diff --git a/prebuilts/api/26.0/public/property.te b/prebuilts/api/26.0/public/property.te index d6fa86801..232872cdc 100644 --- a/prebuilts/api/26.0/public/property.te +++ b/prebuilts/api/26.0/public/property.te @@ -1,6 +1,7 @@ type asan_reboot_prop, property_type; type audio_prop, property_type, core_property_type; type boottime_prop, property_type; +type boottime_public_prop, property_type; type bluetooth_prop, property_type; type config_prop, property_type, core_property_type; type cppreopt_prop, property_type, core_property_type; diff --git a/prebuilts/api/27.0/public/property.te b/prebuilts/api/27.0/public/property.te index 95efcaa78..2c716c53c 100644 --- a/prebuilts/api/27.0/public/property.te +++ b/prebuilts/api/27.0/public/property.te @@ -1,5 +1,6 @@ type audio_prop, property_type, core_property_type; type boottime_prop, property_type; +type boottime_public_prop, property_type; type bluetooth_prop, property_type; type config_prop, property_type, core_property_type; type cppreopt_prop, property_type, core_property_type; diff --git a/prebuilts/api/28.0/public/property.te b/prebuilts/api/28.0/public/property.te index b0397e957..a4f0d87a1 100644 --- a/prebuilts/api/28.0/public/property.te +++ b/prebuilts/api/28.0/public/property.te @@ -1,5 +1,6 @@ type audio_prop, property_type, core_property_type; type boottime_prop, property_type; +type boottime_public_prop, property_type; type bluetooth_a2dp_offload_prop, property_type; type bluetooth_prop, property_type; type bootloader_boot_reason_prop, property_type; diff --git a/prebuilts/api/29.0/public/property.te b/prebuilts/api/29.0/public/property.te index cea50aca0..4ccd8ac85 100644 --- a/prebuilts/api/29.0/public/property.te +++ b/prebuilts/api/29.0/public/property.te @@ -1,6 +1,7 @@ type apexd_prop, property_type; type audio_prop, property_type, core_property_type; type boottime_prop, property_type; +type boottime_public_prop, property_type; type bluetooth_a2dp_offload_prop, property_type; type bluetooth_audio_hal_prop, property_type; type bluetooth_prop, property_type; @@ -361,6 +362,7 @@ compatible_property_only(` -bluetooth_prop -bootloader_boot_reason_prop -boottime_prop + -boottime_public_prop -bpf_progs_loaded_prop -config_prop -cppreopt_prop diff --git a/prebuilts/api/29.0/public/property_contexts b/prebuilts/api/29.0/public/property_contexts index 5c6b31f56..71002bea6 100644 --- a/prebuilts/api/29.0/public/property_contexts +++ b/prebuilts/api/29.0/public/property_contexts @@ -218,6 +218,8 @@ ro.boot.baseband u:object_r:exported2_default_prop:s0 exact string ro.boot.bootdevice u:object_r:exported2_default_prop:s0 exact string ro.boot.bootloader u:object_r:exported2_default_prop:s0 exact string ro.boot.boottime u:object_r:exported2_default_prop:s0 exact string +ro.boottime.init.mount.data u:object_r:boottime_public_prop:s0 exact string +ro.boottime.init.fsck.data u:object_r:boottime_public_prop:s0 exact string ro.boot.console u:object_r:exported2_default_prop:s0 exact string ro.boot.hardware u:object_r:exported2_default_prop:s0 exact string ro.boot.hardware.color u:object_r:exported2_default_prop:s0 exact string @@ -407,4 +409,3 @@ ro.surface_flinger.set_display_power_timer_ms u:object_r:exported_default_prop:s ro.surface_flinger.support_kernel_idle_timer u:object_r:exported_default_prop:s0 exact bool ro.surface_flinger.use_smart_90_for_video u:object_r:exported_default_prop:s0 exact bool ro.surface_flinger.color_space_agnostic_dataspace u:object_r:exported_default_prop:s0 exact int -ro.surface_flinger.refresh_rate_switching u:object_r:exported_default_prop:s0 exact bool diff --git a/prebuilts/api/30.0/private/app.te b/prebuilts/api/30.0/private/app.te index 9882d8f9b..b2ddd84b4 100644 --- a/prebuilts/api/30.0/private/app.te +++ b/prebuilts/api/30.0/private/app.te @@ -36,8 +36,5 @@ neverallow { appdomain -shell userdebug_or_eng(`-su') } neverallow { appdomain -shell userdebug_or_eng(`-su') } { domain -appdomain }:process { dyntransition }; -# Don't allow regular apps access to storage configuration properties. -neverallow { appdomain -mediaprovider_app } storage_config_prop:file no_rw_file_perms; - # Allow to read graphics related properties. get_prop(appdomain, graphics_config_prop) diff --git a/prebuilts/api/30.0/private/app_zygote.te b/prebuilts/api/30.0/private/app_zygote.te index a826f7fc7..928532322 100644 --- a/prebuilts/api/30.0/private/app_zygote.te +++ b/prebuilts/api/30.0/private/app_zygote.te @@ -4,9 +4,6 @@ typeattribute app_zygote coredomain; ###### Policy below is different from regular zygote-spawned apps ###### -# The app_zygote needs to be able to transition domains. -typeattribute app_zygote mlstrustedsubject; - # Allow access to temporary files, which is normally permitted through # a domain macro. tmpfs_domain(app_zygote); @@ -95,12 +92,14 @@ neverallow { domain -zygote } app_zygote:process dyntransition; neverallow app_zygote property_socket:sock_file