commit c057ed4d39c01b435d6f5687c8beebd792643498
author Jiyong Park <jiyong@google.com> Tue Nov 26 07:21:05 2024 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Tue Nov 26 07:21:05 2024 +0000
tree 2dcf5522b3a252d3de1edaff6b633b46a79dd1ce
parent f3803457a9e7a522f7d300574fe7b901ce2c118d
parent 2fd980647d796c19d084ed3f21b56d0467bc4c60

Merge "Revert "Add sepolicy for terminal app for composite disk and disk resizing"" into main

private/flags_health_check.te

diff --git a/private/flags_health_check.te b/private/flags_health_check.te
index c6785dd..db7f08f 100644
--- a/private/flags_health_check.te
+++ b/private/flags_health_check.te
@@ -34,6 +34,7 @@
 set_prop(flags_health_check, device_config_remote_key_provisioning_native_prop)
 set_prop(flags_health_check, device_config_camera_native_prop)
 set_prop(flags_health_check, device_config_tethering_u_or_later_native_prop)
+set_prop(flags_health_check, device_config_mmd_native_prop)
 set_prop(flags_health_check, next_boot_prop)
 
 allow flags_health_check server_configurable_flags_data_file:dir rw_dir_perms;

private/init.te

diff --git a/private/init.te b/private/init.te
index 15f79e3..b16e918 100644
--- a/private/init.te
+++ b/private/init.te
@@ -87,7 +87,6 @@
 
 # Allow init to set/get prefetch boot prop to initiate record/replay
 set_prop(init, ctl_prefetch_prop);
-get_prop(init, prefetch_boot_prop);
 
 # Allow accessing /sys/kernel/tracing/instances/bootreceiver to set up tracing.
 allow init debugfs_bootreceiver_tracing:file w_file_perms;

private/mmd.te

diff --git a/private/mmd.te b/private/mmd.te
index 193c307..d299bd8 100644
--- a/private/mmd.te
+++ b/private/mmd.te
@@ -5,6 +5,10 @@
 
 init_daemon_domain(mmd)
 
+# Set mmd.enabled_aconfig properties.
+set_prop(mmd, mmd_prop)
+get_prop(mmd, device_config_mmd_native_prop)
+
 # mmd binder setup
 add_service(mmd, mmd_service)
 binder_use(mmd)

private/prefetch.te

diff --git a/private/prefetch.te b/private/prefetch.te
index c7ee8b1..21287f3 100644
--- a/private/prefetch.te
+++ b/private/prefetch.te
@@ -13,15 +13,12 @@
 allow prefetch prefetch_metadata_file:dir rw_dir_perms;
 allow prefetch prefetch_metadata_file:file create_file_perms;
 
+get_prop(prefetch, prefetch_boot_prop);
+set_prop(prefetch, prefetch_service_prop);
+
 # Disallow other domains controlling prefetch service.
 neverallow {
   domain
   -init
   -shell
 } ctl_prefetch_prop:property_service set;
-
-# Disallow other domains controlling prefetch_boot_prop.
-neverallow {
-  domain
-  -init
-} prefetch_boot_prop:property_service set;

private/property.te

diff --git a/private/property.te b/private/property.te
index e098fb2..ccea344 100644
--- a/private/property.te
+++ b/private/property.te
@@ -10,6 +10,7 @@
 system_internal_prop(device_config_core_experiments_team_internal_prop)
 system_internal_prop(device_config_lmkd_native_prop)
 system_internal_prop(device_config_mglru_native_prop)
+system_internal_prop(device_config_mmd_native_prop)
 system_internal_prop(device_config_profcollect_native_boot_prop)
 system_internal_prop(device_config_remote_key_provisioning_native_prop)
 system_internal_prop(device_config_statsd_native_prop)
@@ -35,6 +36,7 @@
 system_internal_prop(localization_prop)
 system_internal_prop(logd_auditrate_prop)
 system_internal_prop(lower_kptr_restrict_prop)
+system_internal_prop(mmd_prop)
 system_internal_prop(net_464xlat_fromvendor_prop)
 system_internal_prop(net_connectivity_prop)
 system_internal_prop(netd_stable_secret_prop)
@@ -43,6 +45,7 @@
 system_internal_prop(misctrl_prop)
 system_internal_prop(perf_drop_caches_prop)
 system_internal_prop(pm_prop)
+system_internal_prop(prefetch_service_prop)
 system_internal_prop(profcollectd_node_id_prop)
 system_internal_prop(radio_cdma_ecm_prop)
 system_internal_prop(remote_prov_prop)
@@ -51,7 +54,6 @@
 system_internal_prop(setupwizard_prop)
 system_internal_prop(snapshotctl_prop)
 system_internal_prop(snapuserd_prop)
-system_internal_prop(prefetch_boot_prop)
 system_internal_prop(system_adbd_prop)
 system_internal_prop(system_audio_config_prop)
 system_internal_prop(timezone_metadata_prop)
@@ -107,6 +109,7 @@
 # Properties which should only be written by vendor_init
 system_vendor_config_prop(avf_virtualizationservice_prop)
 system_vendor_config_prop(high_barometer_quality_prop)
+system_vendor_config_prop(prefetch_boot_prop)
 
 typeattribute log_prop log_property_type;
 typeattribute log_tag_prop log_property_type;

private/property_contexts

diff --git a/private/property_contexts b/private/property_contexts
index 163c873..b650fad 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -305,6 +305,7 @@
 persist.device_config.memory_safety_native_boot.    u:object_r:device_config_memory_safety_native_boot_prop:s0
 persist.device_config.memory_safety_native.         u:object_r:device_config_memory_safety_native_prop:s0
 persist.device_config.tethering_u_or_later_native.  u:object_r:device_config_tethering_u_or_later_native_prop:s0
+persist.device_config.mmd_native.                   u:object_r:device_config_mmd_native_prop:s0
 
 # Prop indicates the apex that bundles input configuration files (*.idc,*.kl,*.kcm)
 input_device.config_file.apex    u:object_r:input_device_config_prop:s0 exact string
@@ -360,12 +361,16 @@
 ro.enable_boot_charger_mode u:object_r:charger_config_prop:s0 exact bool
 ro.product.charger.unplugged_shutdown_time  u:object_r:charger_config_prop:s0 exact int
 
-# Prefetch boot properties
+# Prefetch boot properties which are tunables
 ro.prefetch_boot.enabled u:object_r:prefetch_boot_prop:s0 exact bool
 ro.prefetch_boot.trace_buffer_size_kib u:object_r:prefetch_boot_prop:s0 exact int
 ro.prefetch_boot.duration_s u:object_r:prefetch_boot_prop:s0 exact int
 ro.prefetch_boot.io_depth u:object_r:prefetch_boot_prop:s0 exact int
 ro.prefetch_boot.max_fds u:object_r:prefetch_boot_prop:s0 exact int
+ro.prefetch_boot.record_stop u:object_r:prefetch_boot_prop:s0 exact bool
+# Prefetch property to start and stop the record/replay
+prefetch_boot.record u:object_r:prefetch_service_prop:s0 exact bool
+prefetch_boot.replay u:object_r:prefetch_service_prop:s0 exact bool
 
 # Virtual A/B and snapuserd properties
 ro.virtual_ab.enabled   u:object_r:virtual_ab_prop:s0 exact bool
@@ -1776,3 +1781,7 @@
 # Properties that allows vendors to enable Trusty security VM features
 trusty.security_vm.enabled u:object_r:trusty_security_vm_sys_vendor_prop:s0 exact bool
 trusty.security_vm.keymint.enabled u:object_r:trusty_security_vm_sys_vendor_prop:s0 exact bool
+
+# Properties for mmd
+mmd. u:object_r:mmd_prop:s0
+mmd.enabled_aconfig u:object_r:mmd_prop:s0 exact bool

private/system_server.te

diff --git a/private/system_server.te b/private/system_server.te
index aeeb566..4e86232 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -816,6 +816,7 @@
 set_prop(system_server, device_config_memory_safety_native_prop)
 set_prop(system_server, device_config_remote_key_provisioning_native_prop)
 set_prop(system_server, device_config_tethering_u_or_later_native_prop)
+set_prop(system_server, device_config_mmd_native_prop)
 set_prop(system_server, smart_idle_maint_enabled_prop)
 set_prop(system_server, arm64_memtag_prop)
 
@@ -1280,6 +1281,11 @@
 # UsbDeviceManager uses /dev/usb-ffs
 allow system_server functionfs:dir search;
 allow system_server functionfs:file rw_file_perms;
+# To resolve arbitrary sysfs paths from /sys/class/udc/* symlinks.
+starting_at_board_api(202504, `
+allow system_server sysfs_type:dir search;
+r_dir_file(system_server, sysfs_udc)
+')
 
 # system_server contains time / time zone detection logic so reads the associated properties.
 get_prop(system_server, time_prop)
@@ -1397,6 +1403,7 @@
   device_config_aconfig_flags_prop
   device_config_window_manager_native_boot_prop
   device_config_tethering_u_or_later_native_prop
+  device_config_mmd_native_prop
   next_boot_prop
 }:property_service set;
 

private/vendor_init.te

diff --git a/private/vendor_init.te b/private/vendor_init.te
index 0a2d62c..a50bc27 100644
--- a/private/vendor_init.te
+++ b/private/vendor_init.te
@@ -292,6 +292,7 @@
 set_prop(vendor_init, log_tag_prop)
 set_prop(vendor_init, log_prop)
 set_prop(vendor_init, graphics_config_writable_prop)
+set_prop(vendor_init, prefetch_boot_prop);
 set_prop(vendor_init, qemu_hw_prop)
 set_prop(vendor_init, radio_control_prop)
 set_prop(vendor_init, rebootescrow_hal_prop)