Merge "Revert^4 "Allow system server to access udc sysfs"" into main

commit: e9e99a1e4ce69c723126e232f8e7bcc16a76a3df [log] [tgz]
author: Roy Luo <royluo@google.com> Wed Jul 10 16:12:15 2024 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Wed Jul 10 16:12:15 2024 +0000
tree: 24b55561be4b75fe180b033df8d7cbe0ae700244
parent: 3d35cc3cee4b9b235d95e103f59c6c3378b62474 [diff]
parent: e09cefccbb0497e5e9f8aba64e31dadb9e6ea5fd [diff]
diff --git a/OWNERS b/OWNERS
index 488be27..6a2b611 100644
--- a/OWNERS
+++ b/OWNERS

@@ -6,3 +6,5 @@
 jiyong@google.com
 smoreland@google.com
 tweek@google.com
+
+per-file service_fuzzer_bindings.go = waghpawan@google.com

diff --git a/flagging/Android.bp b/flagging/Android.bp
index 2d0bb68..26e8989 100644
--- a/flagging/Android.bp
+++ b/flagging/Android.bp

@@ -21,6 +21,7 @@
         "RELEASE_AVF_ENABLE_DEVICE_ASSIGNMENT",
         "RELEASE_AVF_ENABLE_LLPVM_CHANGES",
         "RELEASE_AVF_ENABLE_NETWORK",
+        "RELEASE_READ_FROM_NEW_STORAGE",
         "RELEASE_HARDWARE_BLUETOOTH_RANGING_SERVICE",
         "RELEASE_UNLOCKED_STORAGE_API",
     ],

diff --git a/private/app.te b/private/app.te
index 30931e4..1dd7fda 100644
--- a/private/app.te
+++ b/private/app.te

@@ -643,7 +643,7 @@
     { apk_tmp_file apk_private_tmp_file }:dir_file_class_set *;
 
 neverallow { untrusted_app_all isolated_app_all } { apk_tmp_file apk_private_tmp_file }:{ devfile_class_set dir fifo_file lnk_file sock_file } *;
-neverallow { untrusted_app_all isolated_app_all } { apk_tmp_file apk_private_tmp_file }:file ~{ getattr read };
+neverallow { untrusted_app_all isolated_app_all } { apk_tmp_file apk_private_tmp_file }:file ~{ getattr read map };
 
 # Access to factory files.
 neverallow appdomain efs_file:dir_file_class_set write;

diff --git a/private/dexopt_chroot_setup.te b/private/dexopt_chroot_setup.te
index 4267d09..4a964fd 100644
--- a/private/dexopt_chroot_setup.te
+++ b/private/dexopt_chroot_setup.te

@@ -52,6 +52,7 @@
   apex_mnt_dir
   apk_data_file
   binderfs
+  binfmt_miscfs
   cgroup
   cgroup_v2
   userdebug_or_eng(debugfs)
@@ -81,6 +82,7 @@
 
 allow dexopt_chroot_setup {
   binderfs
+  binfmt_miscfs
   cgroup
   cgroup_v2
   userdebug_or_eng(debugfs)

diff --git a/private/domain.te b/private/domain.te
index c92830f..4cf9138 100644
--- a/private/domain.te
+++ b/private/domain.te

@@ -570,13 +570,15 @@
   -hal_omx_server
 } {shell_exec toolbox_exec}:file rx_file_perms;
 
-# Allow all to read from flag value boot snapshot storage files and general pb files
-# The boot snapshot of storage files serves flag read traffic for all processes, thus
-# needs to be readable by everybody.
-r_dir_file(domain, aconfig_storage_metadata_file);
+# Allow all processes to read aconfig flag storage files. The format is hidden behind
+# code-generated APIs, but since the libraries are executed in the context of the caller,
+# all processes need access to the underlying files.
+is_flag_enabled(RELEASE_READ_FROM_NEW_STORAGE, `
+  r_dir_file(domain, aconfig_storage_metadata_file);
+  r_dir_file(domain, aconfig_test_mission_files);
+')
 
 r_dir_file({ coredomain appdomain }, system_aconfig_storage_file);
-r_dir_file({ coredomain appdomain }, aconfig_test_mission_files);
 
 # processes needs to access storage file stored at /metadata/aconfig/boot, require search
 # permission on /metadata dir

diff --git a/private/dumpstate.te b/private/dumpstate.te
index 38ea999..20341e4 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te

@@ -33,6 +33,9 @@
   allow dumpstate dropbox_data_file:file r_file_perms;
 ')
 
