik.vm.dex2oat-Xms u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.dex2oat-Xmx u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.dex2oat-cpu-set u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.dex2oat-filter u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.dex2oat-flags u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.dex2oat-max-image-block-size u:object_r:dalvik_config_prop:s0 exact int
+dalvik.vm.dex2oat-minidebuginfo u:object_r:dalvik_config_prop:s0 exact bool
+dalvik.vm.dex2oat-resolve-startup-strings u:object_r:dalvik_config_prop:s0 exact bool
+dalvik.vm.dex2oat-threads u:object_r:dalvik_config_prop:s0 exact int
+dalvik.vm.dex2oat-updatable-bcp-packages-file u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.dex2oat-very-large u:object_r:dalvik_config_prop:s0 exact int
+dalvik.vm.dex2oat-swap u:object_r:dalvik_config_prop:s0 exact bool
+dalvik.vm.dex2oat64.enabled u:object_r:dalvik_config_prop:s0 exact bool
+dalvik.vm.dexopt.secondary u:object_r:dalvik_config_prop:s0 exact bool
+dalvik.vm.execution-mode u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.extra-opts u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.foreground-heap-growth-multiplier u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.gctype u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.heapgrowthlimit u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.heapmaxfree u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.heapminfree u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.heapsize u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.heapstartsize u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.heaptargetutilization u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.hot-startup-method-samples u:object_r:dalvik_config_prop:s0 exact int
+dalvik.vm.image-dex2oat-Xms u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.image-dex2oat-Xmx u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.image-dex2oat-cpu-set u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.image-dex2oat-filter u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.image-dex2oat-flags u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.image-dex2oat-threads u:object_r:dalvik_config_prop:s0 exact int
+dalvik.vm.isa.arm.features u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.isa.arm.variant u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.isa.arm64.features u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.isa.arm64.variant u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.isa.mips.features u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.isa.mips.variant u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.isa.mips64.features u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.isa.mips64.variant u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.isa.unknown.features u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.isa.unknown.variant u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.isa.x86.features u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.isa.x86.variant u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.isa.x86_64.features u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.isa.x86_64.variant u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.jitinitialsize u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.jitmaxsize u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.jitprithreadweight u:object_r:dalvik_config_prop:s0 exact int
+dalvik.vm.jitthreshold u:object_r:dalvik_config_prop:s0 exact int
+dalvik.vm.jittransitionweight u:object_r:dalvik_config_prop:s0 exact int
+dalvik.vm.jniopts u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.lockprof.threshold u:object_r:dalvik_config_prop:s0 exact int
+dalvik.vm.method-trace u:object_r:dalvik_config_prop:s0 exact bool
+dalvik.vm.method-trace-file u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.method-trace-file-siz u:object_r:dalvik_config_prop:s0 exact int
+dalvik.vm.method-trace-stream u:object_r:dalvik_config_prop:s0 exact bool
+dalvik.vm.profilesystemserver u:object_r:dalvik_config_prop:s0 exact bool
+dalvik.vm.profilebootclasspath u:object_r:dalvik_config_prop:s0 exact bool
+dalvik.vm.restore-dex2oat-cpu-set u:object_r:dalvik_config_prop:s0 exact string
+dalvik.vm.restore-dex2oat-threads u:object_r:dalvik_config_prop:s0 exact int
+dalvik.vm.usejit u:object_r:dalvik_config_prop:s0 exact bool
+dalvik.vm.usejitprofiles u:object_r:dalvik_config_prop:s0 exact bool
+dalvik.vm.zygote.max-boot-retry u:object_r:dalvik_config_prop:s0 exact int
drm.service.enabled u:object_r:exported3_default_prop:s0 exact bool
@@ -348,9 +360,6 @@
persist.sys.dalvik.vm.lib.2 u:object_r:exported2_system_prop:s0 exact string
persist.sys.media.avsync u:object_r:exported2_system_prop:s0 exact bool
persist.sys.hdmi.keep_awake u:object_r:exported2_system_prop:s0 exact bool
-persist.sys.sf.color_mode u:object_r:exported2_system_prop:s0 exact int
-persist.sys.sf.color_saturation u:object_r:exported2_system_prop:s0 exact string
