Merge "Allow mediacodec to allocate from the DMA-BUF system heap"
diff --git a/private/canhalconfigurator.te b/private/canhalconfigurator.te
index 171f68a..9ba60ac 100644
--- a/private/canhalconfigurator.te
+++ b/private/canhalconfigurator.te
@@ -4,8 +4,4 @@
# This allows the configurator to look up the CAN HAL controller via
# hwservice_manager and communicate with it.
-allow canhalconfigurator hal_can_controller_hwservice:hwservice_manager find;
-binder_call(canhalconfigurator, hal_can_controller);
-allow canhalconfigurator hidl_manager_hwservice:hwservice_manager find;
-hwbinder_use(canhalconfigurator);
-get_prop(canhalconfigurator, hwservicemanager_prop);
+hal_client_domain(canhalconfigurator, hal_can_controller)
diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index fa33d33..a77ac01 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -9,6 +9,7 @@
adbd_config_prop
apc_service
apex_info_file
+ arm64_memtag_prop
cgroup_desc_api_file
cgroup_v2
ctl_snapuserd_prop
@@ -23,10 +24,12 @@
game_service
gki_apex_prepostinstall
gki_apex_prepostinstall_exec
+ hal_authsecret_service
hal_audiocontrol_service
hal_face_service
hal_fingerprint_service
hal_memtrack_service
+ hal_oemlock_service
gnss_device
hal_dumpstate_config_prop
hal_gnss_service
@@ -47,6 +50,7 @@
power_debug_prop
power_stats_service
proc_kallsyms
+ proc_locks
profcollectd
profcollectd_data_file
profcollectd_exec
@@ -61,8 +65,10 @@
system_server_dumper_service
system_suspend_control_internal_service
task_profiles_api_file
+ transformer_service
update_engine_stable_service
userspace_reboot_metadata_file
vcn_management_service
vibrator_manager_service
+ watchdog_metadata_file
zygote_config_prop))
diff --git a/private/coredomain.te b/private/coredomain.te
index bac494f..516b49c 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te
@@ -24,6 +24,9 @@
get_prop(coredomain, vts_status_prop)
get_prop(coredomain, zygote_wrap_prop)
+# TODO(b/170590987): remove this after cleaning up default_prop
+get_prop(coredomain, default_prop)
+
full_treble_only(`
neverallow {
coredomain
@@ -49,7 +52,7 @@
-idmap
-init
-installd
- userdebug_or_eng(`-heapprofd')
+ -heapprofd
-postinstall_dexopt
-rs # spawned by appdomain, so carryover the exception above
-system_server
@@ -66,7 +69,7 @@
-idmap
-init
-installd
- userdebug_or_eng(`-heapprofd')
+ -heapprofd
userdebug_or_eng(`-profcollectd')
-postinstall_dexopt
-rs # spawned by appdomain, so carryover the exception above
@@ -93,7 +96,7 @@
-app_zygote
-webview_zygote
-zygote
- userdebug_or_eng(`-heapprofd')
+ -heapprofd
} vendor_overlay_file:dir { getattr open read search };
')
@@ -113,7 +116,7 @@
-app_zygote
-webview_zygote
-zygote
- userdebug_or_eng(`-heapprofd')
+ -heapprofd
userdebug_or_eng(`-profcollectd')
} vendor_overlay_file:file open;
')
diff --git a/private/domain.te b/private/domain.te
index d4f9e0e..e6b26f4 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -11,7 +11,7 @@
# necessary SELinux permissions.
get_prop(domain, heapprofd_prop);
# Allow heap profiling on debug builds.
-userdebug_or_eng(`can_profile_heap_central({
+userdebug_or_eng(`can_profile_heap({
domain
-bpfloader
-init
@@ -307,7 +307,7 @@
iorap_prefetcherd
traced_perf
traced_probes
- userdebug_or_eng(`heapprofd')
+ heapprofd
} self:global_capability_class_set dac_read_search;
