commit c49da6ce4bf1bf62f2f9acfa8978efca08b065ff
author Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Thu Mar 12 10:16:32 2020 +0000
committer Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Thu Mar 12 10:16:32 2020 +0000
tree dad6b12e78e4a34ad90a1f3740cf2400ae5ddb7a
parent 56eaa77b6f3c2a8d118dbeb5b283c975f770f1a1
parent e86ab0d319d0c1be3769c50e4e09eed040041d78

[automerger skipped] Prevent apps from causing presubmit failures am: a68dd136aa -s ours am: e86ab0d319 -s ours

am skip reason: Change-Id If87b9683e5694fced96a81747b1baf85ef6b2124 with SHA-1 607bc67cc9 is in history

Change-Id: I168b9d55a0771c821ecc889661f58864a83ac91c

build/soong/selinux_contexts.go

diff --git a/build/soong/selinux_contexts.go b/build/soong/selinux_contexts.go
index 03f8f19..6a7123b 100644
--- a/build/soong/selinux_contexts.go
+++ b/build/soong/selinux_contexts.go
@@ -149,10 +149,7 @@
 			inputs = append(inputs, segroup.SystemExtPrivateSrcs()...)
 		} else {
 			inputs = append(inputs, segroup.SystemPrivateSrcs()...)
-
-			if ctx.Config().ProductCompatibleProperty() {
-				inputs = append(inputs, segroup.SystemPublicSrcs()...)
-			}
+			inputs = append(inputs, segroup.SystemPublicSrcs()...)
 		}
 
 		if proptools.Bool(m.properties.Reqd_mask) {

private/compat/29.0/29.0.ignore.cil

diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index b4d39bb..fce45d8 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -22,6 +22,7 @@
     blob_store_service
     binder_cache_bluetooth_server_prop
     binder_cache_system_server_prop
+    binder_cache_telephony_server_prop
     binderfs
     binderfs_logs
     binderfs_logs_proc
@@ -39,6 +40,7 @@
     device_config_storage_native_boot_prop
     device_config_sys_traced_prop
     device_config_window_manager_native_boot_prop
+    device_config_configuration_prop
     exported_camera_prop
     file_integrity_service
     fwk_automotive_display_hwservice
@@ -79,6 +81,7 @@
     prereboot_data_file
     art_apex_dir
     rebootescrow_hal_prop
+    securityfs
     service_manager_service
     service_manager_vndservice
     simpleperf

private/file_contexts

diff --git a/private/file_contexts b/private/file_contexts
index 44f28f2..f8561b8 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -212,6 +212,7 @@
 /system/bin/fsck_msdos	--	u:object_r:fsck_exec:s0
 /system/bin/tcpdump	--	u:object_r:tcpdump_exec:s0
 /system/bin/tune2fs	--	u:object_r:fsck_exec:s0
+/system/bin/resize2fs	--	u:object_r:fsck_exec:s0
 /system/bin/toolbox	--	u:object_r:toolbox_exec:s0
 /system/bin/toybox	--	u:object_r:toolbox_exec:s0
 /system/bin/ld\.mc              u:object_r:rs_exec:s0

private/genfs_contexts

diff --git a/private/genfs_contexts b/private/genfs_contexts
index ccf6784..828929f 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -291,6 +291,8 @@
 
 genfscon debugfs /kcov								 u:object_r:debugfs_kcov:s0
 
+genfscon securityfs / u:object_r:securityfs:s0
+
 genfscon binder /binder u:object_r:binder_device:s0
 genfscon binder /hwbinder u:object_r:hwbinder_device:s0
 genfscon binder /vndbinder u:object_r:vndbinder_device:s0

private/property_contexts

diff --git a/private/property_contexts b/private/property_contexts
index cba09a5..9175d10 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -203,6 +203,7 @@
 persist.device_config.media_native.          u:object_r:device_config_media_native_prop:s0
 persist.device_config.storage_native_boot.   u:object_r:device_config_storage_native_boot_prop:s0
 persist.device_config.window_manager_native_boot. u:object_r:device_config_window_manager_native_boot_prop:s0
+persist.device_config.configuration. u:object_r:device_config_configuration_prop:s0
 
 # Properties that relate to legacy server configurable flags
 persist.device_config.global_settings.sys_traced u:object_r:device_config_sys_traced_prop:s0

private/radio.te

diff --git a/private/radio.te b/private/radio.te
index 4d48c93..17a4fdd 100644
--- a/private/radio.te
+++ b/private/radio.te
@@ -15,3 +15,8 @@
 # Manage /data/misc/emergencynumberdb
 allow radio emergency_data_file:dir r_dir_perms;
 allow radio emergency_data_file:file r_file_perms;
+
+# allow telephony to access related cache properties
+set_prop(radio, binder_cache_telephony_server_prop);
+neverallow { domain -radio -init }
+    binder_cache_telephony_server_prop:property_service set;

private/system_server.te

diff --git a/private/system_server.te b/private/system_server.te
index c9f5821..3b72518 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -636,6 +636,7 @@
 set_prop(system_server, device_config_storage_native_boot_prop)
 set_prop(system_server, device_config_sys_traced_prop)
 set_prop(system_server, device_config_window_manager_native_boot_prop)
+set_prop(system_server, device_config_configuration_prop)
 
 # BootReceiver to read ro.boot.bootreason
 get_prop(system_server, bootloader_boot_reason_prop)

public/domain.te

diff --git a/public/domain.te b/public/domain.te
index c7f851d..4bab794 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -112,6 +112,7 @@
 # Binder cache properties are world-readable
 get_prop(domain, binder_cache_bluetooth_server_prop)
 get_prop(domain, binder_cache_system_server_prop)
+get_prop(domain, binder_cache_telephony_server_prop)
 
 # Let everyone read log properties, so that liblog can avoid sending unloggable
 # messages to logd.

public/dumpstate.te

diff --git a/public/dumpstate.te b/public/dumpstate.te
index 9823f4a..1e895e4 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -85,6 +85,7 @@
   hal_graphics_allocator_server
   hal_graphics_composer_server
   hal_health_server
+  hal_neuralnetworks_server
   hal_omx_server
   hal_power_server
   hal_power_stats_server
@@ -135,9 +136,10 @@
 binder_call(dumpstate, binderservicedomain)
 binder_call(dumpstate, { appdomain netd wificond })
 
-hal_client_domain(dumpstate, hal_dumpstate)
-hal_client_domain(dumpstate, hal_wifi)
-hal_client_domain(dumpstate, hal_graphics_allocator)
+dump_hal(hal_dumpstate)
+dump_hal(hal_wifi)
+dump_hal(hal_graphics_allocator)
+dump_hal(hal_neuralnetworks)
 # Vibrate the device after we are done collecting the bugreport
 hal_client_domain(dumpstate, hal_vibrator)
 

public/file.te

diff --git a/public/file.te b/public/file.te
index 58386c1..462e71d 100644
--- a/public/file.te
+++ b/public/file.te
@@ -137,6 +137,7 @@
 type debugfs_tracing_instances, fs_type, debugfs_type;
 type debugfs_wakeup_sources, fs_type, debugfs_type;
 type debugfs_wifi_tracing, fs_type, debugfs_type;
+type securityfs, fs_type;
 
 type pstorefs, fs_type;
 type functionfs, fs_type, mlstrustedobject;

public/flags_health_check.te

diff --git a/public/flags_health_check.te b/public/flags_health_check.te
index cf33ce7..6315d44 100644
--- a/public/flags_health_check.te
+++ b/public/flags_health_check.te
@@ -13,6 +13,7 @@
 set_prop(flags_health_check, device_config_storage_native_boot_prop)
 set_prop(flags_health_check, device_config_sys_traced_prop)
 set_prop(flags_health_check, device_config_window_manager_native_boot_prop)
+set_prop(flags_health_check, device_config_configuration_prop)
 
 allow flags_health_check server_configurable_flags_data_file:dir rw_dir_perms;
 allow flags_health_check server_configurable_flags_data_file:file create_file_perms;

public/kernel.te

diff --git a/public/kernel.te b/public/kernel.te
index 42fe2c4..35018e9 100644
--- a/public/kernel.te
+++ b/public/kernel.te
@@ -65,10 +65,10 @@
 allow kernel { app_data_file privapp_data_file }:file read;
 allow kernel asec_image_file:file read;
 
