Merge "Fastbootd must be able to erase logical partitions"
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index e46c4ef..38a5651 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -344,3 +344,6 @@
# -untrusted_app_25
# -untrusted_app_27
#} ashmem_device:chr_file open;
+# In preparation to remove open permission, we audit open operations on
+# /dev/ashmem.
+auditallow all_untrusted_apps ashmem_device:chr_file open;
diff --git a/private/compat/28.0/28.0.cil b/private/compat/28.0/28.0.cil
index f5b5d09..cc3502b 100644
--- a/private/compat/28.0/28.0.cil
+++ b/private/compat/28.0/28.0.cil
@@ -1538,6 +1538,7 @@
(typeattributeset swap_block_device_28_0 (swap_block_device))
(typeattributeset sysfs_28_0
( sysfs
+ sysfs_extcon
sysfs_loop))
(typeattributeset sysfs_android_usb_28_0 (sysfs_android_usb))
(typeattributeset sysfs_batteryinfo_28_0 (sysfs_batteryinfo))
diff --git a/private/cppreopts.te b/private/cppreopts.te
index 34f0d66..1a8fa0b 100644
--- a/private/cppreopts.te
+++ b/private/cppreopts.te
@@ -1,6 +1,27 @@
-typeattribute cppreopts coredomain;
+# cppreopts
+#
+# This command copies preopted files from the system_b partition to the data
+# partition. This domain ensures that we are only copying into specific
+# directories.
+
+type cppreopts, domain, mlstrustedsubject, coredomain;
+type cppreopts_exec, system_file_type, exec_type, file_type;
# Technically not a daemon but we do want the transition from init domain to
# cppreopts to occur.
init_daemon_domain(cppreopts)
domain_auto_trans(cppreopts, preopt2cachename_exec, preopt2cachename);
+
+# Allow cppreopts copy files into the dalvik-cache
+allow cppreopts dalvikcache_data_file:dir { add_name remove_name search write };
+allow cppreopts dalvikcache_data_file:file { create getattr open read rename write unlink };
+
+# Allow cppreopts to execute itself using #!/system/bin/sh
+allow cppreopts shell_exec:file rx_file_perms;
+
+# Allow us to run find on /postinstall
+allow cppreopts system_file:dir { open read };
+
+# Allow running the cp command using cppreopts permissions. Needed so we can
+# write into dalvik-cache
+allow cppreopts toolbox_exec:file rx_file_perms;
diff --git a/private/domain.te b/private/domain.te
index 9db19f1..5ca2441 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -154,9 +154,9 @@
# that these files cannot be accessed by other domains to ensure that the files
# do not change between system_server staging the files and apexd processing
# the files.
-neverallow { domain -init -system_server -apexd } staging_data_file:dir *;
-neverallow { domain -init -system_server -apexd -kernel } staging_data_file:file *;
-neverallow { domain -init -system_server } staging_data_file:dir no_w_dir_perms;
+neverallow { domain -init -system_server -apexd -installd} staging_data_file:dir *;
+neverallow { domain -init -system_server -apexd -kernel -installd } staging_data_file:file *;
+neverallow { domain -init -system_server -installd} staging_data_file:dir no_w_dir_perms;
# apexd needs the link and unlink permissions, so list every `no_w_file_perms`
# except for `link` and `unlink`.
neverallow { domain -init -system_server } staging_data_file:file
@@ -204,3 +204,26 @@
-init
-vendor_init
} cgroup_rc_file:file no_w_file_perms;
+
+# Only authorized processes should be writing to files in /data/dalvik-cache
+neverallow {
+ domain
+ -init # TODO: limit init to relabelfrom for files
+ -zygote
+ -installd
+ -postinstall_dexopt
+ -cppreopts
+ -dex2oat
+ -otapreopt_slot
+} dalvikcache_data_file:file no_w_file_perms;
+
+neverallow {
+ domain
+ -init
+ -installd
+ -postinstall_dexopt
+ -cppreopts
+ -dex2oat
+ -zygote
+ -otapreopt_slot
+} dalvikcache_data_file:dir no_w_dir_perms;
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 9d58f0a..11edf66 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -100,6 +100,7 @@
genfscon sysfs / u:object_r:sysfs:s0
genfscon sysfs /devices/system/cpu u:object_r:sysfs_devices_system_cpu:s0
genfscon sysfs /class/android_usb u:object_r:sysfs_android_usb:s0
+genfscon sysfs /class/extcon u:object_r:sysfs_extcon:s0
genfscon sysfs /class/leds u:object_r:sysfs_leds:s0
genfscon sysfs /class/net u:object_r:sysfs_net:s0
genfscon sysfs /class/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0
diff --git a/private/installd.te b/private/installd.te
index 77889a3..0550274 100644
--- a/private/installd.te
+++ b/private/installd.te
@@ -34,3 +34,8 @@
# Allow installd to access the runtime feature flag properties.
get_prop(installd, device_config_runtime_native_prop)
+
+# Allow installd to delete files in /data/staging
+allow installd staging_data_file:file unlink;
+allow installd staging_data_file:dir { open read remove_name rmdir search write };
+
diff --git a/private/otapreopt_slot.te b/private/otapreopt_slot.te
index 98b93d4..27a3b0e 100644
--- a/private/otapreopt_slot.te
+++ b/private/otapreopt_slot.te
@@ -1,5 +1,28 @@
-typeattribute otapreopt_slot coredomain;
+# This command set moves the artifact corresponding to the current slot
+# from /data/ota to /data/dalvik-cache.