+r_dir_file(dumpstate, aconfig_storage_metadata_file);
+r_dir_file(dumpstate, aconfig_test_mission_files);
+
 # Allow dumpstate to make binder calls to incidentd
 binder_call(dumpstate, incidentd)
 

diff --git a/private/isolated_app_all.te b/private/isolated_app_all.te
index 8c1fdcb..12b1794 100644
--- a/private/isolated_app_all.te
+++ b/private/isolated_app_all.te

@@ -32,8 +32,8 @@
 # suppress denials to /data/local/tmp
 dontaudit isolated_app_all shell_data_file:dir search;
 
-# Allow to read (but not open) staged apks.
-allow isolated_app_all { apk_tmp_file apk_private_tmp_file }:file { read getattr };
+# Allow to read, map (but not open) staged apks.
+allow isolated_app_all { apk_tmp_file apk_private_tmp_file }:file { read getattr map };
 
 #####
 ##### Neverallow

diff --git a/private/property.te b/private/property.te
index 77fd497..7907dbc 100644
--- a/private/property.te
+++ b/private/property.te

@@ -68,12 +68,14 @@
 system_internal_prop(suspend_debug_prop)
 system_internal_prop(system_service_enable_prop)
 
+
 # Properties which can't be written outside system
 system_restricted_prop(device_config_virtualization_framework_native_prop)
 system_restricted_prop(fstype_prop)
 system_restricted_prop(log_file_logger_prop)
 system_restricted_prop(persist_sysui_builder_extras_prop)
 system_restricted_prop(persist_sysui_ranking_update_prop)
+system_restricted_prop(page_size_prop)
 
 # Properties which should only be written by vendor_init
 system_vendor_config_prop(avf_virtualizationservice_prop)

diff --git a/private/property_contexts b/private/property_contexts
index 601dc99..7a27625 100644
--- a/private/property_contexts
+++ b/private/property_contexts

@@ -415,6 +415,9 @@
 audio.spatializer.pose_predictor_type    u:object_r:audio_config_prop:s0 exact enum 0 1 2 3
 audio.spatializer.prediction_duration_ms u:object_r:audio_config_prop:s0 exact int
 
+# Timestamp correction for MSD
+audio.timestamp.corrected_output_device  u:object_r:audio_config_prop:s0 exact int
+
 ro.audio.ignore_effects   u:object_r:audio_config_prop:s0 exact bool
 ro.audio.monitorRotation  u:object_r:audio_config_prop:s0 exact bool
 ro.audio.offload_wakelock u:object_r:audio_config_prop:s0 exact bool
@@ -1022,6 +1025,9 @@
 # Property for enabling 16k pages developer option.
 ro.product.build.16k_page.enabled u:object_r:enable_16k_pages_prop:s0 exact bool
 
+# Property that indicates which page size the device boots by default.
+ro.product.page_size u:object_r:page_size_prop:s0 exact int
+
 ro.debuggable       u:object_r:userdebug_or_eng_prop:s0 exact bool
 ro.force.debuggable u:object_r:build_prop:s0 exact bool
 

diff --git a/private/seapp_contexts b/private/seapp_contexts
index a07d272..291e097 100644
--- a/private/seapp_contexts
+++ b/private/seapp_contexts

@@ -121,9 +121,6 @@
 # levelFrom=app or levelFrom=all is only supported for _app UIDs.
 # level may be used to specify a fixed level for any UID.
 #
-# For backwards compatibility levelFromUid=true is equivalent to levelFrom=app
-# and levelFromUid=false is equivalent to levelFrom=none.
-#
 #
 # Neverallow Assertions
 # Additional compile time assertion checks for the rules in this file can be

diff --git a/tools/check_seapp.c b/tools/check_seapp.c
index 02882af..f19b0f1 100644
--- a/tools/check_seapp.c
+++ b/tools/check_seapp.c

@@ -233,7 +233,6 @@
                 /*Outputs*/
                 { .name = "domain",         .dir = dir_out, .fn_validate = validate_domain  },
                 { .name = "type",           .dir = dir_out, .fn_validate = validate_type  },
-                { .name = "levelFromUid",   .dir = dir_out, .fn_validate = validate_bool          },
                 { .name = "levelFrom",      .dir = dir_out, .fn_validate = validate_levelFrom     },
                 { .name = "level",          .dir = dir_out, .fn_validate = validate_selinux_level },
 };
commit	e9e99a1e4ce69c723126e232f8e7bcc16a76a3df	[log] [tgz]
author	Roy Luo <royluo@google.com>	Wed Jul 10 16:12:15 2024 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Wed Jul 10 16:12:15 2024 +0000
tree	24b55561be4b75fe180b033df8d7cbe0ae700244
parent	3d35cc3cee4b9b235d95e103f59c6c3378b62474 [diff]
parent	e09cefccbb0497e5e9f8aba64e31dadb9e6ea5fd [diff]