commit dc33d3f15ebf078c6866df53bca395f8d2b82453
author Treehugger Robot <treehugger-gerrit@google.com> Tue May 12 13:12:57 2020 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Tue May 12 13:12:57 2020 +0000
tree 7a627756747d77bc286c1a559f625332301c52ee
parent a00b1ea2dbef7179f8ab947dd9711339a712fc6d
parent 36aeb16b867bea9e06e5c8487581953ba7f7d11f

Merge "Rename context names of zram properties"

private/adbd.te

diff --git a/private/adbd.te b/private/adbd.te
index cd3d8f3..b03c62e 100644
--- a/private/adbd.te
+++ b/private/adbd.te
@@ -84,8 +84,8 @@
 # Set service.adb.*, sys.powerctl, and sys.usb.ffs.ready properties.
 set_prop(adbd, shell_prop)
 set_prop(adbd, powerctl_prop)
-set_prop(adbd, ffs_prop)
-set_prop(adbd, exported_ffs_prop)
+get_prop(adbd, ffs_config_prop)
+set_prop(adbd, ffs_control_prop)
 
 # Set service.adb.tls.port, persist.adb.wifi. properties
 set_prop(adbd, adbd_prop)

private/compat/27.0/27.0.ignore.cil

diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index ee267a6..1f43c71 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -5,6 +5,7 @@
 (typeattribute new_objects)
 (typeattributeset new_objects
   ( new_objects
+    aac_drc_prop
     activity_task_service
     adb_service
     app_binding_service
@@ -71,6 +72,8 @@
     exported_vold_prop
     exported_wifi_prop
     fastbootd
+    ffs_config_prop
+    ffs_control_prop
     flags_health_check
     flags_health_check_exec
     fingerprint_vendor_data_file

private/compat/30.0/30.0.cil

diff --git a/private/compat/30.0/30.0.cil b/private/compat/30.0/30.0.cil
index 32dd5f9..fd320c0 100644
--- a/private/compat/30.0/30.0.cil
+++ b/private/compat/30.0/30.0.cil
@@ -1,9 +1,11 @@
 ;; types removed from current policy
 (type exported_audio_prop)
 (type exported_dalvik_prop)
+(type exported_ffs_prop)
 (type exported_vold_prop)
 (type exported2_config_prop)
 (type exported2_vold_prop)
+(type ffs_prop)
 
 (expandtypeattribute (DockObserver_service_30_0) true)
 (expandtypeattribute (IProxyService_service_30_0) true)
@@ -1337,7 +1339,10 @@
 (typeattributeset ethernet_service_30_0 (ethernet_service))
 (typeattributeset exfat_30_0 (exfat))
 (typeattributeset exported2_config_prop_30_0 (exported2_config_prop systemsound_config_prop))
-(typeattributeset exported2_default_prop_30_0 (exported2_default_prop libc_debug_prop))
+(typeattributeset exported2_default_prop_30_0
+  ( exported2_default_prop
+    aac_drc_prop
+    libc_debug_prop))
 (typeattributeset exported2_radio_prop_30_0 (exported2_radio_prop))
 (typeattributeset exported2_system_prop_30_0
   ( exported2_system_prop
@@ -1360,7 +1365,10 @@
   ( exported_default_prop
     surfaceflinger_prop))
 (typeattributeset exported_dumpstate_prop_30_0 (exported_dumpstate_prop))
-(typeattributeset exported_ffs_prop_30_0 (exported_ffs_prop))
+(typeattributeset exported_ffs_prop_30_0
+  ( exported_ffs_prop
+    ffs_config_prop
+    ffs_control_prop))
 (typeattributeset exported_fingerprint_prop_30_0 (exported_fingerprint_prop))
 (typeattributeset exported_overlay_prop_30_0 (exported_overlay_prop))
 (typeattributeset exported_pm_prop_30_0 (exported_pm_prop))

private/coredomain.te

diff --git a/private/coredomain.te b/private/coredomain.te
index daaf3aa..2aa44c2 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te
@@ -1,5 +1,6 @@
 get_prop(coredomain, pm_prop)
 get_prop(coredomain, exported_pm_prop)
+get_prop(coredomain, ffs_config_prop)
 get_prop(coredomain, lmkd_config_prop)
 get_prop(coredomain, camera_config_prop)
 