# Limit what domains can mount filesystems or change their mount flags.
@@ -414,7 +414,7 @@
-iorap_inode2filename
-iorap_prefetcherd
-kernel # loads /vendor/firmware
- userdebug_or_eng(`-heapprofd')
+ -heapprofd
userdebug_or_eng(`-profcollectd')
-shell
-system_executes_vendor_violators
diff --git a/private/file_contexts b/private/file_contexts
index 070579c..5330bdb 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -547,6 +547,10 @@
/data/preloads/demo(/.*)? u:object_r:preloads_media_file:s0
/data/server_configurable_flags(/.*)? u:object_r:server_configurable_flags_data_file:s0
/data/app-staging(/.*)? u:object_r:staging_data_file:s0
+# Ensure we have the same labels as /data/app or /data/apex/active
+# to avoid restorecon conflicts
+/data/rollback/\d+/[^/]+/.*\.apk u:object_r:apk_data_file:s0
+/data/rollback/\d+/[^/]+/.*\.apex u:object_r:staging_data_file:s0
# Misc data
/data/misc/adb(/.*)? u:object_r:adb_keys_file:s0
@@ -750,6 +754,7 @@
/metadata/bootstat(/.*)? u:object_r:metadata_bootstat_file:s0
/metadata/staged-install(/.*)? u:object_r:staged_install_file:s0
/metadata/userspacereboot(/.*)? u:object_r:userspace_reboot_metadata_file:s0
+/metadata/watchdog(/.*)? u:object_r:watchdog_metadata_file:s0
#############################
# asec containers
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 4c6edd6..900b25b 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -14,6 +14,7 @@
genfscon proc /keys u:object_r:proc_keys:s0
genfscon proc /kmsg u:object_r:proc_kmsg:s0
genfscon proc /loadavg u:object_r:proc_loadavg:s0
+genfscon proc /locks u:object_r:proc_locks:s0
genfscon proc /lowmemorykiller u:object_r:proc_lowmemorykiller:s0
genfscon proc /meminfo u:object_r:proc_meminfo:s0
genfscon proc /misc u:object_r:proc_misc:s0
diff --git a/private/heapprofd.te b/private/heapprofd.te
index 5f1476e..50039c2 100644
--- a/private/heapprofd.te
+++ b/private/heapprofd.te
@@ -39,19 +39,14 @@
# When handling profiling for all processes, heapprofd needs to read
# executables/libraries/etc to do stack unwinding.
-userdebug_or_eng(`
- r_dir_file(heapprofd, nativetest_data_file)
- r_dir_file(heapprofd, system_file_type)
- r_dir_file(heapprofd, apk_data_file)
- r_dir_file(heapprofd, dalvikcache_data_file)
- r_dir_file(heapprofd, vendor_file_type)
- r_dir_file(heapprofd, shell_data_file)
- # Some dex files are not world-readable.
- # We are still constrained by the SELinux rules above.
- allow heapprofd self:global_capability_class_set dac_read_search;
-
- allow heapprofd proc_kpageflags:file r_file_perms;
-')
+r_dir_file(heapprofd, nativetest_data_file)
+r_dir_file(heapprofd, system_file_type)
+r_dir_file(heapprofd, apk_data_file)
+r_dir_file(heapprofd, dalvikcache_data_file)
+r_dir_file(heapprofd, vendor_file_type)
+# Some dex files are not world-readable.
+# We are still constrained by the SELinux rules above.
+allow heapprofd self:global_capability_class_set dac_read_search;
# For checking profileability.
allow heapprofd packages_list_file:file r_file_perms;
diff --git a/private/kernel.te b/private/kernel.te
index 207800e..70ca912 100644
--- a/private/kernel.te
+++ b/private/kernel.te
@@ -1,8 +1,32 @@
typeattribute kernel coredomain;
domain_auto_trans(kernel, init_exec, init)
+domain_auto_trans(kernel, snapuserd_exec, snapuserd)
# Allow the kernel to read otapreopt_chroot's file descriptors and files under
# /postinstall, as it uses apexd logic to mount APEX packages in /postinstall/apex.
allow kernel otapreopt_chroot:fd use;
allow kernel postinstall_file:file read;
+
+# The following sections are for the transition period during a Virtual A/B
+# OTA. Once sepolicy is loaded, snapuserd must be re-launched in the correct
+# context, and with properly labelled devices. This must be done before
+# enabling enforcement, eg, in permissive mode while still in the kernel
+# context.
