Merge "Add prebuilt_sepolicy_srcs filegroup" into main
diff --git a/apex/com.android.nfc-file_contexts b/apex/com.android.nfc-file_contexts
new file mode 100644
index 0000000..f6b21da
--- /dev/null
+++ b/apex/com.android.nfc-file_contexts
@@ -0,0 +1,2 @@
+(/.*)? u:object_r:system_file:s0
+/lib(64)?(/.*) u:object_r:system_lib_file:s0
diff --git a/private/bug_map b/private/bug_map
index 0a1d741..9aced64 100644
--- a/private/bug_map
+++ b/private/bug_map
@@ -1,6 +1,7 @@
dnsmasq netd fifo_file b/77868789
dnsmasq netd unix_stream_socket b/77868789
gmscore_app system_data_file dir b/146166941
+gmscore_app kernel security b/303319090
init app_data_file file b/77873135
init cache_file blk_file b/77873135
init logpersist file b/77873135
diff --git a/private/compat/34.0/34.0.ignore.cil b/private/compat/34.0/34.0.ignore.cil
index cc240fe..5fd996b 100644
--- a/private/compat/34.0/34.0.ignore.cil
+++ b/private/compat/34.0/34.0.ignore.cil
@@ -14,6 +14,7 @@
virtual_camera_service
ot_daemon_service
remote_auth_service
+ sysfs_sync_on_suspend
threadnetwork_service
device_config_aconfig_flags_prop
proc_memhealth
diff --git a/private/genfs_contexts b/private/genfs_contexts
index f35f268..38428dc 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -157,6 +157,7 @@
genfscon sysfs /power/autosleep u:object_r:sysfs_power:s0
genfscon sysfs /power/state u:object_r:sysfs_power:s0
genfscon sysfs /power/suspend_stats u:object_r:sysfs_suspend_stats:s0
+genfscon sysfs /power/sync_on_suspend u:object_r:sysfs_sync_on_suspend:s0
genfscon sysfs /power/wakeup_count u:object_r:sysfs_power:s0
genfscon sysfs /power/wake_lock u:object_r:sysfs_wake_lock:s0
genfscon sysfs /power/wake_unlock u:object_r:sysfs_wake_lock:s0
diff --git a/private/gmscore_app.te b/private/gmscore_app.te
index 46b90c6..b662f4f 100644
--- a/private/gmscore_app.te
+++ b/private/gmscore_app.te
@@ -46,6 +46,7 @@
dontaudit gmscore_app exec_type:file r_file_perms;
dontaudit gmscore_app device:dir r_dir_perms;
dontaudit gmscore_app fs_bpf:dir r_dir_perms;
+dontaudit gmscore_app kernel:security *;
dontaudit gmscore_app net_dns_prop:file r_file_perms;
dontaudit gmscore_app proc:file r_file_perms;
dontaudit gmscore_app proc_interrupts:file r_file_perms;
diff --git a/private/property_contexts b/private/property_contexts
index b009c60..5faa2a3 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -579,6 +579,7 @@
bluetooth.profile.pan.panu.enabled u:object_r:bluetooth_config_prop:s0 exact bool
bluetooth.profile.pbap.client.enabled u:object_r:bluetooth_config_prop:s0 exact bool
bluetooth.profile.pbap.server.enabled u:object_r:bluetooth_config_prop:s0 exact bool
+bluetooth.profile.pbap.sim.enabled u:object_r:bluetooth_config_prop:s0 exact bool
bluetooth.profile.sap.server.enabled u:object_r:bluetooth_config_prop:s0 exact bool
bluetooth.profile.vcp.controller.enabled u:object_r:bluetooth_config_prop:s0 exact bool
diff --git a/private/system_suspend.te b/private/system_suspend.te
index bef7c6d..683d913 100644
--- a/private/system_suspend.te
+++ b/private/system_suspend.te
@@ -37,6 +37,9 @@
allow system_suspend sysfs_wake_lock:file rw_file_perms;
allow system_suspend self:global_capability2_class_set block_suspend;
+# Allow init to set /sys/power/sync_on_suspend.