+
+type otapreopt_slot, domain, mlstrustedsubject, coredomain;
+type otapreopt_slot_exec, system_file_type, exec_type, file_type;
# Technically not a daemon but we do want the transition from init domain to
# cppreopts to occur.
init_daemon_domain(otapreopt_slot)
+
+# The otapreopt_slot renames the OTA dalvik-cache to the regular dalvik-cache, and cleans up
+# the directory afterwards. For logging of aggregate size, we need getattr.
+allow otapreopt_slot ota_data_file:dir { rw_dir_perms rename reparent rmdir };
+allow otapreopt_slot ota_data_file:{ file lnk_file } getattr;
+# (du follows symlinks)
+allow otapreopt_slot ota_data_file:lnk_file read;
+
+# Delete old content of the dalvik-cache.
+allow otapreopt_slot dalvikcache_data_file:dir { add_name getattr open read remove_name rmdir search write };
+allow otapreopt_slot dalvikcache_data_file:file { getattr unlink };
+allow otapreopt_slot dalvikcache_data_file:lnk_file { getattr read unlink };
+
+# Allow cppreopts to execute itself using #!/system/bin/sh
+allow otapreopt_slot shell_exec:file rx_file_perms;
+
+# Allow running the mv and rm/rmdir commands using otapreopt_slot permissions.
+# Needed so we can move artifacts into /data/dalvik-cache/dalvik-cache.
+allow otapreopt_slot toolbox_exec:file rx_file_perms;
diff --git a/private/preopt2cachename.te b/private/preopt2cachename.te
index d10f767..dcfba14 100644
--- a/private/preopt2cachename.te
+++ b/private/preopt2cachename.te
@@ -1 +1,17 @@
-typeattribute preopt2cachename coredomain;
+# preopt2cachename executable
+#
+# This executable translates names from the preopted versions the build system
+# creates to the names the runtime expects in the data directory.
+
+type preopt2cachename, domain, coredomain;
+type preopt2cachename_exec, system_file_type, exec_type, file_type;
+
+# Allow write to stdout.
+allow preopt2cachename cppreopts:fd use;
+allow preopt2cachename cppreopts:fifo_file { getattr read write };
+
+# Allow write to logcat.
+allow preopt2cachename proc_net_type:file r_file_perms;
+userdebug_or_eng(`
+ auditallow preopt2cachename proc_net_type:{ dir file lnk_file } { getattr open read };
+')
diff --git a/private/system_server.te b/private/system_server.te
index 2751b09..7ed5339 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -314,6 +314,8 @@
r_dir_file(system_server, sysfs_android_usb)
allow system_server sysfs_android_usb:file w_file_perms;
+allow system_server sysfs_extcon:dir r_dir_perms;
+
r_dir_file(system_server, sysfs_ipv4)
allow system_server sysfs_ipv4:file w_file_perms;
diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index c1cd6c7..24e42d3 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -187,6 +187,3 @@
# Allow access to ashmemd to request /dev/ashmem fds.
binder_call(untrusted_app_all, ashmemd)
-
-# TODO(b/113362644): audit apps directly using /dev/ashmem and emit error
-# message with info on how to fix that.
diff --git a/public/cppreopts.te b/public/cppreopts.te
deleted file mode 100644
index 623391e..0000000
--- a/public/cppreopts.te
+++ /dev/null
@@ -1,22 +0,0 @@
-# cppreopts
-#
-# This command copies preopted files from the system_b partition to the data
-# partition. This domain ensures that we are only copying into specific
-# directories.