+allow kernel tmpfs:blk_file { getattr relabelfrom };
+allow kernel tmpfs:chr_file { getattr relabelfrom };
+allow kernel tmpfs:lnk_file { getattr relabelfrom };
+allow kernel tmpfs:dir { open read relabelfrom };
+
+allow kernel block_device:blk_file relabelto;
+allow kernel block_device:lnk_file relabelto;
+allow kernel dm_device:chr_file relabelto;
+allow kernel dm_device:blk_file relabelto;
+allow kernel dm_user_device:dir { read open search relabelto };
+allow kernel dm_user_device:chr_file relabelto;
+allow kernel kmsg_device:chr_file relabelto;
+allow kernel null_device:chr_file relabelto;
+allow kernel random_device:chr_file relabelto;
+allow kernel snapuserd_exec:file relabelto;
+
+allow kernel kmsg_device:chr_file write;
diff --git a/private/property.te b/private/property.te
index 1163a3c..0885b91 100644
--- a/private/property.te
+++ b/private/property.te
@@ -87,7 +87,6 @@
-dalvik_prop
-debuggerd_prop
-debug_prop
- -default_prop
-dhcp_prop
-dumpstate_prop
-fingerprint_prop
@@ -376,6 +375,15 @@
libc_debug_prop
}:property_service set;
+# Allow the shell to set MTE props, so that non-root users with adb shell
+# access can control the settings on their device.
+neverallow {
+ -init
+ -shell
+} {
+ arm64_memtag_prop
+}:property_service set;
+
neverallow {
-init
-system_server
@@ -538,6 +546,10 @@
-appdomain
} sqlite_log_prop:file no_rw_file_perms;
+neverallow {
+ -init
+} default_prop:property_service set;
+
# Only one of system_property_type and vendor_property_type can be assigned.
# Property types having both attributes won't be accessible from anywhere.
neverallow domain system_and_vendor_property_type:{file property_service} *;
diff --git a/private/property_contexts b/private/property_contexts
index 6787087..c1aa5e0 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -127,9 +127,6 @@
vold. u:object_r:vold_prop:s0
ro.crypto. u:object_r:vold_prop:s0
-# TODO(b/141677108): Remove once true everywhere
-ro.vold.level_from_user u:object_r:vold_config_prop:s0
-
# ro.build.fingerprint is either set in /system/build.prop, or is
# set at runtime by system_server.
ro.build.fingerprint u:object_r:fingerprint_prop:s0 exact string
@@ -579,6 +576,9 @@
libc.debug.malloc.program u:object_r:libc_debug_prop:s0 exact string
libc.debug.hooks.enable u:object_r:libc_debug_prop:s0 exact string
+# shell-only props for ARM memory tagging (MTE).