-# Allow reading loop device in update_engine_unittests. (b/28319454)
+# Allow mounting loop device in update_engine_unittests. (b/28319454)
 # and for LTP kernel tests (b/73220071)
 userdebug_or_eng(`
-  allow kernel update_engine_data_file:file read;
+  allow kernel update_engine_data_file:file { read write };
   allow kernel nativetest_data_file:file { read write };
 ')
 

public/property.te

diff --git a/public/property.te b/public/property.te
index d7c1f4e..c3b9f8c 100644
--- a/public/property.te
+++ b/public/property.te
@@ -12,6 +12,7 @@
 system_internal_prop(device_config_storage_native_boot_prop)
 system_internal_prop(device_config_sys_traced_prop)
 system_internal_prop(device_config_window_manager_native_boot_prop)
+system_internal_prop(device_config_configuration_prop)
 system_internal_prop(firstboot_prop)
 system_internal_prop(gsid_prop)
 system_internal_prop(init_perf_lsm_hooks_prop)
@@ -67,6 +68,7 @@
 # Properties used by binder caches
 system_restricted_prop(binder_cache_bluetooth_server_prop)
 system_restricted_prop(binder_cache_system_server_prop)
+system_restricted_prop(binder_cache_telephony_server_prop)
 system_restricted_prop(boottime_public_prop)
 system_restricted_prop(bq_config_prop)
 system_restricted_prop(module_sdkextensions_prop)

public/property_contexts

diff --git a/public/property_contexts b/public/property_contexts
index 70e57d4..167b360 100644
--- a/public/property_contexts
+++ b/public/property_contexts
@@ -184,7 +184,7 @@
 zram.force_writeback u:object_r:exported3_default_prop:s0 exact bool
 
 # vendor-init-readable
-apexd.status u:object_r:apexd_prop:s0 exact enum starting ready
+apexd.status u:object_r:apexd_prop:s0 exact enum starting activated ready
 dev.bootcomplete u:object_r:exported3_system_prop:s0 exact bool
 persist.sys.device_provisioned u:object_r:exported3_system_prop:s0 exact string
 persist.sys.theme u:object_r:theme_prop:s0 exact string
@@ -442,10 +442,6 @@
 # Binder cache properties.  These are world-readable
 cache_key.app_inactive                   u:object_r:binder_cache_system_server_prop:s0
 cache_key.is_compat_change_enabled       u:object_r:binder_cache_system_server_prop:s0
-cache_key.bluetooth.get_bond_state       u:object_r:binder_cache_bluetooth_server_prop:s0
-cache_key.bluetooth.get_profile_connection_state     u:object_r:binder_cache_bluetooth_server_prop:s0
-cache_key.bluetooth.get_state            u:object_r:binder_cache_bluetooth_server_prop:s0
-cache_key.bluetooth.is_offloaded_filtering_supported u:object_r:binder_cache_bluetooth_server_prop:s0
 cache_key.get_packages_for_uid           u:object_r:binder_cache_system_server_prop:s0
 cache_key.has_system_feature             u:object_r:binder_cache_system_server_prop:s0
 cache_key.is_interactive                 u:object_r:binder_cache_system_server_prop:s0
@@ -455,3 +451,7 @@
 cache_key.display_info                   u:object_r:binder_cache_system_server_prop:s0
 cache_key.location_enabled               u:object_r:binder_cache_system_server_prop:s0
 cache_key.package_info                   u:object_r:binder_cache_system_server_prop:s0
+
+cache_key.bluetooth.                     u:object_r:binder_cache_bluetooth_server_prop:s0 prefix string
+cache_key.system_server.                 u:object_r:binder_cache_system_server_prop:s0 prefix string
+cache_key.telephony.                     u:object_r:binder_cache_telephony_server_prop:s0 prefix string