Merge "Suppress spurious denial" into pi-dev
diff --git a/private/bug_map b/private/bug_map
index 8d646c5..2727cd2 100644
--- a/private/bug_map
+++ b/private/bug_map
@@ -4,3 +4,4 @@
untrusted_app_25 system_data_file dir 72550646
untrusted_app_27 system_data_file dir 72550646
usbd usbd capability 72472544
+system_server sysfs file 77816522
diff --git a/private/hwservice_contexts b/private/hwservice_contexts
index e3dede9..998bf2f 100644
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts
@@ -43,6 +43,8 @@
android.hardware.secure_element::ISecureElement u:object_r:hal_secure_element_hwservice:s0
android.hardware.sensors::ISensors u:object_r:hal_sensors_hwservice:s0
android.hardware.soundtrigger::ISoundTriggerHw u:object_r:hal_audio_hwservice:s0
+android.hardware.tetheroffload.config::IOffloadConfig u:object_r:hal_tetheroffload_hwservice:s0
+android.hardware.tetheroffload.control::IOffloadControl u:object_r:hal_tetheroffload_hwservice:s0
android.hardware.thermal::IThermal u:object_r:hal_thermal_hwservice:s0
android.hardware.thermal::IThermalCallback u:object_r:thermalcallback_hwservice:s0
android.hardware.tv.cec::IHdmiCec u:object_r:hal_tv_cec_hwservice:s0
diff --git a/private/priv_app.te b/private/priv_app.te
index 709bc7b..0841c41 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -58,6 +58,9 @@
allow priv_app shell_data_file:file r_file_perms;
allow priv_app shell_data_file:dir r_dir_perms;
+# Allow traceur to pass file descriptors through a content provider to betterbug
+allow priv_app trace_data_file:file { getattr read };
+
# Allow verifier to access staged apks.
allow priv_app { apk_tmp_file apk_private_tmp_file }:dir r_dir_perms;
allow priv_app { apk_tmp_file apk_private_tmp_file }:file r_file_perms;
@@ -194,3 +197,8 @@
# bugs, so we want to ensure priv_app never has this
# capability.
neverallow priv_app file_type:file link;
+
+# priv apps should not be able to open trace data files, they should depend
+# upon traceur to pass a file descriptor which they can then read
+neverallow priv_app trace_data_file:dir *;
+neverallow priv_app trace_data_file:file { no_w_file_perms open };
diff --git a/public/crash_dump.te b/public/crash_dump.te
index 6b6b986..f778d28 100644
--- a/public/crash_dump.te
+++ b/public/crash_dump.te
@@ -59,10 +59,8 @@
# Crash dump is not intended to access the following data types. Since these
# are WAI, suppress the denials to clean up the logs.
dontaudit crash_dump {
- app_data_file
- bluetooth_data_file
- resourcecache_data_file
- vendor_overlay_file
+ core_data_file_type
+ vendor_file_type
}:dir search;
dontaudit crash_dump system_data_file:file read;
diff --git a/public/hal_bootctl.te b/public/hal_bootctl.te
index 8b240b1..181de4a 100644
--- a/public/hal_bootctl.te
+++ b/public/hal_bootctl.te
@@ -4,3 +4,5 @@
add_hwservice(hal_bootctl_server, hal_bootctl_hwservice)
allow hal_bootctl_client hal_bootctl_hwservice:hwservice_manager find;
+
+dontaudit hal_bootctl self:capability sys_rawio;
diff --git a/public/property_contexts b/public/property_contexts
index 5f7ebfa..ee863f0 100644
--- a/public/property_contexts
+++ b/public/property_contexts
@@ -115,7 +115,9 @@
vold.post_fs_data_done u:object_r:exported2_vold_prop:s0 exact int
# vendor-init-readable|vendor-init-actionable
+dev.bootcomplete u:object_r:exported3_system_prop:s0 exact bool
persist.sys.usb.usbradio.config u:object_r:exported3_system_prop:s0 exact string
+sys.boot_completed u:object_r:exported3_system_prop:s0 exact bool
sys.retaildemo.enabled u:object_r:exported3_system_prop:s0 exact int
# vendor-init-settable|vendor-init-actionable
diff --git a/public/update_engine.te b/public/update_engine.te
index 6e97aa9..ca73c7e 100644
--- a/public/update_engine.te
+++ b/public/update_engine.te
@@ -24,6 +24,7 @@
# Ignore these denials.
dontaudit update_engine kernel:process setsched;
+dontaudit update_engine self:capability sys_rawio;
# Allow using persistent storage in /data/misc/update_engine.
allow update_engine update_engine_data_file:dir create_dir_perms;