Merge "No longer label patchoat binaries in file_contexts."
diff --git a/private/apexd.te b/private/apexd.te
index 3282cfc..4f2a093 100644
--- a/private/apexd.te
+++ b/private/apexd.te
@@ -80,6 +80,10 @@
# not covered by rollback manager.
set_prop(apexd, powerctl_prop)
+# Find the vold service, and call into vold to manage FS checkpoints
+allow apexd vold_service:service_manager find;
+binder_call(apexd, vold)
+
# Apex pre- & post-install permission.
# Allow self-execute for the fork mount helper.
diff --git a/private/compat/28.0/28.0.cil b/private/compat/28.0/28.0.cil
index 18604bc..ac3ab2a 100644
--- a/private/compat/28.0/28.0.cil
+++ b/private/compat/28.0/28.0.cil
@@ -1378,6 +1378,9 @@
(typeattributeset proc_28_0
( proc
proc_keys
+ proc_pressure_cpu
+ proc_pressure_io
+ proc_pressure_mem
proc_slabinfo))
(typeattributeset proc_abi_28_0 (proc_abi))
(typeattributeset proc_asound_28_0 (proc_asound))
@@ -1540,7 +1543,8 @@
( sysfs
sysfs_devices_block
sysfs_extcon
- sysfs_loop))
+ sysfs_loop
+ sysfs_transparent_hugepage))
(typeattributeset sysfs_android_usb_28_0 (sysfs_android_usb))
(typeattributeset sysfs_batteryinfo_28_0 (sysfs_batteryinfo))
(typeattributeset sysfs_bluetooth_writable_28_0 (sysfs_bluetooth_writable))
diff --git a/private/crash_dump.te b/private/crash_dump.te
index 4c0aa18..adc46a1 100644
--- a/private/crash_dump.te
+++ b/private/crash_dump.te
@@ -1,7 +1,7 @@
typeattribute crash_dump coredomain;
-# Crash dump does not need to access the GPU.
-dontaudit crash_dump gpu_device:chr_file *;
+# Crash dump does not need to access devices passed across exec().
+dontaudit crash_dump dev_type:chr_file { read write };
allow crash_dump {
domain
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 9eeb43a..20ec084 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -24,6 +24,9 @@
genfscon proc /net/xt_qtaguid/ u:object_r:proc_qtaguid_stat:s0
genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
genfscon proc /pagetypeinfo u:object_r:proc_pagetypeinfo:s0
+genfscon proc /pressure/cpu u:object_r:proc_pressure_cpu:s0
+genfscon proc /pressure/io u:object_r:proc_pressure_io:s0
+genfscon proc /pressure/memory u:object_r:proc_pressure_mem:s0
genfscon proc /slabinfo u:object_r:proc_slabinfo:s0
genfscon proc /softirqs u:object_r:proc_timer:s0
genfscon proc /stat u:object_r:proc_stat:s0
@@ -130,6 +133,7 @@
genfscon sysfs /power/wake_unlock u:object_r:sysfs_wake_lock:s0
genfscon sysfs /kernel/memory_state_time u:object_r:sysfs_power:s0
genfscon sysfs /kernel/ipv4 u:object_r:sysfs_ipv4:s0
+genfscon sysfs /kernel/mm/transparent_hugepage u:object_r:sysfs_transparent_hugepage:s0
genfscon sysfs /kernel/notes u:object_r:sysfs_kernel_notes:s0
genfscon sysfs /kernel/uevent_helper u:object_r:sysfs_usermodehelper:s0
genfscon sysfs /kernel/wakeup_reasons u:object_r:sysfs_wakeup_reasons:s0
diff --git a/private/isolated_app.te b/private/isolated_app.te
index b7c812b..94b49b0 100644
--- a/private/isolated_app.te
+++ b/private/isolated_app.te
@@ -127,6 +127,7 @@
neverallow isolated_app {
sysfs_type
-sysfs_devices_system_cpu
+ -sysfs_transparent_hugepage
-sysfs_usb # TODO: check with audio team if needed for isolated_app (b/28417852)
}:file no_rw_file_perms;
diff --git a/private/traced_probes.te b/private/traced_probes.te
index 8aa475e..689ff5c 100644
--- a/private/traced_probes.te
+++ b/private/traced_probes.te
@@ -66,8 +66,9 @@
proc_stat
}:file r_file_perms;
-# Allow access to the IHealth HAL service for tracing battery counters.