write; neverallow app_zygote property_type:property_service set; -# Should not have any access to non-app data files. +# Should not have any access to data files. neverallow app_zygote { bluetooth_data_file nfc_data_file radio_data_file shell_data_file + app_data_file + privapp_data_file }:file { rwx_file_perms }; neverallow app_zygote { diff --git a/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil b/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil index 8dc585a38..7e8e6dbe5 100644 --- a/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil +++ b/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil @@ -28,6 +28,7 @@ binderfs_logs_proc boringssl_self_test bq_config_prop + cacheinfo_service charger_prop cold_boot_done_prop credstore @@ -43,7 +44,6 @@ device_config_configuration_prop emergency_affordance_service exported_camera_prop - fastbootd_protocol_prop file_integrity_service fwk_automotive_display_hwservice fusectlfs @@ -58,7 +58,6 @@ hal_tv_tuner_hwservice hal_vibrator_service incremental_control_file - incremental_prop incremental_service init_perf_lsm_hooks_prop init_svc_debug_prop @@ -77,7 +76,6 @@ mirror_data_file light_service linkerconfig_file - lmkd_prop media_variant_prop metadata_bootstat_file mnt_pass_through_file @@ -97,6 +95,7 @@ soundtrigger_middleware_service staged_install_file storage_config_prop + surfaceflinger_display_prop sysfs_dm_verity system_adbd_prop system_config_service diff --git a/prebuilts/api/30.0/private/lmkd.te b/prebuilts/api/30.0/private/lmkd.te index e51cddb4c..a07ce879c 100644 --- a/prebuilts/api/30.0/private/lmkd.te +++ b/prebuilts/api/30.0/private/lmkd.te @@ -1,8 +1,3 @@ typeattribute lmkd coredomain; init_daemon_domain(lmkd) - -# Set lmkd.* properties. -set_prop(lmkd, lmkd_prop) - -neverallow { -init -lmkd -vendor_init } lmkd_prop:property_service set; diff --git a/prebuilts/api/30.0/private/mediaprovider_app.te b/prebuilts/api/30.0/private/mediaprovider_app.te index 5881255c9..79d3e36b7 100644 --- a/prebuilts/api/30.0/private/mediaprovider_app.te +++ b/prebuilts/api/30.0/private/mediaprovider_app.te @@ -44,6 +44,3 @@ allowxperm mediaprovider_app media_rw_data_file:{ dir file } ioctl { }; allow mediaprovider_app proc_filesystems:file r_file_perms; - -#Allow MediaProvider to see if sdcardfs is in use -get_prop(mediaprovider_app, storage_config_prop) diff --git a/prebuilts/api/30.0/private/property_contexts b/prebuilts/api/30.0/private/property_contexts index 1a5471f49..c3134f982 100644 --- a/prebuilts/api/30.0/private/property_contexts +++ b/prebuilts/api/30.0/private/property_contexts @@ -42,7 +42,6 @@ llk. u:object_r:llkd_prop:s0 khungtask. u:object_r:llkd_prop:s0 ro.llk. u:object_r:llkd_prop:s0 ro.khungtask. u:object_r:llkd_prop:s0 -lmkd.reinit u:object_r:lmkd_prop:s0 exact int log. u:object_r:log_prop:s0 log.tag u:object_r:log_tag_prop:s0 log.tag.WifiHAL u:object_r:wifi_log_prop:s0 @@ -97,9 +96,6 @@ test.userspace_reboot.requested u:object_r:userspace_reboot_test_prop:s0 sys.lmk. u:object_r:system_lmk_prop:s0 sys.trace. u:object_r:system_trace_prop:s0 -# Fastbootd protocol control property -fastbootd.protocol u:object_r:fastbootd_protocol_prop:s0 exact enum usb tcp - # Boolean property set by system server upon boot indicating # if device is fully owned by organization instead of being # a personal device. @@ -253,9 +249,6 @@ persist.sys.userspace_reboot.log. u:object_r:userspace_reboot_log_prop:s0 # history size. ro.lib_gui.frame_event_history_size u:object_r:bq_config_prop:s0 -# Property to enable incremental feature -ro.incremental.enable u:object_r:incremental_prop:s0 - # Properties to configure userspace reboot. init.userspace_reboot.is_supported u:object_r:userspace_reboot_config_prop:s0 exact bool init.userspace_reboot.sigkill.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int @@ -263,3 +256,6 @@ init.userspace_reboot.sigterm.timeoutmillis u:object_r:userspace_reboot_config_p init.userspace_reboot.started.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int init.userspace_reboot.userdata_remount.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int init.userspace_reboot.watchdog.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int + +# surfaceflinger-settable +graphics.display.kernel_idle_timer.enabled u:object_r:surfaceflinger_display_prop:s0 exact bool diff --git a/prebuilts/api/30.0/private/seapp_contexts b/prebuilts/api/30.0/private/seapp_contexts index 7743c0f79..a8c61be8f 100644 --- a/prebuilts/api/30.0/private/seapp_contexts +++ b/prebuilts/api/30.0/private/seapp_contexts @@ -151,8 +151,8 @@ user=radio seinfo=platform domain=radio type=radio_data_file user=shared_relro domain=shared_relro user=shell seinfo=platform domain=shell name=com.android.shell type=shell_data_file user=webview_zygote seinfo=webview_zygote domain=webview_zygote -user=_isolated domain=isolated_app levelFrom=all -user=_app seinfo=app_zygote domain=app_zygote levelFrom=all +user=_isolated domain=isolated_app levelFrom=user +user=_app seinfo=app_zygote domain=app_zygote levelFrom=user user=_app seinfo=media domain=mediaprovider name=android.process.media type=app_data_file levelFrom=user user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user user=_app isEphemeralApp=true domain=ephemeral_app type=app_data_file levelFrom=all diff --git a/prebuilts/api/30.0/private/service_contexts b/prebuilts/api/30.0/private/service_contexts index e01dcc1af..5c6f1a476 100644 --- a/prebuilts/api/30.0/private/service_contexts +++ b/prebuilts/api/30.0/private/service_contexts @@ -40,6 +40,7 @@ bluetooth_manager u:object_r:bluetooth_manager_service:s bluetooth u:object_r:bluetooth_service:s0 broadcastradio u:object_r:broadcastradio_service:s0 bugreport u:object_r:bugreport_service:s0 +cacheinfo u:object_r:cacheinfo_service:s0 carrier_config u:object_r:radio_service:s0 clipboard u:object_r:clipboard_service:s0 com.android.net.IProxyService u:object_r:IProxyService_service:s0 diff --git a/prebuilts/api/30.0/private/surfaceflinger.te b/prebuilts/api/30.0/private/surfaceflinger.te index cf709df31..2e9ce197a 100644 --- a/prebuilts/api/30.0/private/surfaceflinger.te +++ b/prebuilts/api/30.0/private/surfaceflinger.te @@ -57,6 +57,7 @@ set_prop(surfaceflinger, exported_system_prop) set_prop(surfaceflinger, exported2_system_prop) set_prop(surfaceflinger, exported3_system_prop) set_prop(surfaceflinger, ctl_bootanim_prop) +set_prop(surfaceflinger, surfaceflinger_display_prop) # Use open files supplied by an app. allow surfaceflinger appdomain:fd use; diff --git a/prebuilts/api/30.0/private/system_server.te b/prebuilts/api/30.0/private/system_server.te index 7968b7920..5e53af8be 100644 --- a/prebuilts/api/30.0/private/system_server.te +++ b/prebuilts/api/30.0/private/system_server.te @@ -679,9 +679,6 @@ get_prop(system_server, apk_verity_prop) # Read wifi.interface get_prop(system_server, wifi_prop) -# Read the vendor property that indicates if Incremental features is enabled -get_prop(system_server, incremental_prop) - # Create a socket for connections from debuggerd. allow system_server system_ndebug_socket:sock_file create_file_perms; diff --git a/prebuilts/api/30.0/public/app.te b/prebuilts/api/30.0/public/app.te index c892d9e47..53c73b70c 100644 --- a/prebuilts/api/30.0/public/app.te +++ b/prebuilts/api/30.0/public/app.te @@ -566,6 +566,10 @@ neverallow { -system_app } { bluetooth_audio_hal_prop bluetooth_a2dp_offload_prop bluetooth_prop exported_bluetooth_prop }:file create_file_perms; + +# Don't allow apps access to storage configuration properties. +neverallow appdomain storage_config_prop:file no_rw_file_perms; + # Apps cannot access proc_uid_time_in_state neverallow appdomain proc_uid_time_in_state:file *; diff --git a/prebuilts/api/30.0/public/bootanim.te b/prebuilts/api/30.0/public/bootanim.te index bd2bec6e9..e8cb98bbc 100644 --- a/prebuilts/api/30.0/public/bootanim.te +++ b/prebuilts/api/30.0/public/bootanim.te @@ -23,7 +23,6 @@ allow bootanim audio_device:chr_file rw_file_perms; allow bootanim audioserver_service:service_manager find; allow bootanim surfaceflinger_service:service_manager find; -allow bootanim surfaceflinger:unix_stream_socket { read write }; # Allow access to ion memory allocation device allow bootanim ion_device:chr_file rw_file_perms; diff --git a/prebuilts/api/30.0/public/fastbootd.te b/prebuilts/api/30.0/public/fastbootd.te index 878781721..f10e6492d 100644 --- a/prebuilts/api/30.0/public/fastbootd.te +++ b/prebuilts/api/30.0/public/fastbootd.te @@ -120,14 +120,6 @@ recovery_only(` # Determine allocation scheme (whether B partitions needs to be # at the second half of super. get_prop(fastbootd, virtual_ab_prop) - - # Needed for TCP protocol - allow fastbootd node:tcp_socket node_bind; - allow fastbootd port:tcp_socket name_bind; - allow fastbootd self:tcp_socket { create_socket_perms_no_ioctl listen accept }; - - # Get fastbootd protocol property - get_prop(fastbootd, fastbootd_protocol_prop) ') ### diff --git a/prebuilts/api/30.0/public/hal_neuralnetworks.te b/prebuilts/api/30.0/public/hal_neuralnetworks.te index 228d990cb..f8d6ff5a7 100644 --- a/prebuilts/api/30.0/public/hal_neuralnetworks.te +++ b/prebuilts/api/30.0/public/hal_neuralnetworks.te @@ -18,9 +18,6 @@ allow hal_neuralnetworks_server shell_data_file:file { read write getattr map }; # Allow NN HAL service to read a client-provided ION memory fd. allow hal_neuralnetworks_server ion_device:chr_file r_file_perms; -# Allow NN HAL service to use a client-provided fd residing in /storage -allow hal_neuralnetworks_server storage_file:file { getattr map read }; - # Allow NN HAL client to check the ro.nnapi.extensions.deny_on_product # property to determine whether to deny NNAPI extensions use for apps # on product partition (apps in GSI are not allowed to use NNAPI extensions). diff --git a/prebuilts/api/30.0/public/iorapd.te b/prebuilts/api/30.0/public/iorapd.te index 426eccae6..b9706994e 100644 --- a/prebuilts/api/30.0/public/iorapd.te +++ b/prebuilts/api/30.0/public/iorapd.te @@ -42,6 +42,16 @@ unix_socket_connect(iorapd, traced_consumer, traced) # Allow iorapd to execute compilation (iorap.cmd.compiler) in idle time. allow iorapd system_file:file rx_file_perms; +# Allow iorapd to send signull to iorap_inode2filename and iorap_prefetcherd. +allow iorapd iorap_inode2filename:process signull; +allow iorapd iorap_prefetcherd:process signull; + +# Allowing system_server to check for the existence and size of files under iorapd +# dir without collecting any sensitive app data. +# This is used to predict if iorapd is doing prefetching or not. +allow system_server iorapd_data_file:dir { getattr open read search }; +allow system_server iorapd_data_file:file getattr; + ### ### neverallow rules ### @@ -55,6 +65,7 @@ neverallow { domain -init -iorapd + -system_server } iorapd_data_file:dir *; neverallow { @@ -69,6 +80,7 @@ neverallow { -kernel -vendor_init -iorapd + -system_server } { iorapd_data_file }:notdevfile_class_set *; # Only system_server and shell (for dumpsys) can interact with iorapd over binder diff --git a/prebuilts/api/30.0/public/kernel.te b/prebuilts/api/30.0/public/kernel.te index 42fe2c476..35018e91e 100644 --- a/prebuilts/api/30.0/public/kernel.te +++ b/prebuilts/api/30.0/public/kernel.te @@ -65,10 +65,10 @@ allow kernel vold:fd use; allow kernel { app_data_file privapp_data_file }:file read; allow kernel asec_image_file:file read; -# Allow reading loop device in update_engine_unittests. (b/28319454) +# Allow mounting loop device in update_engine_unittests. (b/28319454) # and for LTP kernel tests (b/73220071) userdebug_or_eng(` - allow kernel update_engine_data_file:file read; + allow kernel update_engine_data_file:file { read write }; allow kernel nativetest_data_file:file { read write }; ') diff --git a/prebuilts/api/30.0/public/lmkd.te b/prebuilts/api/30.0/public/lmkd.te index 67e93e13b..b852f4418 100644 --- a/prebuilts/api/30.0/public/lmkd.te +++ b/prebuilts/api/30.0/public/lmkd.te @@ -60,9 +60,6 @@ allow lmkd proc_pressure_io:file r_file_perms; # Read/Write /proc/pressure/memory allow lmkd proc_pressure_mem:file rw_file_perms; -# Allow lmkd to connect during reinit. -allow lmkd lmkd_socket:sock_file write; - # Allow lmkd to write to statsd. unix_socket_send(lmkd, statsdw, statsd) diff --git a/prebuilts/api/30.0/public/modprobe.te b/prebuilts/api/30.0/public/modprobe.te index 2c7d64b0b..119040921 100644 --- a/prebuilts/api/30.0/public/modprobe.te +++ b/prebuilts/api/30.0/public/modprobe.te @@ -1,7 +1,6 @@ type modprobe, domain; allow modprobe proc_modules:file r_file_perms; -allow modprobe proc_cmdline:file r_file_perms; allow modprobe self:global_capability_class_set sys_module; allow modprobe kernel:key search; recovery_only(` diff --git a/prebuilts/api/30.0/public/property.te b/prebuilts/api/30.0/public/property.te index 5f817fff0..d9ac231de 100644 --- a/prebuilts/api/30.0/public/property.te +++ b/prebuilts/api/30.0/public/property.te @@ -14,7 +14,6 @@ system_internal_prop(device_config_sys_traced_prop) system_internal_prop(device_config_window_manager_native_boot_prop) system_internal_prop(device_config_configuration_prop) system_internal_prop(firstboot_prop) -system_internal_prop(fastbootd_protocol_prop) system_internal_prop(gsid_prop) system_internal_prop(init_perf_lsm_hooks_prop) system_internal_prop(init_svc_debug_prop) @@ -71,11 +70,13 @@ compatible_property_only(` system_restricted_prop(binder_cache_bluetooth_server_prop) system_restricted_prop(binder_cache_system_server_prop) system_restricted_prop(binder_cache_telephony_server_prop) +system_restricted_prop(boottime_public_prop) system_restricted_prop(bq_config_prop) system_restricted_prop(module_sdkextensions_prop) system_restricted_prop(nnapi_ext_deny_product_prop) system_restricted_prop(restorecon_prop) system_restricted_prop(socket_hook_prop) +system_restricted_prop(surfaceflinger_display_prop) system_restricted_prop(system_boot_reason_prop) system_restricted_prop(system_jvmti_agent_prop) system_restricted_prop(userspace_reboot_exported_prop) @@ -119,7 +120,6 @@ system_vendor_config_prop(exported_config_prop) system_vendor_config_prop(exported_default_prop) system_vendor_config_prop(exported3_default_prop) system_vendor_config_prop(graphics_config_prop) -system_vendor_config_prop(incremental_prop) system_vendor_config_prop(media_variant_prop) system_vendor_config_prop(storage_config_prop) system_vendor_config_prop(userspace_reboot_config_prop) @@ -156,7 +156,6 @@ system_public_prop(exported_system_radio_prop) system_public_prop(exported_wifi_prop) system_public_prop(sota_prop) system_public_prop(hwservicemanager_prop) -system_public_prop(lmkd_prop) system_public_prop(logd_prop) system_public_prop(logpersistd_logging_prop) system_public_prop(log_prop) @@ -602,3 +601,17 @@ neverallow { } { userspace_reboot_test_prop }:property_service set; + +neverallow { + -init + -vendor_init +} { + graphics_config_prop +}:property_service set; + +neverallow { + -init + -surfaceflinger +} { + surfaceflinger_display_prop +}:property_service set; diff --git a/prebuilts/api/30.0/public/property_contexts b/prebuilts/api/30.0/public/property_contexts index 2f04b1754..40f68899e 100644 --- a/prebuilts/api/30.0/public/property_contexts +++ b/prebuilts/api/30.0/public/property_contexts @@ -73,7 +73,6 @@ dalvik.vm.zygote.max-boot-retry u:object_r:exported_dalvik_prop:s0 exact int drm.service.enabled u:object_r:exported3_default_prop:s0 exact bool external_storage.projid.enabled u:object_r:storage_config_prop:s0 exact bool external_storage.casefold.enabled u:object_r:storage_config_prop:s0 exact bool -external_storage.sdcardfs.enabled u:object_r:storage_config_prop:s0 exact bool keyguard.no_require_sim u:object_r:exported3_default_prop:s0 exact bool media.recorder.show_manufacturer_and_model u:object_r:exported3_default_prop:s0 exact bool media.stagefright.cache-params u:object_r:exported3_default_prop:s0 exact string @@ -185,7 +184,6 @@ sys.usb.mtp.device_type u:object_r:exported2_system_prop:s0 exact int sys.usb.ffs.mtp.ready u:object_r:exported_ffs_prop:s0 exact bool sys.usb.state u:object_r:exported2_system_prop:s0 exact string telephony.lteOnCdmaDevice u:object_r:exported3_default_prop:s0 exact int -telephony.active_modems.max_count u:object_r:exported3_default_prop:s0 exact int tombstoned.max_tombstone_count u:object_r:exported3_default_prop:s0 exact int vold.post_fs_data_done u:object_r:exported2_vold_prop:s0 exact int vts.native_server.on u:object_r:exported3_default_prop:s0 exact bool @@ -243,6 +241,8 @@ ro.boot.baseband u:object_r:exported2_default_prop:s0 exact string ro.boot.bootdevice u:object_r:exported2_default_prop:s0 exact string ro.boot.bootloader u:object_r:exported2_default_prop:s0 exact string ro.boot.boottime u:object_r:exported2_default_prop:s0 exact string +ro.boottime.init.mount.data u:object_r:boottime_public_prop:s0 exact string +ro.boottime.init.fsck.data u:object_r:boottime_public_prop:s0 exact string ro.boot.console u:object_r:exported2_default_prop:s0 exact string ro.boot.hardware u:object_r:exported2_default_prop:s0 exact string ro.boot.hardware.color u:object_r:exported2_default_prop:s0 exact string @@ -313,7 +313,6 @@ ro.bionic.arch u:object_r:cpu_variant_prop:s0 exact string ro.bionic.cpu_variant u:object_r:cpu_variant_prop:s0 exact string ro.board.platform u:object_r:exported_default_prop:s0 exact string ro.boot.fake_battery u:object_r:exported_default_prop:s0 exact int -ro.boot.fstab_suffix u:object_r:exported_default_prop:s0 exact string ro.boot.hardware.revision u:object_r:exported_default_prop:s0 exact string ro.boot.product.hardware.sku u:object_r:exported_default_prop:s0 exact string ro.boot.product.vendor.sku u:object_r:exported_default_prop:s0 exact string @@ -408,6 +407,7 @@ wifi.concurrent.interface u:object_r:exported_default_prop:s0 exact string wifi.direct.interface u:object_r:exported_default_prop:s0 exact string wifi.interface u:object_r:exported_default_prop:s0 exact string ro.apex.updatable u:object_r:exported_default_prop:s0 exact bool +ro.init.userspace_reboot.is_supported u:object_r:userspace_reboot_config_prop:s0 exact bool # public-readable ro.boot.revision u:object_r:exported2_default_prop:s0 exact string @@ -466,3 +466,7 @@ cache_key.package_info u:object_r:binder_cache_system_server_p cache_key.bluetooth. u:object_r:binder_cache_bluetooth_server_prop:s0 prefix string cache_key.system_server. u:object_r:binder_cache_system_server_prop:s0 prefix string cache_key.telephony. u:object_r:binder_cache_telephony_server_prop:s0 prefix string + +# Graphics related properties +graphics.gpu.profiler.support u:object_r:graphics_config_prop:s0 exact bool +graphics.gpu.profiler.vulkan_layer_apk u:object_r:graphics_config_prop:s0 exact string diff --git a/prebuilts/api/30.0/public/recovery.te b/prebuilts/api/30.0/public/recovery.te index 63a9cea62..16b670f96 100644 --- a/prebuilts/api/30.0/public/recovery.te +++ b/prebuilts/api/30.0/public/recovery.te @@ -154,15 +154,6 @@ recovery_only(` # Allow mounting /metadata for writing update states allow recovery metadata_file:dir { getattr mounton }; - - # These are needed to allow recovery to manage network - allow recovery self:netlink_route_socket { create write read nlmsg_readpriv nlmsg_read }; - allow recovery self:global_capability_class_set net_admin; - allow recovery self:tcp_socket { create ioctl }; - allowxperm recovery self:tcp_socket ioctl { SIOCGIFFLAGS SIOCSIFFLAGS }; - - # Set fastbootd protocol property - set_prop(recovery, fastbootd_protocol_prop) ') ### diff --git a/prebuilts/api/30.0/public/service.te b/prebuilts/api/30.0/public/service.te index 968e523cf..f27772eab 100644 --- a/prebuilts/api/30.0/public/service.te +++ b/prebuilts/api/30.0/public/service.te @@ -63,6 +63,7 @@ type binder_calls_stats_service, system_server_service, service_manager_type; type blob_store_service, app_api_service, system_server_service, service_manager_type; type bluetooth_manager_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; type broadcastradio_service, system_server_service, service_manager_type; +type cacheinfo_service, system_api_service, system_server_service, service_manager_type; type cameraproxy_service, system_server_service, service_manager_type; type clipboard_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; type contexthub_service, app_api_service, system_server_service, service_manager_type; @@ -182,7 +183,7 @@ type timezone_service, system_server_service, service_manager_type; type timezonedetector_service, system_server_service, service_manager_type; type trust_service, app_api_service, system_server_service, service_manager_type; type tv_input_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; -type tv_tuner_resource_mgr_service, system_server_service, service_manager_type; +type tv_tuner_resource_mgr_service, app_api_service, system_server_service, service_manager_type; type uimode_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; type updatelock_service, system_api_service, system_server_service, service_manager_type; type uri_grants_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; diff --git a/prebuilts/api/30.0/public/servicemanager.te b/prebuilts/api/30.0/public/servicemanager.te index 63fc2273a..cd62a214b 100644 --- a/prebuilts/api/30.0/public/servicemanager.te +++ b/prebuilts/api/30.0/public/servicemanager.te @@ -25,8 +25,6 @@ allow servicemanager vendor_service_contexts_file:file r_file_perms; not_full_treble(`allow servicemanager nonplat_service_contexts_file:file r_file_perms;') add_service(servicemanager, service_manager_service) -allow servicemanager dumpstate:fd use; -allow servicemanager dumpstate:fifo_file write; # Check SELinux permissions. selinux_check_access(servicemanager) diff --git a/prebuilts/api/30.0/public/vendor_init.te b/prebuilts/api/30.0/public/vendor_init.te index 12a360eb8..df203be6e 100644 --- a/prebuilts/api/30.0/public/vendor_init.te +++ b/prebuilts/api/30.0/public/vendor_init.te @@ -228,8 +228,6 @@ set_prop(vendor_init, exported2_system_prop) set_prop(vendor_init, exported2_vold_prop) set_prop(vendor_init, exported3_default_prop) set_prop(vendor_init, exported3_radio_prop) -set_prop(vendor_init, incremental_prop) -set_prop(vendor_init, lmkd_prop) set_prop(vendor_init, logd_prop) set_prop(vendor_init, log_tag_prop) set_prop(vendor_init, log_prop) @@ -246,6 +244,7 @@ set_prop(vendor_init, wifi_log_prop) get_prop(vendor_init, exported2_radio_prop) get_prop(vendor_init, exported3_system_prop) +get_prop(vendor_init, surfaceflinger_display_prop) get_prop(vendor_init, theme_prop) get_prop(vendor_init, ota_prop) diff --git a/prebuilts/api/30.0/public/vold.te b/prebuilts/api/30.0/public/vold.te index 6c5ff78ed..a112de011 100644 --- a/prebuilts/api/30.0/public/vold.te +++ b/prebuilts/api/30.0/public/vold.te @@ -200,8 +200,8 @@ set_prop(vold, ctl_fuse_prop) set_prop(vold, restorecon_prop) set_prop(vold, ota_prop) set_prop(vold, boottime_prop) +set_prop(vold, boottime_public_prop) get_prop(vold, storage_config_prop) -get_prop(vold, incremental_prop) # ASEC allow vold asec_image_file:file create_file_perms; diff --git a/private/app_zygote.te b/private/app_zygote.te index a826f7fc7..928532322 100644 --- a/private/app_zygote.te +++ b/private/app_zygote.te @@ -4,9 +4,6 @@ typeattribute app_zygote coredomain; ###### Policy below is different from regular zygote-spawned apps ###### -# The app_zygote needs to be able to transition domains. -typeattribute app_zygote mlstrustedsubject; - # Allow access to temporary files, which is normally permitted through # a domain macro. tmpfs_domain(app_zygote); @@ -95,12 +92,14 @@ neverallow { domain -zygote } app_zygote:process dyntransition; neverallow app_zygote property_socket:sock_file write; neverallow app_zygote property_type:property_service set; -# Should not have any access to non-app data files. +# Should not have any access to data files. neverallow app_zygote { bluetooth_data_file nfc_data_file radio_data_file shell_data_file + app_data_file + privapp_data_file }:file { rwx_file_perms }; neverallow app_zygote { diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil index 7d5a04fbe..10790468f 100644 --- a/private/compat/29.0/29.0.ignore.cil +++ b/private/compat/29.0/29.0.ignore.cil @@ -28,6 +28,7 @@ binderfs_logs_proc boringssl_self_test bq_config_prop + cacheinfo_service charger_prop cold_boot_done_prop credstore @@ -98,6 +99,7 @@ soundtrigger_middleware_service staged_install_file storage_config_prop + surfaceflinger_display_prop sysfs_dm_verity system_adbd_prop system_config_service diff --git a/private/gmscore_app.te b/private/gmscore_app.te index f882ab025..502216086 100644 --- a/private/gmscore_app.te +++ b/private/gmscore_app.te @@ -56,6 +56,7 @@ dontaudit gmscore_app sysfs_dm:file r_file_perms; dontaudit gmscore_app sysfs_loop:file r_file_perms; dontaudit gmscore_app { wifi_prop wifi_hal_prop }:file r_file_perms; dontaudit gmscore_app mirror_data_file:dir search; +dontaudit gmscore_app mnt_vendor_file:dir search; # Access the network net_domain(gmscore_app) diff --git a/private/keystore.te b/private/keystore.te index a36926e1a..2f62920ce 100644 --- a/private/keystore.te +++ b/private/keystore.te @@ -14,8 +14,9 @@ allow keystore platform_app:binder call; # Allow to check whether security logging is enabled. get_prop(keystore, device_logging_prop) +# Allow keystore to write to statsd. +unix_socket_send(keystore, statsdw, statsd) + # Keystore need access to the keystore_key context files to load the keystore key backend. allow keystore keystore2_key_contexts_file:file r_file_perms; -# Allow keystore to write to statsd. -unix_socket_send(keystore, statsdw, statsd) diff --git a/private/property.te b/private/property.te index 2d3d861d6..bc1934d13 100644 --- a/private/property.te +++ b/private/property.te @@ -404,6 +404,13 @@ neverallow { graphics_config_prop }:property_service set; +neverallow { + -init + -surfaceflinger +} { + surfaceflinger_display_prop +}:property_service set; + neverallow { -coredomain -appdomain diff --git a/private/property_contexts b/private/property_contexts index 2397150e6..9a53c285d 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -575,6 +575,9 @@ ro.revision u:object_r:bootloader_prop:s0 exact string ro.boot.dynamic_partitions u:object_r:exported_default_prop:s0 exact string ro.boot.dynamic_partitions_retrofit u:object_r:exported_default_prop:s0 exact string +ro.boottime.init.mount.data u:object_r:boottime_public_prop:s0 exact string +ro.boottime.init.fsck.data u:object_r:boottime_public_prop:s0 exact string + ro.build.date u:object_r:build_prop:s0 exact string ro.build.date.utc u:object_r:build_prop:s0 exact int ro.build.description u:object_r:build_prop:s0 exact string @@ -883,3 +886,7 @@ ro.gfx.angle.supported u:object_r:graphics_config_prop:s0 exact bool graphics.gpu.profiler.support u:object_r:graphics_config_prop:s0 exact bool graphics.gpu.profiler.vulkan_layer_apk u:object_r:graphics_config_prop:s0 exact string + +# surfaceflinger-settable +graphics.display.kernel_idle_timer.enabled u:object_r:surfaceflinger_display_prop:s0 exact bool + diff --git a/private/seapp_contexts b/private/seapp_contexts index ebbbf08f1..4b23e8922 100644 --- a/private/seapp_contexts +++ b/private/seapp_contexts @@ -151,8 +151,8 @@ user=radio seinfo=platform domain=radio type=radio_data_file user=shared_relro domain=shared_relro user=shell seinfo=platform domain=shell name=com.android.shell type=shell_data_file user=webview_zygote seinfo=webview_zygote domain=webview_zygote -user=_isolated domain=isolated_app levelFrom=all -user=_app seinfo=app_zygote domain=app_zygote levelFrom=all +user=_isolated domain=isolated_app levelFrom=user +user=_app seinfo=app_zygote domain=app_zygote levelFrom=user user=_app seinfo=media domain=mediaprovider type=app_data_file levelFrom=user user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user user=_app isEphemeralApp=true domain=ephemeral_app type=app_data_file levelFrom=all diff --git a/private/service_contexts b/private/service_contexts index 808edcce0..a78b10884 100644 --- a/private/service_contexts +++ b/private/service_contexts @@ -42,6 +42,7 @@ bluetooth_manager u:object_r:bluetooth_manager_service:s bluetooth u:object_r:bluetooth_service:s0 broadcastradio u:object_r:broadcastradio_service:s0 bugreport u:object_r:bugreport_service:s0 +cacheinfo u:object_r:cacheinfo_service:s0 carrier_config u:object_r:radio_service:s0 clipboard u:object_r:clipboard_service:s0 com.android.net.IProxyService u:object_r:IProxyService_service:s0 @@ -246,7 +247,7 @@ webviewupdate u:object_r:webviewupdate_service:s0 wifip2p u:object_r:wifip2p_service:s0 wifiscanner u:object_r:wifiscanner_service:s0 wifi u:object_r:wifi_service:s0 -wificond u:object_r:wifinl80211_service:s0 +wifinl80211 u:object_r:wifinl80211_service:s0 wifiaware u:object_r:wifiaware_service:s0 wifirtt u:object_r:rttmanager_service:s0 window u:object_r:window_service:s0 diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te index 973350e29..37601b94b 100644 --- a/private/surfaceflinger.te +++ b/private/surfaceflinger.te @@ -56,6 +56,7 @@ set_prop(surfaceflinger, system_prop) set_prop(surfaceflinger, exported_system_prop) set_prop(surfaceflinger, exported3_system_prop) set_prop(surfaceflinger, ctl_bootanim_prop) +set_prop(surfaceflinger, surfaceflinger_display_prop) # Use open files supplied by an app. allow surfaceflinger appdomain:fd use; diff --git a/private/vold.te b/private/vold.te index d286e8f58..ce451ac91 100644 --- a/private/vold.te +++ b/private/vold.te @@ -30,6 +30,7 @@ set_prop(vold, ctl_fuse_prop) set_prop(vold, restorecon_prop) set_prop(vold, ota_prop) set_prop(vold, boottime_prop) +set_prop(vold, boottime_public_prop) # Vold will use Keystore instead of using Keymint directly. But it still needs # to manage its Keymint blobs. This is why it needs the `manage_blob` permission. @@ -43,3 +44,4 @@ allow vold vold_key:keystore2_key { update use }; + diff --git a/public/iorapd.te b/public/iorapd.te index 426eccae6..b9706994e 100644 --- a/public/iorapd.te +++ b/public/iorapd.te @@ -42,6 +42,16 @@ unix_socket_connect(iorapd, traced_consumer, traced) # Allow iorapd to execute compilation (iorap.cmd.compiler) in idle time. allow iorapd system_file:file rx_file_perms; +# Allow iorapd to send signull to iorap_inode2filename and iorap_prefetcherd. +allow iorapd iorap_inode2filename:process signull; +allow iorapd iorap_prefetcherd:process signull; + +# Allowing system_server to check for the existence and size of files under iorapd +# dir without collecting any sensitive app data. +# This is used to predict if iorapd is doing prefetching or not. +allow system_server iorapd_data_file:dir { getattr open read search }; +allow system_server iorapd_data_file:file getattr; + ### ### neverallow rules ### @@ -55,6 +65,7 @@ neverallow { domain -init -iorapd + -system_server } iorapd_data_file:dir *; neverallow { @@ -69,6 +80,7 @@ neverallow { -kernel -vendor_init -iorapd + -system_server } { iorapd_data_file }:notdevfile_class_set *; # Only system_server and shell (for dumpsys) can interact with iorapd over binder diff --git a/public/property.te b/public/property.te index 34ed99959..5f4888467 100644 --- a/public/property.te +++ b/public/property.te @@ -60,6 +60,7 @@ system_restricted_prop(binder_cache_system_server_prop) system_restricted_prop(binder_cache_telephony_server_prop) system_restricted_prop(boot_status_prop) system_restricted_prop(bootloader_prop) +system_restricted_prop(boottime_public_prop) system_restricted_prop(bq_config_prop) system_restricted_prop(build_prop) system_restricted_prop(charger_status_prop) @@ -74,6 +75,7 @@ system_restricted_prop(provisioned_prop) system_restricted_prop(restorecon_prop) system_restricted_prop(retaildemo_prop) system_restricted_prop(socket_hook_prop) +system_restricted_prop(surfaceflinger_display_prop) system_restricted_prop(system_boot_reason_prop) system_restricted_prop(system_jvmti_agent_prop) system_restricted_prop(usb_prop) @@ -294,3 +296,4 @@ typeattribute shell_prop core_property_type; typeattribute system_prop core_property_type; typeattribute usb_prop core_property_type; typeattribute vold_prop core_property_type; + diff --git a/public/service.te b/public/service.te index 8134a18dd..07ab90f70 100644 --- a/public/service.te +++ b/public/service.te @@ -64,6 +64,7 @@ type binder_calls_stats_service, system_server_service, service_manager_type; type blob_store_service, app_api_service, system_server_service, service_manager_type; type bluetooth_manager_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; type broadcastradio_service, system_server_service, service_manager_type; +type cacheinfo_service, system_api_service, system_server_service, service_manager_type; type cameraproxy_service, system_server_service, service_manager_type; type clipboard_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; type contexthub_service, app_api_service, system_server_service, service_manager_type; @@ -184,7 +185,7 @@ type timezone_service, system_server_service, service_manager_type; type timezonedetector_service, system_server_service, service_manager_type; type trust_service, app_api_service, system_server_service, service_manager_type; type tv_input_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; -type tv_tuner_resource_mgr_service, system_server_service, service_manager_type; +type tv_tuner_resource_mgr_service, app_api_service, system_server_service, service_manager_type; type uimode_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; type updatelock_service, system_api_service, system_server_service, service_manager_type; type uri_grants_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; diff --git a/public/vendor_init.te b/public/vendor_init.te index a09d4fcc4..609880a01 100644 --- a/public/vendor_init.te +++ b/public/vendor_init.te @@ -250,6 +250,7 @@ get_prop(vendor_init, exported3_system_prop) get_prop(vendor_init, ota_prop) get_prop(vendor_init, provisioned_prop) get_prop(vendor_init, retaildemo_prop) +get_prop(vendor_init, surfaceflinger_display_prop) get_prop(vendor_init, theme_prop) diff --git a/vendor/hal_tv_tuner_default.te b/vendor/hal_tv_tuner_default.te index d5b8f572b..abe1e7725 100644 --- a/vendor/hal_tv_tuner_default.te +++ b/vendor/hal_tv_tuner_default.te @@ -3,3 +3,5 @@ hal_server_domain(hal_tv_tuner_default, hal_tv_tuner) type hal_tv_tuner_default_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(hal_tv_tuner_default) + +allow hal_tv_tuner_default ion_device:chr_file r_file_perms;