+arm64.memtag. u:object_r:arm64_memtag_prop:s0 prefix string
+
net.redirect_socket_calls.hooked u:object_r:socket_hook_prop:s0 exact bool
persist.sys.locale u:object_r:exported_system_prop:s0 exact string
@@ -983,6 +983,7 @@
ro.surface_flinger.color_space_agnostic_dataspace u:object_r:surfaceflinger_prop:s0 exact int
ro.surface_flinger.refresh_rate_switching u:object_r:surfaceflinger_prop:s0 exact bool
ro.surface_flinger.update_device_product_info_on_hotplug_reconnect u:object_r:surfaceflinger_prop:s0 exact bool
+ro.surface_flinger.enable_frame_rate_override u:object_r:surfaceflinger_prop:s0 exact bool
ro.sf.disable_triple_buffer u:object_r:surfaceflinger_prop:s0 exact bool
ro.sf.lcd_density u:object_r:surfaceflinger_prop:s0 exact int
diff --git a/private/service_contexts b/private/service_contexts
index 2c30471..dd27bcf 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -1,3 +1,4 @@
+android.hardware.authsecret.IAuthSecret/default u:object_r:hal_authsecret_service:s0
android.hardware.automotive.audiocontrol.IAudioControl/default u:object_r:hal_audiocontrol_service:s0
android.hardware.biometrics.face.IFace/default u:object_r:hal_face_service:s0
android.hardware.biometrics.fingerprint.IFingerprint/default u:object_r:hal_fingerprint_service:s0
@@ -5,6 +6,7 @@
android.hardware.identity.IIdentityCredentialStore/default u:object_r:hal_identity_service:s0
android.hardware.light.ILights/default u:object_r:hal_light_service:s0
android.hardware.memtrack.IMemtrack/default u:object_r:hal_memtrack_service:s0
+android.hardware.oemlock.IOemLock/default u:object_r:hal_oemlock_service:s0
android.hardware.power.IPower/default u:object_r:hal_power_service:s0
android.hardware.power.stats.IPowerStats/default u:object_r:hal_power_stats_service:s0
android.hardware.rebootescrow.IRebootEscrow/default u:object_r:hal_rebootescrow_service:s0
@@ -246,6 +248,7 @@
time_zone_detector u:object_r:timezonedetector_service:s0
timezone u:object_r:timezone_service:s0
thermalservice u:object_r:thermal_service:s0
+transformer u:object_r:transformer_service:s0
trust u:object_r:trust_service:s0
tv_input u:object_r:tv_input_service:s0
tv_tuner_resource_mgr u:object_r:tv_tuner_resource_mgr_service:s0
diff --git a/private/shared_relro.te b/private/shared_relro.te
index 02f7206..31fdb8c 100644
--- a/private/shared_relro.te
+++ b/private/shared_relro.te
@@ -3,3 +3,13 @@
# The shared relro process is a Java program forked from the zygote, so it
# inherits from app to get basic permissions it needs to run.
app_domain(shared_relro)
+
+allow shared_relro shared_relro_file:dir rw_dir_perms;
+allow shared_relro shared_relro_file:file create_file_perms;
+
+allow shared_relro activity_service:service_manager find;
+allow shared_relro webviewupdate_service:service_manager find;
+allow shared_relro package_service:service_manager find;
+
+# StrictMode may attempt to find this service, failure is harmless.
+dontaudit shared_relro network_management_service:service_manager find;
diff --git a/private/shell.te b/private/shell.te
index 0e94cd1..73aac1d 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -168,3 +168,6 @@
# Allow shell to write db.log.detailed, db.log.slow_query_threshold*
set_prop(shell, sqlite_log_prop)
+
+# Allow shell to write MTE properties even on user builds.
+set_prop(shell, arm64_memtag_prop)
diff --git a/private/snapuserd.te b/private/snapuserd.te
index 99ee90f..d96b31e 100644
--- a/private/snapuserd.te
+++ b/private/snapuserd.te
@@ -16,3 +16,11 @@
# Reading and writing to dm-user control nodes.
allow snapuserd dm_user_device:dir r_dir_perms;
allow snapuserd dm_user_device:chr_file rw_file_perms;
+
+# Reading and writing to /dev/socket/snapuserd.
+allow snapuserd snapuserd_socket:unix_stream_socket { accept listen getattr read write };
+
+# This arises due to first-stage init opening /dev/null without F_CLOEXEC
+# (see SetStdioToDevNull in init). When we fork() and execveat() snapuserd
+# again, the descriptor leaks into the new process.
+allow snapuserd kernel:fd use;
diff --git a/private/system_server.te b/private/system_server.te
index 9597fde..69e04d9 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -520,6 +520,9 @@
allow system_server staging_data_file:dir create_dir_perms;
allow system_server staging_data_file:file create_file_perms;
+# Manage /data/rollback.