private/domain.te

diff --git a/private/domain.te b/private/domain.te
index 9eed3db..433a791 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -75,7 +75,6 @@
     get_prop(domain, boot_status_prop)
     get_prop(domain, core_property_type)
     get_prop(domain, dalvik_config_prop)
-    get_prop(domain, exported_ffs_prop)
     get_prop(domain, exported_system_radio_prop)
     get_prop(domain, exported2_radio_prop)
     get_prop(domain, exported2_system_prop)
@@ -91,7 +90,6 @@
     get_prop({coredomain appdomain shell}, boot_status_prop)
     get_prop({coredomain appdomain shell}, core_property_type)
     get_prop({coredomain appdomain shell}, dalvik_config_prop)
-    get_prop({coredomain appdomain shell}, exported_ffs_prop)
     get_prop({coredomain appdomain shell}, exported_system_radio_prop)
     get_prop({coredomain appdomain shell}, exported2_radio_prop)
     get_prop({coredomain appdomain shell}, exported2_system_prop)

private/fastbootd.te

diff --git a/private/fastbootd.te b/private/fastbootd.te
index 49994b7..1655f00 100644
--- a/private/fastbootd.te
+++ b/private/fastbootd.te
@@ -10,8 +10,8 @@
   get_prop(fastbootd, serialno_prop)
 
   # Set sys.usb.ffs.ready.
-  set_prop(fastbootd, ffs_prop)
-  set_prop(fastbootd, exported_ffs_prop)
+  get_prop(fastbootd, ffs_config_prop)
+  set_prop(fastbootd, ffs_control_prop)
 
   userdebug_or_eng(`
     get_prop(fastbootd, persistent_properties_ready_prop)

private/mediaprovider.te

diff --git a/private/mediaprovider.te b/private/mediaprovider.te
index 249fee1..9991725 100644
--- a/private/mediaprovider.te
+++ b/private/mediaprovider.te
@@ -40,5 +40,5 @@
 allowxperm mediaprovider functionfs:file ioctl FUNCTIONFS_ENDPOINT_DESC;
 
 # MtpServer sets sys.usb.ffs.mtp.ready
-set_prop(mediaprovider, ffs_prop)
-set_prop(mediaprovider, exported_ffs_prop)
+get_prop(mediaprovider, ffs_config_prop)
+set_prop(mediaprovider, ffs_control_prop)

private/property.te

diff --git a/private/property.te b/private/property.te
index ca9f2ca..054bc78 100644
--- a/private/property.te
+++ b/private/property.te
@@ -74,7 +74,6 @@
   -default_prop
   -dhcp_prop
   -dumpstate_prop
-  -ffs_prop
   -fingerprint_prop
   -logd_prop
   -net_radio_prop
@@ -137,7 +136,6 @@
     exported_config_prop
     exported_default_prop
     exported_dumpstate_prop
-    exported_ffs_prop
     exported_fingerprint_prop
     exported_system_prop
     exported_system_radio_prop
@@ -238,7 +236,6 @@
     core_property_type
     dalvik_config_prop
     extended_core_property_type
-    exported_ffs_prop
     exported_system_radio_prop
     exported2_system_prop
     exported3_default_prop
@@ -302,6 +299,14 @@
 ')
 
 neverallow {
+  -coredomain
+  -vendor_init
+} {
+  ffs_config_prop
+  ffs_control_prop
+}:file no_rw_file_perms;
+
+neverallow {
   -init
   -system_server
 } {

private/property_contexts

diff --git a/private/property_contexts b/private/property_contexts
index c7ee92a..f8e4fff 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -27,7 +27,6 @@
 sys.cppreopt            u:object_r:cppreopt_prop:s0
 sys.lpdumpd             u:object_r:lpdumpd_prop:s0
 sys.powerctl            u:object_r:powerctl_prop:s0
-sys.usb.ffs.            u:object_r:ffs_prop:s0
 service.                u:object_r:system_prop:s0
 dhcp.                   u:object_r:dhcp_prop:s0
 dhcp.bt-pan.result      u:object_r:pan_result_prop:s0
@@ -483,13 +482,16 @@
 sendbug.preferred.domain u:object_r:exported3_default_prop:s0 exact string
 
 sys.usb.controller      u:object_r:exported2_system_prop:s0 exact string
-sys.usb.ffs.max_read    u:object_r:exported_ffs_prop:s0 exact int
-sys.usb.ffs.max_write   u:object_r:exported_ffs_prop:s0 exact int
-sys.usb.ffs.ready       u:object_r:exported_ffs_prop:s0 exact bool
 sys.usb.mtp.device_type u:object_r:exported2_system_prop:s0 exact int
-sys.usb.ffs.mtp.ready   u:object_r:exported_ffs_prop:s0 exact bool
 sys.usb.state           u:object_r:exported2_system_prop:s0 exact string
 
+sys.usb.ffs.aio_compat u:object_r:ffs_config_prop:s0 exact bool
+sys.usb.ffs.max_read   u:object_r:ffs_config_prop:s0 exact int
+sys.usb.ffs.max_write  u:object_r:ffs_config_prop:s0 exact int
+
+sys.usb.ffs.ready     u:object_r:ffs_control_prop:s0 exact bool
+sys.usb.ffs.mtp.ready u:object_r:ffs_control_prop:s0 exact bool
+
 telephony.lteOnCdmaDevice u:object_r:exported3_default_prop:s0 exact int
 telephony.active_modems.max_count u:object_r:exported3_default_prop:s0 exact int
 
@@ -517,16 +519,15 @@
 sys.usb.config   u:object_r:exported_system_radio_prop:s0 exact string
 sys.usb.configfs u:object_r:exported_system_radio_prop:s0 exact int
 
-aac_drc_boost            u:object_r:exported2_default_prop:s0 exact int
-aac_drc_cut              u:object_r:exported2_default_prop:s0 exact int
-aac_drc_enc_target_level u:object_r:exported2_default_prop:s0 exact int
-aac_drc_heavy            u:object_r:exported2_default_prop:s0 exact int
-aac_drc_reference_level  u:object_r:exported2_default_prop:s0 exact int
+aac_drc_boost            u:object_r:aac_drc_prop:s0 exact int
+aac_drc_cut              u:object_r:aac_drc_prop:s0 exact int
+aac_drc_enc_target_level u:object_r:aac_drc_prop:s0 exact int
+aac_drc_heavy            u:object_r:aac_drc_prop:s0 exact int
+aac_drc_reference_level  u:object_r:aac_drc_prop:s0 exact int
+ro.aac_drc_effect_type   u:object_r:aac_drc_prop:s0 exact int
 
 build.version.extensions. u:object_r:module_sdkextensions_prop:s0 prefix int
 
-ro.aac_drc_effect_type u:object_r:exported2_default_prop:s0 exact int
-
 drm.64bit.enabled u:object_r:exported2_default_prop:s0 exact bool
 
 dumpstate.dry_run u:object_r:exported_dumpstate_prop:s0 exact bool

private/recovery.te

diff --git a/private/recovery.te b/private/recovery.te
index b522230..e1151a4 100644
--- a/private/recovery.te
+++ b/private/recovery.te
@@ -10,8 +10,8 @@
   get_prop(recovery, serialno_prop)
 
   # Set sys.usb.ffs.ready when starting minadbd for sideload.
-  set_prop(recovery, ffs_prop)
-  set_prop(recovery, exported_ffs_prop)
+  get_prop(recovery, ffs_config_prop)
+  set_prop(recovery, ffs_control_prop)
 
   # Set sys.usb.config when switching into fastboot.
   set_prop(recovery, system_radio_prop)

public/domain.te

diff --git a/public/domain.te b/public/domain.te
index b23303d..2e17f42 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -541,6 +541,8 @@
     neverallow { domain -coredomain -vendor_init } exported_pm_prop:file no_rw_file_perms;
 ')
 
+neverallow { domain -init } aac_drc_prop:property_service set;
+
 # Do not allow reading device's serial number from system properties except form
 # a few whitelisted domains.
 neverallow {

public/mediatranscoding.te

diff --git a/public/mediatranscoding.te b/public/mediatranscoding.te
index 5b64083..85c4a6c 100644
--- a/public/mediatranscoding.te
+++ b/public/mediatranscoding.te
@@ -10,6 +10,7 @@
 
 allow mediatranscoding system_server:fd use;
 allow mediatranscoding activity_service:service_manager find;
+allow mediatranscoding untrusted_app:binder call;
 
 # mediatranscoding should never execute any executable without a
 # domain transition

public/property.te

diff --git a/public/property.te b/public/property.te
index 79d0ca6..db3773d 100644
--- a/public/property.te
+++ b/public/property.te
@@ -54,6 +54,7 @@
 ')
 
 # Properties which can't be written outside system
+system_restricted_prop(aac_drc_prop)
 system_restricted_prop(binder_cache_bluetooth_server_prop)
 system_restricted_prop(binder_cache_system_server_prop)
 system_restricted_prop(binder_cache_telephony_server_prop)
@@ -84,7 +85,6 @@
     system_restricted_prop(exported_dumpstate_prop)
     system_restricted_prop(exported_fingerprint_prop)
     system_restricted_prop(exported_secure_prop)
-    system_restricted_prop(ffs_prop)
     system_restricted_prop(fingerprint_prop)
     system_restricted_prop(heapprofd_prop)
     system_restricted_prop(net_radio_prop)
@@ -108,6 +108,7 @@
 system_vendor_config_prop(exported_config_prop)
 system_vendor_config_prop(exported_default_prop)
 system_vendor_config_prop(exported3_default_prop)
+system_vendor_config_prop(ffs_config_prop)
 system_vendor_config_prop(incremental_prop)
 system_vendor_config_prop(lmkd_config_prop)
 system_vendor_config_prop(media_variant_prop)
@@ -139,12 +140,12 @@
 system_public_prop(exported2_system_prop)
 system_public_prop(exported3_radio_prop)
 system_public_prop(exported_bluetooth_prop)
-system_public_prop(exported_ffs_prop)
 system_public_prop(exported_overlay_prop)
 system_public_prop(exported_pm_prop)
 system_public_prop(exported_radio_prop)
 system_public_prop(exported_system_radio_prop)
 system_public_prop(exported_wifi_prop)
+system_public_prop(ffs_control_prop)
 system_public_prop(sota_prop)
 system_public_prop(hwservicemanager_prop)
 system_public_prop(lmkd_prop)
@@ -219,7 +220,6 @@
     system_public_prop(exported_dumpstate_prop)
     system_public_prop(exported_fingerprint_prop)
     system_public_prop(exported_secure_prop)
-    system_public_prop(ffs_prop)
     system_public_prop(fingerprint_prop)
     system_public_prop(heapprofd_prop)
     system_public_prop(net_radio_prop)
@@ -257,7 +257,6 @@
 typeattribute default_prop       core_property_type;
 typeattribute dhcp_prop          core_property_type;
 typeattribute dumpstate_prop     core_property_type;
-typeattribute ffs_prop           core_property_type;
 typeattribute fingerprint_prop   core_property_type;
 typeattribute logd_prop          core_property_type;
 typeattribute net_radio_prop     core_property_type;

public/vendor_init.te

diff --git a/public/vendor_init.te b/public/vendor_init.te
index 748cd7e..ab5fb56 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -215,7 +215,6 @@
 set_prop(vendor_init, exported_camera_prop)
 set_prop(vendor_init, exported_config_prop)
 set_prop(vendor_init, exported_default_prop)
-set_prop(vendor_init, exported_ffs_prop)
 set_prop(vendor_init, exported_overlay_prop)
 set_prop(vendor_init, exported_pm_prop)
 set_prop(vendor_init, exported_radio_prop)
@@ -224,6 +223,7 @@
 set_prop(vendor_init, exported2_system_prop)
 set_prop(vendor_init, exported3_default_prop)
 set_prop(vendor_init, exported3_radio_prop)
+set_prop(vendor_init, ffs_control_prop)
 set_prop(vendor_init, incremental_prop)
 set_prop(vendor_init, lmkd_prop)
 set_prop(vendor_init, logd_prop)

vendor/mediacodec.te

diff --git a/vendor/mediacodec.te b/vendor/mediacodec.te
index d6d0de1..b4c6df4 100644
--- a/vendor/mediacodec.te
+++ b/vendor/mediacodec.te
@@ -23,6 +23,9 @@
 
 crash_dump_fallback(mediacodec)
 
+# get aac_drc_* properties
+get_prop(mediacodec, aac_drc_prop)
+
 # mediacodec should never execute any executable without a domain transition
 neverallow mediacodec { file_type fs_type }:file execute_no_trans;