-persist.sys.sf.native_mode u:object_r:exported2_system_prop:s0 exact int
pm.dexopt.ab-ota u:object_r:exported_pm_prop:s0 exact string
pm.dexopt.bg-dexopt u:object_r:exported_pm_prop:s0 exact string
@@ -404,7 +413,10 @@
ro.crypto.volume.metadata.method u:object_r:vold_config_prop:s0 exact string
ro.crypto.volume.options u:object_r:vold_config_prop:s0 exact string
-ro.dalvik.vm.native.bridge u:object_r:exported_dalvik_prop:s0 exact string
+ro.dalvik.vm.native.bridge u:object_r:dalvik_config_prop:s0 exact string
+
+external_storage.projid.enabled u:object_r:storage_config_prop:s0 exact bool
+external_storage.casefold.enabled u:object_r:storage_config_prop:s0 exact bool
ro.enable_boot_charger_mode u:object_r:exported3_default_prop:s0 exact bool
@@ -450,9 +462,6 @@
ro.statsd.enable u:object_r:exported3_default_prop:s0 exact bool
-ro.sf.disable_triple_buffer u:object_r:exported3_default_prop:s0 exact bool
-ro.sf.lcd_density u:object_r:exported3_default_prop:s0 exact int
-
ro.storage_manager.enabled u:object_r:exported3_default_prop:s0 exact bool
ro.telephony.call_ring.multiple u:object_r:exported3_default_prop:s0 exact bool
@@ -494,13 +503,13 @@
# vendor-init-readable
apexd.status u:object_r:apexd_prop:s0 exact enum starting activated ready
-dev.bootcomplete u:object_r:exported3_system_prop:s0 exact bool
+dev.bootcomplete u:object_r:boot_status_prop:s0 exact bool
+sys.boot_completed u:object_r:boot_status_prop:s0 exact bool
persist.sys.device_provisioned u:object_r:exported3_system_prop:s0 exact string
persist.sys.theme u:object_r:theme_prop:s0 exact string
persist.sys.usb.usbradio.config u:object_r:exported3_system_prop:s0 exact string
-sys.boot_completed u:object_r:exported3_system_prop:s0 exact bool
sys.retaildemo.enabled u:object_r:exported3_system_prop:s0 exact int
sys.user.0.ce_available u:object_r:exported3_system_prop:s0 exact bool
sys.vdso u:object_r:exported3_system_prop:s0 exact string
@@ -719,6 +728,7 @@
ro.kernel.qemu u:object_r:exported_default_prop:s0 exact bool
ro.kernel.qemu. u:object_r:exported_default_prop:s0
ro.kernel.android.bootanim u:object_r:exported_default_prop:s0 exact int
+ro.kernel.ebpf.supported u:object_r:exported_default_prop:s0 exact bool
ro.odm.build.date u:object_r:exported_default_prop:s0 exact string
ro.odm.build.date.utc u:object_r:exported_default_prop:s0 exact int
@@ -756,16 +766,21 @@
ro.vts.coverage u:object_r:exported_default_prop:s0 exact int
wifi.active.interface u:object_r:exported_wifi_prop:s0 exact string
+wifi.aware.interface u:object_r:exported_wifi_prop:s0 exact string
wifi.concurrent.interface u:object_r:exported_default_prop:s0 exact string
wifi.direct.interface u:object_r:exported_default_prop:s0 exact string
wifi.interface u:object_r:exported_default_prop:s0 exact string
ro.apex.updatable u:object_r:exported_default_prop:s0 exact bool
+# Property to enable incremental feature
+ro.incremental.enable u:object_r:incremental_prop:s0
+
# Properties to configure userspace reboot.
init.userspace_reboot.is_supported u:object_r:userspace_reboot_config_prop:s0 exact bool
init.userspace_reboot.sigkill.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int
init.userspace_reboot.sigterm.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int
+init.userspace_reboot.started.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int
init.userspace_reboot.userdata_remount.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int