+allow system_server staging_data_file:{ file lnk_file } { create_file_perms link };
+
# Walk /data/data subdirectories.
allow system_server app_data_file_type:dir { getattr read search };
@@ -927,6 +930,8 @@
# Access to /dev/dma_heap/system
allow system_server dmabuf_system_heap_device:chr_file r_file_perms;
+# Access to /dev/dma_heap/system-secure
+allow system_server dmabuf_system_secure_heap_device:chr_file r_file_perms;
r_dir_file(system_server, proc_asound)
r_dir_file(system_server, proc_net_type)
@@ -934,6 +939,7 @@
allow system_server {
proc_cmdline
proc_loadavg
+ proc_locks
proc_meminfo
proc_pagetypeinfo
proc_pipe_conf
@@ -1171,6 +1177,9 @@
allow system_server staged_install_file:dir rw_dir_perms;
allow system_server staged_install_file:file create_file_perms;
+allow system_server watchdog_metadata_file:dir rw_dir_perms;
+allow system_server watchdog_metadata_file:file create_file_perms;
+
# Allow init to set sysprop used to compute stats about userspace reboot.
set_prop(system_server, userspace_reboot_log_prop)
diff --git a/private/traced.te b/private/traced.te
index 2410d7e..ccb28ef 100644
--- a/private/traced.te
+++ b/private/traced.te
@@ -62,6 +62,9 @@
# Allow to lazily start producers.
set_prop(traced, traced_lazy_prop)
+# Allow traced to talk to statsd for logging metrics.
+unix_socket_send(traced, statsdw, statsd)
+
###
### Neverallow rules
###
diff --git a/public/app.te b/public/app.te
index 6f267c9..f9c0d95 100644
--- a/public/app.te
+++ b/public/app.te
@@ -310,6 +310,7 @@
allow { appdomain -isolated_app } ion_device:chr_file r_file_perms;
allow { appdomain -isolated_app } dmabuf_system_heap_device:chr_file r_file_perms;
+allow { appdomain -isolated_app } dmabuf_system_secure_heap_device:chr_file r_file_perms;
# Allow AAudio apps to use shared memory file descriptors from the HAL
allow { appdomain -isolated_app } hal_audio:fd use;
diff --git a/public/domain.te b/public/domain.te
index cc16e97..a530267 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -100,6 +100,7 @@
# Public readable properties
get_prop(domain, aaudio_config_prop)
+get_prop(domain, arm64_memtag_prop)
get_prop(domain, bootloader_prop)
get_prop(domain, build_odm_prop)
get_prop(domain, build_prop)
@@ -550,12 +551,10 @@
# Require that domains explicitly label unknown properties, and do not allow
# anyone but init to modify unknown properties.
-neverallow { domain -init -vendor_init } default_prop:property_service set;
neverallow { domain -init -vendor_init } mmc_prop:property_service set;
neverallow { domain -init -vendor_init } vndk_prop:property_service set;
compatible_property_only(`
- neverallow { domain -init } default_prop:property_service set;
neverallow { domain -init } mmc_prop:property_service set;
neverallow { domain -init -vendor_init } exported_default_prop:property_service set;
neverallow { domain -init } exported_secure_prop:property_service set;
@@ -1204,7 +1203,6 @@
domain
-shell
userdebug_or_eng(`-uncrypt')
- userdebug_or_eng(`-heapprofd')
-installd
} shell_data_file:lnk_file read;
@@ -1233,7 +1231,6 @@
-simpleperf_app_runner
-system_server # why?
userdebug_or_eng(`-uncrypt')
- userdebug_or_eng(`-heapprofd')
} shell_data_file:dir { open search };
# Same as above for /data/local/tmp files. We allow shell files
@@ -1245,7 +1242,6 @@
-dumpstate
-installd
userdebug_or_eng(`-uncrypt')
- userdebug_or_eng(`-heapprofd')
} shell_data_file:file open;
# servicemanager and vndservicemanager are the only processes which handle the
diff --git a/public/file.te b/public/file.te
index 404e1d4..ccd65e2 100644
--- a/public/file.te
+++ b/public/file.te
@@ -37,6 +37,7 @@
type proc_keys, fs_type, proc_type;
type proc_kmsg, fs_type, proc_type;
type proc_loadavg, fs_type, proc_type;
+type proc_locks, fs_type, proc_type;
type proc_lowmemorykiller, fs_type, proc_type;
type proc_max_map_count, fs_type, proc_type;
type proc_meminfo, fs_type, proc_type;
@@ -245,6 +246,8 @@
type userspace_reboot_metadata_file, file_type;
# Staged install files within /metadata/staged-install
type staged_install_file, file_type;
+# Metadata information within /metadata/watchdog
+type watchdog_metadata_file, file_type;
# Type for /dev/cpu_variant:.*.
type dev_cpu_variant, file_type;
diff --git a/public/hal_authsecret.te b/public/hal_authsecret.te
index daf8d48..bbcdb9a 100644
--- a/public/hal_authsecret.te
+++ b/public/hal_authsecret.te
@@ -2,3 +2,6 @@
binder_call(hal_authsecret_client, hal_authsecret_server)
hal_attribute_hwservice(hal_authsecret, hal_authsecret_hwservice)
+hal_attribute_service(hal_authsecret, hal_authsecret_service)
+
+binder_call(hal_authsecret_server, servicemanager)
diff --git a/public/hal_can.te b/public/hal_can.te
index c75495b..959d1d9 100644
--- a/public/hal_can.te
+++ b/public/hal_can.te
@@ -1,9 +1,9 @@
# CAN controller
binder_call(hal_can_controller_client, hal_can_controller_server)
-add_hwservice(hal_can_controller_server, hal_can_controller_hwservice)
-allow hal_can_controller_client hal_can_controller_hwservice:hwservice_manager find;
+binder_call(hal_can_controller_server, hal_can_controller_client)
+hal_attribute_hwservice(hal_can_controller, hal_can_controller_hwservice)
# CAN bus
binder_call(hal_can_bus_client, hal_can_bus_server)
-add_hwservice(hal_can_bus_server, hal_can_bus_hwservice)
-allow hal_can_bus_client hal_can_bus_hwservice:hwservice_manager find;
+binder_call(hal_can_bus_server, hal_can_bus_client)
+hal_attribute_hwservice(hal_can_bus, hal_can_bus_hwservice)
diff --git a/public/hal_oemlock.te b/public/hal_oemlock.te
index 26b2b42..9f38fa5 100644
--- a/public/hal_oemlock.te
+++ b/public/hal_oemlock.te
@@ -2,3 +2,6 @@
binder_call(hal_oemlock_client, hal_oemlock_server)
hal_attribute_hwservice(hal_oemlock, hal_oemlock_hwservice)
+hal_attribute_service(hal_oemlock, hal_oemlock_service)
+
+binder_call(hal_oemlock_server, servicemanager)
diff --git a/public/init.te b/public/init.te
index 0bbeb29..59e6b4e 100644
--- a/public/init.te
+++ b/public/init.te
@@ -16,6 +16,12 @@
userdebug_or_eng(`
allow init kmsg_debug_device:chr_file { open write relabelto };
')
+
+# allow init to mount and unmount debugfs in debug builds
+userdebug_or_eng(`
+ allow init debugfs:dir mounton;
+')
+
# /dev/__properties__
allow init properties_device:dir relabelto;
allow init properties_serial:file { write relabelto };
@@ -37,6 +43,7 @@
allow init tmpfs:blk_file getattr;
allow init block_device:{ dir blk_file lnk_file } relabelto;
allow init dm_device:{ chr_file blk_file } relabelto;
+allow init dm_user_device:chr_file relabelto;
allow init kernel:fd use;
# restorecon for early mount device symlinks
allow init tmpfs:lnk_file { getattr read relabelfrom };
@@ -543,6 +550,9 @@
allow init dm_device:chr_file rw_file_perms;
allow init dm_device:blk_file rw_file_perms;
+# Access dm-user for OTA boot
+allow init dm_user_device:chr_file rw_file_perms;
+
# Access metadata block device for storing dm-verity state
allow init metadata_block_device:blk_file rw_file_perms;
diff --git a/public/mediaserver.te b/public/mediaserver.te
index 1978aa3..d32b9d9 100644
--- a/public/mediaserver.te
+++ b/public/mediaserver.te
@@ -120,6 +120,7 @@
allow mediaserver ion_device:chr_file r_file_perms;
allow mediaserver dmabuf_system_heap_device:chr_file r_file_perms;
+allow mediaserver dmabuf_system_secure_heap_device:chr_file r_file_perms;
allow mediaserver hal_graphics_allocator:fd use;
allow mediaserver hal_graphics_composer:fd use;
allow mediaserver hal_camera:fd use;
diff --git a/public/mediaswcodec.te b/public/mediaswcodec.te
index 8e35225..5726842 100644
--- a/public/mediaswcodec.te
+++ b/public/mediaswcodec.te
@@ -24,3 +24,4 @@
