Merge "Allow system_server to read system_lmk_prop"
diff --git a/apex/com.android.adbd-file_contexts b/apex/com.android.adbd-file_contexts
new file mode 100644
index 0000000..3488de2
--- /dev/null
+++ b/apex/com.android.adbd-file_contexts
@@ -0,0 +1,2 @@
+(/.*)? u:object_r:system_file:s0
+/bin/adbd u:object_r:adbd_exec:s0
diff --git a/apex/com.android.cellbroadcast-file_contexts b/apex/com.android.cellbroadcast-file_contexts
new file mode 100644
index 0000000..f3a65d4
--- /dev/null
+++ b/apex/com.android.cellbroadcast-file_contexts
@@ -0,0 +1 @@
+(/.*)? u:object_r:system_file:s0
diff --git a/private/compat/29.0/29.0.cil b/private/compat/29.0/29.0.cil
index edf38c7..c447715 100644
--- a/private/compat/29.0/29.0.cil
+++ b/private/compat/29.0/29.0.cil
@@ -1742,7 +1742,10 @@
(typeattributeset surfaceflinger_service_29_0 (surfaceflinger_service))
(typeattributeset surfaceflinger_tmpfs_29_0 (surfaceflinger_tmpfs))
(typeattributeset swap_block_device_29_0 (swap_block_device))
-(typeattributeset sysfs_29_0 (sysfs))
+(typeattributeset sysfs_29_0
+ ( sysfs
+ sysfs_suspend_stats
+ sysfs_wakeup))
(typeattributeset sysfs_android_usb_29_0 (sysfs_android_usb))
(typeattributeset sysfs_batteryinfo_29_0 (sysfs_batteryinfo))
(typeattributeset sysfs_bluetooth_writable_29_0 (sysfs_bluetooth_writable))
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index 06380de..83c76cb 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -6,6 +6,7 @@
(typeattributeset new_objects
( new_objects
ashmem_libcutils_device
+ blob_store_service
boringssl_self_test
charger_prop
cold_boot_done_prop
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 6be0ba6..855f2d6 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -115,6 +115,7 @@
genfscon sysfs /class/rfkill/rfkill3/state u:object_r:sysfs_bluetooth_writable:s0
genfscon sysfs /class/rtc u:object_r:sysfs_rtc:s0
genfscon sysfs /class/switch u:object_r:sysfs_switch:s0
+genfscon sysfs /class/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/nfc-power/nfc_power u:object_r:sysfs_nfc_power_writable:s0
genfscon sysfs /devices/virtual/android_usb u:object_r:sysfs_android_usb:s0
genfscon sysfs /devices/virtual/block/ u:object_r:sysfs_devices_block:s0
@@ -127,11 +128,13 @@
genfscon sysfs /devices/virtual/misc/hw_random u:object_r:sysfs_hwrandom:s0
genfscon sysfs /devices/virtual/net u:object_r:sysfs_net:s0
genfscon sysfs /devices/virtual/switch u:object_r:sysfs_switch:s0
+genfscon sysfs /devices/virtual/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /firmware/devicetree/base/firmware/android u:object_r:sysfs_dt_firmware_android:s0
genfscon sysfs /fs/ext4/features u:object_r:sysfs_fs_ext4_features:s0
genfscon sysfs /fs/f2fs u:object_r:sysfs_fs_f2fs:s0
genfscon sysfs /power/autosleep u:object_r:sysfs_power:s0
genfscon sysfs /power/state u:object_r:sysfs_power:s0
+genfscon sysfs /power/suspend_stats u:object_r:sysfs_suspend_stats:s0
genfscon sysfs /power/wakeup_count u:object_r:sysfs_power:s0
genfscon sysfs /power/wake_lock u:object_r:sysfs_wake_lock:s0
genfscon sysfs /power/wake_unlock u:object_r:sysfs_wake_lock:s0
diff --git a/private/incidentd.te b/private/incidentd.te
index 0c57f0f..26f436a 100644
--- a/private/incidentd.te
+++ b/private/incidentd.te
@@ -150,6 +150,12 @@
# Allow incident to call back to incident with status updates.
binder_call(incidentd, incident)
+# Read device serial number from system properties
+# This is used to track reports from lab testing devices
+userdebug_or_eng(`
+ get_prop(incidentd, serialno_prop)
+')
+
###
### neverallow rules
###
diff --git a/private/keys.conf b/private/keys.conf
index 8c899b6..362e73d 100644
--- a/private/keys.conf
+++ b/private/keys.conf
@@ -17,9 +17,6 @@
[@NETWORK_STACK]
ALL : $MAINLINE_SEPOLICY_DEV_CERTIFICATES/networkstack.x509.pem
-[@PERMISSION_CONTROLLER]
-ALL: $DEFAULT_SYSTEM_DEV_CERTIFICATE/com_google_android_permissioncontroller-container.x509.pem
-
[@SHARED]
ALL : $DEFAULT_SYSTEM_DEV_CERTIFICATE/shared.x509.pem
diff --git a/private/mac_permissions.xml b/private/mac_permissions.xml
index 5095a2a..7fc37c1 100644
--- a/private/mac_permissions.xml
+++ b/private/mac_permissions.xml
@@ -59,10 +59,4 @@
<signer signature="@NETWORK_STACK" >
<seinfo value="network_stack" />
</signer>
-
- <signer signature="@PERMISSION_CONTROLLER" >
- <package name="com.google.android.permissioncontroller">
- <seinfo value="permission_controller" />
- </package>
- </signer>
</policy>
diff --git a/private/perfetto.te b/private/perfetto.te
index 8c7c8af..2183b6d 100644
--- a/private/perfetto.te
+++ b/private/perfetto.te
@@ -34,9 +34,12 @@
allow perfetto adbd:fd use;
allow perfetto adbd:unix_stream_socket { read write };
-# Allow adbd to reap perfetto
+# Allow adbd to reap perfetto.
allow perfetto adbd:process { sigchld };
+# Allow perfetto to write to statsd.
+unix_socket_send(perfetto, statsdw, statsd)
+
# Allow to access /dev/pts when launched in an adb shell.
allow perfetto devpts:chr_file rw_file_perms;
diff --git a/private/permissioncontroller_app.te b/private/permissioncontroller_app.te
index 32fa9bd..9b09ce3 100644
--- a/private/permissioncontroller_app.te
+++ b/private/permissioncontroller_app.te
@@ -25,3 +25,11 @@
# Allow interaction with activity_service
allow permissioncontroller_app activity_service:service_manager find;
+
+allow permissioncontroller_app activity_task_service:service_manager find;
+allow permissioncontroller_app audio_service:service_manager find;
+allow permissioncontroller_app autofill_service:service_manager find;
+allow permissioncontroller_app device_policy_service:service_manager find;
+allow permissioncontroller_app location_service:service_manager find;
+allow permissioncontroller_app surfaceflinger_service:service_manager find;
+allow permissioncontroller_app trust_service:service_manager find;
diff --git a/private/seapp_contexts b/private/seapp_contexts
index 3651389..14b63e9 100644
--- a/private/seapp_contexts
+++ b/private/seapp_contexts
@@ -113,9 +113,10 @@
neverallow user=((?!system).)* domain=system_app
neverallow user=((?!system).)* type=system_app_data_file
-# anything with a non-known uid with a specified name should have a specified seinfo
-neverallow user=_app name=.* seinfo=""
-neverallow user=_app name=.* seinfo=default
+# any non priv-app with a non-known uid with a specified name should have a specified
+# seinfo
+neverallow user=_app isPrivApp=false name=.* seinfo=""
+neverallow user=_app isPrivApp=false name=.* seinfo=default
# neverallow shared relro to any other domain
# and neverallow any other uid into shared_relro
@@ -156,7 +157,7 @@
user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user
user=_app isEphemeralApp=true domain=ephemeral_app type=app_data_file levelFrom=all
user=_app isPrivApp=true domain=priv_app type=privapp_data_file levelFrom=user
-user=_app seinfo=permission_controller isPrivApp=true name=com.google.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all
+user=_app isPrivApp=true name=com.google.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all
user=_app minTargetSdkVersion=29 domain=untrusted_app type=app_data_file levelFrom=all
user=_app minTargetSdkVersion=28 domain=untrusted_app_27 type=app_data_file levelFrom=all
user=_app minTargetSdkVersion=26 domain=untrusted_app_27 type=app_data_file levelFrom=user
diff --git a/private/service_contexts b/private/service_contexts
index 4041a60..b7cd10f 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -12,6 +12,7 @@
app_binding u:object_r:app_binding_service:s0
app_prediction u:object_r:app_prediction_service:s0
apexservice u:object_r:apex_service:s0
+blob_store u:object_r:blob_store_service:s0
gsiservice u:object_r:gsi_service:s0
appops u:object_r:appops_service:s0
appwidget u:object_r:appwidget_service:s0
@@ -191,6 +192,7 @@
task u:object_r:task_service:s0
telecom u:object_r:telecom_service:s0
telephony.registry u:object_r:registry_service:s0
+telephony_ims u:object_r:radio_service:s0
testharness u:object_r:testharness_service:s0
textclassification u:object_r:textclassification_service:s0
textservices u:object_r:textservices_service:s0
diff --git a/private/snapshotctl.te b/private/snapshotctl.te
index 78bf6fd..0f0313c 100644
--- a/private/snapshotctl.te
+++ b/private/snapshotctl.te
@@ -12,10 +12,10 @@
allow snapshotctl gsi_service:service_manager find;
binder_call(snapshotctl, gsid)
-# Allow to read/write/delete OTA metadata files for snapshot status and COW file status.
+# Allow to create/read/write/delete OTA metadata files for snapshot status and COW file status.
allow snapshotctl metadata_file:dir search;
allow snapshotctl ota_metadata_file:dir rw_dir_perms;
-allow snapshotctl ota_metadata_file:file { rw_file_perms unlink };
+allow snapshotctl ota_metadata_file:file create_file_perms;
# Allow to get A/B slot suffix from device tree or kernel cmdline.
r_dir_file(snapshotctl, sysfs_dt_firmware_android);
@@ -30,3 +30,7 @@
# Needed to mutate device-mapper nodes.
allow snapshotctl self:global_capability_class_set sys_admin;
+
+# Snapshotctl talk to boot control HAL to set merge status.
+hwbinder_use(snapshotctl)
+hal_client_domain(snapshotctl, hal_bootctl)
diff --git a/private/system_suspend.te b/private/system_suspend.te
index e93a73d..b600c66 100644
--- a/private/system_suspend.te
+++ b/private/system_suspend.te
@@ -10,6 +10,10 @@
# Access to /sys/power/{ wakeup_count, state } suspend interface.
allow system_suspend sysfs_power:file rw_file_perms;
+# Access to wakeup and suspend stats.
+r_dir_file(system_suspend, sysfs_suspend_stats)
+r_dir_file(system_suspend, sysfs_wakeup)
+
neverallow {
domain
-atrace # tracing
diff --git a/public/audioserver.te b/public/audioserver.te
index 2ad86e3..a8a33cc 100644
--- a/public/audioserver.te
+++ b/public/audioserver.te
@@ -1,3 +1,6 @@
# audioserver - audio services daemon
type audioserver, domain;
type audioserver_tmpfs, file_type;
+
+# Allow audioserver to signal audio HAL processes and dump their stacks.
+allow audioserver hal_audio_server:process signal;
diff --git a/public/domain.te b/public/domain.te
index 99274a8..75769b3 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -539,6 +539,7 @@
-hal_camera_server
-hal_cas_server
-hal_drm_server
+ userdebug_or_eng(`-incidentd')
-init
-mediadrmserver
-recovery
diff --git a/public/file.te b/public/file.te
index 8a8a0bc..401e016 100644
--- a/public/file.te
+++ b/public/file.te
@@ -93,9 +93,11 @@
type sysfs_net, fs_type, sysfs_type;
type sysfs_power, fs_type, sysfs_type;
type sysfs_rtc, fs_type, sysfs_type;
+type sysfs_suspend_stats, fs_type, sysfs_type;
type sysfs_switch, fs_type, sysfs_type;
type sysfs_transparent_hugepage, fs_type, sysfs_type;
type sysfs_usb, fs_type, sysfs_type;
+type sysfs_wakeup, fs_type, sysfs_type;
type sysfs_wakeup_reasons, fs_type, sysfs_type;
type sysfs_fs_ext4_features, sysfs_type, fs_type;
type sysfs_fs_f2fs, sysfs_type, fs_type;
diff --git a/public/init.te b/public/init.te
index 06a33a6..2d0db1e 100644
--- a/public/init.te
+++ b/public/init.te
@@ -28,6 +28,8 @@
allow init runtime_event_log_tags_file:file { open write setattr relabelto create };
# /dev/socket
allow init { device socket_device }:dir relabelto;
+# allow init to establish connection and communicate with lmkd
+unix_socket_connect(init, lmkd, lmkd)
# Relabel /dev nodes created in first stage init, /dev/null, /dev/ptmx, /dev/random, /dev/urandom
allow init { null_device ptmx_device random_device } : chr_file relabelto;
# /dev/device-mapper, /dev/block(/.*)?
diff --git a/public/kernel.te b/public/kernel.te
index 46864b8..42fe2c4 100644
--- a/public/kernel.te
+++ b/public/kernel.te
@@ -107,7 +107,7 @@
')
# required by VTS lidbm unit test
-allow kernel appdomain_tmpfs:file read;
+allow kernel appdomain_tmpfs:file { read write };
###
### neverallow rules
diff --git a/public/lmkd.te b/public/lmkd.te
index c1c553d..b852f44 100644
--- a/public/lmkd.te
+++ b/public/lmkd.te
@@ -10,19 +10,17 @@
# b/16236289
allow lmkd self:global_capability_class_set ipc_lock;
-## Open and write to /proc/PID/oom_score_adj
+## Open and write to /proc/PID/oom_score_adj and /proc/PID/timerslack_ns
## TODO: maybe scope this down?
-r_dir_file(lmkd, appdomain)
-allow lmkd appdomain:file write;
-r_dir_file(lmkd, system_server)
-allow lmkd system_server:file write;
+r_dir_file(lmkd, domain)
+allow lmkd domain:file write;
## Writes to /sys/module/lowmemorykiller/parameters/minfree
r_dir_file(lmkd, sysfs_lowmemorykiller)
allow lmkd sysfs_lowmemorykiller:file w_file_perms;
-# setsched and send kill signals
-allow lmkd appdomain:process { setsched sigkill };
+# setsched and send kill signals to any registered process
+allow lmkd domain:process { setsched sigkill };
# TODO: delete this line b/131761776
allow lmkd kernel:process { setsched };
@@ -69,3 +67,4 @@
# never honor LD_PRELOAD
neverallow * lmkd:process noatsecure;
+neverallow lmkd self:global_capability_class_set sys_ptrace;
diff --git a/public/service.te b/public/service.te
index 9d4aaeb..aace214 100644
--- a/public/service.te
+++ b/public/service.te
@@ -54,6 +54,7 @@
type batterystats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type battery_service, system_server_service, service_manager_type;
type binder_calls_stats_service, system_server_service, service_manager_type;
+type blob_store_service, app_api_service, system_server_service, service_manager_type;
type bluetooth_manager_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type broadcastradio_service, system_server_service, service_manager_type;
type cameraproxy_service, system_server_service, service_manager_type;