init.userspace_reboot.watchdog.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int
@@ -779,7 +794,7 @@
sys.shutdown.requested u:object_r:exported_system_prop:s0 exact string
-# Using Sysprop as API. So the ro.surface_flinger.* are guaranteed to be API-stable
+# surfaceflinger properties
ro.surface_flinger.default_composition_dataspace u:object_r:surfaceflinger_prop:s0 exact int
ro.surface_flinger.default_composition_pixel_format u:object_r:surfaceflinger_prop:s0 exact int
ro.surface_flinger.force_hwc_copy_for_virtual_displays u:object_r:surfaceflinger_prop:s0 exact bool
@@ -814,6 +829,13 @@
ro.surface_flinger.color_space_agnostic_dataspace u:object_r:surfaceflinger_prop:s0 exact int
ro.surface_flinger.refresh_rate_switching u:object_r:surfaceflinger_prop:s0 exact bool
+ro.sf.disable_triple_buffer u:object_r:surfaceflinger_prop:s0 exact bool
+ro.sf.lcd_density u:object_r:surfaceflinger_prop:s0 exact int
+
+persist.sys.sf.color_mode u:object_r:surfaceflinger_color_prop:s0 exact int
+persist.sys.sf.color_saturation u:object_r:surfaceflinger_color_prop:s0 exact string
+persist.sys.sf.native_mode u:object_r:surfaceflinger_color_prop:s0 exact int
+
# Binder cache properties. These are world-readable
cache_key.app_inactive u:object_r:binder_cache_system_server_prop:s0
cache_key.is_compat_change_enabled u:object_r:binder_cache_system_server_prop:s0
diff --git a/private/recovery.te b/private/recovery.te
index eee1698..b522230 100644
--- a/private/recovery.te
+++ b/private/recovery.te
@@ -20,5 +20,8 @@
# Read ro.boot.bootreason
get_prop(recovery, bootloader_boot_reason_prop)
+ # Read storage properties (for correctly formatting filesystems)
+ get_prop(recovery, storage_config_prop)
+
set_prop(recovery, gsid_prop)
')
diff --git a/private/seapp_contexts b/private/seapp_contexts
index 6c3b607..1bad9c1 100644
--- a/private/seapp_contexts
+++ b/private/seapp_contexts
@@ -165,6 +165,7 @@
user=_app isPrivApp=true name=com.google.android.gms domain=gmscore_app type=privapp_data_file levelFrom=user
user=_app isPrivApp=true name=com.google.android.gms.* domain=gmscore_app type=privapp_data_file levelFrom=user
user=_app isPrivApp=true name=com.google.android.gms:* domain=gmscore_app type=privapp_data_file levelFrom=user
+user=_app isPrivApp=true name=com.google.android.gsf domain=gmscore_app type=privapp_data_file levelFrom=user
user=_app minTargetSdkVersion=30 domain=untrusted_app type=app_data_file levelFrom=all
user=_app minTargetSdkVersion=29 domain=untrusted_app_29 type=app_data_file levelFrom=all
user=_app minTargetSdkVersion=28 domain=untrusted_app_27 type=app_data_file levelFrom=all
diff --git a/private/service_contexts b/private/service_contexts
index 5e9b212..d345073 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -77,6 +77,7 @@
dumpstate u:object_r:dumpstate_service:s0
dynamic_system u:object_r:dynamic_system_service:s0
econtroller u:object_r:radio_service:s0
+emergency_affordance u:object_r:emergency_affordance_service:s0
euicc_card_controller u:object_r:radio_service:s0
external_vibrator_service u:object_r:external_vibrator_service:s0
lowpan u:object_r:lowpan_service:s0
diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index 373889c..973350e 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@@ -51,14 +51,9 @@
# Create and use netlink kobject uevent sockets.
allow surfaceflinger self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
-# Get properties.
-get_prop(surfaceflinger, surfaceflinger_prop)
-neverallow { domain -coredomain -vendor_init } surfaceflinger_prop:file no_rw_file_perms;
-
# Set properties.
set_prop(surfaceflinger, system_prop)
set_prop(surfaceflinger, exported_system_prop)
-set_prop(surfaceflinger, exported2_system_prop)
set_prop(surfaceflinger, exported3_system_prop)
set_prop(surfaceflinger, ctl_bootanim_prop)
diff --git a/private/system_app.te b/private/system_app.te
index 0b77bb3..73acb95 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -84,9 +84,6 @@
# Allow system apps to interact with incidentd
binder_call(system_app, incidentd)
-# Allow system apps to interact with gpuservice
-binder_call(system_app, gpuservice)
-
# Allow system app to interact with Dumpstate HAL
hal_client_domain(system_app, hal_dumpstate)
diff --git a/private/system_server.te b/private/system_server.te
index 075c9af..18b62a7 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -619,6 +619,9 @@
set_prop(system_server, pm_prop)
set_prop(system_server, exported_pm_prop)
set_prop(system_server, socket_hook_prop)
+set_prop(system_server, audio_prop)
+set_prop(system_server, boot_status_prop)
+set_prop(system_server, surfaceflinger_color_prop)
userdebug_or_eng(`set_prop(system_server, wifi_log_prop)')
# ctl interface
@@ -678,6 +681,9 @@
# Read wifi.interface
get_prop(system_server, wifi_prop)
+# Read the vendor property that indicates if Incremental features is enabled
+get_prop(system_server, incremental_prop)
+
# Create a socket for connections from debuggerd.
allow system_server system_ndebug_socket:sock_file create_file_perms;
@@ -1162,3 +1168,5 @@
# Do not allow any domain other than init or system server to set the property
neverallow { domain -init -system_server } socket_hook_prop:property_service set;
+
+neverallow { domain -init -system_server } boot_status_prop:property_service set;
diff --git a/private/traced.te b/private/traced.te
index 7ecfb7f..2410d7e 100644
--- a/private/traced.te
+++ b/private/traced.te
@@ -24,7 +24,10 @@
allow traced perfetto:fd use;
allow traced shell:fd use;
allow traced shell:fifo_file { read write };
-allow traced perfetto_traces_data_file:file { read write };
+
+# Allow the service to create new files within /data/misc/perfetto-traces.
+allow traced perfetto_traces_data_file:file create_file_perms;
+allow traced perfetto_traces_data_file:dir rw_dir_perms;
# Allow traceur to pass open file descriptors to traced, so traced can directly
# write into the output file without doing roundtrips over IPC.
@@ -78,6 +81,7 @@
# passed through the socket.
neverallow traced {
data_file_type
+ -perfetto_traces_data_file
-system_data_file
-system_data_root_file
# TODO(b/72998741) Remove vendor_data_file exemption. Further restricted in a
diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index d9fd5a1..4acc0e8 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -98,10 +98,6 @@
allow untrusted_app_all radio_service:service_manager find;
allow untrusted_app_all app_api_service:service_manager find;
allow untrusted_app_all vr_manager_service:service_manager find;
-allow untrusted_app_all gpu_service:service_manager find;
-
-# Allow untrusted apps to interact with gpuservice
-binder_call(untrusted_app_all, gpuservice)
# gdbserver for ndk-gdb ptrace attaches to app process.
allow untrusted_app_all self:process ptrace;
diff --git a/private/vold.te b/private/vold.te
index 3210779..e62d7a9 100644
--- a/private/vold.te
+++ b/private/vold.te
@@ -20,6 +20,8 @@
# Property Service
get_prop(vold, vold_config_prop)
+get_prop(vold, storage_config_prop);
+get_prop(vold, incremental_prop);
set_prop(vold, vold_prop)
set_prop(vold, vold_status_prop)
diff --git a/public/app.te b/public/app.te
index e5b9fd6..2c8e335 100644
--- a/public/app.te
+++ b/public/app.te
@@ -219,6 +219,8 @@
binder_call(appdomain, appdomain)
# Perform binder IPC to ephemeral apps.
binder_call(appdomain, ephemeral_app)
+# Perform binder IPC to gpuservice.
+binder_call({ appdomain -isolated_app }, gpuservice)
# Talk with graphics composer fences
allow appdomain hal_graphics_composer:fd use;
@@ -566,6 +568,9 @@
-system_app
} { bluetooth_audio_hal_prop bluetooth_a2dp_offload_prop bluetooth_prop exported_bluetooth_prop }:file create_file_perms;
+# Don't allow apps access to storage configuration properties.
+neverallow appdomain storage_config_prop:file no_rw_file_perms;
+
# Apps cannot access proc_uid_time_in_state
neverallow appdomain proc_uid_time_in_state:file *;
diff --git a/public/domain.te b/public/domain.te
index 8a747ed..8e6e150 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -105,6 +105,7 @@
get_prop(domain, exported2_default_prop)
get_prop(domain, logd_prop)
get_prop(domain, socket_hook_prop)
+get_prop(domain, surfaceflinger_prop)
get_prop(domain, vendor_socket_hook_prop)
get_prop(domain, vndk_prop)
get_prop(domain, vold_status_prop)
@@ -531,6 +532,7 @@
neverallow { domain -init } exported2_default_prop:property_service set;
neverallow { domain -init -vendor_init } exported3_default_prop:property_service set;
neverallow { domain -init -vendor_init } vendor_default_prop:property_service set;
+ neverallow { domain -init -vendor_init } storage_config_prop:property_service set;
')
compatible_property_only(`
diff --git a/public/drmserver.te b/public/drmserver.te
index 12c080a..e2c6638 100644
--- a/public/drmserver.te
+++ b/public/drmserver.te
@@ -49,6 +49,9 @@
allow drmserver oemfs:dir search;
allow drmserver oemfs:file r_file_perms;
+# overlay package access
+allow drmserver vendor_overlay_file:file { read map };
+
add_service(drmserver, drmserver_service)
allow drmserver permission_service:service_manager find;
allow drmserver mediametrics_service:service_manager find;
diff --git a/public/hal_audio.te b/public/hal_audio.te
index d54b2b2..5958f2c 100644
--- a/public/hal_audio.te
+++ b/public/hal_audio.te
@@ -30,10 +30,6 @@
# Should never execute any executable without a domain transition
neverallow hal_audio_server { file_type fs_type }:file execute_no_trans;
-# Should never need network access.
-# Disallow network sockets.
-neverallow hal_audio_server domain:{ tcp_socket udp_socket rawip_socket } *;
-
# Only audio HAL may directly access the audio hardware
neverallow { halserverdomain -hal_audio_server -hal_omx_server } audio_device:chr_file *;
diff --git a/public/hal_drm.te b/public/hal_drm.te
index d86edaf..5987491 100644
--- a/public/hal_drm.te
+++ b/public/hal_drm.te
@@ -24,6 +24,9 @@
allow hal_drm ion_device:chr_file rw_file_perms;
allow hal_drm hal_graphics_allocator:fd use;
+# Allow access to hidl_memory allocation service
+allow hal_drm hal_allocator_server:fd use;
+
# Allow access to fds allocated by mediaserver
allow hal_drm mediaserver:fd use;
diff --git a/public/hal_neuralnetworks.te b/public/hal_neuralnetworks.te
index f8d6ff5..228d990 100644
--- a/public/hal_neuralnetworks.te
+++ b/public/hal_neuralnetworks.te
@@ -18,6 +18,9 @@
# Allow NN HAL service to read a client-provided ION memory fd.
allow hal_neuralnetworks_server ion_device:chr_file r_file_perms;
+# Allow NN HAL service to use a client-provided fd residing in /storage
+allow hal_neuralnetworks_server storage_file:file { getattr map read };
+
# Allow NN HAL client to check the ro.nnapi.extensions.deny_on_product
# property to determine whether to deny NNAPI extensions use for apps
# on product partition (apps in GSI are not allowed to use NNAPI extensions).
diff --git a/public/mediaextractor.te b/public/mediaextractor.te
index 4bee4f8..1f34030 100644
--- a/public/mediaextractor.te
+++ b/public/mediaextractor.te
@@ -34,6 +34,9 @@
allow mediaextractor asec_apk_file:file { read getattr };
allow mediaextractor ringtone_file:file { read getattr };
+# overlay package access
+allow mediaextractor vendor_overlay_file:file { read map };
+
# scan extractor library directory to dynamically load extractors
allow mediaextractor system_file:dir { read open };
diff --git a/public/mediaserver.te b/public/mediaserver.te
index 832eaa3..86db99c 100644
--- a/public/mediaserver.te
+++ b/public/mediaserver.te
@@ -128,6 +128,9 @@
# b/120491318 allow mediaserver to access void:fd
allow mediaserver vold:fd use;
+# overlay package access
+allow mediaserver vendor_overlay_file:file { read getattr map };
+
hal_client_domain(mediaserver, hal_allocator)
###
diff --git a/public/mediatranscoding.te b/public/mediatranscoding.te
index 386535b..5b64083 100644
--- a/public/mediatranscoding.te
+++ b/public/mediatranscoding.te
@@ -3,11 +3,13 @@
type mediatranscoding_exec, system_file_type, exec_type, file_type;
binder_use(mediatranscoding)
+binder_call(mediatranscoding, binderservicedomain)
binder_service(mediatranscoding)
add_service(mediatranscoding, mediatranscoding_service)
allow mediatranscoding system_server:fd use;
+allow mediatranscoding activity_service:service_manager find;
# mediatranscoding should never execute any executable without a
# domain transition
diff --git a/public/property.te b/public/property.te
index cbf17bf..8e5a7fc 100644
--- a/public/property.te
+++ b/public/property.te
@@ -54,11 +54,10 @@
')
# Properties which can't be written outside system
-
-# Properties used by binder caches
system_restricted_prop(binder_cache_bluetooth_server_prop)
system_restricted_prop(binder_cache_system_server_prop)
system_restricted_prop(binder_cache_telephony_server_prop)
+system_restricted_prop(boot_status_prop)
system_restricted_prop(bq_config_prop)
system_restricted_prop(module_sdkextensions_prop)
system_restricted_prop(nnapi_ext_deny_product_prop)
@@ -101,12 +100,15 @@
# Properties which can be written only by vendor_init
system_vendor_config_prop(apk_verity_prop)
system_vendor_config_prop(cpu_variant_prop)
+system_vendor_config_prop(dalvik_config_prop)
system_vendor_config_prop(exported_audio_prop)
system_vendor_config_prop(exported_camera_prop)
system_vendor_config_prop(exported_config_prop)
system_vendor_config_prop(exported_default_prop)
system_vendor_config_prop(exported3_default_prop)
+system_vendor_config_prop(incremental_prop)
system_vendor_config_prop(media_variant_prop)
+system_vendor_config_prop(storage_config_prop)
system_vendor_config_prop(surfaceflinger_prop)
system_vendor_config_prop(systemsound_config_prop)
system_vendor_config_prop(userspace_reboot_config_prop)
@@ -133,7 +135,6 @@
system_public_prop(exported2_system_prop)
system_public_prop(exported3_radio_prop)
system_public_prop(exported_bluetooth_prop)
-system_public_prop(exported_dalvik_prop)
system_public_prop(exported_ffs_prop)
system_public_prop(exported_overlay_prop)
system_public_prop(exported_pm_prop)
@@ -152,6 +153,7 @@
system_public_prop(powerctl_prop)
system_public_prop(radio_prop)
system_public_prop(serialno_prop)
+system_public_prop(surfaceflinger_color_prop)
system_public_prop(system_prop)
system_public_prop(wifi_log_prop)
system_public_prop(wifi_prop)
diff --git a/public/service.te b/public/service.te
index 1dcd0a7..7dc0e15 100644
--- a/public/service.te
+++ b/public/service.te
@@ -11,7 +11,7 @@
type fingerprintd_service, service_manager_type;
type hal_fingerprint_service, service_manager_type;
type gatekeeper_service, app_api_service, service_manager_type;
-type gpu_service, app_api_service, service_manager_type;
+type gpu_service, app_api_service, ephemeral_app_api_service, service_manager_type;
type idmap_service, service_manager_type;
type iorapd_service, service_manager_type;
type incident_service, service_manager_type;
@@ -203,6 +203,7 @@
type inputflinger_service, system_api_service, system_server_service, service_manager_type;
type wpantund_service, system_api_service, service_manager_type;
type tethering_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type emergency_affordance_service, system_server_service, service_manager_type;
###
### HAL Services
diff --git a/public/shell.te b/public/shell.te
index 712307f..822f4ca 100644
--- a/public/shell.te
+++ b/public/shell.te
@@ -91,7 +91,7 @@
hwbinder_use(shell)
allow shell hwservicemanager:hwservice_manager list;
-# allow shell to look through /proc/ for lsmod, ps, top, netstat.
+# allow shell to look through /proc/ for lsmod, ps, top, netstat, vmstat.
r_dir_file(shell, proc_net_type)
allow shell {
@@ -107,6 +107,7 @@
proc_timer
proc_uptime
proc_version
+ proc_vmstat
proc_zoneinfo
}:file r_file_perms;
diff --git a/public/vendor_init.te b/public/vendor_init.te
index bd9ec16..cd96643 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -215,7 +215,6 @@
set_prop(vendor_init, exported_bluetooth_prop)
set_prop(vendor_init, exported_camera_prop)
set_prop(vendor_init, exported_config_prop)
-set_prop(vendor_init, exported_dalvik_prop)
set_prop(vendor_init, exported_default_prop)
set_prop(vendor_init, exported_ffs_prop)
set_prop(vendor_init, exported_overlay_prop)
@@ -226,11 +225,13 @@
set_prop(vendor_init, exported2_system_prop)
set_prop(vendor_init, exported3_default_prop)
set_prop(vendor_init, exported3_radio_prop)
+set_prop(vendor_init, incremental_prop)
set_prop(vendor_init, logd_prop)
set_prop(vendor_init, log_tag_prop)
set_prop(vendor_init, log_prop)
set_prop(vendor_init, rebootescrow_hal_prop)
set_prop(vendor_init, serialno_prop)
+set_prop(vendor_init, surfaceflinger_color_prop)
set_prop(vendor_init, userspace_reboot_config_prop)
set_prop(vendor_init, vehicle_hal_prop)
set_prop(vendor_init, vendor_default_prop)
@@ -239,6 +240,7 @@
set_prop(vendor_init, virtual_ab_prop)
set_prop(vendor_init, wifi_log_prop)
+get_prop(vendor_init, boot_status_prop)
get_prop(vendor_init, exported2_radio_prop)
get_prop(vendor_init, exported3_system_prop)
get_prop(vendor_init, theme_prop)
diff --git a/tests/treble_sepolicy_tests.py b/tests/treble_sepolicy_tests.py
index f721795..2b25ed7 100644
--- a/tests/treble_sepolicy_tests.py
+++ b/tests/treble_sepolicy_tests.py
@@ -13,10 +13,14 @@
Use file_contexts and policy to verify Treble requirements
are not violated.