neverallow mediaswcodec domain:{ tcp_socket udp_socket rawip_socket } *;
allow mediaswcodec dmabuf_system_heap_device:chr_file r_file_perms;
+allow mediaswcodec dmabuf_system_secure_heap_device:chr_file r_file_perms;
diff --git a/public/property.te b/public/property.te
index 4afc2a0..151983f 100644
--- a/public/property.te
+++ b/public/property.te
@@ -55,6 +55,7 @@
# Properties which can't be written outside system
system_restricted_prop(aac_drc_prop)
+system_restricted_prop(arm64_memtag_prop)
system_restricted_prop(binder_cache_bluetooth_server_prop)
system_restricted_prop(binder_cache_system_server_prop)
system_restricted_prop(binder_cache_telephony_server_prop)
@@ -93,7 +94,6 @@
system_restricted_prop(cppreopt_prop)
system_restricted_prop(dalvik_prop)
system_restricted_prop(debuggerd_prop)
- system_restricted_prop(default_prop)
system_restricted_prop(device_logging_prop)
system_restricted_prop(dhcp_prop)
system_restricted_prop(dumpstate_prop)
@@ -202,6 +202,9 @@
system_public_prop(wifi_prop)
system_public_prop(zram_control_prop)
+# Properties which don't have entries on property_contexts
+system_internal_prop(default_prop)
+
# Properties used in default HAL implementations
vendor_internal_prop(rebootescrow_hal_prop)
@@ -250,7 +253,6 @@
system_public_prop(cppreopt_prop)
system_public_prop(dalvik_prop)
system_public_prop(debuggerd_prop)
- system_public_prop(default_prop)
system_public_prop(device_logging_prop)
system_public_prop(dhcp_prop)
system_public_prop(dumpstate_prop)
@@ -295,7 +297,6 @@
typeattribute dalvik_prop core_property_type;
typeattribute debuggerd_prop core_property_type;
typeattribute debug_prop core_property_type;
-typeattribute default_prop core_property_type;
typeattribute dhcp_prop core_property_type;
typeattribute dumpstate_prop core_property_type;
typeattribute logd_prop core_property_type;
diff --git a/public/service.te b/public/service.te
index 3463128..072de79 100644
--- a/public/service.te
+++ b/public/service.te
@@ -193,6 +193,7 @@
type timedetector_service, system_server_service, service_manager_type;
type timezone_service, system_server_service, service_manager_type;
type timezonedetector_service, app_api_service, system_server_service, service_manager_type;
+type transformer_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type trust_service, app_api_service, system_server_service, service_manager_type;
type tv_input_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type tv_tuner_resource_mgr_service, app_api_service, system_server_service, service_manager_type;
@@ -224,6 +225,7 @@
### HAL Services
###
+type hal_authsecret_service, vendor_service, protected_service, service_manager_type;
type hal_audiocontrol_service, vendor_service, service_manager_type;
type hal_face_service, vendor_service, protected_service, service_manager_type;
type hal_fingerprint_service, vendor_service, protected_service, service_manager_type;
@@ -232,6 +234,7 @@
type hal_keymint_service, vendor_service, protected_service, service_manager_type;
type hal_light_service, vendor_service, protected_service, service_manager_type;
type hal_memtrack_service, vendor_service, protected_service, service_manager_type;
+type hal_oemlock_service, vendor_service, protected_service, service_manager_type;
type hal_power_service, vendor_service, protected_service, service_manager_type;
type hal_power_stats_service, vendor_service, protected_service, service_manager_type;
type hal_rebootescrow_service, vendor_service, protected_service, service_manager_type;
diff --git a/public/shared_relro.te b/public/shared_relro.te
index 7413b20..6dd5bd7 100644
--- a/public/shared_relro.te
+++ b/public/shared_relro.te
@@ -1,14 +1,2 @@
# Process which creates/updates shared RELRO files to be used by other apps.
type shared_relro, domain;
-
-# Grant write access to the shared relro files/directory.
-allow shared_relro shared_relro_file:dir rw_dir_perms;
-allow shared_relro shared_relro_file:file create_file_perms;
-
-# Needs to contact the "webviewupdate" and "activity" services
-allow shared_relro activity_service:service_manager find;
-allow shared_relro webviewupdate_service:service_manager find;
-allow shared_relro package_service:service_manager find;
-
-# StrictMode may attempt to find this service, failure is harmless.
-dontaudit shared_relro network_management_service:service_manager find;
diff --git a/public/te_macros b/public/te_macros
index 467ac44..1966f20 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -693,40 +693,9 @@
###################################
# can_profile_heap(domain)
-# Allow processes within the domain to have their heap profiled by heapprofd.
-#
-# Note that profiling is performed differently between debug and user builds.
-# There are two modes for profiling:
-# * forked
-# * central.
-# On user builds, the default is to allow only forked mode. If it is desired
-# to allow central mode as well for a domain, use can_profile_heap_central.
-# On userdebug, this macro allows both forked and central.
-define(`can_profile_heap', `
- # Allow central daemon to send signal for client initialization.
- allow heapprofd $1:process signal;
-
- # Allow executing a private heapprofd process to handle profiling on
- # user builds (also debug builds for testing & development purposes).
- allow $1 heapprofd_exec:file rx_file_perms;
-
- # Allow directory & file read to the central heapprofd daemon, as it scans
- # /proc/[pid]/cmdline for by-process-name profiling configs.
- # Note that this excludes /proc/[pid]/mem, as it requires ptrace capabilities.
- allow heapprofd $1:file r_file_perms;
- allow heapprofd $1:dir r_dir_perms;
-
- # Profilability on user implies profilability on userdebug and eng.
- userdebug_or_eng(`
- can_profile_heap_central($1)
- ')
-')
-
-###################################
-# can_profile_heap_central(domain)
# Allow processes within the domain to have their heap profiled by central
# heapprofd.
-define(`can_profile_heap_central', `
+define(`can_profile_heap', `
# Allow central daemon to send signal for client initialization.
allow heapprofd $1:process signal;
# Allow connecting to the daemon.
diff --git a/vendor/hal_oemlock_default.te b/vendor/hal_oemlock_default.te
new file mode 100644
index 0000000..8597f2c
--- /dev/null
+++ b/vendor/hal_oemlock_default.te
@@ -0,0 +1,5 @@
+type hal_oemlock_default, domain;
+hal_server_domain(hal_oemlock_default, hal_oemlock)
+
+type hal_oemlock_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_oemlock_default)
diff --git a/vendor/hal_vehicle_default.te b/vendor/hal_vehicle_default.te
index dcb03a8..56a47b7 100644
--- a/vendor/hal_vehicle_default.te
+++ b/vendor/hal_vehicle_default.te
@@ -7,6 +7,4 @@
init_daemon_domain(hal_vehicle_default)
# communication with CAN bus HAL
-allow hal_vehicle_default hal_can_bus_hwservice:hwservice_manager find;
-allow hal_vehicle_default hal_can_socketcan:binder { call transfer };
-allow hal_can_socketcan hal_vehicle_default:binder { call transfer };
+hal_client_domain(hal_vehicle_default, hal_can_bus)