+# Allow access to the IHealth and IPowerStats HAL service for tracing battery counters.
hal_client_domain(traced_probes, hal_health)
+hal_client_domain(traced_probes, hal_power_stats)
# On debug builds allow to ingest system logs into the trace.
userdebug_or_eng(`read_logd(traced_probes)')
diff --git a/public/domain.te b/public/domain.te
index 31d8976..e285a2e 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -205,6 +205,11 @@
r_dir_file(domain, sysfs_usb);
+# If kernel CONFIG_TRANSPARENT_HUGEPAGE is enabled, libjemalloc5 (statically
+# included by libc) reads /sys/kernel/mm/transparent_hugepage/enabled.
+allow domain sysfs_transparent_hugepage:dir search;
+allow domain sysfs_transparent_hugepage:file r_file_perms;
+
# files under /data.
not_full_treble(`
allow domain system_data_file:dir getattr;
@@ -614,14 +619,6 @@
-update_engine
} system_block_device:blk_file { write append };
-# No domains other than install_recovery, recovery or fastbootd can write to recovery.
-neverallow {
- domain
- -fastbootd
- -install_recovery
- -recovery
-} recovery_block_device:blk_file { write append };
-
# No domains other than a select few can access the misc_block_device. This
# block device is reserved for OTA use.
# Do not assert this rule on userdebug/eng builds, due to some devices using
diff --git a/public/file.te b/public/file.te
index 256bca5..d7c4cab 100644
--- a/public/file.te
+++ b/public/file.te
@@ -44,6 +44,9 @@
type proc_perf, fs_type, proc_type;
type proc_pid_max, fs_type, proc_type;
type proc_pipe_conf, fs_type, proc_type;
+type proc_pressure_cpu, fs_type, proc_type;
+type proc_pressure_io, fs_type, proc_type;
+type proc_pressure_mem, fs_type, proc_type;
type proc_random, fs_type, proc_type;
type proc_sched, fs_type, proc_type;
type proc_slabinfo, fs_type, proc_type;
@@ -89,6 +92,7 @@
type sysfs_power, fs_type, sysfs_type;
type sysfs_rtc, fs_type, sysfs_type;
type sysfs_switch, fs_type, sysfs_type;
+type sysfs_transparent_hugepage, fs_type, sysfs_type;
type sysfs_usb, fs_type, sysfs_type;
type sysfs_wakeup_reasons, fs_type, sysfs_type;
type sysfs_fs_ext4_features, sysfs_type, fs_type;
diff --git a/public/lmkd.te b/public/lmkd.te
index cd23701..518fb8f 100644
--- a/public/lmkd.te
+++ b/public/lmkd.te
@@ -49,6 +49,13 @@
# Read /proc/meminfo
allow lmkd proc_meminfo:file r_file_perms;
+# Read /proc/pressure/cpu and /proc/pressure/io
+allow lmkd proc_pressure_cpu:file r_file_perms;
+allow lmkd proc_pressure_io:file r_file_perms;
+
+# Read/Write /proc/pressure/memory
+allow lmkd proc_pressure_mem:file rw_file_perms;
+
# Allow lmkd to write to statsd.
unix_socket_send(lmkd, statsdw, statsd)
diff --git a/public/vold.te b/public/vold.te
index ace733f..c7d69be 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -9,11 +9,14 @@
r_dir_file(vold, { sysfs_type -sysfs_batteryinfo })
# XXX Label sysfs files with a specific type?
-allow vold sysfs:file w_file_perms; # writing to /sys/*/uevent during coldboot.
-allow vold sysfs_loop:file w_file_perms; # writing to /sys/block/loop*/uevent during coldboot.
-allow vold sysfs_dm:file w_file_perms;
-allow vold sysfs_usb:file w_file_perms;
-allow vold sysfs_zram_uevent:file w_file_perms;
+allow vold {
+ sysfs # writing to /sys/*/uevent during coldboot.
+ sysfs_devices_block
+ sysfs_dm
+ sysfs_loop # writing to /sys/block/loop*/uevent during coldboot.
+ sysfs_usb
+ sysfs_zram_uevent
+}:file w_file_perms;
r_dir_file(vold, rootfs)
r_dir_file(vold, metadata_file)
@@ -287,8 +290,15 @@
neverallow { domain -vold -init } restorecon_prop:property_service set;
-# Only system_server and vdc can interact with vold over binder
-neverallow { domain -system_server -vdc -vold -update_verifier } vold_service:service_manager find;
+neverallow {
+ domain
+ -system_server
+ -vdc
+ -vold
+ -update_verifier
+ -apexd
+} vold_service:service_manager find;
+
neverallow vold {
domain
-ashmemd