+allow init sysfs_sync_on_suspend:file w_file_perms;
+
neverallow {
domain
-atrace # tracing
diff --git a/public/file.te b/public/file.te
index 74aca61..72f511b 100644
--- a/public/file.te
+++ b/public/file.te
@@ -116,6 +116,7 @@
type sysfs_rtc, fs_type, sysfs_type;
type sysfs_suspend_stats, fs_type, sysfs_type;
type sysfs_switch, fs_type, sysfs_type;
+type sysfs_sync_on_suspend, fs_type, sysfs_type;
type sysfs_transparent_hugepage, fs_type, sysfs_type;
type sysfs_lru_gen_enabled, fs_type, sysfs_type;
type sysfs_usb, fs_type, sysfs_type;
diff --git a/tests/policy.py b/tests/policy.py
index 9fdc43c..8fc2ef7 100644
--- a/tests/policy.py
+++ b/tests/policy.py
@@ -109,17 +109,22 @@
# Query policy for the types associated with Attr
TypesPol = self.QueryTypeAttribute(Attr, True) - set(ExcludedTypes)
# Search file_contexts to find types associated with input paths.
- TypesFc, Files = self.__GetTypesAndFilesByFilePathPrefix(MatchPrefix, DoNotMatchPrefix)
- violators = TypesFc.intersection(TypesPol)
+ PathTypes = self.__GetTypesAndFilesByFilePathPrefix(MatchPrefix, DoNotMatchPrefix)
+ violators = set()
+ for PathType in PathTypes:
+ filepath, filetype = PathType
+ if filetype in TypesPol:
+ violators.add((str(filetype), str(filepath)))
+
ret = ""
if len(violators) > 0:
ret += "The following types on "
ret += " ".join(str(x) for x in sorted(MatchPrefix))
ret += " must not be associated with the "
- ret += "\"" + Attr + "\" attribute: "
- ret += " ".join(str(x) for x in sorted(violators)) + "\n"
- ret += " corresponding to files: "
- ret += " ".join(str(x) for x in sorted(Files)) + "\n"
+ ret += "\"" + Attr + "\" attribute.\n"
+ ret += "Violator types and corresponding paths:\n"
+ ret += "\n".join(str(x) for x in sorted(violators))
+ ret += "\n"
return ret
# Check that all types for "filesystem" have "attribute" associated with them
@@ -146,18 +151,22 @@
TypesPol = self.QueryTypeAttribute(Attr, True)
# Search file_contexts to find paths/types that should be associated with
# Attr.
- TypesFc, Files = self.__GetTypesAndFilesByFilePathPrefix(MatchPrefix, DoNotMatchPrefix)
- violators = TypesFc.difference(TypesPol)
+ PathTypes = self.__GetTypesAndFilesByFilePathPrefix(MatchPrefix, DoNotMatchPrefix)
+ violators = set()
+ for PathType in PathTypes:
+ filepath, filetype = PathType
+ if filetype not in TypesPol:
+ violators.add((str(filetype), str(filepath)))
ret = ""
if len(violators) > 0:
ret += "The following types on "
ret += " ".join(str(x) for x in sorted(MatchPrefix))
ret += " must be associated with the "
- ret += "\"" + Attr + "\" attribute: "
- ret += " ".join(str(x) for x in sorted(violators)) + "\n"
- ret += " corresponding to files: "
- ret += " ".join(str(x) for x in sorted(Files)) + "\n"
+ ret += "\"" + Attr + "\" attribute.\n"
+ ret += "Violator types and corresponding paths:\n"
+ ret += "\n".join(str(x) for x in sorted(violators))
+ ret += "\n"
return ret
def AssertPropertyOwnersAreExclusive(self):
@@ -334,8 +343,7 @@
# Return types that match MatchPrefixes but do not match
# DoNotMatchPrefixes
def __GetTypesAndFilesByFilePathPrefix(self, MatchPrefixes, DoNotMatchPrefixes):
- Types = set()
- Files = set()
+ ret = []
MatchPrefixesWithIndex = []
for MatchPrefix in MatchPrefixes:
@@ -346,9 +354,8 @@
for PathType in PathTypes:
if MatchPathPrefixes(PathType[0], DoNotMatchPrefixes):
continue
- Types.add(PathType[1])
- Files.add(PathType[0])
- return Types, Files
+ ret.append(PathType)
+ return ret
def __GetTERules(self, policydbP, avtabIterP, Rules):
if Rules is None: