Merge "system_app.te: Update obsolete comment about cgroups" into main
diff --git a/private/app.te b/private/app.te
index cc69e5e..c51ba8b 100644
--- a/private/app.te
+++ b/private/app.te
@@ -641,12 +641,6 @@
apk_tmp_file:dir_file_class_set
{ create write setattr relabelfrom relabelto append unlink link rename };
-neverallow { appdomain -untrusted_app_all -platform_app -priv_app -isolated_app_all }
- { apk_tmp_file apk_private_tmp_file }:dir_file_class_set *;
-
-neverallow { untrusted_app_all isolated_app_all } { apk_tmp_file apk_private_tmp_file }:{ devfile_class_set dir fifo_file lnk_file sock_file } *;
-neverallow { untrusted_app_all isolated_app_all } { apk_tmp_file apk_private_tmp_file }:file ~{ getattr read map };
-
# Access to factory files.
neverallow appdomain efs_file:dir_file_class_set write;
neverallow { appdomain -shell } efs_file:dir_file_class_set read;
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index bf723c5..0e2b01c 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -45,6 +45,10 @@
neverallow { all_untrusted_apps -mediaprovider } init:unix_stream_socket connectto;
neverallow { all_untrusted_apps -mediaprovider } property_type:property_service set;
+# Do not allow untrusted apps to modify temporarily staged APKs.
+neverallow all_untrusted_apps { apk_tmp_file apk_private_tmp_file }:{ devfile_class_set dir fifo_file lnk_file sock_file } *;
+neverallow all_untrusted_apps { apk_tmp_file apk_private_tmp_file }:file ~{ getattr read map };
+
# net.dns properties are not a public API. Disallow untrusted apps from reading this property.
neverallow { all_untrusted_apps } net_dns_prop:file read;
diff --git a/private/crash_dump.te b/private/crash_dump.te
index 45d5722..b2d3bd5 100644
--- a/private/crash_dump.te
+++ b/private/crash_dump.te
@@ -106,8 +106,15 @@
core_data_file_type
vendor_file_type
}:dir search;
-dontaudit crash_dump system_data_file:{ lnk_file file } read;
-dontaudit crash_dump property_type:file read;
+# Crash dump might try to read files that are mapped into the crashed process's
+# memory space to extract useful binary information such as the ELF header. See
+# system/core/debuggerd/libdebuggerd/tombstone_proto.cpp:dump_mappings.
+# Ignore these accesses.
+dontaudit crash_dump {
+ app_data_file_type
+ property_type
+ system_data_file
+}:{ lnk_file file } { read open };
get_prop(crash_dump, misctrl_prop)
diff --git a/private/domain.te b/private/domain.te
index d6f86f4..e9cc7f5 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -501,7 +501,7 @@
get_prop(domain, surfaceflinger_prop)
get_prop(domain, telephony_status_prop)
get_prop(domain, timezone_prop)
-get_prop({domain -untrusted_app_all -isolated_app_all -ephemeral_app }, userdebug_or_eng_prop)
+get_prop({domain -untrusted_app_all -isolated_app_all -ephemeral_app -app_zygote }, userdebug_or_eng_prop)
get_prop(domain, vendor_socket_hook_prop)
get_prop(domain, vndk_prop)
get_prop(domain, vold_status_prop)
diff --git a/private/hal_keymint.te b/private/hal_keymint.te
index ba29956..6c7b577 100644
--- a/private/hal_keymint.te
+++ b/private/hal_keymint.te
@@ -4,5 +4,5 @@
hal_attribute_service(hal_keymint, hal_remotelyprovisionedcomponent_service)
binder_call(hal_keymint_server, servicemanager)
-allow hal_keymint_server tee_device:chr_file rw_file_perms;
-allow hal_keymint_server ion_device:chr_file r_file_perms;
+allow { hal_keymint_server -coredomain } tee_device:chr_file rw_file_perms;
+allow { hal_keymint_server -coredomain } ion_device:chr_file r_file_perms;
diff --git a/private/property_contexts b/private/property_contexts
index 41ae9a2..7e9f1ca 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -1610,6 +1610,7 @@
# bootanimation properties
ro.bootanim.quiescent.enabled u:object_r:bootanim_config_prop:s0 exact bool
+ro.product.bootanim.file u:object_r:bootanim_config_prop:s0 exact string
# dck properties
ro.gms.dck.eligible_wcc u:object_r:dck_prop:s0 exact int