'''
-###
-# TODO: how do we make sure vendor_init doesn't have bad coupling with /vendor?
coredomainWhitelist = {
+ # TODO: how do we make sure vendor_init doesn't have bad coupling with
+ # /vendor? It is the only system process which is not coredomain.
'vendor_init',
+ # TODO(b/152813275): need to avoid whitelist for rootdir
+ "modprobe",
+ "slideshow",
+ "healthd",
}
class scontext:
@@ -28,6 +32,7 @@
self.attributes = set()
self.entrypoints = []
self.entrypointpaths = []
+ self.error = ""
def PrintScontexts():
for d in sorted(alldomains.keys()):
@@ -80,32 +85,42 @@
global alldomains
global coredomains
for d in alldomains:
+ domain = alldomains[d]
# TestCoredomainViolations will verify if coredomain was incorrectly
# applied.
- if "coredomain" in alldomains[d].attributes:
- alldomains[d].coredomain = True
+ if "coredomain" in domain.attributes:
+ domain.coredomain = True
coredomains.add(d)
# check whether domains are executed off of /system or /vendor
if d in coredomainWhitelist:
continue
- # TODO, add checks to prevent app domains from being incorrectly
- # labeled as coredomain. Apps don't have entrypoints as they're always
- # dynamically transitioned to by zygote.
+ # TODO(b/153112003): add checks to prevent app domains from being
+ # incorrectly labeled as coredomain. Apps don't have entrypoints as
+ # they're always dynamically transitioned to by zygote.
if d in appdomains:
continue
- if not alldomains[d].entrypointpaths:
+ # TODO(b/153112747): need to handle cases where there is a dynamic
+ # transition OR there happens to be no context in AOSP files.
+ if not domain.entrypointpaths:
continue
- for path in alldomains[d].entrypointpaths:
- # Processes with entrypoint on /system
- if ((MatchPathPrefix(path, "/system") and not
- MatchPathPrefix(path, "/system/vendor")) or
- MatchPathPrefix(path, "/init") or
- MatchPathPrefix(path, "/charger")):
- alldomains[d].fromSystem = True
- # Processes with entrypoint on /vendor or /system/vendor
- if (MatchPathPrefix(path, "/vendor") or
- MatchPathPrefix(path, "/system/vendor")):
- alldomains[d].fromVendor = True
+
+ for path in domain.entrypointpaths:
+ vendor = any(MatchPathPrefix(path, prefix) for prefix in
+ ["/vendor", "/odm"])
+ system = any(MatchPathPrefix(path, prefix) for prefix in
+ ["/init", "/system_ext", "/product" ])
+
+ # only mark entrypoint as system if it is not in legacy /system/vendor
+ if MatchPathPrefix(path, "/system/vendor"):
+ vendor = True
+ elif MatchPathPrefix(path, "/system"):
+ system = True
+
+ if not vendor and not system:
+ domain.error += "Unrecognized entrypoint for " + d + " at " + path + "\n"
+
+ domain.fromSystem = domain.fromSystem or system
+ domain.fromVendor = domain.fromVendor or vendor
###
# Add the entrypoint type and path(s) to each domain.
@@ -173,6 +188,15 @@
# verify that all domains launched from /system have the coredomain
# attribute
ret = ""
+
+ for d in alldomains:
+ domain = alldomains[d]
+ if domain.fromSystem and domain.fromVendor:
+ ret += "The following domain is system and vendor: " + d + "\n"
+
+ for domain in alldomains.values():
+ ret += domain.error
+
violators = []
for d in alldomains:
domain = alldomains[d]
diff --git a/vendor/hal_drm_default.te b/vendor/hal_drm_default.te
index cf8d894..e534762 100644
--- a/vendor/hal_drm_default.te
+++ b/vendor/hal_drm_default.te
@@ -6,5 +6,3 @@
allow hal_drm_default hal_codec2_server:fd use;
allow hal_drm_default hal_omx_server:fd use;
-
-allow hal_drm_default hal_allocator_server:fd use;