-
-type cppreopts, domain, mlstrustedsubject;
-type cppreopts_exec, system_file_type, exec_type, file_type;
-
-# Allow cppreopts copy files into the dalvik-cache
-allow cppreopts dalvikcache_data_file:dir { add_name remove_name search write };
-allow cppreopts dalvikcache_data_file:file { create getattr open read rename write unlink };
-
-# Allow cppreopts to execute itself using #!/system/bin/sh
-allow cppreopts shell_exec:file rx_file_perms;
-
-# Allow us to run find on /postinstall
-allow cppreopts system_file:dir { open read };
-
-# Allow running the cp command using cppreopts permissions. Needed so we can
-# write into dalvik-cache
-allow cppreopts toolbox_exec:file rx_file_perms;
diff --git a/public/domain.te b/public/domain.te
index 2621d81..9a66a62 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -1071,29 +1071,6 @@
}:file *;
')
-# Only authorized processes should be writing to files in /data/dalvik-cache
-neverallow {
- domain
- -init # TODO: limit init to relabelfrom for files
- -zygote
- -installd
- -postinstall_dexopt
- -cppreopts
- -dex2oat
- -otapreopt_slot
-} dalvikcache_data_file:file no_w_file_perms;
-
-neverallow {
- domain
- -init
- -installd
- -postinstall_dexopt
- -cppreopts
- -dex2oat
- -zygote
- -otapreopt_slot
-} dalvikcache_data_file:dir no_w_dir_perms;
-
# Only system_server should be able to send commands via the zygote socket
neverallow { domain -zygote -system_server } zygote:unix_stream_socket connectto;
neverallow { domain -system_server } zygote_socket:sock_file write;
diff --git a/public/file.te b/public/file.te
index a4b51b2..42491dc 100644
--- a/public/file.te
+++ b/public/file.te
@@ -75,6 +75,7 @@
type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject;
type sysfs_dm, fs_type, sysfs_type;
type sysfs_dt_firmware_android, fs_type, sysfs_type;
+type sysfs_extcon, fs_type, sysfs_type;
type sysfs_ipv4, fs_type, sysfs_type;
type sysfs_kernel_notes, fs_type, sysfs_type, mlstrustedobject;
type sysfs_leds, fs_type, sysfs_type;
diff --git a/public/otapreopt_slot.te b/public/otapreopt_slot.te
deleted file mode 100644
index 5726e2e..0000000
--- a/public/otapreopt_slot.te
+++ /dev/null
@@ -1,27 +0,0 @@
-# otapreopt_slot
-#
-# This command set moves the artifact corresponding to the current slot
-# from /data/ota to /data/dalvik-cache.
-
-type otapreopt_slot, domain, mlstrustedsubject;
-type otapreopt_slot_exec, system_file_type, exec_type, file_type;
-
-
-# The otapreopt_slot renames the OTA dalvik-cache to the regular dalvik-cache, and cleans up
-# the directory afterwards. For logging of aggregate size, we need getattr.
-allow otapreopt_slot ota_data_file:dir { rw_dir_perms rename reparent rmdir };
-allow otapreopt_slot ota_data_file:{ file lnk_file } getattr;
-# (du follows symlinks)
-allow otapreopt_slot ota_data_file:lnk_file read;
-
-# Delete old content of the dalvik-cache.
-allow otapreopt_slot dalvikcache_data_file:dir { add_name getattr open read remove_name rmdir search write };
-allow otapreopt_slot dalvikcache_data_file:file { getattr unlink };
-allow otapreopt_slot dalvikcache_data_file:lnk_file { getattr read unlink };
-
-# Allow cppreopts to execute itself using #!/system/bin/sh
-allow otapreopt_slot shell_exec:file rx_file_perms;
-
-# Allow running the mv and rm/rmdir commands using otapreopt_slot permissions.
-# Needed so we can move artifacts into /data/dalvik-cache/dalvik-cache.
-allow otapreopt_slot toolbox_exec:file rx_file_perms;
diff --git a/public/preopt2cachename.te b/public/preopt2cachename.te
deleted file mode 100644
index de70c9f..0000000
--- a/public/preopt2cachename.te
+++ /dev/null
@@ -1,16 +0,0 @@
-# preopt2cachename executable
-#
-# This executable translates names from the preopted versions the build system
-# creates to the names the runtime expects in the data directory.
-type preopt2cachename, domain;
-type preopt2cachename_exec, system_file_type, exec_type, file_type;
-
-# Allow write to stdout.
-allow preopt2cachename cppreopts:fd use;
-allow preopt2cachename cppreopts:fifo_file { getattr read write };
-
-# Allow write to logcat.
-allow preopt2cachename proc_net_type:file r_file_perms;
-userdebug_or_eng(`
- auditallow preopt2cachename proc_net_type:{ dir file lnk_file } { getattr open read };
-')
diff --git a/public/property_contexts b/public/property_contexts
index 836b2a4..bea017a 100644
--- a/public/property_contexts
+++ b/public/property_contexts
@@ -370,3 +370,7 @@
ro.surface_flinger.vsync_sf_event_phase_offset_ns u:object_r:exported_default_prop:s0 int
ro.surface_flinger.wcg_composition_dataspace u:object_r:exported_default_prop:s0 int
ro.surface_flinger.wcg_composition_pixel_format u:object_r:exported_default_prop:s0 int
+ro.surface_flinger.display_primary_red u:object_r:exported_default_prop:s0 string
+ro.surface_flinger.display_primary_green u:object_r:exported_default_prop:s0 string
+ro.surface_flinger.display_primary_blue u:object_r:exported_default_prop:s0 string
+ro.surface_flinger.display_primary_white u:object_r:exported_default_prop:s0 string